[RESOLVED] Trojan.hbo has left me with no internet connection

Hi all, I hope you can assist me please.

MBAM picked up trojan.hbo and I removed it.

I can now not log on to the web.

Step 1:

Downloaded and ran malaware standalone and it came back clear.

Step 2:

my gmer report is really long and wont let me put it here, is there any way for me to attach a text file ?

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-07 13:42:50
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD3200BEVT-22ZCT0 rev.11.01A11
Running: gmer.exe; Driver: C:\Users\Peter\AppData\Local\Temp\uwloapow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90726DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x90DB3A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x9072785E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9072C2E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9072C330]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x90CA6586]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9072C422]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x90CC7E92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9072C252]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x90CC1E1C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x90CC2244]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x90CCC46E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9072C29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9072C3DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90726E44]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x90CA72B6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x90CC98DE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x90CC91F6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x90CC0C00]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x90DB3B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x90726AD6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x90CCA2A8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x90CCA4E6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x90CCA998]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x90726E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x90729D1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90727B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9072C30E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9072C352]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x90CA6E6E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9072C446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9072C278]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0x90CC4334]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9072C3AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9072C2C2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0x90CC3F22]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9072C400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x90DB3CA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x907279CE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x90CCB36E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x90CCAC62]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x90CCBDCE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x90CACF8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x90726EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90726F28]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x90CA76C0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0x90CCB8F6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x90726B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90726CEA]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x90CC8954]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90726C92]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x90CC2F40]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0x90CC2C70]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x90726F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x90DB3BE0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x90CC26B8]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 82CBF890 4 Bytes [F8, 6D, 72, 90] {CLC ; INSD ; JB 0xffffffffffffff94}
.text ntkrnlpa.exe!KeSetEvent + 131 82CBF8B4 4 Bytes [5A, 3A, DB, 90] {POP EDX; CMP BL, BL; NOP }
.text ntkrnlpa.exe!KeSetEvent + 191 82CBF914 4 Bytes JMP F544579B
.text ntkrnlpa.exe!KeSetEvent + 1D1 82CBF954 16 Bytes [E4, C2, 72, 90, 30, C3, 72, ...] {IN AL, 0xc2; JB 0xffffffffffffff94; XOR BL, AL; JB 0xffffffffffffff98; XCHG [EBP-0x36], AH; NOP ; AND AL, AH; JB 0xffffffffffffffa0}
.text ntkrnlpa.exe!KeSetEvent + 1E9 82CBF96C 4 Bytes JMP CC7E9282
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82DEA633 5 Bytes JMP 90DC6C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 82E43573 5 Bytes JMP 90DC874C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82E4CE98 4 Bytes CALL 907281B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82E50B0C 4 Bytes CALL 907281CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F404360, 0x35BF98, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[12] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[12] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[12] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[12] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[12] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00190600
.text C:\Windows\system32\svchost.exe[12] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00190804
.text C:\Windows\system32\svchost.exe[12] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00190A08
.text C:\Windows\system32\svchost.exe[12] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[12] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001901F8
.text C:\Windows\system32\svchost.exe[12] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001903FC
.text C:\Windows\system32\svchost.exe[12] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001703FC
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00170600
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00171014
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00170804
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00170A08
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00170C0C
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00170E10
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001701F8
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00180600
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00180804
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] USER32.dll!IsWindowUnicode + 37 76B690B5 5 Bytes JMP 20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00180A08
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001801F8
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\spoolsv.exe[644] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[644] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[644] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[644] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[644] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[644] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[644] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[644] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[644] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[644] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[644] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\spoolsv.exe[644] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\spoolsv.exe[644] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\spoolsv.exe[644] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\spoolsv.exe[644] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\spoolsv.exe[644] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\spoolsv.exe[644] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\spoolsv.exe[644] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[644] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 000D0600
.text C:\Windows\System32\spoolsv.exe[644] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 000D0804
.text C:\Windows\System32\spoolsv.exe[644] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 000D0A08
.text C:\Windows\System32\spoolsv.exe[644] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[644] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000D01F8
.text C:\Windows\System32\spoolsv.exe[644] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000D03FC
.text C:\Windows\System32\spoolsv.exe[644] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\csrss.exe[672] KERNEL32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[728] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[728] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[728] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[728] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[728] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[728] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[728] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[728] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[728] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[728] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[728] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000603FC
.text C:\Windows\system32\wininit.exe[728] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[728] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00061014
.text C:\Windows\system32\wininit.exe[728] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[728] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00060A08
.text C:\Windows\system32\wininit.exe[728] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00060C0C
.text C:\Windows\system32\wininit.exe[728] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00060E10
.text C:\Windows\system32\wininit.exe[728] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[728] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00070600
.text C:\Windows\system32\wininit.exe[728] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00070804
.text C:\Windows\system32\wininit.exe[728] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00070A08
.text C:\Windows\system32\wininit.exe[728] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[728] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000701F8
.text C:\Windows\system32\wininit.exe[728] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\wininit.exe[728] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\csrss.exe[740] KERNEL32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\system32\services.exe[772] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[772] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[772] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[772] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[772] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[772] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[772] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

.text C:\Windows\system32\services.exe[772] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\system32\services.exe[772] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[772] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[772] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[772] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[772] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[772] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[772] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[772] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[772] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[772] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[772] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[772] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[772] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\services.exe[772] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[772] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[772] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\services.exe[772] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[784] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[784] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[784] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[784] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[784] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[784] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[784] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00090600
.text C:\Windows\system32\lsass.exe[784] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00090804
.text C:\Windows\system32\lsass.exe[784] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00090A08
.text C:\Windows\system32\lsass.exe[784] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[784] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000901F8
.text C:\Windows\system32\lsass.exe[784] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000903FC
.text C:\Windows\system32\lsass.exe[784] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[796] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsm.exe[796] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsm.exe[796] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[796] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[796] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[796] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[796] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[796] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\system32\lsm.exe[796] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[796] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[796] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\lsm.exe[796] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\lsm.exe[796] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\lsm.exe[796] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\lsm.exe[796] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\lsm.exe[796] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\lsm.exe[796] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\lsm.exe[796] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\lsm.exe[796] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[796] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehRecvr.exe[904] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000401F8
.text C:\Windows\ehome\ehRecvr.exe[904] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000403FC
.text C:\Windows\ehome\ehRecvr.exe[904] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehRecvr.exe[904] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehRecvr.exe[904] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehRecvr.exe[904] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehRecvr.exe[904] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehRecvr.exe[904] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\ehome\ehRecvr.exe[904] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehRecvr.exe[904] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehRecvr.exe[904] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000603FC
.text C:\Windows\ehome\ehRecvr.exe[904] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00060600
.text C:\Windows\ehome\ehRecvr.exe[904] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00061014
.text C:\Windows\ehome\ehRecvr.exe[904] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00060804
.text C:\Windows\ehome\ehRecvr.exe[904] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00060A08
.text C:\Windows\ehome\ehRecvr.exe[904] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00060C0C
.text C:\Windows\ehome\ehRecvr.exe[904] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00060E10
.text C:\Windows\ehome\ehRecvr.exe[904] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000601F8
.text C:\Windows\ehome\ehRecvr.exe[904] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00070600
.text C:\Windows\ehome\ehRecvr.exe[904] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00070804
.text C:\Windows\ehome\ehRecvr.exe[904] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00070A08
.text C:\Windows\ehome\ehRecvr.exe[904] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehRecvr.exe[904] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000701F8
.text C:\Windows\ehome\ehRecvr.exe[904] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000703FC
.text C:\Windows\ehome\ehRecvr.exe[904] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[932] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[932] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[932] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[932] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[932] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[932] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[932] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[932] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Dwm.exe[944] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[944] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[944] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]

.text C:\Windows\system32\Dwm.exe[944] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[944] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[944] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[944] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[944] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[944] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[944] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[944] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[944] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00080600
.text C:\Windows\system32\Dwm.exe[944] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[944] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[944] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[944] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
.text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC
.text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 002503FC
.text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00250600
.text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00251014
.text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00250804
.text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00250A08
.text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00250C0C
.text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00250E10
.text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 002501F8
.text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00260600
.text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00260804
.text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00260A08
.text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 002601F8
.text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 002603FC
.text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\winlogon.exe[1020] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[1020] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[1020] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[1020] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[1020] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\winlogon.exe[1020] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\winlogon.exe[1020] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[1020] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[1020] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\winlogon.exe[1020] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\winlogon.exe[1020] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[1020] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00060600
.text C:\Windows\system32\winlogon.exe[1020] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00060804
.text C:\Windows\system32\winlogon.exe[1020] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\winlogon.exe[1020] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\winlogon.exe[1020] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1064] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1064] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00100804
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00100A08
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001001F8
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001003FC
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[1096] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000901F8
.text C:\Windows\system32\taskeng.exe[1096] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000903FC
.text C:\Windows\system32\taskeng.exe[1096] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\taskeng.exe[1096] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 000C0600
.text C:\Windows\system32\taskeng.exe[1096] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\taskeng.exe[1096] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\taskeng.exe[1096] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\taskeng.exe[1096] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000C03FC
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1176] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1176] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1176] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 002B0600
.text C:\Windows\System32\svchost.exe[1176] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 002B0804
.text C:\Windows\System32\svchost.exe[1176] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 002B0A08
.text C:\Windows\System32\svchost.exe[1176] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1176] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 002B01F8
.text C:\Windows\System32\svchost.exe[1176] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 002B03FC
.text C:\Windows\System32\svchost.exe[1176] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1208] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1208] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1208] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00C30600
.text C:\Windows\System32\svchost.exe[1208] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00C30804
.text C:\Windows\System32\svchost.exe[1208] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00C30A08
.text C:\Windows\System32\svchost.exe[1208] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1208] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 00C301F8
.text C:\Windows\System32\svchost.exe[1208] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 00C303FC
.text C:\Windows\System32\svchost.exe[1208] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1220] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1220] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1220] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1220] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1220] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1220] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1220] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1220] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00260600
.text C:\Windows\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00260804
.text C:\Windows\system32\svchost.exe[1220] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00260A08
.text C:\Windows\system32\svchost.exe[1220] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1220] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 002601F8
.text C:\Windows\system32\svchost.exe[1220] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 002603FC
.text C:\Windows\system32\svchost.exe[1220] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\AUDIODG.EXE[1396] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1424] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[1424] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[1424] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1424] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1424] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1424] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1424] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1424] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[1424] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1424] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1520] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1520] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1520] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1520] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1520] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1520] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1520] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1520] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 002C0600
.text C:\Windows\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 002C0804
.text C:\Windows\system32\svchost.exe[1520] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 002C0A08
.text C:\Windows\system32\svchost.exe[1520] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1520] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 002C01F8
.text C:\Windows\system32\svchost.exe[1520] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 002C03FC
.text C:\Windows\system32\svchost.exe[1520] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1672] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[1672] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[1672] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[1672] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1672] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[1672] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[1672] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2036] kernel32.dll!SetUnhandledExceptionFilter 76E8A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2036] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\ehome\ehtray.exe[2064] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Windows\ehome\ehtray.exe[2064] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Windows\ehome\ehtray.exe[2064] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehtray.exe[2064] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehtray.exe[2064] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehtray.exe[2064] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehtray.exe[2064] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehtray.exe[2064] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\ehome\ehtray.exe[2064] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehtray.exe[2064] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehtray.exe[2064] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
.text C:\Windows\ehome\ehtray.exe[2064] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
.text C:\Windows\ehome\ehtray.exe[2064] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
.text C:\Windows\ehome\ehtray.exe[2064] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
.text C:\Windows\ehome\ehtray.exe[2064] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
.text C:\Windows\ehome\ehtray.exe[2064] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
.text C:\Windows\ehome\ehtray.exe[2064] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
.text C:\Windows\ehome\ehtray.exe[2064] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
.text C:\Windows\ehome\ehtray.exe[2064] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00080600
.text C:\Windows\ehome\ehtray.exe[2064] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00080804
.text C:\Windows\ehome\ehtray.exe[2064] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00080A08
.text C:\Windows\ehome\ehtray.exe[2064] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehtray.exe[2064] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000801F8
.text C:\Windows\ehome\ehtray.exe[2064] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000803FC
.text C:\Windows\ehome\ehtray.exe[2064] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00081014
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00080C0C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00080E10
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136]

ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00180600
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00180804
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00180A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2148] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2148] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2148] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2148] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2148] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2148] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2148] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2148] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2148] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2148] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2148] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2148] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2148] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2148] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2148] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2148] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2148] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2148] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2148] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2148] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00170600
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00170804.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00170A08
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00180600
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00181014
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00180804
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00180A08
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00180C0C
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00180E10
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00181014
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00180C0C
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00180E10
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001801F8
.text C:\Program Files\iPod\bin\iPodService.exe[2488] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Program Files\iPod\bin\iPodService.exe[2488] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Program Files\iPod\bin\iPodService.exe[2488] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[2488] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[2488] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[2488] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[2488] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[2488] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[2488] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[2488] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[2488] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
.text C:\Program Files\iPod\bin\iPodService.exe[2488] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
.text C:\Program Files\iPod\bin\iPodService.exe[2488] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
.text C:\Program Files\iPod\bin\iPodService.exe[2488] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
.text C:\Program Files\iPod\bin\iPodService.exe[2488] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
.text C:\Program Files\iPod\bin\iPodService.exe[2488] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
.text C:\Program Files\iPod\bin\iPodService.exe[2488] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
.text C:\Program Files\iPod\bin\iPodService.exe[2488] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
.text C:\Program Files\iPod\bin\iPodService.exe[2488] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00080600
.text C:\Program Files\iPod\bin\iPodService.exe[2488] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00080804
.text C:\Program Files\iPod\bin\iPodService.exe[2488] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00080A08
.text C:\Program Files\iPod\bin\iPodService.exe[2488] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[2488] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000801F8
.text C:\Program Files\iPod\bin\iPodService.exe[2488] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000803FC
.text C:\Program Files\iPod\bin\iPodService.exe[2488] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00170600
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00171014
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00170804
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00170A08
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00170C0C
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00170E10
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001701F8
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00180600
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00180804
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00180A08
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2552] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2552] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2552] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2552] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2552] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2552] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2552] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2552] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2552] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00160600
.text C:\Windows\system32\svchost.exe[2552] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00160804
.text C:\Windows\system32\svchost.exe[2552] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00160A08
.text C:\Windows\system32\svchost.exe[2552] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2552] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001601F8
.text C:\Windows\system32\svchost.exe[2552] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001603FC
.text C:\Windows\system32\svchost.exe[2552] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00170600
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00170804
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00170A08
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001701F8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656]

USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001703FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001803FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00180600
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00181014
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00180804
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00180A08
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00180C0C
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00180E10
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001801F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00080600
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00080804
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00080A08
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\Explorer.EXE[2736] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[2736] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[2736] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\Explorer.EXE[2736] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000B03FC
.text C:\Windows\Explorer.EXE[2736] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 000B0600
.text C:\Windows\Explorer.EXE[2736] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 000B1014
.text C:\Windows\Explorer.EXE[2736] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 000B0804
.text C:\Windows\Explorer.EXE[2736] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 000B0A08
.text C:\Windows\Explorer.EXE[2736] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 000B0C0C
.text C:\Windows\Explorer.EXE[2736] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 000B0E10
.text C:\Windows\Explorer.EXE[2736] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000B01F8
.text C:\Windows\Explorer.EXE[2736] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 000C0600
.text C:\Windows\Explorer.EXE[2736] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 000C0804
.text C:\Windows\Explorer.EXE[2736] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 000C0A08
.text C:\Windows\Explorer.EXE[2736] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000C01F8
.text C:\Windows\Explorer.EXE[2736] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000C03FC
.text C:\Windows\system32\svchost.exe[2740] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2740] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2740] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2740] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2740] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2740] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2740] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2740] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2740] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehmsas.exe[2800] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000401F8
.text C:\Windows\ehome\ehmsas.exe[2800] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000403FC
.text C:\Windows\ehome\ehmsas.exe[2800] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehmsas.exe[2800] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehmsas.exe[2800] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehmsas.exe[2800] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehmsas.exe[2800] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehmsas.exe[2800] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\ehome\ehmsas.exe[2800] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehmsas.exe[2800] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehmsas.exe[2800] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000603FC
.text C:\Windows\ehome\ehmsas.exe[2800] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00060600
.text C:\Windows\ehome\ehmsas.exe[2800] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00061014
.text C:\Windows\ehome\ehmsas.exe[2800] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00060804
.text C:\Windows\ehome\ehmsas.exe[2800] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00060A08
.text C:\Windows\ehome\ehmsas.exe[2800] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00060C0C
.text C:\Windows\ehome\ehmsas.exe[2800] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00060E10
.text C:\Windows\ehome\ehmsas.exe[2800] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000601F8
.text C:\Windows\ehome\ehmsas.exe[2800] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00070600
.text C:\Windows\ehome\ehmsas.exe[2800] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00070804
.text C:\Windows\ehome\ehmsas.exe[2800] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00070A08
.text C:\Windows\ehome\ehmsas.exe[2800] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehmsas.exe[2800] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000701F8
.text C:\Windows\ehome\ehmsas.exe[2800] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000703FC
.text C:\Windows\ehome\ehmsas.exe[2800] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00060600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00061014
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00060804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00060A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00060C0C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00060E10
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
.text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC

.text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001703FC
.text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00170600
.text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00171014
.text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00170804
.text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00170A08
.text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00170C0C
.text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00170E10
.text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001701F8
.text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00180600
.text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00180804
.text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00180A08
.text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001801F8
.text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001803FC
.text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2916] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2916] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2916] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2916] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2916] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2916] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2916] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2916] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2916] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2916] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2916] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[2916] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[2916] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[2916] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[2916] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[2916] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[2916] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[2916] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[2916] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2916] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00081014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00080C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00080E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00090600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00090804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00090A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000903FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[3000] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[3000] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[3000] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[3000] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[3000] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[3000] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[3000] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[3000] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3000] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[3000] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[3000] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[3000] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[3000] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[3000] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[3000] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[3000] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[3000] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[3000] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[3000] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[3000] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[3000] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchIndexer.exe[3000] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[3000] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[3000] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\SearchIndexer.exe[3000] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[3136] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Windows\system32\WUDFHost.exe[3136] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\WUDFHost.exe[3136] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[3136] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[3136] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[3136] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[3136] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[3136] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\WUDFHost.exe[3136] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00080600
.text C:\Windows\system32\WUDFHost.exe[3136] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00080804
.text C:\Windows\system32\WUDFHost.exe[3136] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\WUDFHost.exe[3136] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[3136] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000801F8

.text C:\Windows\system32\WUDFHost.exe[3136] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\WUDFHost.exe[3136] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001601F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001603FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 002703FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00270600
.text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00271014
.text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00270804
.text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00270A08
.text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00270C0C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00270E10
.text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 002701F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00280600
.text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00280804
.text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00280A08
.text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 002801F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 002803FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
.text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC
.text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001703FC
.text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00170600
.text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00171014
.text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00170804
.text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00170A08
.text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00170C0C
.text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00170E10
.text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001701F8
.text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00180600
.text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00180804
.text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00180A08
.text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001801F8
.text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001803FC
.text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 002C01F8
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 002C03FC
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] kernel32.dll!CreateThread + 1A 76EACB48 4 Bytes CALL 0008ED99 C:\Program Files\Webroot\Washer\WasherSvc.exe (Window Washer Engine/Webroot Software, Inc.)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] advapi32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] advapi32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] advapi32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 002E03FC
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] advapi32.dll!DeleteService 76F8A07E 5 Bytes JMP 002E0600
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] advapi32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 002E1014
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] advapi32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 002E0804
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] advapi32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 002E0A08
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] advapi32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 002E0C0C
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] advapi32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 002E0E10
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] advapi32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 002E01F8
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 002F0600
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 002F0804
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 002F0A08
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 002F01F8
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 002F03FC
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00180600
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00180804
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00180A08
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001903FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00190600
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00191014
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00190804
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00190A08
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00190C0C
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00190E10
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001901F8
.text C:\Windows\ehome\ehsched.exe[3776] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000401F8
.text C:\Windows\ehome\ehsched.exe[3776] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000403FC
.text C:\Windows\ehome\ehsched.exe[3776] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehsched.exe[3776] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehsched.exe[3776] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehsched.exe[3776] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehsched.exe[3776] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehsched.exe[3776] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\ehome\ehsched.exe[3776] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehsched.exe[3776] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehsched.exe[3776] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000603FC
.text C:\Windows\ehome\ehsched.exe[3776] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00060600
.text C:\Windows\ehome\ehsched.exe[3776] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00061014
.text C:\Windows\ehome\ehsched.exe[3776] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00060804
.text C:\Windows\ehome\ehsched.exe[3776] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00060A08
.text C:\Windows\ehome\ehsched.exe[3776] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00060C0C
.text C:\Windows\ehome\ehsched.exe[3776] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00060E10
.text C:\Windows\ehome\ehsched.exe[3776] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000601F8
.text C:\Windows\ehome\ehsched.exe[3776] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00070600
.text C:\Windows\ehome\ehsched.exe[3776] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00070804
.text C:\Windows\ehome\ehsched.exe[3776] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00070A08
.text C:\Windows\ehome\ehsched.exe[3776] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\ehome\ehsched.exe[3776] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000701F8
.text C:\Windows\ehome\ehsched.exe[3776] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000703FC
.text C:\Windows\ehome\ehsched.exe[3776] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3856] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3856] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3856] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3856] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[3856] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3856] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3856] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3856] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3856] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3856] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3856] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3856] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3856] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3856] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3856] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3856] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3856] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3856] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[3856] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3856] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[4004] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[4004] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[4004] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[4004] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[4004] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[4004] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[4004] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[4004] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[4004] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[4004] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[4004] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\taskeng.exe[4004] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\taskeng.exe[4004] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\taskeng.exe[4004] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\taskeng.exe[4004] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\taskeng.exe[4004] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\taskeng.exe[4004] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\taskeng.exe[4004] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\taskeng.exe[4004] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 000C0600
.text C:\Windows\system32\taskeng.exe[4004] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\taskeng.exe[4004] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\taskeng.exe[4004] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[4004] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\taskeng.exe[4004] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000C03FC
.text C:\Windows\system32\taskeng.exe[4004] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[4124] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\unsecapp.exe[4124] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\unsecapp.exe[4124] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[4124] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\unsecapp.exe[4124] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\unsecapp.exe[4124] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\unsecapp.exe[4124] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\unsecapp.exe[4124] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\unsecapp.exe[4124] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\unsecapp.exe[4124] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\unsecapp.exe[4124] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\unsecapp.exe[4124] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\unsecapp.exe[4124] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\unsecapp.exe[4124] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\unsecapp.exe[4124] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\unsecapp.exe[4124] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\wbem\wmiprvse.exe[4152] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\wmiprvse.exe[4152] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\wmiprvse.exe[4152] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[4152] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[4152] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[4152] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[4152] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[4152] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[4152] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[4152] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[4152] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\wmiprvse.exe[4152] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\wmiprvse.exe[4152] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\wmiprvse.exe[4152] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\wmiprvse.exe[4152] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\wmiprvse.exe[4152] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\wmiprvse.exe[4152] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\wmiprvse.exe[4152] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\wmiprvse.exe[4152] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00180600
.text C:\Windows\system32\wbem\wmiprvse.exe[4152] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00180804
.text C:\Windows\system32\wbem\wmiprvse.exe[4152] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00180A08
.text C:\Windows\system32\wbem\wmiprvse.exe[4152] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[4152] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001801F8
.text C:\Windows\system32\wbem\wmiprvse.exe[4152] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\wbem\wmiprvse.exe[4152] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] kernel32.dll!SetUnhandledExceptionFilter 76E8A8C5 5 Bytes JMP 209F37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00170600
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00170804
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00170A08
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001701F8
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001703FC
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001803FC
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00180600
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00181014
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00180804
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00180A08
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00180C0C
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00180E10
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001801F8
.text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
.text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC
.text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00E90600
.text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00E90804
.text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00E90A08
.text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 00E901F8
.text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 00E903FC
.text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 00EB03FC
.text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00EB0600
.text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00EB1014
.text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00EB0804
.text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00EB0A08
.text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00EB0C0C
.text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00EB0E10
.text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 00EB01F8
.text C:\Users\Peter\Desktop\gmer.exe[4524] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Peter\Desktop\gmer.exe[4524] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Peter\Desktop\gmer.exe[4524] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Peter\Desktop\gmer.exe[4524] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Peter\Desktop\gmer.exe[4524] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Peter\Desktop\gmer.exe[4524] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Users\Peter\Desktop\gmer.exe[4524] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Peter\Desktop\gmer.exe[4524] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Peter\Desktop\gmer.exe[4524] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Peter\Desktop\gmer.exe[4524] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001401F8
.text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001403FC
.text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00160600
.text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00160804
.text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00160A08
.text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001601F8
.text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001603FC
.text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001703FC
.text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00170600
.text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00171014
.text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00170804

