Solved Google Redirect

jueshiro · 2009/06/28

[Resolved] Google Redirect

Hi, thanks for helping me in advance. When I click on a result (link) from a Google search, it redirects me to various sites, so then I have to use the "back" button to get back to the Google results page and then I can click on the link again, then it directs me to the correct site.

Also, when opening up IE 8 I get this error everytime: "Search Provider Default: A program on your computer has corrupted your default search provider setting for Internet Explorer. Internet Explorer has reset this setting to your original search provider, Bing (search.live.com). Internet Explorer will now open Search Settings, where you can change this setting or install more search providers. "

When this trouble first started happening I also could not get any updates on my zonealarm or any other virus and spyware protection applications that I downloaded until I changed the name on the exe. file. I got rid of some trojans and some kind of DNSchanger trojan, but I don't know if I got rid of all of them. I've used SuperAntiSpywarePro, Flash disinfector, Zonealarm Extreme Security, ATF-Cleaner, Spybot, Malwarebytes, and tried to download the Microsoft patch for the conflicker worm, but not sure if it worked.

Here are the DDS files:

DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Administrator at 23:42:27.12 on Sat 06/27/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.242 [GMT -10:00]

AV: ZoneAlarm Extreme Security Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Extreme Security Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\CheckPoint\ZAForceField\forcefield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/?ncid=customie8
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.aol.com/?ncid=customie8
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: ForceField Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Jeaks Music Toolbar: {2dbedda0-6b3a-4f7e-93c4-3c0ee28775c0} -
TB: ForceField Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MRC] "c:\program files\pc tune-up\PCTuneUp.exe" /MBRSTART
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe "
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [ZAFFRegisterTrustChecker] "c:\windows\system32\regsvr32.exe" -s "c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustChecker.dll "
dRunOnce: [ZAFFRegisterTrustCheckerIE] "c:\windows\system32\regsvr32.exe" -s "c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll "
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\SOFTWARE
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\SOFTWARE\Classes
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\SOFTWARE\Classes\CLSID
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ProgID
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789}\SOFTWARE
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789}\SOFTWARE\Classes
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789}\SOFTWARE\Classes\CLSID
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789}
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789}\ProgID
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}\SOFTWARE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}\SOFTWARE\Classes
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}\SOFTWARE\Classes\CLSID
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}\ProgID
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: turbotax.com
Trusted Zone: trymedia.com
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/The%20Clumsy's/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {48989C74-D5FC-4F17-BA40-3D825C716836} - hxxp://mgn.musicgiants.com/cab/mgndownloader.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/The%20Secret%20of%20Margrave%20Manor/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-4-8 150544]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-3-25 141312]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-4 353672]
R2 ISWKL;ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-2-12 21136]
R2 IswSvc;ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-2-12 394632]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-7-24 102400]
R3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2009-2-12 54928]
S0 kkljg;kkljg;c:\windows\system32\drivers\bsbrm.sys --> c:\windows\system32\drivers\bsbrm.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S2 JeaksSvr;Jeaks Toolbar Update Launcher; "c:\program files\filevoom pro\jeaks music\jeakssvr.exe" --> c:\program files\filevoom pro\jeaks music\JeaksSvr.exe [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]

=============== Created Last 30 ================

2009-06-26 18:22 4,674 a------- c:\windows\system32\1z915hack5ool3f2.bin
2009-06-25 00:26 11,752 a------- c:\windows\6acf9hre5t2z516.dll
2009-06-24 23:54 3,210 a------- c:\windows\system32\102z3no5-a-v9rus429.exe
2009-06-24 20:49 11,114 a------- c:\windows\579zvir1932.exe
2009-06-24 04:58 9,314 a------- c:\windows\z815thief5916.ocx
2009-06-23 19:05 6,175 a------- c:\windows\2e5bzckdoor3194.ocx
2009-06-22 10:40 5,071 a------- c:\windows\z709sp5rse952.ocx
2009-06-21 15:18 6,835 a------- c:\windows\system32\56bebackdoo92815z.exe
2009-06-20 16:42 3,725 a------- c:\windows\system32\32907zp556c.exe
2009-06-17 18:43 8,708 a------- c:\windows\system32\5z383s9y228.cpl
2009-06-16 08:33 17,223 a------- c:\windows\2021995ruz5ba.dll
2009-06-16 04:25 6,655 a------- c:\windows\7576szambo9259.cpl
2009-06-15 18:17 10,350 a------- c:\windows\system32\12151spa9boz52d.ocx
2009-06-15 02:11 3,776 a------- c:\windows\972downloadzr2578.cpl
2009-06-14 21:39 18,017 a------- c:\windows\system32\3z85sparse2269.cpl
2009-06-14 07:00 4,826 a------- c:\windows\system32\15792not-a-viruz3a0.cpl
2009-06-13 20:20 11,415 a------- c:\windows\system32\5z0db5ck9oor1454.cpl
2009-06-13 14:46 12,362 a------- c:\windows\4918sz5rse982.ocx
2009-06-13 04:42 4,783 a------- c:\windows\system32\41199pywar55z8.exe
2009-06-11 23:02 8,084 a------- c:\windows\96175ot-a-virus2zb.bin
2009-06-11 17:23 16,369 a------- c:\windows\z0ddthief16985.dll
2009-06-09 13:30 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-06-09 13:30 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-06-09 04:43 5,860 a------- c:\windows\system32\3b459teal329z.bin
2009-06-09 03:57 18,080 a------- c:\windows\7d3ebac9door15z1.cpl
2009-06-08 02:58 15,551 a------- c:\windows\system32\4ff59hiez465.bin
2009-06-05 14:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-06-05 14:24 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-06-05 14:24 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\SUPERAntiSpyware.com
2009-06-05 12:59 15,812 a------- c:\windows\54282not-a-virzs6eb9.ocx
2009-06-05 12:03 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-05 12:03 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-05 12:03 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-05 12:00 <DIR> --dsh--- c:\documents and settings\hp_administrator\IECompatCache
2009-06-05 11:27 <DIR> -cd-h--- c:\windows\ie8
2009-06-05 08:55 7,004 a------- c:\windows\system32\3605backdo5r895z.dll
2009-06-04 22:37 <DIR> --d----- C:\MSNCleaner
2009-06-04 14:28 <DIR> a-dshr-- C:\autorun.inf
2009-06-03 19:27 18,165 a------- c:\windows\system32\15596z5oj91c.dll
2009-06-03 10:43 <DIR> --d----- c:\program files\Safer Networking
2009-06-01 10:03 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-01 02:59 13,551 a------- c:\windows\95645ackzool2e8.ocx
2009-05-29 23:10 <DIR> --d-h--- c:\windows\system32\GroupPolicy

==================== Find3M ====================

2009-06-16 19:37 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-06-03 14:38 8 a------- c:\program files\jkxwrddo.txt
2009-05-24 20:38 5,127 a------- c:\windows\system32\1395vir1z459.dll
2009-05-24 11:42 8,562 a------- c:\windows\system32\6374hackz59l623.bin
2009-05-22 22:20 13,828 a------- c:\windows\system32\180959orm3eaz.bin
2009-05-22 11:36 165,340,704 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-05-22 11:36 2,215,460 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-22 02:50 6,321 a------- c:\windows\z0590spybd.bin
2009-05-20 11:13 3,425 a------- c:\windows\system32\5649v9r1z91.exe
2009-05-18 16:17 5,248 a------- c:\windows\54146ha9ktooz76b.dll
2009-05-17 05:19 11,570 a------- c:\windows\system32\9792spa5bot27z.exe
2009-05-14 20:04 10,051 a------- c:\windows\z5020hackt5ol609.exe
2009-05-14 00:31 2,621 a------- c:\windows\system32\4541ba9zdoor2518.exe
2009-05-12 19:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
2009-05-12 19:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-12 19:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-05-12 17:12 6,014 a------- c:\windows\system32\15091zr5j516.bin
2009-05-11 19:11 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-10 05:54 16,850 a------- c:\windows\system32\z7bst9al1254.exe
2009-05-10 04:46 2,834 a------- c:\windows\6b659zwnloader1231.bin
2009-05-07 17:27 15,080 a------- c:\windows\system32\72z3tr594f2.exe
2009-05-07 05:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 05:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-05-06 23:19 5,571 a------- c:\windows\1935sparsz2395.exe
2009-05-01 06:52 8,033 a------- c:\windows\system32\z195t5i9f154.bin
2009-04-30 15:45 2,904 a------- c:\windows\1z1635irus249.exe
2009-04-30 11:22 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-04-30 11:22 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll
2009-04-30 11:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 11:22 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 11:22 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 01:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-27 01:27 4,387 a------- c:\windows\30391v5zus3e29.bin
2009-04-26 08:26 12,193 a------- c:\windows\9e4f5hreat10245z.dll
2009-04-26 00:45 18,015 a------- c:\windows\5e47vzr3094.dll
2009-04-24 13:16 11,575 a------- c:\windows\system32\137969acktoolz385.bin
2009-04-23 20:13 14,764 a------- c:\windows\27637not-a-viz95553.bin
2009-04-23 14:07 17,154 a------- c:\windows\system32\51d6thiez899.exe
2009-04-23 12:24 9,972 a------- c:\windows\system32\6zdaspa9s53025.exe
2009-04-20 04:19 18,351 a------- c:\windows\system32\6595spyzar5744.bin
2009-04-19 18:30 5,131 a------- c:\windows\z7e5vir1849.bin
2009-04-19 08:36 7,859 a------- c:\windows\2c5bd9wnlzader2391.bin
2009-04-18 03:19 3,035 a------- c:\windows\system32\1f05thiez1971.bin
2009-04-17 02:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 02:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 16:56 7,649 a------- c:\windows\5fa4backdoor182z9.dll
2009-04-15 04:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 04:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-04-15 03:09 17,427 a------- c:\windows\697b5parsez357.dll
2009-04-14 03:00 12,627 a------- c:\windows\system32\9z87sp55c8.exe
2009-04-12 14:37 4,965 a------- c:\windows\system32\787dspa9se175z.dll
2009-04-10 18:10 13,131 a------- c:\windows\197289iru5z37.bin
2009-04-08 11:38 15,868 a------- c:\windows\system32\9849wozm7895.bin
2009-04-06 19:04 14,014 a------- c:\windows\z04315ot-a-virus9f2.dll
2009-04-05 18:38 17,804 a------- c:\windows\system32\3199szambot295.exe
2009-04-04 23:19 12,402 a------- c:\windows\1655zp9159.bin
2009-04-03 18:50 2,816 a------- c:\windows\70b3addw5re9764z.bin
2009-04-02 19:45 15,714 a------- c:\windows\225fspywaze13399.exe
2009-04-01 03:55 3,662 a------- c:\windows\system32\zb7s5y9are1815.exe
2009-03-31 19:20 72,584 a------- c:\windows\zllsputility.exe
2009-03-31 19:20 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-03-31 15:06 16,339 a------- c:\windows\11915troj58z.exe
2008-07-24 18:34 0 a------- c:\program files\temp01
2008-05-26 22:45 87,608 a------- c:\docume~1\hp_adm~1\applic~1\inst.exe
2008-05-26 22:45 47,360 a------- c:\docume~1\hp_adm~1\applic~1\pcouffin.sys
2006-01-30 19:20 22 a--sh--- c:\windows\sminst\HPCD.SYS
2008-09-13 07:11 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091320080914\index.dat

============= FINISH: 23:43:35.71 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11/4/2007 7:19:23 PM
System Uptime: 6/27/2009 9:50:57 PM (2 hours ago)

Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Athlon(tm) 64 Processor 3800+ | Socket 939 | 1790/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 224 GiB total, 86.325 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 1.13 GiB free.
E: is CDROM ()
F: is CDROM (UDF)
G: is Removable
H: is Removable
I: is Removable
J: is Removable
M: is FIXED (FAT32) - 466 GiB total, 404.428 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A26103C&REV_10\4&1C88B56&0&18A4
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A26103C&REV_10\4&1C88B56&0&18A4
Service: RTL8023xp

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: PCI Data Fax SoftModem with SmartCP
Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200C14F1&REV_00\4&1C88B56&0&48A4
Manufacturer: CXT
Name: PCI Data Fax SoftModem with SmartCP
PNP Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200C14F1&REV_00\4&1C88B56&0&48A4
Service: Modem

==== System Restore Points ===================

RP1: 6/5/2009 8:58:27 AM - System Checkpoint
RP2: 6/5/2009 11:25:44 AM - Software Distribution Service 3.0
RP3: 6/5/2009 2:24:53 PM - Installed SUPERAntiSpyware Professional

==== Installed Programs ======================

5 Card Slingo from HP Media Center (remove only)
530TX+
AAC Decoder
Adobe Flash Player 10 Plugin
Adobe Reader 7.1.0
Advanced X Video Converter
AnswerWorks 4.0 Runtime - English
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
AstroPop Deluxe from HP Media Center (remove only)
ATI Control Panel
ATI Display Driver
AutoUpdate
Barnyard Invasion from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
Big Fish Games Client
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bonjour
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
BufferChm
Chuzzle Deluxe from HP Media Center (remove only)
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_LightScribePlugin
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Customer Experience Enhancement
CustomerResearchQFolder
D-Link PCI Fast Ethernet Adapter
Data Fax SoftModem with SmartCP
Data Lifeguard Diagnostic for Windows
Destinations
DeviceFunctionQFolder
DISCover
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DocProc
DocumentViewer
DocumentViewerQFolder
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.2.2
DVDFab Decrypter 2.9.8.3
DVDInfoPro
Enhanced Multimedia Keyboard Solution
Express Burn
Family Feud
GemMaster Mystic
GradeQuick Web Plugin
H.264 Decoder
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Boot Optimizer
HP Deskjet 5400 series
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Extended Capabilities 5.0
HP Game Console and games
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3
HP Photosmart Essential
HP Product Assistant
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPDeskjet5400Series
HPProductAssistant
HpSdpAppCoreApp
Insaniquarium Deluxe from HP Media Center (remove only)
InstantShareDevices
InterActual Player
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0 Update 5
Java(TM) 6 Update 13
Lemonade Tycoon 2 from HP Media Center (remove only)
Lexibox Deluxe from HP Media Center (remove only)
LightScribe 1.4.52.1
Magic Encyclopedia - First Story
Mah Jong Quest from HP Media Center (remove only)
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Away Mode
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MKV Splitter
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
PanoStandAlone
PC Tune-Up
PhotoGallery
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
PS2
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RandMap
RealPlayer
RegCure 1.5.2.7
Ricochet Lost Worlds from HP Media Center (remove only)
ScannerCopy
Scientific-Atlanta WebSTAR 2000 series Cable Modem
SCRABBLE from HP Media Center (remove only)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Shooting Stars Pool from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
SkinsHP1
Slingo Deluxe from HP Media Center (remove only)
Snowboard SuperJam from HP Media Center (remove only)
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Spybot - Search & Destroy 1.4
Spyware Terminator
Status
Super Granny from HP Media Center (remove only)
SUPERAntiSpyware Professional
Switch Sound File Converter
The Clumsy's
Tradewinds from HP Media Center (remove only)
TrayApp
Unload
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
VoiceOver Kit
Walmart MP3 Music Downloads
WD Drive Manager (x86)
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
ZoneAlarm Extreme Security
Zuma Deluxe from HP Media Center (remove only)

==== Event Viewer Messages From Past Week ========

6/25/2009 2:14:15 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ARSVC service.
6/22/2009 9:35:14 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
6/22/2009 9:35:01 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2 SASKUTIL
6/22/2009 9:35:00 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
6/22/2009 9:35:00 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Western Digital\WD Drive Manager\MFC80U.DLL. Reference error message: The operation completed successfully. .
6/22/2009 9:35:00 AM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The system cannot find the file specified.
6/22/2009 9:35:00 AM, error: Service Control Manager [7000] - The Jeaks Toolbar Update Launcher service failed to start due to the following error: The system cannot find the path specified.

==== End Of File ===========================
Thanks for your help,
John

broni · 2009/06/28

We'll need some fresh logs....

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4. Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackThis log.
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

jueshiro · 2009/06/29

[Active] Google Redirect - logs

Hi broni, thanks for helping me! Here are the logs you requested:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/29/2009 at 06:41 AM

Application Version : 4.26.1006

Core Rules Database Version : 3927
Trace Rules Database Version: 1871

Scan type : Complete Scan
Total Scan Time : 05:54:42

Memory items scanned : 227
Memory threats detected : 0
Registry items scanned : 6594
Registry threats detected : 0
File items scanned : 156243
File threats detected : 0
_________________________________________________________________

Malwarebytes' Anti-Malware 1.38
Database version: 2352
Windows 5.1.2600 Service Pack 3

6/29/2009 10:51:01 AM
mbam-log-2009-06-29 (10-51-01).txt

Scan type: Full Scan (C:\|D:\|M:\|)
Objects scanned: 260521
Time elapsed: 1 hour(s), 4 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
_________________________________________________________________

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-29 14:02:47
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF2227FC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF2224C80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xF223F170]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF2228580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xF223C900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xF223CB10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xF2240B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF2228670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF2225210]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xF223F9F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xF223F7A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xF223C280]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadDriver [0xF22218C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF223FF10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF223FF90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xF2240D90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF2225070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xF223E180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xF223DF40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xF22406F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF2240150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF2227BE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xF2240540]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xF2228190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF2225440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSystemInformation [0xF22216A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xF223F4E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xF223D200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xF223D080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwUnloadDriver [0xF2221AF0]

INT 0x20 srescan.sys F7105C90

Code 85447C58 ZwEnumerateKey
Code 8541EE68 ZwFlushInstructionCache
Code 854201F6 IofCallDriver
Code 853E5B86 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 854201FB
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 853E5B8B
.text ntkrnlpa.exe!ZwCallbackReturn + 2C7C 80504518 12 Bytes [80, 85, 22, F2, 00, C9, 23, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D48 805045E4 12 Bytes [C0, 18, 22, F2, 10, FF, 23, ...]
? srescan.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[404] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[404] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[404] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[404] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[404] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[404] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[404] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[404] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[404] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[404] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[404] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[404] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[404] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[404] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[404] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[404] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[404] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!RtlEnterCriticalSection 7C901000 5 Bytes JMP 21298030 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!RtlLeaveCriticalSection 7C9010E0 5 Bytes JMP 212980A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtAccessCheck 7C90CE6E 5 Bytes JMP 21295180 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 21295190 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtAdjustPrivilegesToken 7C90CF0E 5 Bytes JMP 21295100 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 2129A540 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtAreMappedFilesTheSame 7C90CF7E 5 Bytes JMP 2129A5C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtCancelIoFile 7C90CFBE 5 Bytes JMP 21294800 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 212944B0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtContinue 7C90D05E 5 Bytes JMP 21295E50 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtCreateEvent 7C90D08E 5 Bytes JMP 2129B1E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 21293870 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 21298B70 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtCreateMutant 7C90D10E 5 Bytes JMP 2129AA80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtCreateNamedPipeFile 7C90D11E 5 Bytes JMP 21293990 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtCreatePort 7C90D13E 5 Bytes JMP 21298870 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtCreateSection 7C90D17E 5 Bytes JMP 21299F00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtCreateSemaphore 7C90D18E 5 Bytes JMP 2129AE30 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtCreateWaitablePort 7C90D1DE 5 Bytes JMP 21298900 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 21294240 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 21298CD0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 212991C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes JMP 21295490 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtDuplicateObject 7C90D29E 5 Bytes JMP 21294290 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtEnumerateKey 7C90D2CE 5 Bytes JMP 21298FF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 21299320 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtExtendSection 7C90D2FE 5 Bytes JMP 2129A520 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtFlushBuffersFile 7C90D32E 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 21294780 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtFlushKey 7C90D34E 5 Bytes JMP 21298D20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 2129A530 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtFsControlFile 7C90D39E 5 Bytes JMP 21295000 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtInitializeRegistry 7C90D41E 5 Bytes JMP 21299480 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtLoadKey 7C90D47E 5 Bytes JMP 21298E10 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtLoadKey2 7C90D48E 5 Bytes JMP 21298E40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtLockFile 7C90D49E 5 Bytes JMP 21293C90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtMakeTemporaryObject 7C90D4EE 5 Bytes JMP 21294430 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 2129A210 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtNotifyChangeDirectoryFile 7C90D53E 5 Bytes JMP 21294E60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtNotifyChangeKey 7C90D54E 5 Bytes JMP 21299070 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtNotifyChangeMultipleKeys 7C90D55E 5 Bytes JMP 21299110 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtOpenEvent 7C90D57E 5 Bytes JMP 2129B3C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 21293AB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 21298C60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtOpenMutant 7C90D5DE 5 Bytes JMP 2129AC60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 212945E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtOpenSection 7C90D62E 5 Bytes JMP 2129A0F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtOpenSemaphore 7C90D63E 5 Bytes JMP 2129B010 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtOpenThread 7C90D65E 5 Bytes JMP 21294740 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 212AFF80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtQueryAttributesFile 7C90D70E 5 Bytes JMP 21293F70 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 212940C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtQueryEaFile 7C90D78E 5 Bytes JMP 21294EF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 21293FE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtQueryInformationFile 7C90D7CE 5 Bytes JMP 21293EE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes JMP 21295AB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtQueryInformationToken 7C90D81E 5 Bytes JMP 21295230 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtQueryKey 7C90D85E 5 Bytes JMP 21298F70 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 5 Bytes JMP 212993A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtQueryObject 7C90D88E 5 Bytes JMP 21294310 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtQueryOpenSubKeys 7C90D89E 5 Bytes JMP 21298EA0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtQueryQuotaInformationFile 7C90D8BE 5 Bytes JMP 212950C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtQuerySection 7C90D8CE 5 Bytes JMP 2129A4D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtQuerySecurityObject 7C90D8DE 5 Bytes JMP 212952B0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 212937F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtQuerySystemTime 7C90D93E 5 Bytes JMP 21295A50 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 212992A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtQueryVirtualMemory 7C90D97E 5 Bytes JMP 212AFE20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtQueryVolumeInformationFile 7C90D98E 5 Bytes JMP 21294170 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 21293B50 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtReadFileScatter 7C90D9DE 5 Bytes JMP 21293DC0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtRenameKey 7C90DA5E 5 Bytes JMP 21299420 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtReplaceKey 7C90DA6E 5 Bytes JMP 21298ED0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtRestoreKey 7C90DB1E 5 Bytes JMP 21298DE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 21295A90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtSaveKey 7C90DB4E 5 Bytes JMP 21298D80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtSaveMergedKeys 7C90DB6E 5 Bytes JMP 21298DB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtSetEaFile 7C90DBFE 5 Bytes JMP 21294F80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 21294050 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtSetInformationKey 7C90DC7E 5 Bytes JMP 21298F00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtSetInformationObject 7C90DC8E 5 Bytes JMP 21294390 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtSetQuotaInformationFile 7C90DD1E 5 Bytes JMP 212950E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtSetSecurityObject 7C90DD2E 5 Bytes JMP 21295390 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtSetSystemTime 7C90DD7E 5 Bytes JMP 212959C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 21299220 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtSetVolumeInformationFile 7C90DDDE 5 Bytes JMP 21294220 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 212956C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 212955B0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtUnloadKey 7C90DECE 5 Bytes JMP 21298E70 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtUnlockFile 7C90DEEE 5 Bytes JMP 21293D40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 2129A3D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 21293BF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtWriteFileGather 7C90DF8E 5 Bytes JMP 21293E50 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!RtlNtStatusToDosError 7C90F62D 5 Bytes JMP 21295E20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!RtlFreeHeap 7C90FF2D 5 Bytes JMP 21297580 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 21297490 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!RtlSizeHeap 7C9104DD 5 Bytes JMP 212975F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!RtlInitializeCriticalSectionAndSpinCount 7C91151A 5 Bytes JMP 21297660 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 21294900 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!LdrGetDllHandle 7C9166A0 5 Bytes JMP 212B00B0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 21294C40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!RtlReAllocateHeap 7C919BA0 5 Bytes JMP 21297500 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!LdrFindCreateProcessManifest 7C91FE25 5 Bytes JMP 21294DE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)

continued on next post

Thanks again,
John

jueshiro · 2009/06/29

gmer continued

.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!LdrShutdownProcess 7C923BD8 5 Bytes JMP 21295E90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!RtlCreateHeap 7C925C82 5 Bytes JMP 212973A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!RtlDestroyHeap 7C9264EE 5 Bytes JMP 21297420 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!RtlZeroHeap 7C95F193 5 Bytes JMP 21297FC0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!RtlSetLastWin32ErrorAndNtStatusFromNtStatus 7C964C5F 5 Bytes JMP 21295DC0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!RtlRaiseStatus 7C9666A0 5 Bytes JMP 21295DF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!GetSystemTime 7C80176F 5 Bytes JMP 21291F00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 21291F60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 21291DF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!GetLocalTime 7C80A874 5 Bytes JMP 21291F30 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!GetModuleFileNameW 7C80B475 5 Bytes JMP 21291BB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!CreateActCtxW 7C8154FC 5 Bytes JMP 21291AC0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 2186B562 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWVEXT.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 2186B586 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWVEXT.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!FindNextChangeNotification 7C832145 5 Bytes JMP 21291D40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!FindFirstChangeNotificationW 7C834C1F 5 Bytes JMP 21291D90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 214B37E2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!SetLocalTime 7C855CF9 5 Bytes JMP 21291F90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!FindFirstChangeNotificationA 7C85D483 5 Bytes JMP 21291DC0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!CreateActCtxA 7C86C8E5 5 Bytes JMP 21291A00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!IdentifyCodeAuthzLevelW 77DD9EC8 5 Bytes JMP 2128DB00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!CloseServiceHandle 77DE6CE5 5 Bytes JMP 2128D2C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!QueryServiceStatus 77DE6D50 5 Bytes JMP 2128B830 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!OpenSCManagerW 77DE6F55 2 Bytes JMP 2128D770 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!OpenSCManagerW + 3 77DE6F58 2 Bytes [4A, A9]
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!OpenServiceW 77DE6FFD 5 Bytes JMP 2128B080 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!StartServiceA 77DEFB58 5 Bytes JMP 2128D580 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!RegisterServiceCtrlHandlerExA 77DEFEAB 5 Bytes JMP 2128D670 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!QueryServiceStatusEx 77DF120A 5 Bytes JMP 2128BA80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!QueryServiceConfigA 77DF1596 5 Bytes JMP 2128C130 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!SetServiceStatus 77DF3251 5 Bytes JMP 2128B730 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!StartServiceCtrlDispatcherW 77DF359D 5 Bytes JMP 2128D140 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!RegisterServiceCtrlHandlerExW 77DF3E49 5 Bytes JMP 2128C7F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!RegisterServiceCtrlHandlerW 77DF3E77 5 Bytes JMP 2128C890 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!StartServiceW 77DF3E94 5 Bytes JMP 2128B280 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!ControlService 77DF4A09 5 Bytes JMP 2128B5D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!OpenServiceA 77DF4C66 5 Bytes JMP 2128D500 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!RegisterServiceCtrlHandlerA 77DF4EC6 5 Bytes JMP 2128D6F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!OpenSCManagerA 77DF69AE 5 Bytes JMP 2128D7B0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!QueryServiceConfigW 77DF6F92 5 Bytes JMP 2128BC00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!CreateRestrictedToken 77E0DC8C 5 Bytes JMP 2128AC40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 2128D890 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!CreateServiceA 77E37211 5 Bytes JMP 2128D2F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!CreateServiceW 77E373A9 5 Bytes JMP 2128ADA0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!EnumDependentServicesA 77E37529 5 Bytes JMP 2128C730 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!EnumDependentServicesW 77E375E1 5 Bytes JMP 2128C670 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.DLL!StartServiceCtrlDispatcherA 77E37F09 5 Bytes JMP 2128D200 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] GDI32.DLL!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] GDI32.DLL!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 212A5730 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!GetShellWindow 7E419252 5 Bytes JMP 212A59E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 212A4EF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!PrivateExtractIconsW 7E41CCFC 5 Bytes JMP 212A6260 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 212A5180 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!SetShellWindowEx 7E41FF92 5 Bytes JMP 212A5A80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9261 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 212A51A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!EnumDesktopWindows 7E42851A 5 Bytes JMP 212A5300 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 212A5690 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!EnumWindows 7E42A5AE 5 Bytes JMP 212A5320 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 212A5780 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DC8A9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 212A51C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 212A57D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254254 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!SystemParametersInfoA 7E42DEB2 5 Bytes JMP 212A4EB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 212A56E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 212A5830 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E40B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 212A5160 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E40B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E40B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E40B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E40B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!SetShellWindow 7E456114 5 Bytes JMP 212A5AB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E40B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E40B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 21582A0F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 215828F0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 212A8C80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] WS2_32.dll!send 71AB4C27 5 Bytes JMP 21582971 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 21582AB3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] WS2_32.dll!WSASendDisconnect 71AC0A22 5 Bytes JMP 21582C47 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 21582B7A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 212A8EF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 212A8D90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 2129EE10 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED320 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 2186B9CA C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWVEXT.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ole32.dll!CoRegisterClassObject 77517E90 5 Bytes JMP 2129F000 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ole32.dll!CoGetObject 77525106 5 Bytes JMP 2129F350 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ole32.dll!CoRevokeClassObject 7752A2F3 5 Bytes JMP 2129EFD0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] SHELL32.dll!SHEmptyRecycleBinW 7CA66D31 5 Bytes JMP 212A40E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] SHELL32.dll!SHEmptyRecycleBinA 7CA66D9B 5 Bytes JMP 212A4100 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] SHELL32.dll!SHFileOperationW 7CA70924 5 Bytes JMP 212A40A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] SHELL32.dll!SHFileOperation 7CA70C0C 5 Bytes JMP 212A40C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[444] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[444] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[444] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)

jueshiro · 2009/06/29

gmer continued 2

Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[444] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[444] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[444] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[444] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[444] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[444] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[444] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[444] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[444] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[444] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[444] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[444] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[444] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[444] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[444] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\arservice.exe[456] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\arservice.exe[456] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\arservice.exe[456] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\arservice.exe[456] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\arservice.exe[456] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\arservice.exe[456] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\arservice.exe[456] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\arservice.exe[456] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\arservice.exe[456] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\arservice.exe[456] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\arservice.exe[456] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\arservice.exe[456] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\arservice.exe[456] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\arservice.exe[456] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\arservice.exe[456] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\arservice.exe[456] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\arservice.exe[456] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\arservice.exe[456] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\arservice.exe[456] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[492] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[492] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[492] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[492] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[492] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[492] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[492] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[492] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[492] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[492] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[492] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[492] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[492] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[492] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[492] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[492] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[492] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[492] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[492] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[504] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[504] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[504] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[504] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[504] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[504] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[504] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[504] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[504] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[504] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[504] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[504] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[504] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[504] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[504] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[504] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[504] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[504] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[504] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[580] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[580] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

jueshiro · 2009/06/29

gmer contined 3

.text C:\Program Files\Java\jre6\bin\jqs.exe[580] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[580] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[580] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[580] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[580] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[580] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[580] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[580] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[580] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[580] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[580] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[580] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[580] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[580] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[580] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[580] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[580] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[672] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[672] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[672] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[672] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[672] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[672] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[672] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[672] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[672] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[672] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[672] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[672] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[672] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[672] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[672] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[672] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[672] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[672] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[672] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[720] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[720] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[720] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[720] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[720] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[720] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[720] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[720] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[720] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[720] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[720] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[720] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[720] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[720] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[720] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[720] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[720] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[720] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[720] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[768] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[768] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[768] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[768] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[768] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[768] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[768] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[768] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[768] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[768] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[768] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[768] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[768] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[768] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[768] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[780] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[780] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[780] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[780] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[780] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[780] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[780] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[780] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[780] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[780] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[780] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[780] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[780] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[780] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[780] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[780] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[780] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[780] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[940] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[940] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[940] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[940] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[940] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[940] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[940] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[940] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[940] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[940] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[940] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[940] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[940] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[940] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)

jueshiro · 2009/06/29

gmer continued 4

.text C:\WINDOWS\system32\Ati2evxx.exe[940] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[940] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[940] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[940] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1048] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1048] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1048] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ALCXMNTR.EXE[1140] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ALCXMNTR.EXE[1140] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ALCXMNTR.EXE[1140] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ALCXMNTR.EXE[1140] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ALCXMNTR.EXE[1140] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ALCXMNTR.EXE[1140] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ALCXMNTR.EXE[1140] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ALCXMNTR.EXE[1140] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ALCXMNTR.EXE[1140] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ALCXMNTR.EXE[1140] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ALCXMNTR.EXE[1140] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ALCXMNTR.EXE[1140] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ALCXMNTR.EXE[1140] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ALCXMNTR.EXE[1140] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ALCXMNTR.EXE[1140] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ALCXMNTR.EXE[1140] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ALCXMNTR.EXE[1140] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ALCXMNTR.EXE[1140] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ALCXMNTR.EXE[1140] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1144] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1144] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1144] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1192] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1192] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1192] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1316] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1316] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1316] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1372] ntdll.dll!KiFastSystemCall + 2 7C90E512 2 Bytes [CD, 20] {INT 0x20}
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1420] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1420] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1420] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1420] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1420] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1420] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1420] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1420] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1420] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1420] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1420] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)

jueshiro · 2009/06/29

gmer continued 5

.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1420] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1420] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1420] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1420] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1420] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1420] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1420] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1420] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1588] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1588] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1588] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1588] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1588] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1588] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1588] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1588] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1588] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1588] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1588] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1588] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1588] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1588] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1588] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1588] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1588] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1588] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1588] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1616] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1616] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1616] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1648] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1648] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1648] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1648] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1648] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1648] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1648] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1648] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1648] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1648] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1648] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1648] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1648] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1648] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1648] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1648] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1648] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1648] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1648] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1712] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1712] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1712] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1712] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1712] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1712] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1712] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1712] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1712] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1712] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1712] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1712] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1712] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1712] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1712] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1712] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1712] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1712] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1712] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1776] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1776] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1776] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1776] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1776] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1776] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1776] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1776] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1776] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1776] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1776] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1776] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1776] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1776] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1776] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1776] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1776] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1776] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1776] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1960] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1960] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1960] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1960] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1960] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1960] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1960] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1960] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1960] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1960] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1960] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1960] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2004] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2004] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2004] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2004] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2004] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2004] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2004] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2004] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2004] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2004] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)

jueshiro · 2009/06/29

gmer continued 6

.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2004] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2004] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2004] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2004] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2004] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2004] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2004] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2004] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2004] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2024] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2024] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2024] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2024] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2024] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2024] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2024] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2024] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2024] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2024] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2024] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2024] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2024] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2024] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2024] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2024] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2024] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2024] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2024] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2116] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2116] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2116] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2116] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2116] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2116] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2116] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2116] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2116] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2116] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2116] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2116] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2116] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2116] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2116] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2116] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2116] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2116] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2116] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2452] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2452] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2452] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2452] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2452] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2452] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2452] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2452] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2452] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2452] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2452] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2452] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2452] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2452] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2452] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2452] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2452] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2452] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2452] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[2468] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[2468] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[2468] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[2468] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[2468] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[2468] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[2468] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[2468] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[2468] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[2468] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[2468] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[2468] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[2468] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[2468] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[2468] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[2468] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[2468] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[2468] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[2468] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2528] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2528] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2528] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2528] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2528] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2528] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2528] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2528] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2528] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2528] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2528] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2528] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2528] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2528] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2528] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2528] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2528] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2528] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2528] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2956] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2956] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2956] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2956] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2956] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2956] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2956] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2956] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2956] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2956] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2956] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2956] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2956] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2956] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2956] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2956] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2956] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2956] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2956] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!RtlEnterCriticalSection 7C901000 5 Bytes JMP 21298030 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!RtlLeaveCriticalSection 7C9010E0 5 Bytes JMP 212980A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtAccessCheck 7C90CE6E 5 Bytes JMP 21295180 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 21295190 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtAdjustPrivilegesToken 7C90CF0E 5 Bytes JMP 21295100 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 2129A540 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtAreMappedFilesTheSame 7C90CF7E 5 Bytes JMP 2129A5C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtCancelIoFile 7C90CFBE 5 Bytes JMP 21294800 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 212944B0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtContinue 7C90D05E 5 Bytes JMP 21295E50 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtCreateEvent 7C90D08E 5 Bytes JMP 2129B1E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 21293870 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 21298B70 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtCreateMutant 7C90D10E 5 Bytes JMP 2129AA80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtCreateNamedPipeFile 7C90D11E 5 Bytes JMP 21293990 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtCreatePort 7C90D13E 5 Bytes JMP 21298870 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtCreateSection 7C90D17E 5 Bytes JMP 21299F00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtCreateSemaphore 7C90D18E 5 Bytes JMP 2129AE30 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtCreateWaitablePort 7C90D1DE 5 Bytes JMP 21298900 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 21294240 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 21298CD0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 212991C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes JMP 21295490 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtDuplicateObject 7C90D29E 5 Bytes JMP 21294290 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtEnumerateKey 7C90D2CE 5 Bytes JMP 21298FF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 21299320 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtExtendSection 7C90D2FE 5 Bytes JMP 2129A520 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtFlushBuffersFile 7C90D32E 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 21294780 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)

jueshiro · 2009/06/29

gmer continued 7

.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtFlushKey 7C90D34E 5 Bytes JMP 21298D20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 2129A530 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtFsControlFile 7C90D39E 5 Bytes JMP 21295000 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtInitializeRegistry 7C90D41E 5 Bytes JMP 21299480 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtLoadKey 7C90D47E 5 Bytes JMP 21298E10 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtLoadKey2 7C90D48E 5 Bytes JMP 21298E40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtLockFile 7C90D49E 5 Bytes JMP 21293C90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtMakeTemporaryObject 7C90D4EE 5 Bytes JMP 21294430 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 2129A210 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtNotifyChangeDirectoryFile 7C90D53E 5 Bytes JMP 21294E60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtNotifyChangeKey 7C90D54E 5 Bytes JMP 21299070 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtNotifyChangeMultipleKeys 7C90D55E 5 Bytes JMP 21299110 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtOpenEvent 7C90D57E 5 Bytes JMP 2129B3C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 21293AB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 21298C60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtOpenMutant 7C90D5DE 5 Bytes JMP 2129AC60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 212945E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtOpenSection 7C90D62E 5 Bytes JMP 2129A0F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtOpenSemaphore 7C90D63E 5 Bytes JMP 2129B010 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtOpenThread 7C90D65E 5 Bytes JMP 21294740 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 212AFF80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtQueryAttributesFile 7C90D70E 5 Bytes JMP 21293F70 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 212940C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtQueryEaFile 7C90D78E 5 Bytes JMP 21294EF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 21293FE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtQueryInformationFile 7C90D7CE 5 Bytes JMP 21293EE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes JMP 21295AB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtQueryInformationToken 7C90D81E 5 Bytes JMP 21295230 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtQueryKey 7C90D85E 5 Bytes JMP 21298F70 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 5 Bytes JMP 212993A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtQueryObject 7C90D88E 5 Bytes JMP 21294310 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtQueryOpenSubKeys 7C90D89E 5 Bytes JMP 21298EA0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtQueryQuotaInformationFile 7C90D8BE 5 Bytes JMP 212950C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtQuerySection 7C90D8CE 5 Bytes JMP 2129A4D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtQuerySecurityObject 7C90D8DE 5 Bytes JMP 212952B0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 212937F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtQuerySystemTime 7C90D93E 5 Bytes JMP 21295A50 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 212992A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtQueryVirtualMemory 7C90D97E 5 Bytes JMP 212AFE20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtQueryVolumeInformationFile 7C90D98E 5 Bytes JMP 21294170 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 21293B50 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtReadFileScatter 7C90D9DE 5 Bytes JMP 21293DC0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtRenameKey 7C90DA5E 5 Bytes JMP 21299420 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtReplaceKey 7C90DA6E 5 Bytes JMP 21298ED0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtRestoreKey 7C90DB1E 5 Bytes JMP 21298DE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 21295A90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtSaveKey 7C90DB4E 5 Bytes JMP 21298D80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtSaveMergedKeys 7C90DB6E 5 Bytes JMP 21298DB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtSetEaFile 7C90DBFE 5 Bytes JMP 21294F80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 21294050 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtSetInformationKey 7C90DC7E 5 Bytes JMP 21298F00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtSetInformationObject 7C90DC8E 5 Bytes JMP 21294390 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtSetQuotaInformationFile 7C90DD1E 5 Bytes JMP 212950E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtSetSecurityObject 7C90DD2E 5 Bytes JMP 21295390 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtSetSystemTime 7C90DD7E 5 Bytes JMP 212959C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 21299220 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtSetVolumeInformationFile 7C90DDDE 5 Bytes JMP 21294220 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 212956C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 212955B0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtUnloadKey 7C90DECE 5 Bytes JMP 21298E70 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtUnlockFile 7C90DEEE 5 Bytes JMP 21293D40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 2129A3D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 21293BF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!NtWriteFileGather 7C90DF8E 5 Bytes JMP 21293E50 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!RtlNtStatusToDosError 7C90F62D 5 Bytes JMP 21295E20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!RtlFreeHeap 7C90FF2D 5 Bytes JMP 21297580 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 21297490 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!RtlSizeHeap 7C9104DD 5 Bytes JMP 212975F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!RtlInitializeCriticalSectionAndSpinCount 7C91151A 5 Bytes JMP 21297660 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 21294900 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!LdrGetDllHandle 7C9166A0 5 Bytes JMP 212B00B0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 21294C40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!RtlReAllocateHeap 7C919BA0 5 Bytes JMP 21297500 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!LdrFindCreateProcessManifest 7C91FE25 5 Bytes JMP 21294DE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!RtlCreateProcessParameters 7C922E99 5 Bytes JMP 21294E20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!LdrShutdownProcess 7C923BD8 5 Bytes JMP 21295E90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!RtlCreateHeap 7C925C82 5 Bytes JMP 212973A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!RtlDestroyHeap 7C9264EE 5 Bytes JMP 21297420 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!RtlZeroHeap 7C95F193 5 Bytes JMP 21297FC0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!RtlSetLastWin32ErrorAndNtStatusFromNtStatus 7C964C5F 5 Bytes JMP 21295DC0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ntdll.dll!RtlRaiseStatus 7C9666A0 5 Bytes JMP 21295DF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] kernel32.dll!GetSystemTime 7C80176F 5 Bytes JMP 21291F00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] kernel32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 21291F60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 21291DF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] kernel32.dll!GetLocalTime 7C80A874 5 Bytes JMP 21291F30 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] kernel32.dll!GetModuleFileNameW 7C80B475 5 Bytes JMP 21291BB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] kernel32.dll!CreateActCtxW 7C8154FC 5 Bytes JMP 21291AC0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 2186B562 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWVEXT.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 2186B586 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWVEXT.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] kernel32.dll!FindNextChangeNotification 7C832145 5 Bytes JMP 21291D40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] kernel32.dll!FindFirstChangeNotificationW 7C834C1F 5 Bytes JMP 21291D90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 214B37E2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] kernel32.dll!SetLocalTime 7C855CF9 5 Bytes JMP 21291F90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] kernel32.dll!FindFirstChangeNotificationA 7C85D483 5 Bytes JMP 21291DC0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] kernel32.dll!CreateActCtxA 7C86C8E5 5 Bytes JMP 21291A00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!IdentifyCodeAuthzLevelW 77DD9EC8 5 Bytes JMP 2128DB00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!CloseServiceHandle 77DE6CE5 5 Bytes JMP 2128D2C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!QueryServiceStatus 77DE6D50 5 Bytes JMP 2128B830 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!OpenSCManagerW 77DE6F55 2 Bytes JMP 2128D770 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!OpenSCManagerW + 3 77DE6F58 2 Bytes [4A, A9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!OpenServiceW 77DE6FFD 5 Bytes JMP 2128B080 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!StartServiceA 77DEFB58 5 Bytes JMP 2128D580 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!RegisterServiceCtrlHandlerExA 77DEFEAB 5 Bytes JMP 2128D670 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!QueryServiceStatusEx 77DF120A 5 Bytes JMP 2128BA80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!QueryServiceConfigA 77DF1596 5 Bytes JMP 2128C130 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!SetServiceStatus 77DF3251 5 Bytes JMP 2128B730 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!StartServiceCtrlDispatcherW 77DF359D 5 Bytes JMP 2128D140 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!RegisterServiceCtrlHandlerExW 77DF3E49 5 Bytes JMP 2128C7F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!RegisterServiceCtrlHandlerW 77DF3E77 5 Bytes JMP 2128C890 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!StartServiceW 77DF3E94 5 Bytes JMP 2128B280 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!ControlService 77DF4A09 5 Bytes JMP 2128B5D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!OpenServiceA 77DF4C66 5 Bytes JMP 2128D500 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!RegisterServiceCtrlHandlerA 77DF4EC6 5 Bytes JMP 2128D6F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!OpenSCManagerA 77DF69AE 5 Bytes JMP 2128D7B0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!QueryServiceConfigW 77DF6F92 5 Bytes JMP 2128BC00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!CreateRestrictedToken 77E0DC8C 5 Bytes JMP 2128AC40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 2128D890 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!CreateServiceA 77E37211 5 Bytes JMP 2128D2F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!CreateServiceW 77E373A9 5 Bytes JMP 2128ADA0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!EnumDependentServicesA 77E37529 5 Bytes JMP 2128C730 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!EnumDependentServicesW 77E375E1 5 Bytes JMP 2128C670 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ADVAPI32.DLL!StartServiceCtrlDispatcherA 77E37F09 5 Bytes JMP 2128D200 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] GDI32.DLL!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] GDI32.DLL!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 212A5730 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!GetShellWindow 7E419252 5 Bytes JMP 212A59E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 212A4EF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!PrivateExtractIconsW 7E41CCFC 5 Bytes JMP 212A6260 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 212A5180 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!SetShellWindowEx 7E41FF92 5 Bytes JMP 212A5A80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9261 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 212A51A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!EnumDesktopWindows 7E42851A 5 Bytes JMP 212A5300 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 212A5690 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!EnumWindows 7E42A5AE 5 Bytes JMP 212A5320 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 212A5780 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DC8A9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 212A51C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 212A57D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254254 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!SystemParametersInfoA 7E42DEB2 5 Bytes JMP 212A4EB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 212A56E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 212A5830 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E40B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 212A5160 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E40B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E40B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E40B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E40B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

jueshiro · 2009/06/29

gmer continued 8

.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!SetShellWindow 7E456114 5 Bytes JMP 212A5AB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E40B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E40B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 21582A0F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 215828F0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 212A8C80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] WS2_32.dll!send 71AB4C27 5 Bytes JMP 21582971 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 21582AB3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] WS2_32.dll!WSASendDisconnect 71AC0A22 5 Bytes JMP 21582C47 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 21582B7A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 212A8EF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 212A8D90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 2129EE10 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED320 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 2186B9CA C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWVEXT.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ole32.dll!CoRegisterClassObject 77517E90 5 Bytes JMP 2129F000 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ole32.dll!CoGetObject 77525106 5 Bytes JMP 2129F350 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] ole32.dll!CoRevokeClassObject 7752A2F3 5 Bytes JMP 2129EFD0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] SHELL32.dll!SHEmptyRecycleBinW 7CA66D31 5 Bytes JMP 212A40E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] SHELL32.dll!SHEmptyRecycleBinA 7CA66D9B 5 Bytes JMP 212A4100 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] SHELL32.dll!SHFileOperationW 7CA70924 5 Bytes JMP 212A40A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] SHELL32.dll!SHFileOperation 7CA70C0C 5 Bytes JMP 212A40C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] CRYPT32.dll!CryptSIPRetrieveSubjectGuid 77A89BD3 5 Bytes JMP 2128FE40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] CRYPT32.dll!CryptSIPGetSignedDataMsg 77A9C614 5 Bytes JMP 2128FEB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] CRYPT32.dll!CryptSIPVerifyIndirectData 77AA08E8 5 Bytes JMP 2128FF30 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3132] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3132] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3132] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 214B37E2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3132] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3132] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3132] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3132] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3132] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3132] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3132] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3132] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3132] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3132] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!RtlEnterCriticalSection 7C901000 5 Bytes JMP 21298030 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!RtlLeaveCriticalSection 7C9010E0 5 Bytes JMP 212980A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtAccessCheck 7C90CE6E 5 Bytes JMP 21295180 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 21295190 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtAdjustPrivilegesToken 7C90CF0E 5 Bytes JMP 21295100 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 2129A540 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtAreMappedFilesTheSame 7C90CF7E 5 Bytes JMP 2129A5C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtCancelIoFile 7C90CFBE 5 Bytes JMP 21294800 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 212944B0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtContinue 7C90D05E 5 Bytes JMP 21295E50 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtCreateEvent 7C90D08E 5 Bytes JMP 2129B1E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 21293870 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 21298B70 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtCreateMutant 7C90D10E 5 Bytes JMP 2129AA80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtCreateNamedPipeFile 7C90D11E 5 Bytes JMP 21293990 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtCreatePort 7C90D13E 5 Bytes JMP 21298870 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtCreateSection 7C90D17E 5 Bytes JMP 21299F00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtCreateSemaphore 7C90D18E 5 Bytes JMP 2129AE30 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtCreateWaitablePort 7C90D1DE 5 Bytes JMP 21298900 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 21294240 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 21298CD0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 212991C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes JMP 21295490 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtDuplicateObject 7C90D29E 5 Bytes JMP 21294290 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtEnumerateKey 7C90D2CE 5 Bytes JMP 21298FF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 21299320 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtExtendSection 7C90D2FE 5 Bytes JMP 2129A520 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtFlushBuffersFile 7C90D32E 1 Byte [E9]
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 21294780 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtFlushKey 7C90D34E 5 Bytes JMP 21298D20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 2129A530 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtFsControlFile 7C90D39E 5 Bytes JMP 21295000 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtInitializeRegistry 7C90D41E 5 Bytes JMP 21299480 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtLoadKey 7C90D47E 5 Bytes JMP 21298E10 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtLoadKey2 7C90D48E 5 Bytes JMP 21298E40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtLockFile 7C90D49E 5 Bytes JMP 21293C90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtMakeTemporaryObject 7C90D4EE 5 Bytes JMP 21294430 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 2129A210 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtNotifyChangeDirectoryFile 7C90D53E 5 Bytes JMP 21294E60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtNotifyChangeKey 7C90D54E 5 Bytes JMP 21299070 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtNotifyChangeMultipleKeys 7C90D55E 5 Bytes JMP 21299110 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtOpenEvent 7C90D57E 5 Bytes JMP 2129B3C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 21293AB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 21298C60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtOpenMutant 7C90D5DE 5 Bytes JMP 2129AC60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 212945E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtOpenSection 7C90D62E 5 Bytes JMP 2129A0F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtOpenSemaphore 7C90D63E 5 Bytes JMP 2129B010 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtOpenThread 7C90D65E 5 Bytes JMP 21294740 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 212AFF80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtQueryAttributesFile 7C90D70E 5 Bytes JMP 21293F70 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 212940C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtQueryEaFile 7C90D78E 5 Bytes JMP 21294EF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 21293FE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtQueryInformationFile 7C90D7CE 5 Bytes JMP 21293EE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes JMP 21295AB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtQueryInformationToken 7C90D81E 5 Bytes JMP 21295230 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtQueryKey 7C90D85E 5 Bytes JMP 21298F70 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 5 Bytes JMP 212993A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtQueryObject 7C90D88E 5 Bytes JMP 21294310 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtQueryOpenSubKeys 7C90D89E 5 Bytes JMP 21298EA0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtQueryQuotaInformationFile 7C90D8BE 5 Bytes JMP 212950C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtQuerySection 7C90D8CE 5 Bytes JMP 2129A4D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtQuerySecurityObject 7C90D8DE 5 Bytes JMP 212952B0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 212937F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtQuerySystemTime 7C90D93E 5 Bytes JMP 21295A50 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 212992A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtQueryVirtualMemory 7C90D97E 5 Bytes JMP 212AFE20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtQueryVolumeInformationFile 7C90D98E 5 Bytes JMP 21294170 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 21293B50 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtReadFileScatter 7C90D9DE 5 Bytes JMP 21293DC0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtRenameKey 7C90DA5E 5 Bytes JMP 21299420 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtReplaceKey 7C90DA6E 5 Bytes JMP 21298ED0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtRestoreKey 7C90DB1E 5 Bytes JMP 21298DE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 21295A90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtSaveKey 7C90DB4E 5 Bytes JMP 21298D80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtSaveMergedKeys 7C90DB6E 5 Bytes JMP 21298DB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtSetEaFile 7C90DBFE 5 Bytes JMP 21294F80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 21294050 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtSetInformationKey 7C90DC7E 5 Bytes JMP 21298F00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtSetInformationObject 7C90DC8E 5 Bytes JMP 21294390 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtSetQuotaInformationFile 7C90DD1E 5 Bytes JMP 212950E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtSetSecurityObject 7C90DD2E 5 Bytes JMP 21295390 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtSetSystemTime 7C90DD7E 5 Bytes JMP 212959C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 21299220 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtSetVolumeInformationFile 7C90DDDE 5 Bytes JMP 21294220 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 212956C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 212955B0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtUnloadKey 7C90DECE 5 Bytes JMP 21298E70 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtUnlockFile 7C90DEEE 5 Bytes JMP 21293D40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 2129A3D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 21293BF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!NtWriteFileGather 7C90DF8E 5 Bytes JMP 21293E50 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!RtlNtStatusToDosError 7C90F62D 5 Bytes JMP 21295E20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!RtlFreeHeap 7C90FF2D 5 Bytes JMP 21297580 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 21297490 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!RtlSizeHeap 7C9104DD 5 Bytes JMP 212975F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!RtlInitializeCriticalSectionAndSpinCount 7C91151A 5 Bytes JMP 21297660 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 21294900 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!LdrGetDllHandle 7C9166A0 5 Bytes JMP 212B00B0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 21294C40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!RtlReAllocateHeap 7C919BA0 5 Bytes JMP 21297500 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!LdrFindCreateProcessManifest 7C91FE25 5 Bytes JMP 21294DE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!RtlCreateProcessParameters 7C922E99 5 Bytes JMP 21294E20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!LdrShutdownProcess 7C923BD8 5 Bytes JMP 21295E90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!RtlCreateHeap 7C925C82 5 Bytes JMP 212973A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!RtlDestroyHeap 7C9264EE 5 Bytes JMP 21297420 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!RtlZeroHeap 7C95F193 5 Bytes JMP 21297FC0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!RtlSetLastWin32ErrorAndNtStatusFromNtStatus 7C964C5F 5 Bytes JMP 21295DC0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ntdll.dll!RtlRaiseStatus 7C9666A0 5 Bytes JMP 21295DF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] kernel32.dll!GetSystemTime 7C80176F 5 Bytes JMP 21291F00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] kernel32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 21291F60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 21291DF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] kernel32.dll!GetLocalTime 7C80A874 5 Bytes JMP 21291F30 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] kernel32.dll!GetModuleFileNameW 7C80B475 5 Bytes JMP 21291BB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] kernel32.dll!CreateActCtxW 7C8154FC 5 Bytes JMP 21291AC0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)

jueshiro · 2009/06/29

gmer continued 9

.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 2186B562 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWVEXT.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 2186B586 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWVEXT.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] kernel32.dll!FindNextChangeNotification 7C832145 5 Bytes JMP 21291D40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] kernel32.dll!FindFirstChangeNotificationW 7C834C1F 5 Bytes JMP 21291D90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 214B37E2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] kernel32.dll!SetLocalTime 7C855CF9 5 Bytes JMP 21291F90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] kernel32.dll!FindFirstChangeNotificationA 7C85D483 5 Bytes JMP 21291DC0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] kernel32.dll!CreateActCtxA 7C86C8E5 5 Bytes JMP 21291A00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!IdentifyCodeAuthzLevelW 77DD9EC8 5 Bytes JMP 2128DB00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 2128D2C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!QueryServiceStatus 77DE6D50 5 Bytes JMP 2128B830 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!OpenSCManagerW 77DE6F55 2 Bytes JMP 2128D770 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!OpenSCManagerW + 3 77DE6F58 2 Bytes [4A, A9]
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 2128B080 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!StartServiceA 77DEFB58 5 Bytes JMP 2128D580 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!RegisterServiceCtrlHandlerExA 77DEFEAB 5 Bytes JMP 2128D670 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 5 Bytes JMP 2128BA80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!QueryServiceConfigA 77DF1596 5 Bytes JMP 2128C130 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!SetServiceStatus 77DF3251 5 Bytes JMP 2128B730 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!StartServiceCtrlDispatcherW 77DF359D 5 Bytes JMP 2128D140 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!RegisterServiceCtrlHandlerExW 77DF3E49 5 Bytes JMP 2128C7F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!RegisterServiceCtrlHandlerW 77DF3E77 5 Bytes JMP 2128C890 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!StartServiceW 77DF3E94 5 Bytes JMP 2128B280 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 2128B5D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 2128D500 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!RegisterServiceCtrlHandlerA 77DF4EC6 5 Bytes JMP 2128D6F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!OpenSCManagerA 77DF69AE 5 Bytes JMP 2128D7B0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 5 Bytes JMP 2128BC00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!CreateRestrictedToken 77E0DC8C 5 Bytes JMP 2128AC40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 2128D890 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 2128D2F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 2128ADA0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!EnumDependentServicesA 77E37529 5 Bytes JMP 2128C730 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!EnumDependentServicesW 77E375E1 5 Bytes JMP 2128C670 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ADVAPI32.dll!StartServiceCtrlDispatcherA 77E37F09 5 Bytes JMP 2128D200 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 212A5730 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] USER32.dll!GetShellWindow 7E419252 5 Bytes JMP 212A59E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 212A4EF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] USER32.dll!PrivateExtractIconsW 7E41CCFC 5 Bytes JMP 212A6260 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 212A5180 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] USER32.dll!SetShellWindowEx 7E41FF92 5 Bytes JMP 212A5A80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 212A51A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] USER32.dll!EnumDesktopWindows 7E42851A 5 Bytes JMP 212A5300 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 212A5690 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] USER32.dll!EnumWindows 7E42A5AE 5 Bytes JMP 212A5320 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 212A5780 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 212A51C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 212A57D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] USER32.dll!SystemParametersInfoA 7E42DEB2 5 Bytes JMP 212A4EB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 212A56E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 212A5830 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 212A5160 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] USER32.dll!SetShellWindow 7E456114 5 Bytes JMP 212A5AB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 21582A0F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 215828F0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 212A8C80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] WS2_32.dll!send 71AB4C27 5 Bytes JMP 21582971 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 21582AB3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] WS2_32.dll!WSASendDisconnect 71AC0A22 5 Bytes JMP 21582C47 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 21582B7A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 212A8EF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 212A8D90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 2129EE10 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 2186B995 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWVEXT.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 2186B9CA C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWVEXT.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ole32.dll!CoRegisterClassObject 77517E90 5 Bytes JMP 2129F000 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ole32.dll!CoGetObject 77525106 5 Bytes JMP 2129F350 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] ole32.dll!CoRevokeClassObject 7752A2F3 5 Bytes JMP 2129EFD0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] SHELL32.dll!SHEmptyRecycleBinW 7CA66D31 5 Bytes JMP 212A40E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] SHELL32.dll!SHEmptyRecycleBinA 7CA66D9B 5 Bytes JMP 212A4100 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] SHELL32.dll!SHFileOperationW 7CA70924 5 Bytes JMP 212A40A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] SHELL32.dll!SHFileOperation 7CA70C0C 5 Bytes JMP 212A40C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] CRYPT32.dll!CryptSIPRetrieveSubjectGuid 77A89BD3 5 Bytes JMP 2128FE40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] CRYPT32.dll!CryptSIPGetSignedDataMsg 77A9C614 5 Bytes JMP 2128FEB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[3176] CRYPT32.dll!CryptSIPVerifyIndirectData 77AA08E8 5 Bytes JMP 2128FF30 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3236] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3236] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3236] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3236] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3236] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3236] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3236] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3236] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3236] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3236] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3236] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3236] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3236] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3236] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3236] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3236] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3236] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3236] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3236] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3272] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3272] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3272] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3272] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3272] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3272] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3272] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3272] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3272] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3272] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3272] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3272] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3272] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3272] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3272] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3272] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3272] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3272] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3272] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[3324] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[3324] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[3324] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[3324] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[3324] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[3324] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[3324] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[3324] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[3324] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[3324] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[3324] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[3324] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[3324] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[3324] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[3324] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[3324] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[3324] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

jueshiro · 2009/06/29

gmer continued 10

.text C:\WINDOWS\ehome\ehtray.exe[3324] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[3324] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[3428] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3440] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3440] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3440] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3440] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3440] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3440] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3440] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3440] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3440] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3440] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3440] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3440] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3440] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3440] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3440] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3440] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3440] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3440] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3440] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[3468] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[3468] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[3468] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[3468] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[3468] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[3468] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[3468] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[3468] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[3468] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[3468] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[3468] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[3468] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[3468] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[3468] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[3468] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[3468] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[3468] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[3468] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[3468] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3520] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3520] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3520] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3520] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3520] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3520] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3520] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3520] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3520] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3520] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3520] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3520] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3520] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3520] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3520] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3520] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3520] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3520] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3520] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3620] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3620] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3620] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3620] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3620] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3620] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3620] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3620] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3620] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3620] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3620] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3620] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3620] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3620] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3620] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3620] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3620] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3620] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3620] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3632] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3632] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3632] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3632] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3632] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3632] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3632] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3632] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3632] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3632] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3632] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3632] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3632] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3632] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3632] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3632] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3632] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3632] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3632] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)

jueshiro · 2009/06/29

gmer continued 11

.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3700] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3700] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3700] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3700] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3700] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3700] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3700] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3700] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3700] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3700] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3700] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3700] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3700] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3700] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3700] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3700] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3700] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3700] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3700] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!RtlEnterCriticalSection 7C901000 5 Bytes JMP 21298030 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!RtlLeaveCriticalSection 7C9010E0 5 Bytes JMP 212980A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtAccessCheck 7C90CE6E 5 Bytes JMP 21295180 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 21295190 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtAdjustPrivilegesToken 7C90CF0E 5 Bytes JMP 21295100 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 2129A540 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtAreMappedFilesTheSame 7C90CF7E 5 Bytes JMP 2129A5C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtCancelIoFile 7C90CFBE 5 Bytes JMP 21294800 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 212944B0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtContinue 7C90D05E 5 Bytes JMP 21295E50 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtCreateEvent 7C90D08E 5 Bytes JMP 2129B1E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 21293870 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 21298B70 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtCreateMutant 7C90D10E 5 Bytes JMP 2129AA80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtCreateNamedPipeFile 7C90D11E 5 Bytes JMP 21293990 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtCreatePort 7C90D13E 5 Bytes JMP 21298870 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtCreateSection 7C90D17E 5 Bytes JMP 21299F00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtCreateSemaphore 7C90D18E 5 Bytes JMP 2129AE30 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtCreateWaitablePort 7C90D1DE 5 Bytes JMP 21298900 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 21294240 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 21298CD0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 212991C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes JMP 21295490 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtDuplicateObject 7C90D29E 5 Bytes JMP 21294290 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtEnumerateKey 7C90D2CE 5 Bytes JMP 21298FF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 21299320 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtExtendSection 7C90D2FE 5 Bytes JMP 2129A520 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtFlushBuffersFile 7C90D32E 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 21294780 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtFlushKey 7C90D34E 5 Bytes JMP 21298D20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 2129A530 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtFsControlFile 7C90D39E 5 Bytes JMP 21295000 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtInitializeRegistry 7C90D41E 5 Bytes JMP 21299480 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtLoadKey 7C90D47E 5 Bytes JMP 21298E10 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtLoadKey2 7C90D48E 5 Bytes JMP 21298E40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtLockFile 7C90D49E 5 Bytes JMP 21293C90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtMakeTemporaryObject 7C90D4EE 5 Bytes JMP 21294430 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 2129A210 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtNotifyChangeDirectoryFile 7C90D53E 5 Bytes JMP 21294E60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtNotifyChangeKey 7C90D54E 5 Bytes JMP 21299070 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtNotifyChangeMultipleKeys 7C90D55E 5 Bytes JMP 21299110 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtOpenEvent 7C90D57E 5 Bytes JMP 2129B3C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 21293AB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 21298C60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtOpenMutant 7C90D5DE 5 Bytes JMP 2129AC60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 212945E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtOpenSection 7C90D62E 5 Bytes JMP 2129A0F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtOpenSemaphore 7C90D63E 5 Bytes JMP 2129B010 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtOpenThread 7C90D65E 5 Bytes JMP 21294740 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 212AFF80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtQueryAttributesFile 7C90D70E 5 Bytes JMP 21293F70 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 212940C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtQueryEaFile 7C90D78E 5 Bytes JMP 21294EF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 21293FE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtQueryInformationFile 7C90D7CE 5 Bytes JMP 21293EE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes JMP 21295AB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtQueryInformationToken 7C90D81E 5 Bytes JMP 21295230 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtQueryKey 7C90D85E 5 Bytes JMP 21298F70 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 5 Bytes JMP 212993A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtQueryObject 7C90D88E 5 Bytes JMP 21294310 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtQueryOpenSubKeys 7C90D89E 5 Bytes JMP 21298EA0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtQueryQuotaInformationFile 7C90D8BE 5 Bytes JMP 212950C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtQuerySection 7C90D8CE 5 Bytes JMP 2129A4D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtQuerySecurityObject 7C90D8DE 5 Bytes JMP 212952B0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 212937F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtQuerySystemTime 7C90D93E 5 Bytes JMP 21295A50 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 212992A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtQueryVirtualMemory 7C90D97E 5 Bytes JMP 212AFE20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtQueryVolumeInformationFile 7C90D98E 5 Bytes JMP 21294170 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 21293B50 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtReadFileScatter 7C90D9DE 5 Bytes JMP 21293DC0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtRenameKey 7C90DA5E 5 Bytes JMP 21299420 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtReplaceKey 7C90DA6E 5 Bytes JMP 21298ED0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtRestoreKey 7C90DB1E 5 Bytes JMP 21298DE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 21295A90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtSaveKey 7C90DB4E 5 Bytes JMP 21298D80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtSaveMergedKeys 7C90DB6E 5 Bytes JMP 21298DB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtSetEaFile 7C90DBFE 5 Bytes JMP 21294F80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 21294050 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtSetInformationKey 7C90DC7E 5 Bytes JMP 21298F00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtSetInformationObject 7C90DC8E 5 Bytes JMP 21294390 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtSetQuotaInformationFile 7C90DD1E 5 Bytes JMP 212950E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtSetSecurityObject 7C90DD2E 5 Bytes JMP 21295390 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtSetSystemTime 7C90DD7E 5 Bytes JMP 212959C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 21299220 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtSetVolumeInformationFile 7C90DDDE 5 Bytes JMP 21294220 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 212956C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 212955B0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtUnloadKey 7C90DECE 5 Bytes JMP 21298E70 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtUnlockFile 7C90DEEE 5 Bytes JMP 21293D40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 2129A3D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 21293BF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!NtWriteFileGather 7C90DF8E 5 Bytes JMP 21293E50 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!RtlNtStatusToDosError 7C90F62D 5 Bytes JMP 21295E20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!RtlFreeHeap 7C90FF2D 5 Bytes JMP 21297580 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 21297490 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!RtlSizeHeap 7C9104DD 5 Bytes JMP 212975F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!RtlInitializeCriticalSectionAndSpinCount 7C91151A 5 Bytes JMP 21297660 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 21294900 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!LdrGetDllHandle 7C9166A0 5 Bytes JMP 212B00B0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 21294C40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!RtlReAllocateHeap 7C919BA0 5 Bytes JMP 21297500 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!LdrFindCreateProcessManifest 7C91FE25 5 Bytes JMP 21294DE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!RtlCreateProcessParameters 7C922E99 5 Bytes JMP 21294E20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!LdrShutdownProcess 7C923BD8 5 Bytes JMP 21295E90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!RtlCreateHeap 7C925C82 5 Bytes JMP 212973A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!RtlDestroyHeap 7C9264EE 5 Bytes JMP 21297420 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!RtlZeroHeap 7C95F193 5 Bytes JMP 21297FC0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!RtlSetLastWin32ErrorAndNtStatusFromNtStatus 7C964C5F 5 Bytes JMP 21295DC0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ntdll.dll!RtlRaiseStatus 7C9666A0 5 Bytes JMP 21295DF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] kernel32.dll!GetSystemTime 7C80176F 5 Bytes JMP 21291F00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] kernel32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 21291F60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 21291DF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] kernel32.dll!GetLocalTime 7C80A874 5 Bytes JMP 21291F30 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] kernel32.dll!GetModuleFileNameW 7C80B475 5 Bytes JMP 21291BB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] kernel32.dll!CreateActCtxW 7C8154FC 5 Bytes JMP 21291AC0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 2186B562 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWVEXT.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 2186B586 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWVEXT.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] kernel32.dll!FindNextChangeNotification 7C832145 5 Bytes JMP 21291D40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] kernel32.dll!FindFirstChangeNotificationW 7C834C1F 5 Bytes JMP 21291D90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 214B37E2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] kernel32.dll!SetLocalTime 7C855CF9 5 Bytes JMP 21291F90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] kernel32.dll!FindFirstChangeNotificationA 7C85D483 5 Bytes JMP 21291DC0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] kernel32.dll!CreateActCtxA 7C86C8E5 5 Bytes JMP 21291A00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!IdentifyCodeAuthzLevelW 77DD9EC8 5 Bytes JMP 2128DB00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!CloseServiceHandle 77DE6CE5 5 Bytes JMP 2128D2C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!QueryServiceStatus 77DE6D50 5 Bytes JMP 2128B830 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!OpenSCManagerW 77DE6F55 2 Bytes JMP 2128D770 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!OpenSCManagerW + 3 77DE6F58 2 Bytes [4A, A9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!OpenServiceW 77DE6FFD 5 Bytes JMP 2128B080 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!StartServiceA 77DEFB58 5 Bytes JMP 2128D580 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!RegisterServiceCtrlHandlerExA 77DEFEAB 5 Bytes JMP 2128D670 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!QueryServiceStatusEx 77DF120A 5 Bytes JMP 2128BA80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!QueryServiceConfigA 77DF1596 5 Bytes JMP 2128C130 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!SetServiceStatus 77DF3251 5 Bytes JMP 2128B730 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!StartServiceCtrlDispatcherW 77DF359D 5 Bytes JMP 2128D140 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!RegisterServiceCtrlHandlerExW 77DF3E49 5 Bytes JMP 2128C7F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!RegisterServiceCtrlHandlerW 77DF3E77 5 Bytes JMP 2128C890 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!StartServiceW 77DF3E94 5 Bytes JMP 2128B280 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)

jueshiro · 2009/06/29

gmer continued 12

.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!ControlService 77DF4A09 5 Bytes JMP 2128B5D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!OpenServiceA 77DF4C66 5 Bytes JMP 2128D500 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!RegisterServiceCtrlHandlerA 77DF4EC6 5 Bytes JMP 2128D6F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!OpenSCManagerA 77DF69AE 5 Bytes JMP 2128D7B0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!QueryServiceConfigW 77DF6F92 5 Bytes JMP 2128BC00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!CreateRestrictedToken 77E0DC8C 5 Bytes JMP 2128AC40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 2128D890 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!CreateServiceA 77E37211 5 Bytes JMP 2128D2F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!CreateServiceW 77E373A9 5 Bytes JMP 2128ADA0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!EnumDependentServicesA 77E37529 5 Bytes JMP 2128C730 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!EnumDependentServicesW 77E375E1 5 Bytes JMP 2128C670 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ADVAPI32.DLL!StartServiceCtrlDispatcherA 77E37F09 5 Bytes JMP 2128D200 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] GDI32.DLL!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] GDI32.DLL!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 212A5730 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!GetShellWindow 7E419252 5 Bytes JMP 212A59E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 212A4EF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!PrivateExtractIconsW 7E41CCFC 5 Bytes JMP 212A6260 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 212A5180 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!SetShellWindowEx 7E41FF92 5 Bytes JMP 212A5A80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 212A51A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!EnumDesktopWindows 7E42851A 5 Bytes JMP 212A5300 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 212A5690 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!EnumWindows 7E42A5AE 5 Bytes JMP 212A5320 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 212A5780 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 212A51C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 212A57D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!SystemParametersInfoA 7E42DEB2 5 Bytes JMP 212A4EB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 212A56E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 212A5830 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E40B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 212A5160 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E40B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E40B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E40B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E40B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!SetShellWindow 7E456114 5 Bytes JMP 212A5AB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E40B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E40B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 21582A0F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 215828F0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 212A8C80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] WS2_32.dll!send 71AB4C27 5 Bytes JMP 21582971 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 21582AB3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] WS2_32.dll!WSASendDisconnect 71AC0A22 5 Bytes JMP 21582C47 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 21582B7A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 212A8EF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 212A8D90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 2129EE10 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 2186B995 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWVEXT.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 2186B9CA C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWVEXT.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ole32.dll!CoRegisterClassObject 77517E90 5 Bytes JMP 2129F000 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ole32.dll!CoGetObject 77525106 5 Bytes JMP 2129F350 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ole32.dll!CoRevokeClassObject 7752A2F3 5 Bytes JMP 2129EFD0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] SHELL32.dll!SHEmptyRecycleBinW 7CA66D31 5 Bytes JMP 212A40E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] SHELL32.dll!SHEmptyRecycleBinA 7CA66D9B 5 Bytes JMP 212A4100 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] SHELL32.dll!SHFileOperationW 7CA70924 5 Bytes JMP 212A40A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] SHELL32.dll!SHFileOperation 7CA70C0C 5 Bytes JMP 212A40C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[3876] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[3876] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[3876] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 01888B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[3876] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[3876] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[3876] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[3876] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[3876] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 01888620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[3876] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 01888720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[3876] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[3876] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 01888020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[3876] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 018880A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[3876] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 01887F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[3876] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[3876] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 01887F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[3876] USER32.dll!SendInput 7E42F140 5 Bytes JMP 01888240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[3876] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 01887EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[3876] USER32.dll!keybd_event 7E466783 5 Bytes JMP 018881F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[3876] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 01888120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\forcefield.exe[3968] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\forcefield.exe[3968] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\forcefield.exe[3968] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 214B37E2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\forcefield.exe[3968] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\forcefield.exe[3968] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\forcefield.exe[3968] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\forcefield.exe[3968] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\forcefield.exe[3968] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\forcefield.exe[3968] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\forcefield.exe[3968] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\forcefield.exe[3968] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\forcefield.exe[3968] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\forcefield.exe[3968] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4020] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4020] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4020] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4020] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4020] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4020] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4020] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4020] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4020] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4020] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4020] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4020] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4020] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4020] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4020] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4020] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4020] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4020] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4020] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\windows\system\hpsysdrv.exe[4212] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\windows\system\hpsysdrv.exe[4212] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\windows\system\hpsysdrv.exe[4212] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\windows\system\hpsysdrv.exe[4212] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\windows\system\hpsysdrv.exe[4212] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\windows\system\hpsysdrv.exe[4212] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\windows\system\hpsysdrv.exe[4212] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\windows\system\hpsysdrv.exe[4212] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\windows\system\hpsysdrv.exe[4212] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\windows\system\hpsysdrv.exe[4212] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\windows\system\hpsysdrv.exe[4212] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\windows\system\hpsysdrv.exe[4212] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\windows\system\hpsysdrv.exe[4212] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\windows\system\hpsysdrv.exe[4212] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\windows\system\hpsysdrv.exe[4212] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\windows\system\hpsysdrv.exe[4212] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\windows\system\hpsysdrv.exe[4212] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\windows\system\hpsysdrv.exe[4212] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\windows\system\hpsysdrv.exe[4212] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe[5196] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe[5196] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe[5196] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe[5196] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe[5196] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe[5196] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe[5196] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe[5196] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe[5196] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe[5196] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe[5196] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe[5196] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe[5196] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe[5196] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe[5196] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe[5196] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe[5196] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe[5196] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe[5196] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

jueshiro · 2009/06/29

gmer continued 13

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F222CB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F222C930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F222D260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F222AE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F222AE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F222CB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F222C930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F222D260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F222CB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F222AE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F222D260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F222C930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F222D260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F222C930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F222CB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F222AE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F222CB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F222C930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F222D260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F222D260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F222C930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F222AE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F222CB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Internet Explorer\iexplore.exe[412] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Internet Explorer\iexplore.exe[412] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1A7B] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[444] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\arservice.exe[456] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\eHome\ehRecvr.exe[492] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\eHome\ehSched.exe[504] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Java\jre6\bin\jqs.exe[580] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[672] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\winlogon.exe[720] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\services.exe[768] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\lsass.exe[780] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[904] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\Ati2evxx.exe[940] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\ALCXMNTR.EXE[1140] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\svchost.exe[1144] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1192] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1316] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Spyware Terminator\sp_rsser.exe[1420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\Ati2evxx.exe[1588] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1616] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\Explorer.EXE[1648] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1776] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2004] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\spoolsv.exe[2024] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\ehome\mcrdsvc.exe[2116] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\dllhost.exe[2452] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\HP\KBD\KBD.EXE[2468] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\alg.exe[2956] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3116] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3116] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1A7B] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3272] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\ehome\ehtray.exe[3324] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\eHome\ehmsas.exe[3428] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3440] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[3468] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3520] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3620] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\ctfmon.exe[3632] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3700] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3852] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\iPod\bin\iPodService.exe[4020] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT c:\windows\system\hpsysdrv.exe[4212] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe[5196] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

jueshiro · 2009/06/29

gamer continued 14 & Hijack this

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 icsak.sys (ZoneAlarm ForceField/Check Point Software Technologies)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 icsak.sys (ZoneAlarm ForceField/Check Point Software Technologies)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\gxvxcexwmmjakwmyklttntkwwbqwhoscefqjg.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [412] 0x10000000
Library \\?\globalroot\systemroot\system32\gxvxcjkxfaqjoodaukbgbvnkwdilxmomdwaom.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [952] 0x10000000
Library \\?\globalroot\systemroot\system32\gxvxcexwmmjakwmyklttntkwwbqwhoscefqjg.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3116] 0x10000000
Library \\?\globalroot\systemroot\system32\gxvxcexwmmjakwmyklttntkwwbqwhoscefqjg.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3852] 0x10000000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\gxvxcrsnswulhyiwbdwtodppbitltxsvwxwgi.sys (*** hidden *** ) [SYSTEM] gxvxcserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcrsnswulhyiwbdwtodppbitltxsvwxwgi.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcrsnswulhyiwbdwtodppbitltxsvwxwgi.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcjkxfaqjoodaukbgbvnkwdilxmomdwaom.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxcexwmmjakwmyklttntkwwbqwhoscefqjg.dll
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcrsnswulhyiwbdwtodppbitltxsvwxwgi.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcrsnswulhyiwbdwtodppbitltxsvwxwgi.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcjkxfaqjoodaukbgbvnkwdilxmomdwaom.dll
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxcexwmmjakwmyklttntkwwbqwhoscefqjg.dll

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\gxvxcidmyblhyvbeyxwhxvdolkuwqekoeppfm.sys 48128 bytes executable
File C:\WINDOWS\system32\drivers\gxvxcitethopardylbascpkwwiltoijxvkixn.sys 48128 bytes executable
File C:\WINDOWS\system32\drivers\gxvxcjxtlirsbkwnthohxdapbavhgqulhymta.sys 48128 bytes executable
File C:\WINDOWS\system32\drivers\gxvxcmxfumupltptnqtqsilphrrdyibqjxica.sys 48128 bytes executable
File C:\WINDOWS\system32\drivers\gxvxcrsnswulhyiwbdwtodppbitltxsvwxwgi.sys 47616 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\drivers\gxvxcvymrmyndovdylhlblhnbobbpijwrqxdu.sys 48128 bytes executable
File C:\WINDOWS\system32\drivers\gxvxcwextexmqlrgwvbrrsnsukvdpqjyvklti.sys 48128 bytes executable
File C:\WINDOWS\system32\drivers\gxvxcwuhrqublovnsswesdjkllhmdrqpartvx.sys 48128 bytes executable
File C:\WINDOWS\system32\gxvxccount 4 bytes
File C:\WINDOWS\system32\gxvxcexwmmjakwmyklttntkwwbqwhoscefqjg.dll 28673 bytes executable
File C:\WINDOWS\system32\gxvxcjkxfaqjoodaukbgbvnkwdilxmomdwaom.dll 22529 bytes executable

---- EOF - GMER 1.0.15 ----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:24:32 PM, on 6/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\CheckPoint\ZAForceField\forcefield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ForceField Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Jeaks Music Toolbar - {2DBEDDA0-6B3A-4F7E-93C4-3C0EE28775C0} - (no file)
O3 - Toolbar: ForceField Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MRC] "C:\Program Files\PC Tune-Up\PCTuneUp.exe" /MBRSTART
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ZAFFRegisterTrustChecker] "C:\WINDOWS\system32\regsvr32.exe" -s "C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustChecker.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ZAFFRegisterTrustChecker] "C:\WINDOWS\system32\regsvr32.exe" -s "C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustChecker.dll" (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/The%20Clumsy's/Images/stg_drm.ocx
O16 - DPF: {48989C74-D5FC-4F17-BA40-3D825C716836} (clMultiDownLoader Control) - http://mgn.musicgiants.com/cab/mgndownloader.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/The%20Secret%20of%20Margrave%20Manor/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Jeaks Toolbar Update Launcher (JeaksSvr) - Unknown owner - C:\Program Files\FileVOoM Pro\Jeaks Music\JeaksSvr.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 9922 bytes

Thanks again,
John

broni · 2009/06/29

Alrighty, we have a rootkit here.

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

jueshiro · 2009/06/29

gmer 1

I think the begining of the log got cut off, here it is, sorry:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-29 14:02:47
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF2227FC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF2224C80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xF223F170]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF2228580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xF223C900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xF223CB10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xF2240B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF2228670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF2225210]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xF223F9F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xF223F7A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xF223C280]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadDriver [0xF22218C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF223FF10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF223FF90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xF2240D90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF2225070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xF223E180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xF223DF40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xF22406F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF2240150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF2227BE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xF2240540]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xF2228190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF2225440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSystemInformation [0xF22216A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xF223F4E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xF223D200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xF223D080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwUnloadDriver [0xF2221AF0]

INT 0x20 srescan.sys F7105C90

Code 85447C58 ZwEnumerateKey
Code 8541EE68 ZwFlushInstructionCache
Code 854201F6 IofCallDriver
Code 853E5B86 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 854201FB
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 853E5B8B
.text ntkrnlpa.exe!ZwCallbackReturn + 2C7C 80504518 12 Bytes [80, 85, 22, F2, 00, C9, 23, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D48 805045E4 12 Bytes [C0, 18, 22, F2, 10, FF, 23, ...]
? srescan.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[404] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[404] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)

broni · 2009/06/29

That's fine. All bad guys are listed toward the end, but thank you

Log in or Sign up

Solved Google Redirect

jueshiro Inactive Thread Starter

broni Moderator Malware Analyst

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

broni Moderator Malware Analyst

jueshiro Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Google Redirect

jueshiro Inactive Thread Starter

broni Moderator Malware Analyst

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

jueshiro Inactive Thread Starter

broni Moderator Malware Analyst

jueshiro Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches