1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

svchost.exe causing high CPU usage & commit charge

Discussion in 'Windows XP' started by Actuarial, Nov 12, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Actuarial

    Actuarial Thread Starter

    Joined:
    Nov 9, 2011
    Messages:
    40
    hi, i posted on the Viruses/Malware forum 3 days ago & haven't received a response, but after some further research, i'm pretty sure this isn't a virus or malware issue (hoping i'm not going to have to wait another few days on this forum). The problem essentially has to do with the svchost.exe process. Whenever i opened internet explorer or firefox, the system would gradually bog down, taking forever to do any simple task, and eventually freeze up. The CPU usage would also gradually climb to 100% and stay there, mostly used by svchost.

    Now, i think i found a temporary solution to the CPU usage problem, by stopping "Automatic Updates" in the "Computer Management" window, and changing the startup type to "disabled." CPU usage is now low while using the internet and the computer hasn't gotten extremely slow or frozen since making the change. If I have to keep automatic updates off in order to avoid this problem, then i guess it's not a huge deal to just use the microsoft website for updates... but it'd be great if i could turn it back on.

    However, I think that might've merely eliminated one symptom but not the real problem, because the commit charge is still very high (2250M/2900M), again mostly due to svchost (according to process explorer). From what i've read, this should be no more than 400-500M. There are a few other issues I'd like to tackle as well, but I'd like to fix this one first.

    Here's my Hijackthis log:


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:08:05 AM, on 11/12/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O2 - BHO: ZoneAlarm Security - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll
    O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
    O4 - HKLM\..\Run: [ZoneAlarm Installer] "C:\Program Files\CheckPoint\Install\Launcher.exe" "C:\Program Files\CheckPoint\Install\Install.exe" /r download /c "C:\Program Files\CheckPoint\Install\Install.xml" /l /w
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    --
    End of file - 5634 bytes
    ________________________________________________________