.text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00170A08
.text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00170C0C
.text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00170E10
.text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001701F8
.text C:\Windows\System32\rundll32.exe[5100] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000A01F8
.text C:\Windows\System32\rundll32.exe[5100] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000A03FC
.text C:\Windows\System32\rundll32.exe[5100] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\rundll32.exe[5100] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\rundll32.exe[5100] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\rundll32.exe[5100] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\rundll32.exe[5100] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\rundll32.exe[5100] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\System32\rundll32.exe[5100] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 000B0600
.text C:\Windows\System32\rundll32.exe[5100] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 000B0804
.text C:\Windows\System32\rundll32.exe[5100] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 000B0A08
.text C:\Windows\System32\rundll32.exe[5100] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\rundll32.exe[5100] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000B01F8
.text C:\Windows\System32\rundll32.exe[5100] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000B03FC
.text C:\Windows\System32\rundll32.exe[5100] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\rundll32.exe[5100] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\rundll32.exe[5100] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\rundll32.exe[5100] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000C03FC
.text C:\Windows\System32\rundll32.exe[5100] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 000C0600
.text C:\Windows\System32\rundll32.exe[5100] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 000C1014
.text C:\Windows\System32\rundll32.exe[5100] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 000C0804
.text C:\Windows\System32\rundll32.exe[5100] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 000C0A08
.text C:\Windows\System32\rundll32.exe[5100] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 000C0C0C
.text C:\Windows\System32\rundll32.exe[5100] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 000C0E10
.text C:\Windows\System32\rundll32.exe[5100] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000C01F8
.text C:\Windows\System32\rundll32.exe[5112] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000601F8
.text C:\Windows\System32\rundll32.exe[5112] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000603FC
.text C:\Windows\System32\rundll32.exe[5112] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\rundll32.exe[5112] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\rundll32.exe[5112] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\rundll32.exe[5112] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\rundll32.exe[5112] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\rundll32.exe[5112] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Windows\System32\rundll32.exe[5112] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00070600
.text C:\Windows\System32\rundll32.exe[5112] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00070804
.text C:\Windows\System32\rundll32.exe[5112] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00070A08
.text C:\Windows\System32\rundll32.exe[5112] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\rundll32.exe[5112] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000701F8
.text C:\Windows\System32\rundll32.exe[5112] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000703FC
.text C:\Windows\System32\rundll32.exe[5112] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\rundll32.exe[5112] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\rundll32.exe[5112] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\rundll32.exe[5112] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000803FC
.text C:\Windows\System32\rundll32.exe[5112] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00080600
.text C:\Windows\System32\rundll32.exe[5112] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00081014
.text C:\Windows\System32\rundll32.exe[5112] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00080804
.text C:\Windows\System32\rundll32.exe[5112] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00080A08
.text C:\Windows\System32\rundll32.exe[5112] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00080C0C
.text C:\Windows\System32\rundll32.exe[5112] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00080E10
.text C:\Windows\System32\rundll32.exe[5112] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000801F8
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00180600
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00181014
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00180C0C
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00180E10
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001801F8
.text C:\Program Files\Eraser\Eraser.exe[5332] KERNEL32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00180600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00181014
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00180C0C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00180E10
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001801F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001601F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001603FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00170600
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00170804
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00170A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001701F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001703FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001803FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00180600
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00181014
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00180804
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00180A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00180C0C
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00180E10
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00260600
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00260804
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00260A08
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 002601F8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 002603FC
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 002703FC
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00270600
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00271014
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00270804
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00270A08
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00270C0C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00270E10
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 002701F8
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5960] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5960] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5960] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5960] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5960] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5960] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]

.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5960] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5960] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5960] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5960] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[6060] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
.text C:\Program Files\iTunes\iTunesHelper.exe[6060] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
.text C:\Program Files\iTunes\iTunesHelper.exe[6060] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[6060] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[6060] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[6060] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[6060] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[6060] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[6060] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[6060] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[6060] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
.text C:\Program Files\iTunes\iTunesHelper.exe[6060] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
.text C:\Program Files\iTunes\iTunesHelper.exe[6060] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
.text C:\Program Files\iTunes\iTunesHelper.exe[6060] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
.text C:\Program Files\iTunes\iTunesHelper.exe[6060] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
.text C:\Program Files\iTunes\iTunesHelper.exe[6060] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
.text C:\Program Files\iTunes\iTunesHelper.exe[6060] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
.text C:\Program Files\iTunes\iTunesHelper.exe[6060] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
.text C:\Program Files\iTunes\iTunesHelper.exe[6060] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00080600
.text C:\Program Files\iTunes\iTunesHelper.exe[6060] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00080804
.text C:\Program Files\iTunes\iTunesHelper.exe[6060] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00080A08
.text C:\Program Files\iTunes\iTunesHelper.exe[6060] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[6060] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000801F8
.text C:\Program Files\iTunes\iTunesHelper.exe[6060] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000803FC
.text C:\Program Files\iTunes\iTunesHelper.exe[6060] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000903FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[6076] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[6076] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000C03FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 000C0600
.text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 000C1014
.text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 000C0804
.text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 000C0A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 000C0C0C
.text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 000C0E10
.text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000C01F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[6076] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 000D0600
.text C:\Program Files\Windows Sidebar\sidebar.exe[6076] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 000D0804
.text C:\Program Files\Windows Sidebar\sidebar.exe[6076] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 000D0A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[6076] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[6076] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000D01F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[6076] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000D03FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[6076] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\svchost.exe[12] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleW] [716A4360] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [716A4380] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [716A3E90] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [716A4340] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [716A9EF0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [716A9EF0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [716A20F0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!RegisterWaitForSingleObject] [716A1F20] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] [716A9EF0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [76F2DDF5] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [76F2DDF5] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] [76F2DDFA] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [76F2DDF5] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\System32\spoolsv.exe[644] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\wininit.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\services.exe[772] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00A40002
IAT C:\Windows\system32\services.exe[772] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00A40000
IAT C:\Windows\system32\services.exe[772] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\lsass.exe[784] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\lsm.exe[796] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\ehome\ehRecvr.exe[904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[932] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Softex\OmniPass\OmniServ.exe[996] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1064] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\System32\svchost.exe[1176] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\System32\svchost.exe[1208] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1220] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1424] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1520] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1672] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2036] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7346F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Windows\ehome\ehtray.exe[2064] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Bonjour\mDNSResponder.exe[2136] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[2148] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\iPod\bin\iPodService.exe[2488] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[2552] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74177817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741CA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7417BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7416F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7416E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [741A8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7417DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7416FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7416FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [741FCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7419C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7416D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74166853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7416687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74172AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[2740] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\ehome\ehmsas.exe[2800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\System32\svchost.exe[2916] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\SearchIndexer.exe[3000] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\WUDFHost.exe[3136] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[3272] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0008EEF0] C:\Program Files\Webroot\Washer\WasherSvc.exe (Window Washer Engine/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!QueueUserWorkItem] [0008EEF0] C:\Program Files\Webroot\Washer\WasherSvc.exe (Window Washer Engine/Webroot Software, Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\ehome\ehsched.exe[3776] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[3856] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\taskeng.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4152] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Users\Peter\Desktop\gmer.exe[4524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]

[20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\System32\rundll32.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\System32\rundll32.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[5960] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\iTunes\iTunesHelper.exe[6060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[6076] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018db000a61
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018db000a61@64a7698a0944 0xC6 0x09 0x4B 0x9C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018db000a61@64a76953e1e7 0x96 0x31 0xF3 0x93 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0018db000a61 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0018db000a61@64a7698a0944 0xC6 0x09 0x4B 0x9C ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0018db000a61@64a76953e1e7 0x96 0x31 0xF3 0x93 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0018db000a61 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0018db000a61@64a7698a0944 0xC6 0x09 0x4B 0x9C ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0018db000a61@64a76953e1e7 0x96 0x31 0xF3 0x93 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0018db000a61 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0018db000a61@64a7698a0944 0xC6 0x09 0x4B 0x9C ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0018db000a61@64a76953e1e7 0x96 0x31 0xF3 0x93 ...
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\0018db000a61 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\0018db000a61@64a7698a0944 0xC6 0x09 0x4B 0x9C ...
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\0018db000a61@64a76953e1e7 0x96 0x31 0xF3 0x93 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0xE7 0x32 0xA3 0x8E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.15 ----

File C:\avast! sandbox 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users\Peter 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users\Peter\AppData 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users\Peter\AppData\Local 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users\Peter\AppData\Local\Mozilla 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users\Peter\AppData\Local\Mozilla\Firefox 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users\Peter\AppData\Local\Mozilla\Firefox\Profiles 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users\Peter\AppData\Local\Mozilla\Firefox\Profiles\aswc476t.default 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users\Peter\AppData\Local\Temp 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users\Peter\AppData\Local\Temp\IswTmp 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users\Peter\AppData\Local\Temp\IswTmp\Logs 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users\Peter\AppData\Local\Temp\IswTmp\Logs\ISWDMP.swl 364 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users\Peter\AppData\Local\Temp\IswTmp\Logs\ISWFWMON.swl 1900 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users\Peter\AppData\Local\Temp\IswTmp\Logs\ISWSHEX.swl 161340 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users\Peter\AppData\Local\Temp\IswTmp\Logs\ISWUL_MIN.swl 2092 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users\Peter\AppData\Roaming 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users\Peter\AppData\Roaming\Mozilla 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users\Peter\AppData\Roaming\Mozilla\Firefox 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\aswc476t.default 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\aswc476t.default\cert8.db 229376 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\aswc476t.default\chromeappsstore.sqlite 98304 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\aswc476t.default\content-prefs.sqlite 7168 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\aswc476t.default\formhistory.sqlite 55296 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\aswc476t.default\key3.db 16384 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\aswc476t.default\permissions.sqlite 2048 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\aswc476t.default\webappsstore.sqlite 595968 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Windows 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Windows\Prefetch 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Windows\Prefetch\FIREFOX.EXE-654F07B8.pf 63604 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Windows\ServiceProfiles 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Windows\ServiceProfiles\NetworkService 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Windows\ServiceProfiles\NetworkService\AppData 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Windows\ServiceProfiles\NetworkService\AppData\Local 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\C\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp 0 bytes
File C:\avast! sandbox\S-1-5-21-2095740272-4141472741-184000740-1000\webStorage\snx_fs.dat 5728 bytes
File C:\avast! sandbox\snx_rhive 262144 bytes
File C:\avast! sandbox\snx_rhive.LOG1 33792 bytes
File C:\avast! sandbox\snx_rhive.LOG2 0 bytes
File C:\avast! sandbox\snx_rhive{1eb01721-9373-11e1-a38d-000ae4cb91f2}.TM.blf 65536 bytes
File C:\avast! sandbox\snx_rhive{1eb01721-9373-11e1-a38d-000ae4cb91f2}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\avast! sandbox\snx_rhive{1eb01721-9373-11e1-a38d-000ae4cb91f2}.TMContainer00000000000000000002.regtrans-ms 524288 bytes

---- EOF - GMER 1.0.15 ----

I am now running aswMBR it has been going for 4 hours so far, I will post the logs up tomorrow.

Is there anything else needed from me ?

Welcome aboard https://discussions.virtualdr.com/

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================================

If aswMBR is stuck stop it and try to re-run it from safe mode.

I was doing some research last night and checked out the hosts file and that was normal. As I was able to conenct to the wireless network but not able to get on the web I thought I would try and set a static IP instead or "obtain one automatically". I used the DNS 8.8.8.8 and 8.8.4.4 and straight away I was able to access the web. I have updated and run Malarebytes, zonealarm antivirus and spybot. Zonealarm found and removed another 2 trojans, Malawarebytes came back clear and Spybot found a few registry entries and tracking cookies. I am going to run them all again until clear and then change the adaptor settings back to "auto" and see what happens. It seems that the virus has changed some DNS settings somewhere, I will investigate further if it does not work when set to auto and let you know the results.

Don't forget to retry aswMBR from safe mode.

Still with me?

Yes sorry it was my birthday weekend and as a result I did not get a chance to continue this, I will be looking in the next day or two....sorry.

Happy Birthday :)

OK I am back in the land of the living after a fantastic Birthday weekend.....

I have changed the dns settings and the static IP address back to auto and it is still owrking ok, which is good.

I am running aswMBR from safe mode at the moment and will post results once I have them.

Thx

Cloutty

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-21 10:17:53
-----------------------------
10:17:53.446 OS Version: Windows 6.0.6002 Service Pack 2
10:17:53.446 Number of processors: 2 586 0xF0D
10:17:53.446 ComputerName: PETER-PC UserName: Peter
10:17:57.252 Initialize success
10:18:34.520 AVAST engine download error: 0
10:21:06.606 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
10:21:06.606 Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 3
10:21:06.653 Disk 0 MBR read successfully
10:21:06.653 Disk 0 MBR scan
10:21:06.684 Disk 0 Windows VISTA default MBR code
10:21:06.684 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 275246 MB offset 63
10:21:06.699 Disk 0 Partition - 00 0F Extended LBA 29996 MB offset 563704785
10:21:06.731 Disk 0 Partition 2 00 0B FAT32 MSWIN4.1 29996 MB offset 563704848
10:21:06.746 Disk 0 scanning sectors +625137345
10:21:06.871 Disk 0 scanning C:\Windows\system32\drivers
10:21:16.574 Service scanning
10:21:38.211 Modules scanning
10:21:42.361 Disk 0 trace - called modules:
10:21:42.423 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
10:21:42.423 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86e59030]
10:21:42.439 3 CLASSPNP.SYS[8bfbe8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x868de8a0]
10:21:42.470 Scan finished successfully
10:21:52.626 Disk 0 MBR has been saved successfully to "C:\Users\Peter\Desktop\MBR.dat"
10:21:52.688 The log file has been saved successfully to "C:\Users\Peter\Desktop\aswMBR.txt"

Good news :)

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
Double-click on the Rkill icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Combofix.txt

ComboFix 12-06-21.03 - Peter 22/06/2012 11:21:19.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1742 [GMT 1:00]
Running from: c:\users\Peter\Desktop\ComboFix.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-22 10:37 . 2012-06-22 10:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-22 10:09 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 10:09 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 10:09 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 10:09 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 10:09 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 10:09 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 21:07 . 2012-06-14 21:07 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-14 21:07 . 2012-06-14 21:07 588728 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-06-14 21:07 . 2012-06-14 21:07 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-06-14 21:07 . 2012-06-14 21:07 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-06-14 21:07 . 2012-06-14 21:07 43960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-06-14 21:07 . 2012-06-14 21:07 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-14 21:07 . 2012-06-14 21:07 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-06-14 21:07 . 2012-06-14 21:07 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-06-13 23:28 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FDBB108-7307-4E62-B6AC-598B0A4A2CF0}\mpengine.dll
2012-06-13 23:21 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 23:21 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 23:21 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 23:20 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 23:20 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 21:39 . 2012-01-09 17:59 11352 ----a-w- c:\windows\system32\drivers\kl2.sys
2012-06-13 21:39 . 2012-01-09 17:59 133208 ----a-w- c:\windows\system32\drivers\kl1.sys
2012-06-13 21:35 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 21:35 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-06-13 21:35 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-13 18:38 . 2012-06-13 18:38 388096 ----a-r- c:\users\Peter\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-13 18:38 . 2012-06-13 18:38 -------- d-----w- c:\program files\Trend Micro
2012-06-13 09:07 . 2012-06-13 09:07 -------- d-----w- c:\users\Peter\AppData\Roaming\DriverCure
2012-06-13 09:06 . 2012-06-13 09:06 -------- d-----w- c:\users\Peter\AppData\Roaming\SpeedMaxPc
2012-06-13 09:06 . 2012-06-13 09:19 -------- d-----w- c:\programdata\SpeedMaxPc
2012-05-27 13:39 . 2012-05-27 22:03 -------- d-----w- C:\f4ef9b7705419548d20f362e93
2012-05-27 09:11 . 2012-05-27 22:03 -------- d-----w- C:\0ff4fcf6c01f0756996d7f46993ce03a
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 18:02 . 2012-03-30 04:51 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 18:02 . 2011-05-25 16:55 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 14:56 . 2010-07-06 20:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-26 14:26 . 2011-09-26 15:03 3480352 ----a-w- c:\program files\ccsetup310.exe
2012-06-14 21:07 . 2011-04-01 15:26 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49 176936 ----a-w- c:\program files\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E841418A-B263-40AB-9F16-7F603AA7B6A1}]
2010-08-12 16:19 86696 ----a-w- c:\program files\allmywebtb\AllMyWebDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E841418A-B263-40AB-9F16-7F603AA7B6A1}"= "c:\program files\allmywebtb\AllMyWebDx.dll" [2010-08-12 86696]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e841418a-b263-40ab-9f16-7f603aa7b6a1}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-11-02 2564096]
"UpdatePPShortCut"="c:\program files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-20 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-20 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-20 81920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-06-01 73392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TwonkyMedia Tray Control.lnk - c:\program files\TwonkyMedia\twonkymediaserverconfig.exe [2010-11-4 595544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 21:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-10-15 09:14 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2007-10-17 14:42 128296 ------w- c:\program files\HomeCinema\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2010-11-04 22:09 980368 ----a-w- c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 04:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 21:17 52256 ----a-w- c:\program files\HomeCinema\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-04-04 14:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-04-04 14:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 01:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-09-24 12:57 2254120 ----a-w- c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
2007-07-05 11:35 94208 ----a-w- c:\windows\PLFSetL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 17:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-02-09 19:51 71216 ------w- c:\program files\HomeCinema\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-09-03 17:39 4702208 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-08-03 12:22 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 14:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-07-07 11:37 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-11-22 16:38 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:02]
.
2012-05-05 c:\windows\Tasks\At1.job
- c:\windows\system32\PresentationHHost.exe [2010-07-08 09:55]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 17:44]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 17:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Playlist - c:\program files\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
IE: TwonkyBeam to - c:\program files\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/231
IE: {{339E0A0F-ACAE-408f-AAD7-4E9158FFDE7C} - {BE8D0059-D24D-4919-B76F-99F4A2203647} {BE8D0059-D24D-4919-B76F-99F4A2203647} - {be8d0059-d24d-4919-b76f-99f4a2203647}\inprocserver32 does not exist!
TCP: DhcpNameServer = 212.113.0.3 212.113.0.4
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\aswc476t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109985
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 68b91b800000000000000015af9de691
FF - user.js: extensions.BabylonToolbar_i.hardId - 68b91b800000000000000015af9de691
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15378
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:27
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.zonealarm.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.zonealarm.autoRvrt - true
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN17734923328723-1001&toolbarId=base&affiliateId=1001&Lan={dfltLng}&utid=68b91b800000000000000015af9de691&q=
FF - user.js: extensions.zonealarm.id - 68b91b800000000000000015af9de691
FF - user.js: extensions.zonealarm.instlDay - 15504
FF - user.js: extensions.zonealarm.vrsn - 1.5.24.4
FF - user.js: extensions.zonealarm.vrsni - 1.5.24.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.24.422:37
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN17734923328723-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - true
FF - user.js: extensions.zonealarm.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ISW - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-22 11:38
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(704)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'Explorer.exe'(3152)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\Softex\OmniPass\SCUREDLL.dll
.
Completion time: 2012-06-22 11:48:47
ComboFix-quarantined-files.txt 2012-06-22 10:48
ComboFix2.txt 2012-05-30 17:10
ComboFix3.txt 2012-05-30 12:25
.
Pre-Run: 139,152,134,144 bytes free
Post-Run: 139,153,870,848 bytes free
.
- - End Of File - - 0E7B967002CB2BCAF739427B56198D3D

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

AtJob:: ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

https://discussions.virtualdr.com/im.../2016/03/2.gif

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
Combofix.txt

ComboFix 12-06-25.02 - Peter 25/06/2012 10:05:39.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1890 [GMT 1:00]
Running from: c:\users\Peter\Desktop\ComboFix.exe
Command switches used :: c:\users\Peter\Desktop\CFScript.txt
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\At1.job
.
.
((((((((((((((((((((((((( Files Created from 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))))
.
.
2012-06-25 09:21 . 2012-06-25 09:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-22 10:09 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 10:09 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 10:09 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 10:09 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 10:09 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 10:09 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 10:09 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 10:09 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 10:09 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 21:07 . 2012-06-14 21:07 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-14 21:07 . 2012-06-14 21:07 588728 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-06-14 21:07 . 2012-06-14 21:07 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-06-14 21:07 . 2012-06-14 21:07 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-06-14 21:07 . 2012-06-14 21:07 43960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-06-14 21:07 . 2012-06-14 21:07 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-14 21:07 . 2012-06-14 21:07 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-06-14 21:07 . 2012-06-14 21:07 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-06-13 23:28 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FDBB108-7307-4E62-B6AC-598B0A4A2CF0}\mpengine.dll
2012-06-13 23:21 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 23:21 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 23:21 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 23:20 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 23:20 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 21:39 . 2012-01-09 17:59 11352 ----a-w- c:\windows\system32\drivers\kl2.sys
2012-06-13 21:39 . 2012-01-09 17:59 133208 ----a-w- c:\windows\system32\drivers\kl1.sys
2012-06-13 21:35 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 21:35 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-06-13 21:35 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-13 18:38 . 2012-06-13 18:38 388096 ----a-r- c:\users\Peter\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-13 18:38 . 2012-06-13 18:38 -------- d-----w- c:\program files\Trend Micro
2012-06-13 09:07 . 2012-06-13 09:07 -------- d-----w- c:\users\Peter\AppData\Roaming\DriverCure
2012-06-13 09:06 . 2012-06-13 09:06 -------- d-----w- c:\users\Peter\AppData\Roaming\SpeedMaxPc
2012-06-13 09:06 . 2012-06-13 09:19 -------- d-----w- c:\programdata\SpeedMaxPc
2012-05-27 13:39 . 2012-05-27 22:03 -------- d-----w- C:\f4ef9b7705419548d20f362e93
2012-05-27 09:11 . 2012-05-27 22:03 -------- d-----w- C:\0ff4fcf6c01f0756996d7f46993ce03a
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 09:02 . 2012-03-30 04:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-25 09:02 . 2011-05-25 16:55 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 14:56 . 2010-07-06 20:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-26 14:26 . 2011-09-26 15:03 3480352 ----a-w- c:\program files\ccsetup310.exe
2012-06-14 21:07 . 2011-04-01 15:26 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49 176936 ----a-w- c:\program files\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E841418A-B263-40AB-9F16-7F603AA7B6A1}]
2010-08-12 16:19 86696 ----a-w- c:\program files\allmywebtb\AllMyWebDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E841418A-B263-40AB-9F16-7F603AA7B6A1}"= "c:\program files\allmywebtb\AllMyWebDx.dll" [2010-08-12 86696]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e841418a-b263-40ab-9f16-7f603aa7b6a1}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-11-02 2564096]
"UpdatePPShortCut"="c:\program files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-20 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-20 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-20 81920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-06-01 73392]
"ISW"="" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TwonkyMedia Tray Control.lnk - c:\program files\TwonkyMedia\twonkymediaserverconfig.exe [2010-11-4 595544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 21:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-10-15 09:14 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2007-10-17 14:42 128296 ------w- c:\program files\HomeCinema\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2010-11-04 22:09 980368 ----a-w- c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 04:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 21:17 52256 ----a-w- c:\program files\HomeCinema\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-04-04 14:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-04-04 14:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 01:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-09-24 12:57 2254120 ----a-w- c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
2007-07-05 11:35 94208 ----a-w- c:\windows\PLFSetL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 17:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-02-09 19:51 71216 ------w- c:\program files\HomeCinema\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-09-03 17:39 4702208 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-08-03 12:22 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 14:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-07-07 11:37 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-11-22 16:38 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 250056]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 09:02]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 17:44]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 17:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Playlist - c:\program files\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
IE: TwonkyBeam to - c:\program files\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/231
IE: {{339E0A0F-ACAE-408f-AAD7-4E9158FFDE7C} - {BE8D0059-D24D-4919-B76F-99F4A2203647} {BE8D0059-D24D-4919-B76F-99F4A2203647} - {be8d0059-d24d-4919-b76f-99f4a2203647}\inprocserver32 does not exist!
TCP: DhcpNameServer = 212.113.0.3 212.113.0.4
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\aswc476t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109985
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 68b91b800000000000000015af9de691
FF - user.js: extensions.BabylonToolbar_i.hardId - 68b91b800000000000000015af9de691
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15378
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:27
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.zonealarm.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.zonealarm.autoRvrt - true
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN17734923328723-1001&toolbarId=base&affiliateId=1001&Lan={dfltLng}&utid=68b91b800000000000000015af9de691&q=
FF - user.js: extensions.zonealarm.id - 68b91b800000000000000015af9de691
FF - user.js: extensions.zonealarm.instlDay - 15504
FF - user.js: extensions.zonealarm.vrsn - 1.5.24.4
FF - user.js: extensions.zonealarm.vrsni - 1.5.24.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.24.422:37
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN17734923328723-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - true
FF - user.js: extensions.zonealarm.admin - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-25 10:21
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(700)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2012-06-25 10:30:01
ComboFix-quarantined-files.txt 2012-06-25 09:29
ComboFix2.txt 2012-06-22 10:48
ComboFix3.txt 2012-05-30 17:10
ComboFix4.txt 2012-05-30 12:25
.
Pre-Run: 139,290,447,872 bytes free
Post-Run: 139,252,350,976 bytes free
.
- - End Of File - - F850DA047AEF6E3FE84FB633B6390A3A

Looks good.

Any current issues?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

OTL.txt

OTL logfile created on: 26/06/2012 12:48:16 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Peter\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 42.81% Memory free
6.19 Gb Paging File | 4.60 Gb Available in Paging File | 74.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268.80 Gb Total Space | 129.81 Gb Free Space | 48.29% Space Free | Partition Type: NTFS
Drive D: | 29.28 Gb Total Space | 19.96 Gb Free Space | 68.17% Space Free | Partition Type: FAT32

Computer Name: PETER-PC | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/26 12:33:26 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
PRC - [2012/06/25 10:02:15 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012/06/14 22:07:02 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/01 17:33:28 | 002,446,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2012/06/01 17:03:22 | 000,073,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2012/04/30 20:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2012/04/30 20:04:28 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/11/04 02:58:46 | 000,497,240 | ---- | M] (PacketVideo) -- C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe
PRC - [2010/11/04 02:58:44 | 000,595,544 | ---- | M] (PacketVideo) -- C:\Program Files\TwonkyMedia\twonkymediaserverconfig.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 23:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/01 12:17:28 | 000,434,176 | ---- | M] () -- C:\Program Files\TwonkyMedia\twonkymediaserver.exe
PRC - [2008/09/24 13:57:34 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/09/24 13:57:14 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
PRC - [2007/11/26 15:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007/11/02 12:35:42 | 002,564,096 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scureapp.exe
PRC - [2007/11/02 12:31:24 | 000,069,632 | ---- | M] () -- C:\Program Files\Softex\OmniPass\opvapp.exe
PRC - [2007/11/02 12:31:08 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe
PRC - [2007/08/31 11:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/25 10:02:15 | 009,459,912 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012/06/14 22:07:02 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/04/30 19:08:52 | 000,225,280 | ---- | M] () -- C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
MOD - [2012/04/30 19:06:40 | 000,221,184 | ---- | M] () -- C:\Program Files\CheckPoint\ZAForceField\TrustChecker\components\MozillaDownload.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/11/02 12:36:16 | 000,048,208 | ---- | M] () -- C:\Program Files\Softex\OmniPass\hdddrv.dll
MOD - [2007/11/02 12:35:42 | 002,564,096 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scureapp.exe
MOD - [2007/11/02 12:28:16 | 000,434,176 | ---- | M] () -- C:\Program Files\Softex\OmniPass\userdata.dll
MOD - [2007/11/02 12:28:04 | 001,077,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\autheng.dll
MOD - [2007/11/02 12:27:48 | 000,532,480 | ---- | M] () -- C:\Program Files\Softex\OmniPass\storeng.dll
MOD - [2007/11/02 12:27:40 | 000,061,440 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scuredll.dll
MOD - [2007/11/02 12:27:38 | 000,065,536 | ---- | M] () -- C:\Program Files\Softex\OmniPass\opfsdll.dll
MOD - [2007/11/02 12:27:28 | 000,016,896 | ---- | M] () -- C:\Program Files\Softex\OmniPass\cryptodll.dll
MOD - [2007/11/02 12:27:26 | 000,013,824 | ---- | M] () -- C:\Program Files\Softex\OmniPass\SSPLogon.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/06/25 10:02:16 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/14 22:07:02 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/01 17:33:28 | 002,446,392 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012/04/30 20:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/12/28 09:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/11/29 11:41:26 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/11/04 02:58:46 | 000,497,240 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe -- (TwonkyMedia)
SRV - [2008/09/24 13:57:34 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/09/24 13:57:14 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/26 15:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2007/11/02 12:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Peter\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/04/30 20:05:40 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2012/01/09 18:59:32 | 000,468,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012/01/09 18:59:30 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2012/01/09 18:59:30 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011/09/22 13:25:11 | 000,012,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2011/05/07 18:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010/06/23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/06/09 13:00:48 | 001,554,472 | ---- | M] (Trident Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrdCap.sys -- (TrdCap)
DRV - [2009/02/06 02:39:08 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2009/02/06 02:39:00 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2009/02/06 02:38:24 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2008/10/28 23:48:24 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2007/12/20 02:46:00 | 007,630,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/11/26 14:47:44 | 000,021,832 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Webroot\Washer\wrSSweep.sys -- (wrssweep)
DRV - [2007/08/28 15:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/08/22 19:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/07/31 11:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2006/11/02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://startsear.ch/?aff=1&q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
IE - HKLM\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XRxdm005YYgb&ptb=6B73A4A7-1DBB-45C9-B1B5-7F8CF100D5E7&psa=&ind=2011031906&ptnrS=XRxdm005YYgb&si=&st=sb&n=77dde962&searchfor={searchTerms}

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2095740272-4141472741-184000740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKU\S-1-5-21-2095740272-4141472741-184000740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-2095740272-4141472741-184000740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B BA C1 83 F3 7A CC 01 [binary data]
IE - HKU\S-1-5-21-2095740272-4141472741-184000740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2095740272-4141472741-184000740-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2095740272-4141472741-184000740-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2095740272-4141472741-184000740-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109985&babsrc=SP_ss&mntrId=68b91b800000000000000015af9de691
IE - HKU\S-1-5-21-2095740272-4141472741-184000740-1000\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://startsear.ch/?aff=1&q={searchTerms}
IE - HKU\S-1-5-21-2095740272-4141472741-184000740-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo.com/search?fr=chr-vmn&type=AllMyWeb1_0yach&q={searchTerms}&ei=UTF-8
IE - HKU\S-1-5-21-2095740272-4141472741-184000740-1000\..\SearchScopes\{6110A028-47D4-4E50-AD91-C4FCF090B69E}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=68b91b800000000000000015af9de691&tlver=1.4.19.19&affID=17160
IE - HKU\S-1-5-21-2095740272-4141472741-184000740-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2095740272-4141472741-184000740-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={C2A6F20A-7747-4115-9577-69CA88180B7E}&mid=0038287a745747d6a116d143a22f7801-7bec7445dae2153a669ba59a0615b2e2b92ed47c&lang=en&ds=AVG&pr=fr&d=2011-10-13 14:50:19&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2095740272-4141472741-184000740-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80269&lng=en
IE - HKU\S-1-5-21-2095740272-4141472741-184000740-1000\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XRxdm005YYgb&ptb=6B73A4A7-1DBB-45C9-B1B5-7F8CF100D5E7&psa=&ind=2011031906&ptnrS=XRxdm005YYgb&si=&st=sb&n=77dde962&searchfor={searchTerms}
IE - HKU\S-1-5-21-2095740272-4141472741-184000740-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2095740272-4141472741-184000740-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {E841418A-B263-40AB-9F16-7F603AA7B6A1}:1.0
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.25
FF - prefs.js..extensions.enabledItems: {ce18769b-c7fa-42d2-860d-17c4662c70ad}:2.7.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.9.5.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:2.4.4000
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.260.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.97: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@SoccerInferno.com/Plugin: C:\Program Files\SoccerInferno\bar\1.bin\NPj2Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/08/06 20:46:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/08/06 20:52:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\SoccerInferno\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/15 16:40:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/06/13 23:13:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/14 22:07:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/31 12:44:26 | 000,000,000 | ---D | M]

[2010/07/07 13:46:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Extensions
[2012/06/22 11:11:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\aswc476t.default\extensions
[2010/07/23 00:00:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\aswc476t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/19 15:29:33 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\aswc476t.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2011/03/15 08:20:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\aswc476t.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2012/06/14 22:07:09 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\aswc476t.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/06/14 19:48:42 | 000,000,000 | ---D | M] (Babylon-EnglishBB Community Toolbar) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\aswc476t.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}
[2010/08/16 17:57:28 | 000,000,000 | ---D | M] (AllMyWeb) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\aswc476t.default\extensions\{E841418A-B263-40AB-9F16-7F603AA7B6A1}
[2011/04/01 20:05:50 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\aswc476t.default\extensions\[email protected]
[2012/06/13 22:42:04 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\aswc476t.default\extensions\[email protected]
[2012/05/26 17:30:46 | 000,000,000 | ---D | M] (SoccerInferno) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\aswc476t.default\extensions\j2ffxtbr@SoccerInferno(207).com
[2012/04/17 16:14:58 | 000,000,000 | ---D | M] (ALOT Toolbar) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\aswc476t.default\extensions\[email protected]
[2010/10/28 13:39:14 | 000,000,000 | ---D | M] ("TurnTool Viewer") -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\aswc476t.default\extensions\[email protected]
[2010/08/09 22:35:44 | 000,001,832 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\aswc476t.default\searchplugins\bing.xml
[2011/09/24 16:20:22 | 000,000,000 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\aswc476t.default\searchplugins\startsear.xml
[2012/02/28 20:36:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/18 22:41:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/17 21:41:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/11/17 21:41:27 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/13 23:13:54 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
[2012/03/15 16:40:50 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011/08/25 10:42:45 | 000,010,707 | ---- | M] () (No name found) -- C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ASWC476T.DEFAULT\EXTENSIONS\{563E4790-7E70-11DA-A72B-0800200C9A66}.XPI
[2012/06/14 22:07:03 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/09 05:49:04 | 001,037,112 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2012/02/28 20:35:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/10/23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012/06/14 22:06:59 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/15 14:35:14 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/08 14:27:22 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/06/14 22:06:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/14 22:06:59 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/14 22:06:59 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/06/14 22:06:59 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/06/14 22:06:59 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&hl={language}&AF=14437
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: getPlusPlus for Adobe 16287 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft Windows Media Player Firefox Plugin (Enabled) = C:\Users\Peter\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: AVG Safe Search = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: AVG Safe Search = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\
CHR - Extension: vshare plugin = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: Click to call with Skype = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/06/25 10:21:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.24.4\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (AllMyWeb Toolbar) - {E841418A-B263-40AB-9F16-7F603AA7B6A1} - C:\Program Files\allmywebtb\AllMyWebDx.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.20.3\zonealarmTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AllMyWeb Toolbar) - {E841418A-B263-40AB-9F16-7F603AA7B6A1} - C:\Program Files\allmywebtb\AllMyWebDx.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-2095740272-4141472741-184000740-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2095740272-4141472741-184000740-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2095740272-4141472741-184000740-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2095740272-4141472741-184000740-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Add to Playlist - res://C:\Program Files\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: TwonkyBeam to - res://C:\Program Files\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/231 File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: TwonkyBeam for Internet Explorer - {339E0A0F-ACAE-408f-AAD7-4E9158FFDE7C} - Reg Error: Key error. File not found
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Curious%20Case%20of%20Counterfeit%20Cove/Images/stg_drm.ocx (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%203/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1584783E-AB94-433F-B17B-D242A1A6E444}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Peter\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Peter\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - ff_vfw.dll File not found
Drivers32: vidc.tscc - C:\Program Files\MpcStar\Codecs\tscc\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

OTL.txt Continued......

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/26 12:33:26 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
[2012/06/25 10:31:47 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\Macromedia
[2012/06/25 10:30:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/25 10:02:34 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/22 12:14:26 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\PC Fix Stuff
[2012/06/22 11:11:39 | 004,568,098 | R--- | C] (Swearware) -- C:\Users\Peter\Desktop\ComboFix.exe
[2012/06/14 22:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/14 22:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/13 22:39:52 | 000,011,352 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kl2.sys
[2012/06/13 22:39:50 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kl1.sys
[2012/06/13 22:39:42 | 000,468,272 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012/06/13 22:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2012/06/13 22:38:00 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/06/13 19:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/06/13 19:38:25 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/06/13 10:07:00 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\DriverCure
[2012/06/13 10:06:59 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\SpeedMaxPc
[2012/06/13 10:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc
[2012/06/07 19:23:21 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Angry Bird Games
[2012/05/30 12:56:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/30 12:56:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/30 12:56:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/30 12:56:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/30 12:55:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/27 14:39:02 | 000,000,000 | ---D | C] -- C:\f4ef9b7705419548d20f362e93
[2011/09/26 16:03:55 | 003,480,352 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup310.exe
[2011/02/10 14:17:54 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Peter\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/06/26 12:56:55 | 000,003,264 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/26 12:56:55 | 000,003,264 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/26 12:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/26 12:33:26 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
[2012/06/26 12:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/26 08:58:43 | 000,027,839 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\nvModes.001
[2012/06/26 08:57:35 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/26 08:56:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/26 00:13:39 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/25 10:21:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/25 10:01:05 | 004,568,098 | R--- | M] (Swearware) -- C:\Users\Peter\Desktop\ComboFix.exe
[2012/06/21 10:23:38 | 000,441,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/21 10:07:08 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/21 10:07:08 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/21 09:28:54 | 293,174,266 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/14 00:23:25 | 000,001,083 | ---- | M] () -- C:\Users\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/06/13 23:43:24 | 000,001,356 | ---- | M] () -- C:\Users\Peter\AppData\Local\d3d9caps.dat
[2012/06/13 22:42:48 | 000,415,933 | ---- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2012/06/13 22:38:28 | 000,000,639 | ---- | M] () -- C:\Users\Peter\Desktop\ZoneAlarm Security.lnk
[2012/06/13 22:37:09 | 000,000,612 | ---- | M] () -- C:\user.js
[2012/06/13 21:27:35 | 000,000,761 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.old
[2012/06/08 15:39:41 | 000,002,371 | ---- | M] () -- C:\Users\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\SyncToy.lnk
[2012/06/07 19:24:46 | 000,001,740 | ---- | M] () -- C:\Users\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Washer (2).lnk
[2012/06/07 13:43:23 | 000,002,637 | ---- | M] () -- C:\Users\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2012/05/28 20:25:03 | 000,073,728 | ---- | M] () -- C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/27 19:01:32 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

========== Files Created - No Company Name ==========

[2012/06/13 22:38:28 | 000,000,639 | ---- | C] () -- C:\Users\Peter\Desktop\ZoneAlarm Security.lnk
[2012/06/07 19:24:46 | 000,001,740 | ---- | C] () -- C:\Users\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Washer (2).lnk
[2012/05/30 12:56:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/30 12:56:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/30 12:56:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/30 12:56:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/30 12:56:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/29 19:36:16 | 000,000,000 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\log.sflog
[2012/02/20 13:22:01 | 000,000,288 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\.backup.dm
[2011/11/22 22:23:49 | 000,000,981 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/11/03 16:44:29 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011/11/03 16:42:25 | 000,024,227 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\UserTile.png
[2011/09/22 13:08:30 | 000,012,984 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2011/09/20 13:04:01 | 000,009,896 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2011/02/10 14:17:54 | 000,007,887 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\pcouffin.cat
[2011/02/10 14:17:54 | 000,001,144 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\pcouffin.inf
[2010/11/24 14:18:25 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/11/24 14:18:24 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/11/22 14:22:16 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6
[2010/09/22 21:51:47 | 000,073,728 | ---- | C] () -- C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/16 18:00:03 | 000,027,839 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\nvModes.001
[2010/08/16 17:59:59 | 000,027,839 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\nvModes.dat
[2010/07/31 21:29:10 | 000,000,000 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Default.PLS
[2010/07/28 00:14:19 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2010/07/27 23:37:09 | 000,000,216 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2010/07/21 15:11:21 | 001,749,760 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2010/07/21 15:11:21 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2010/07/21 15:11:21 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010/07/21 15:11:20 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2010/07/21 15:11:20 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2010/07/21 15:11:20 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2010/07/18 14:48:45 | 000,000,552 | ---- | C] () -- C:\Users\Peter\AppData\Local\d3d8caps.dat
[2010/07/08 09:58:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/07/08 09:39:57 | 000,045,056 | ---- | C] () -- C:\Windows\System32\PresentationHHost.exe
[2010/07/07 08:57:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/07/07 08:57:51 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/07/06 21:00:45 | 000,001,356 | ---- | C] () -- C:\Users\Peter\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012/03/30 22:27:14 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Akhra
[2012/01/20 14:00:36 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Arkadium
[2011/10/13 14:48:32 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\AVG2012
[2012/01/20 01:19:01 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Awem
[2012/04/19 14:38:05 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Azureus
[2012/05/07 16:47:22 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\BitComet
[2012/03/27 10:22:15 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\CheckPoint
[2010/11/27 19:04:41 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\CometPlayer
[2012/06/13 10:07:00 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\DriverCure
[2012/02/23 17:50:22 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\GameHouse
[2012/01/23 19:04:07 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\GameMill Entertainment
[2011/03/15 15:57:42 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Gygan
[2011/04/14 10:07:14 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Leadertech
[2011/02/25 19:21:27 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Leawo
[2012/03/09 12:11:31 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Meridian93
[2011/02/25 19:21:29 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Moyea
[2012/03/07 14:39:47 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Mystery of Mortlake Mansion
[2011/11/03 16:42:25 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\PeerNetworking
[2012/02/28 21:20:06 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\PopCapv1001
[2012/03/11 12:15:19 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\PopCapv1004
[2012/02/26 13:39:56 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\PopCapv1006
[2011/07/16 19:31:00 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Registry Mechanic
[2012/05/07 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Rovio
[2012/01/12 16:42:40 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Sahmon Games
[2011/11/22 17:53:36 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\SerpentOfIsis
[2012/06/13 10:06:59 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\SpeedMaxPc
[2011/05/15 15:02:29 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\SpinTop
[2012/04/22 12:34:01 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\SpinTop Games
[2012/06/04 16:56:20 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Spotify
[2012/03/20 20:03:30 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\tigerplayer
[2012/01/21 22:02:18 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\TitanicMystery
[2012/02/18 13:14:41 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\TOMI3
[2012/06/26 08:57:19 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\TwonkyMedia
[2012/05/01 17:18:31 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Vso
[2012/06/26 00:13:40 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/06/09 12:33:30 | 000,177,127 | ---- | M] () -- C:\aaw7boot.log
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | R-S- | M] () -- C:\bootmgr
[2010/07/06 21:14:58 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/06/25 10:30:03 | 000,017,830 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/05/07 21:53:36 | 000,000,000 | R-S- | M] () -- C:\IO.SYS
[2009/02/17 14:38:16 | 000,002,488 | ---- | M] () -- C:\LOGFILE.TXT
[2010/07/25 21:56:58 | 000,003,739 | ---- | M] () -- C:\MP4debug.log
[2009/05/07 21:53:36 | 000,000,000 | R-S- | M] () -- C:\MSDOS.SYS
[2012/06/26 08:56:47 | 3533,373,440 | -HS- | M] () -- C:\pagefile.sys
[2010/07/07 11:31:24 | 000,001,113 | ---- | M] () -- C:\rollback.ini
[2011/01/07 12:50:33 | 000,009,599 | ---- | M] () -- C:\scramble.log
[2012/06/13 22:37:09 | 000,000,612 | ---- | M] () -- C:\user.js

< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/07/09 19:15:10 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2011/09/26 15:26:11 | 003,480,352 | ---- | M] (Piriform Ltd) -- C:\Program Files\ccsetup310.exe
[2010/07/07 00:38:31 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >
[2011/12/09 17:07:18 | 000,000,000 | ---D | M] -- C:\Program Files\Home_Accountz_2012\BAK

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/04/14 14:59:09 | 000,000,286 | -HS- | M] () -- C:\Users\Peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/06/25 10:01:05 | 004,568,098 | R--- | M] (Swearware) -- C:\Users\Peter\Desktop\ComboFix.exe
[2012/06/26 12:33:26 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2006/05/19 11:53:02 | 000,013,022 | ---- | M] () -- C:\Windows\snp2uvc.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/26 13:02:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/26 08:57:35 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/26 12:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/26 08:57:03 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/06/26 00:13:40 | 000,032,644 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2012/06/21 09:34:26 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2012/06/21 09:33:56 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2012/06/21 09:33:56 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2012/06/21 09:33:56 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2012/06/21 09:33:56 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2012/06/21 09:33:56 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/07/06 21:01:03 | 000,000,402 | -HS- | M] () -- C:\Users\Peter\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/11/22 14:22:16 | 000,000,011 | ---- | M] () -- C:\ProgramData\.tv6

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:D48500F8
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C6EBC69
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:55422315
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:2F4A0A6B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8BD8CD95
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:C22C13A5
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:77A023CE
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7C60A173
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:A5CD91DF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0441DB7A
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:11411CE5
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:302376F2
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:DA18FD1D
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:211ED887
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A3E39C6A

< End of report >

dupe

Extras.txt

OTL Extras logfile created on: 26/06/2012 12:48:16 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Peter\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 42.81% Memory free
6.19 Gb Paging File | 4.60 Gb Available in Paging File | 74.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268.80 Gb Total Space | 129.81 Gb Free Space | 48.29% Space Free | Partition Type: NTFS
Drive D: | 29.28 Gb Total Space | 19.96 Gb Free Space | 68.17% Space Free | Partition Type: FAT32

Computer Name: PETER-PC | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2095740272-4141472741-184000740-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11754AEB-9923-4201-A0FB-0A7A5B064F4E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{264BB172-84E3-4AE5-914C-2DE7A61C651D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2B8A52E5-6F85-4001-B46B-81932787919F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40EE00A6-6E12-485E-A3BE-20D82A1B918D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6750FACC-CA35-4C53-A679-3975CBEFEED0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{68BD0792-36EB-4E67-BB78-A013EF798564}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{82EC7B27-AB0D-4FE8-9CAE-0B945A31E65F}" = lport=16354 | protocol=17 | dir=in | name=bitcomet 16354 udp |
"{AD7029E2-90B8-41BA-92C0-B9913769A04C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AEC65004-BBE6-4D75-8472-20A5331B7F4C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF7B8BB7-2F93-4F7A-9441-AB0CE6088AD8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{B4DF7AD0-D958-473C-BCE1-B94AEADA3AF0}" = lport=16354 | protocol=6 | dir=in | name=bitcomet 16354 tcp |
"{BB1F9359-7E88-4AED-A6BE-564879831B92}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C653DC01-E281-4109-92B2-8F9082C1D071}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D14C4E44-A2D2-4CC0-A64A-6F3117D16425}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E795A940-B9AD-4635-91C8-EEF9A404208C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F68C02CE-B254-4788-8429-9240159497FC}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04428F0B-A6BA-47A0-918F-D1A93BB5B4C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{082931F6-D938-46D1-AB87-9EF00DA33F55}" = protocol=17 | dir=in | app=c:\users\peter\desktop\aviconvertersetup.exe |
"{0CA71BCA-AC01-46D4-A8F0-48F0C3A2CEB5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{0D8CC50D-E0C8-4A62-8020-C9407BFC708E}" = protocol=17 | dir=in | app=c:\program files\twonkymedia\twonkymediaserver.exe |
"{1013C91F-C95E-4069-AF16-77C4B4E271DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{11DC131A-7565-47FF-A64B-35FC2B2094AC}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{157FF123-1E36-4FE4-BAFF-8ADAAB750023}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{274BDC50-4873-439B-83C7-F26EB164EF56}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{28A504EE-56FA-4B90-9682-71F0108E9BEA}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{2A4A7FF0-3345-4A6B-93C8-A6F8BE8CDFEF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{2A83DD62-6598-4557-ACA2-ABB3F51E35FF}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{3A95A3E2-056F-480F-A533-4DE3C5391C8F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{3D09119F-E2B8-4B31-B14D-87A239F02984}" = protocol=6 | dir=in | app=c:\program files\twonkymedia\twonkymediaserverwatchdog.exe |
"{3D954422-AAF7-491D-B029-812689703639}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 15\programs\studio.exe |
"{5372450D-71A3-4C92-9A28-89461956DB0D}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{53B38823-0F00-4DFD-8F31-9BD8C140EF68}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{550E5773-5DCC-4AF9-9325-B62DC45B8A33}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5B5E3D49-1192-4CE0-A65E-3C7191E08A8A}" = protocol=6 | dir=in | app=c:\users\peter\appdata\local\temp\icreinstall\aviconvertersetup.exe |
"{5C136AF3-020E-4047-8592-A05E197D242F}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{5CE4D297-6F15-4976-BD72-85755B9E19A1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5D5A6E45-584C-4272-B9C3-6C10FAB8C9F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{600598DB-6DA5-4A9C-B13E-9CEC9D1D4128}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{624A48FD-1B35-4EBC-8E26-17CCD431610E}" = protocol=6 | dir=in | app=c:\users\peter\desktop\aviconvertersetup.exe |
"{6B1B44E4-6905-497B-97E0-ECAAF87FE268}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{6C23A67D-FCC8-4374-8E06-E7A8F1118784}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{71A78A0A-E196-4C90-A17C-53369534BC53}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 15\programs\rm.exe |
"{928B47C3-B302-468C-9B32-52F00F5B0706}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{9799ECA5-200C-4894-93CA-CD492EFFBDF5}" = protocol=6 | dir=out | app=system |
"{99DAD6C5-C134-45D0-BA47-0EACC92B562E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9E7A25DD-183B-46C7-9077-AE5839D0B0DC}" = protocol=17 | dir=in | app=c:\users\peter\appdata\local\temp\icreinstall\aviconvertersetup.exe |
"{9FECDCCA-5101-4D07-82CE-698AF984F260}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{A027F027-363A-412B-B8FE-39E26FC23335}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{A4D76073-E7F7-43EF-A8B7-CA270E38158B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7E79DCA-7E1E-49C5-B109-36E63CB843F1}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{A90A2304-B667-489E-9655-A233B3230D6E}" = protocol=17 | dir=in | app=c:\program files\twonkymedia\twonkymedia.exe |
"{ACCCC2FA-D28D-49D9-A9A3-0BE656F07237}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ACDB542B-C243-4E5F-92EB-82DFB8D6AC69}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 15\programs\studio.exe |
"{AE6F0F28-21E4-42A5-9351-E8242AE23D00}" = protocol=6 | dir=in | app=c:\program files\twonkymedia\twonkymedia.exe |
"{B103B009-24EA-4E0D-8563-9393C2315054}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4E7FADD-664C-49C0-A6E9-1AE719158030}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 15\programs\rm.exe |
"{B5293562-4BE4-4FDA-B6BA-C6E025230CD4}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{B7EE8849-DF1A-4A58-A7A1-F232E6530ABF}" = protocol=6 | dir=in | app=c:\users\peter\downloads\flv_player_setup.exe |
"{BDAD1562-EB26-4AC4-A433-F6E4C59398D0}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{BDCB968F-2D01-413F-B8D5-57C3A4FD6685}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{BE10297B-66B8-405D-A2D5-4B6CC4B8EF28}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{C33CC36C-7851-44BA-9D1D-375AC4049F6A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CA45C16B-395E-4119-81B3-AF06DE1373FD}" = protocol=6 | dir=in | app=c:\program files\twonkymedia\twonkymediaserver.exe |
"{CF513A19-CE68-4C55-85D6-15151486521B}" = protocol=17 | dir=in | app=c:\users\peter\downloads\flv_player_setup.exe |
"{D10D0D26-F289-4C8D-A018-FA5BCA178E35}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{D38EEAE7-677D-472B-AAF5-70FCA800EAA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D532B180-DB8C-4FB9-9284-99898CA8C8C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D9DEA154-89DC-4BF9-9A6B-581D249696FF}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 15\programs\umi.exe |
"{DFA0BA9C-92C3-4430-B4D5-8DA683F0C58E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E4A12795-7F75-4E11-B955-5F489F0AF238}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{EB748119-E8AA-48DB-A19F-C311557D021D}" = protocol=17 | dir=in | app=c:\program files\twonkymedia\twonkymediaserverwatchdog.exe |
"{F966E2BE-163D-444E-BBED-428EB202E5E5}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 15\programs\umi.exe |
"{FDC2D701-E63C-49C4-A673-8C161BEDD6C6}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{023A5624-E58D-4103-B329-D7F5B7FA4CD5}_is1" = Angry Birds Seasons 2.2.0
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1389C3D3-7E31-42FC-A6AF-FA1AFBE0AC8F}" = ZoneAlarm Antivirus
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14830F1E-C1C4-4526-BB51-4FC1ABC3EFBD}" = ZoneAlarm Firewall
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{392A74D0-4DFE-49F7-87C3-8A61708F8856}" = Eraser 6.0.8.2273
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F62782D-2798-4540-B493-F6472197900E}" = Microsoft Search Enhancement Pack
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43a469d6-5a02-41d2-9826-c00420e38e94}" = Nero BackItUp 4 Essentials
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{53DF73B1-37F5-4B7F-86ED-FA7CC4041033}" = Nero 8 Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65883ddf-2152-4cb7-8e13-b99194b13498}" = Nero BackItUp
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{714DAA5E-803F-44A2-8512-64F26E681030}_is1" = Gygan
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{75c53f52-398b-4d66-b28a-f9ef170b3b34}" = Nero BackItUp
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9240D97C-D575-465E-A681-21C0979EE5DF}" = Angry Birds Seasons
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9436B90-0306-4ED8-ACB9-6E1CEB1425FA}" = AuthenTec Fingerprint Sensor Minimum Install
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B941B1C3-40AF-4E1E-AA5F-ED99EDEA1033}" = SecurDisc Viewer
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.10.348
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA3F9C49-CAA9-4FF5-B70A-A7FC0976C5E9}" = ZoneAlarm Security
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.91
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"8461-7759-5462-8226" = Vuze
"AC3File_is1" = AC3File 0.6b
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akhra - The Treasures1.0" = Akhra - The Treasures
"allmywebtb" = AllMyWeb Toolbar
"Audacity_is1" = Audacity 1.2.6
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"Bejeweled 3" = Bejeweled 3
"Bejeweled Blitz" = Bejeweled Blitz
"BitComet" = BitComet 1.29
"CCleaner" = CCleaner
"Cradle Of Rome 21.0" = Cradle Of Rome 2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"Emperor's Mahjong for Windows" = Emperor's Mahjong for Windows
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MpcStar" = MpcStar 5.3
"Mystery P.I. - The London Caper" = Mystery P.I. - The London Caper
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"RealPlayer 12.0" = RealPlayer
"Replay Music3.45" = Replay Music
"Revo Uninstaller" = Revo Uninstaller 1.90
"SopCast" = SopCast 3.2.9
"Spotify" = Spotify
"Super Mah Jong Solitaire" = Super Mah Jong Solitaire
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Serpent of Isis 1.00" = The Serpent of Isis 1.00
"TwonkyBeam for Internet Explorer" = TwonkyBeam for Internet Explorer
"TwonkyMediaTwonkyMedia" = TwonkyMedia
"TwonkyvisionUPnPTwonkyMedia" = TwonkyMedia
"Vacation Quest The Hawaiian Islands 1.00" = Vacation Quest The Hawaiian Islands 1.00
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.11
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Window Washer" = Window Washer
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar
"Zylom Games Player Plugin" = Zylom Games Player Plugin

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2095740272-4141472741-184000740-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 06/02/2012 18:08:16 | Computer Name = Peter-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 06/02/2012 18:08:18 | Computer Name = Peter-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 06/02/2012 18:08:18 | Computer Name = Peter-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 06/02/2012 18:08:18 | Computer Name = Peter-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 06/02/2012 18:08:18 | Computer Name = Peter-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 06/02/2012 18:08:18 | Computer Name = Peter-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 06/02/2012 18:08:18 | Computer Name = Peter-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 06/02/2012 18:08:18 | Computer Name = Peter-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 06/02/2012 18:08:18 | Computer Name = Peter-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 06/02/2012 18:08:20 | Computer Name = Peter-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/02/2012 07:54:02 | Computer Name = Peter-PC | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 20/09/2011 08:14:43 | Computer Name = Peter-PC | Source = ehRecvr | ID = 3
Description =

Error - 20/09/2011 08:17:26 | Computer Name = Peter-PC | Source = ehRecvr | ID = 3
Description =

Error - 20/09/2011 08:24:11 | Computer Name = Peter-PC | Source = ehRecvr | ID = 3
Description =

Error - 20/09/2011 08:27:59 | Computer Name = Peter-PC | Source = ehRecvr | ID = 3
Description =

Error - 20/09/2011 12:59:44 | Computer Name = Peter-PC | Source = ehRecvr | ID = 4
Description =

Error - 25/11/2011 13:48:31 | Computer Name = Peter-PC | Source = ehRecvr | ID = 3
Description =

Error - 21/06/2012 05:01:42 | Computer Name = Peter-PC | Source = ehRecvr | ID = 4
Description =

[ System Events ]
Error - 22/06/2012 07:10:06 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 25/06/2012 04:35:51 | Computer Name = Peter-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =

Error - 25/06/2012 04:36:03 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 25/06/2012 04:38:32 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 25/06/2012 05:04:14 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 25/06/2012 05:12:51 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 25/06/2012 05:21:27 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 25/06/2012 07:35:57 | Computer Name = Peter-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 5.128.148.162 for the Network Card with network
address 0015AF9DE691 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 25/06/2012 07:36:15 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 26/06/2012 03:57:21 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

You didn't say:

Quote:

Any current issues?

http://209.85.48.8/228/109/upload/p4494882.gif

========================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKLM\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XRxdm005YYgb&ptb=6B73A4A7-1DBB-45C9-B1B5-7F8CF100D5E7&psa=&ind=2011031906&ptnrS=XRxdm005YYgb&si=&st=sb&n=77dde962&searchfor={searchTerms} IE - HKU\S-1-5-21-2095740272-4141472741-184000740-1000\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XRxdm005YYgb&ptb=6B73A4A7-1DBB-45C9-B1B5-7F8CF100D5E7&psa=&ind=2011031906&ptnrS=XRxdm005YYgb&si=&st=sb&n=77dde962&searchfor={searchTerms} O8 - Extra context menu item: Add to Playlist - res://C:\Program Files\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: TwonkyBeam to - res://C:\Program Files\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/231 File not found O9 - Extra Button: TwonkyBeam for Internet Explorer - {339E0A0F-ACAE-408f-AAD7-4E9158FFDE7C} - Reg Error: Key error. File not found O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Curious%20Case%20of%20Counterfeit%20Cove/Images/stg_drm.ocx (Reg Error: Key error.) [2011/10/13 14:48:32 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\AVG2012 [2011/07/16 19:31:00 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Registry Mechanic @Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:D48500F8 @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C6EBC69 @Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5D351BC6 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:55422315 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:2F4A0A6B @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8BD8CD95 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:5311B0B8 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:C22C13A5 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:57DC3B52 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:77A023CE @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7C60A173 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:A5CD91DF @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0441DB7A @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:11411CE5 @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:302376F2 @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:DA18FD1D @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:211ED887 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A3E39C6A :Commands [purity] [emptytemp] [emptyjava] [emptyflash] [Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

=================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

Running ok?

Sorry Broni was concentrating so much on the other stuff I forgot to mention it....:)

At present the system is behaving normally with no issues.

I will run the new checks tomorrow as it is my fathers laptop and I won't see him until then.

Thx for all you assistance so far it really is appreciated.

Cloutty

OK :)..

OTL Report

All processes killed
========== OTL ==========
Service SBSDWSCService stopped successfully!
Service SBSDWSCService deleted successfully!
File C:\Program Files\Spybot not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}\ not found.
Registry key HKEY_USERS\S-1-5-21-2095740272-4141472741-184000740-1000\Software\Microsoft\Internet Explorer\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Playlist\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\TwonkyBeam to\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{339E0A0F-ACAE-408f-AAD7-4E9158FFDE7C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{339E0A0F-ACAE-408f-AAD7-4E9158FFDE7C}\ not found.
File 5D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Curious%20Case%20of%20Counterfeit%20Cove/Images/stg_drm.ocx not found.
Starting removal of ActiveX control {149E45D8-163E-4189-86FC-45022AB2B6C9}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{149E45D8-163E-4189-86FC-45022AB2B6C9}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{149E45D8-163E-4189-86FC-45022AB2B6C9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{149E45D8-163E-4189-86FC-45022AB2B6C9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{149E45D8-163E-4189-86FC-45022AB2B6C9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{149E45D8-163E-4189-86FC-45022AB2B6C9}\ not found.
C:\Users\Peter\AppData\Roaming\AVG2012\cfgall folder moved successfully.
C:\Users\Peter\AppData\Roaming\AVG2012 folder moved successfully.
C:\Users\Peter\AppData\Roaming\Registry Mechanic folder moved successfully.
ADS C:\ProgramData\TEMP:D48500F8 deleted successfully.
ADS C:\ProgramData\TEMP:5C6EBC69 deleted successfully.
ADS C:\ProgramData\TEMP:5D351BC6 deleted successfully.
ADS C:\ProgramData\TEMP:55422315 deleted successfully.
ADS C:\ProgramData\TEMP:2F4A0A6B deleted successfully.
ADS C:\ProgramData\TEMP:8BD8CD95 deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:5311B0B8 deleted successfully.
ADS C:\ProgramData\TEMP:C22C13A5 deleted successfully.
ADS C:\ProgramData\TEMP:57DC3B52 deleted successfully.
ADS C:\ProgramData\TEMP:77A023CE deleted successfully.
ADS C:\ProgramData\TEMP:7C60A173 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
ADS C:\ProgramData\TEMP:A5CD91DF deleted successfully.
ADS C:\ProgramData\TEMP:0441DB7A deleted successfully.
ADS C:\ProgramData\TEMP:11411CE5 deleted successfully.
ADS C:\ProgramData\TEMP:302376F2 deleted successfully.
ADS C:\ProgramData\TEMP:DA18FD1D deleted successfully.
ADS C:\ProgramData\TEMP:211ED887 deleted successfully.
ADS C:\ProgramData\TEMP:A3E39C6A deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Peter
->Temp folder emptied: 25374354 bytes
->Temporary Internet Files folder emptied: 8194893 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 53810022 bytes
->Google Chrome cache emptied: 8195871 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 520 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1241670 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 92.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Peter
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Peter
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.53.0 log created on 06282012_123904

Files\Folders moved on Reboot...
C:\Users\Peter\AppData\Local\Temp\~DF6BF6.tmp moved successfully.
C:\Users\Peter\AppData\Local\Mozilla\Firefox\Profiles\aswc476t.default\startupCache\startupCache.4.little moved successfully.
C:\Users\Peter\AppData\Local\Mozilla\Firefox\Profiles\aswc476t.default\urlclassifier3.sqlite moved successfully.
C:\Windows\temp\ZLT03fed.TMP moved successfully.

PendingFileRenameOperations files...
File C:\Users\Peter\AppData\Local\Temp\~DF6BF6.tmp not found!
File C:\Users\Peter\AppData\Local\Mozilla\Firefox\Profiles\aswc476t.default\startupCache\startupCache.4.little not found!
File C:\Users\Peter\AppData\Local\Mozilla\Firefox\Profiles\aswc476t.default\urlclassifier3.sqlite not found!
File C:\Windows\temp\ZLT03fed.TMP not found!

Registry entries deleted on Reboot...

security Check output

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG PC Tuneup
ZoneAlarm Free Antivirus + Firewall
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm LTD Toolbar
ZoneAlarm Security Toolbar
ZoneAlarm Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
AVG PC Tuneup
CCleaner
Java(TM) 6 Update 4
Out of date Java installed!
Adobe Flash Player 11.3.300.262
Adobe Reader X (10.1.3)
Mozilla Firefox (x86 en-GB..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
``````````End of Log````````````