    Here's my dds log:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Saleshp530 at 9:11:17 on 2011-11-12
    .
    ============== Running Processes ===============
    .
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll
    TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [Smapp] c:\program files\analog devices\soundmax\SMTray.exe
    mRun: [DrvLsnr] c:\program files\analog devices\soundmax\DrvLsnr.exe
    mRun: [SetRefresh] c:\program files\compaq\setrefresh\\SetRefresh.exe
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
    mRun: [ZoneAlarm Installer] "c:\program files\checkpoint\install\launcher.exe" "c:\program files\checkpoint\install\install.exe" /r download /c "c:\program files\checkpoint\install\Install.xml" /l /w
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    Trusted Zone: microsoft.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{EAA6C7BB-2F30-4C1A-8CCE-FC10E8EA2088} : DhcpNameServer = 192.168.1.1
    Notify: igfxcui - igfxsrvc.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\saleshp530\application data\mozilla\firefox\profiles\h5b72xtp.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=2&q=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    .
    =============== Created Last 30 ================
    .
    2011-11-10 12:45:31 -------- d-sh--w- c:\documents and settings\saleshp530\IECompatCache
    2011-11-10 00:56:12 388096 ----a-r- c:\documents and settings\saleshp530\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-11-10 00:56:12 -------- d-----w- c:\program files\Trend Micro
    2011-11-09 01:36:31 -------- d--h--w- C:\$AVG
    2011-11-07 01:31:38 -------- d-----w- c:\windows\system32\NtmsData
    2011-11-06 22:57:20 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-11-06 17:18:30 -------- d-----w- c:\windows\ie8updates
    2011-11-06 15:00:27 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-11-06 14:59:20 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-11-06 14:59:16 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-11-06 14:57:52 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
    2011-11-06 14:57:23 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-11-06 14:57:05 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2011-11-06 14:57:04 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-11-06 14:57:03 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-11-06 14:57:02 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-11-06 14:57:02 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2011-11-06 14:57:01 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2011-11-06 14:53:53 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    2011-11-06 14:53:29 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-11-06 04:46:20 -------- d-----w- c:\windows\pss
    2011-11-06 04:01:48 -------- d-----w- c:\documents and settings\saleshp530\local settings\application data\Adobe
    2011-11-06 00:20:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-06 00:11:54 -------- d-----w- c:\windows\system32\appmgmt
    2011-11-05 18:46:24 -------- d-----w- C:\Shaun
    2011-11-05 18:03:38 -------- d-----w- c:\windows\system32\scripting
    2011-11-05 18:03:38 -------- d-----w- c:\windows\l2schemas
    2011-11-05 18:03:37 -------- d-----w- c:\windows\system32\en
    2011-11-05 18:03:36 -------- d-----w- c:\windows\system32\bits
    2011-11-05 17:50:55 -------- d-----w- c:\windows\network diagnostic
    2011-11-05 17:30:42 -------- d-----w- c:\documents and settings\saleshp530\application data\CheckPoint
    2011-11-05 17:30:11 0 ------w- c:\windows\system32\ConduitEngine.tmp
    2011-11-05 17:30:11 -------- d-----w- c:\documents and settings\saleshp530\local settings\application data\ZoneAlarm_Security
    2011-11-05 17:30:09 -------- d-----w- c:\documents and settings\saleshp530\local settings\application data\Temp
    2011-11-05 17:30:09 -------- d-----w- c:\documents and settings\saleshp530\local settings\application data\Conduit
    2011-11-05 17:30:08 -------- d-----w- c:\program files\ZoneAlarm_Security
    2011-11-05 17:29:49 -------- d-----w- c:\program files\CheckPoint
    2011-11-05 17:29:26 1238528 ----a-w- c:\windows\system32\zpeng25.dll
    2011-11-05 17:29:26 -------- d-----w- c:\windows\system32\ZoneLabs
    2011-11-05 17:24:43 -------- d-----w- c:\program files\Zone Labs
    2011-11-05 17:23:14 -------- d-----w- c:\windows\Internet Logs
    2011-11-05 16:35:05 -------- d-----w- c:\documents and settings\saleshp530\local settings\application data\Mozilla
    2011-11-05 16:24:31 -------- d-----w- c:\documents and settings\saleshp530\application data\AVG2012
    2011-11-05 16:22:54 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
    2011-11-05 16:22:51 221184 ------w- c:\windows\system32\wmpns.dll
    2011-11-05 16:22:05 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
    2011-11-05 16:21:22 -------- d-----w- c:\program files\AVG
    2011-11-05 16:19:02 -------- d-----w- c:\windows\ServicePackFiles
    2011-11-05 16:17:21 21504 ------w- c:\windows\system32\drivers\hidserv.dll
    2011-11-05 16:16:09 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    2011-11-05 16:00:22 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
    2011-11-05 15:47:49 -------- d-----w- c:\documents and settings\saleshp530\application data\OpenOffice.org
    2011-11-05 15:45:59 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2011-11-05 15:45:17 -------- d-----w- c:\program files\OpenOffice.org 3
    2011-11-05 15:44:56 73728 ------w- c:\windows\system32\javacpl.cpl
    2011-11-05 15:44:56 472808 ------w- c:\windows\system32\deployJava1.dll
    2011-11-05 15:43:57 5120 ------w- c:\windows\system32\xpsp4res.dll
    2011-11-05 15:43:57 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2011-11-05 15:43:24 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2011-11-05 15:43:19 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-11-05 15:43:16 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2011-11-05 15:42:51 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2011-11-05 15:42:51 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2011-11-05 15:42:04 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2011-11-05 15:34:05 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2011-11-05 15:32:39 -------- d-sh--w- c:\documents and settings\saleshp530\PrivacIE
    2011-11-05 15:31:23 -------- d-sh--w- c:\documents and settings\saleshp530\IETldCache
    2011-11-05 15:29:35 -------- dc-h--w- c:\windows\ie8
    2011-11-05 15:21:03 -------- d-----w- c:\windows\system32\PreInstall
    2011-11-05 15:21:02 26144 ------w- c:\windows\system32\spupdsvc.exe
    2011-11-05 15:21:01 -------- d--h--w- c:\windows\$hf_mig$
    2011-11-05 15:06:53 -------- d-sh--w- c:\documents and settings\saleshp530\UserData
    2011-11-05 15:06:32 -------- d-----w- c:\windows\system32\SoftwareDistribution
    2011-11-05 14:55:00 12160 -c----w- c:\windows\system32\dllcache\mouhid.sys
    2011-11-05 14:55:00 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2011-11-05 14:54:57 21504 ----a-w- c:\windows\system32\hidserv.dll
    2011-11-05 14:54:53 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
    .
    ==================== Find3M ====================
    .
    2011-10-07 10:23:48 230608 ------w- c:\windows\system32\drivers\avgldx86.sys
    2011-10-04 10:21:42 16720 ------w- c:\windows\system32\drivers\AVGIDSShim.sys
    2011-09-26 16:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-13 10:30:10 32592 ------w- c:\windows\system32\drivers\avgrkx86.sys
    2011-09-07 16:20:06 44 ------w- c:\windows\system32\msssc.dll
    2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec
    2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD400BB-60JKA0 rev.05.01C05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8766B49F]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x87672728]; MOV EAX, [0x8767289c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x87F84AB8]
    3 CLASSPNP[0xBA0E8FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000005c[0x87FE15E0]
    5 ACPI[0xBA05F620] -> nt!IofCallDriver[0x804E37D5] -> [0x87F5B940]
    \Driver\atapi[0x87750F38] -> IRP_MJ_CREATE -> 0x8766B49F
    error: Read A device attached to the system is not functioning.
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x8766B2C6
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 9:13:21.23 ===============
    ________________________________________________________________________


    My "attach" log is an attachement. And finally, here's my ark log:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-12 09:58:59
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD400BB-60JKA0 rev.05.01C05
    Running: n46x38k8.exe; Driver: C:\DOCUME~1\SALESH~1\LOCALS~1\Temp\kwayrfog.sys

    ---- System - GMER 1.0.15 ----
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB16B3534]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB16AD782]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xB16CC6DC]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB16B3CC0]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xB16C6EB4]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xB16C72A2]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xB16D0916]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB16B3DF6]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB16AE398]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xB16CDFE4]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xB16CD93C]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xB16C5DF0]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB16CE93C]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB16CEB44]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB16ADFAA]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB0F01F3C]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xB16C8DF8]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB16CF8D2]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB16CF208]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB16B30F4]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xB16D02A4]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xB16B37DC]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB16AE75C]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xB16CFE12]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xB16CD0C4]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xB16C7F0A]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB0F01FE4]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB0F02080]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB0F0211C]
    ---- Kernel code sections - GMER 1.0.15 ----
    .text ntoskrnl.exe!_abnormal_termination + 104 804E2770 12 Bytes [C0, 3C, 6B, B1, B4, 6E, 6C, ...]
    .text ntoskrnl.exe!_abnormal_termination + 1D4 804E2840 8 Bytes [3C, E9, 6C, B1, 44, EB, 6C, ...]
    ? C:\WINDOWS\system32\Drivers\PROCEXP141.SYS The system cannot find the file specified. !
    ---- User code sections - GMER 1.0.15 ----
    .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[176] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[176] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[176] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[176] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[176] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[176] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[176] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[176] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[544] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[544] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C79270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\spoolsv.exe[608] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\spoolsv.exe[608] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\spoolsv.exe[608] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\spoolsv.exe[608] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\spoolsv.exe[608] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\spoolsv.exe[608] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\spoolsv.exe[608] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\winlogon.exe[1068] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\winlogon.exe[1068] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\winlogon.exe[1068] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\winlogon.exe[1068] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\winlogon.exe[1068] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\winlogon.exe[1068] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\winlogon.exe[1068] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\winlogon.exe[1068] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\services.exe[1116] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\services.exe[1116] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\services.exe[1116] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\services.exe[1116] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\services.exe[1116] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\services.exe[1116] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\services.exe[1116] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\lsass.exe[1128] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\lsass.exe[1128] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\lsass.exe[1128] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\lsass.exe[1128] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\lsass.exe[1128] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\lsass.exe[1128] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\lsass.exe[1128] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1364] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1364] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1516] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1516] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1516] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1516] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 0090000C
    .text C:\WINDOWS\System32\svchost.exe[1516] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1516] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1516] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1516] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1516] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 03E1000A
    .text C:\WINDOWS\System32\svchost.exe[1516] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 03E2000A
    .text C:\WINDOWS\System32\svchost.exe[1516] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 0449000A
    .text C:\WINDOWS\System32\svchost.exe[1516] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1516] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00D5000A
    .text C:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1612] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1612] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1804] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1804] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1848] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1848] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1848] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1848] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1848] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2128] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2128] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2128] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2128] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2128] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 209B37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2128] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2128] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2128] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2128] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 209B37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C79270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 20AE3D71 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20AE3BA8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] WS2_32.dll!send 71AB4C27 5 Bytes JMP 20AE3CD3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20AE3E15 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20AE3C29 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20AE3F07 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] WS2_32.dll!WSASendDisconnect 71AC0A22 5 Bytes JMP 20AE409B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2140] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20AE3FCE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\alg.exe[2432] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\alg.exe[2432] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\alg.exe[2432] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\alg.exe[2432] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\alg.exe[2432] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\alg.exe[2432] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\alg.exe[2432] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\alg.exe[2432] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\Explorer.EXE[2444] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\Explorer.EXE[2444] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\Explorer.EXE[2444] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\Explorer.EXE[2444] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\Explorer.EXE[2444] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\Explorer.EXE[2444] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\Explorer.EXE[2444] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\Explorer.EXE[2444] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 209B37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 06200030 C:\Documents and Settings\Saleshp530\Local Settings\Application Data\ZoneAlarm_Security\tbZone.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C79270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 06200390 C:\Documents and Settings\Saleshp530\Local Settings\Application Data\ZoneAlarm_Security\tbZone.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 062002A0 C:\Documents and Settings\Saleshp530\Local Settings\Application Data\ZoneAlarm_Security\tbZone.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 062001B0 C:\Documents and Settings\Saleshp530\Local Settings\Application Data\ZoneAlarm_Security\tbZone.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 06200510 C:\Documents and Settings\Saleshp530\Local Settings\Application Data\ZoneAlarm_Security\tbZone.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 061FF310 C:\Documents and Settings\Saleshp530\Local Settings\Application Data\ZoneAlarm_Security\tbZone.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 062005F0 C:\Documents and Settings\Saleshp530\Local Settings\Application Data\ZoneAlarm_Security\tbZone.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 061FF470 C:\Documents and Settings\Saleshp530\Local Settings\Application Data\ZoneAlarm_Security\tbZone.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E56FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 20AE3D71 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20AE3BA8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] WS2_32.dll!send 71AB4C27 5 Bytes JMP 20AE3CD3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20AE3E15 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20AE3C29 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20AE3F07 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] WS2_32.dll!WSASendDisconnect 71AC0A22 5 Bytes JMP 20AE409B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3280] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20AE3FCE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[3488] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[3488] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[3488] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[3488] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[3488] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[3488] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[3488] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[3488] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe[3564] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe[3564] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe[3564] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe[3564] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe[3564] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe[3564] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe[3564] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe[3564] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3796] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3796] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3796] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3796] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3796] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3796] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3796] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3796] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\ctfmon.exe[3980] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\ctfmon.exe[3980] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\ctfmon.exe[3980] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\ctfmon.exe[3980] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\ctfmon.exe[3980] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\ctfmon.exe[3980] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\ctfmon.exe[3980] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\ctfmon.exe[3980] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wscntfy.exe[4156] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wscntfy.exe[4156] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wscntfy.exe[4156] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wscntfy.exe[4156] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wscntfy.exe[4156] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wscntfy.exe[4156] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wscntfy.exe[4156] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wscntfy.exe[4156] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Documents and Settings\Saleshp530\Desktop\n46x38k8.exe[4492] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Documents and Settings\Saleshp530\Desktop\n46x38k8.exe[4492] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Documents and Settings\Saleshp530\Desktop\n46x38k8.exe[4492] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Documents and Settings\Saleshp530\Desktop\n46x38k8.exe[4492] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Documents and Settings\Saleshp530\Desktop\n46x38k8.exe[4492] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Documents and Settings\Saleshp530\Desktop\n46x38k8.exe[4492] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Documents and Settings\Saleshp530\Desktop\n46x38k8.exe[4492] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Documents and Settings\Saleshp530\Desktop\n46x38k8.exe[4492] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE[4720] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE[4720] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE[4720] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE[4720] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE[4720] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE[4720] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE[4720] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE[4720] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8766B2C6
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8766B2C6
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8766B2C6
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8766B2C6
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8766B2C6
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-12 8766B2C6
    Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    ---- Disk sectors - GMER 1.0.15 ----
    Disk \Device\Harddisk0\DR0 [email protected] code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
    ---- EOF - GMER 1.0.15 ----
    __________________________________________________________________


    Thanks in advance!
     

    Attached Files:

  2. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    Have you tried disabling AVG or ZoneAlarm, one at the time?
     
  3. Actuarial

    Actuarial Thread Starter

    Joined:
    Nov 9, 2011
    Messages:
    40
    Hi Phantom, yes, early in the process AVG showed an error, saying that it couldn't recognize the license (don't remember exactly, but something like that), so i uninstalled it. the CPU usage problem was still there after uninstall, so i reinstalled it. earlier today, Zone Alarm started asking to be updated but wouldn't complete the update... so I uninstalled it and haven't reinstalled it yet.

    Since I posted this several hours ago, it's seemingly randomly switched between high CPU usage (& eventual freeze) and normal CPU usage... but always high commit charge. Currently at 100% CPU usage & a commit charge of 1400M/2500M, but it's been gradually building from about 700M in the past 30 minutes or so. Thanks,

    Shaun
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,921
    First Name:
    Karen
    Closing duplicate.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1026560

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice