Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect, at least


  • This topic is locked This topic is locked
12 replies to this topic

#1 mejohn

mejohn

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 13 May 2010 - 12:06 PM

Hello. Here are the DDS logs:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Me at 1:40:29.85 on Thu 05/13/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2117 [GMT -4:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost -k DcomLaunch
C:WINDOWSsystem32svchost -k rpcss
C:Program FilesMicrosoft Security EssentialsMsMpEng.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
C:WINDOWSSystem32svchost.exe -k NetworkService
C:WINDOWSsystem32svchost.exe -k LocalService
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSExplorer.EXE
C:Program FilesCheckPointZAForceFieldIswSvc.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32svchost.exe -k LocalService
C:Program FilesCheckPointZAForceFieldForceField.exe
C:Program FilesLSoft Technologies IncActive@ Hard Disk MonitorDiskMonitorService.exe
C:Program FilesApplication UpdaterApplicationUpdater.exe
C:Program FilesSymantecLiveUpdateAluSchedulerSvc.exe
C:Program FilesNVIDIA CorporationNetworkAccessManagerApache GroupApache2binapache.exe
C:WINDOWSsystem32svchost.exe -k hpdevmgmt
C:Program FilesIObitIObit Security 360IS360srv.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesNVIDIA CorporationNetworkAccessManagerApache GroupApache2binapache.exe
C:Program FilesCommon FilesMaxtorSchedule2schedul2.exe
C:Program FilesCommon FilesMotiveMcciCMService.exe
C:WINDOWSSystem32svchost.exe -k HPZ12
C:Program FilesNorton AntiVirusEngine16.8.0.41ccSvcHst.exe
C:Program FilesNorton PC CheckupEngine2.0.2.543SymcPCCULaunchSvc.exe
C:PROGRA~1NORTON~3NORTON~1NPROTECT.EXE
C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcIp.exe
C:Program FilesNorton AntiVirusEngine16.8.0.41ccSvcHst.exe
C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcLog.exe
C:Program FilesNorton PC CheckupEngine2.0.2.543ccSvcHst.exe
C:Program FilesNorton PC CheckupEngine2.0.2.543ccSvcHst.exe
C:WINDOWSsystem32pctspk.exe
C:WINDOWSSystem32svchost.exe -k HPZ12
C:Program FilesVerizonVSPServicepointService.exe
C:PROGRA~1NORTON~3NORTON~1SPEEDD~1NOPDB.EXE
C:Program FilesAlcohol SoftAlcohol 52StarWindStarWindServiceAE.exe
C:WINDOWSSystem32svchost.exe -k imgsvc
C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe
C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcAppFlt.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:WINDOWSSystem32alg.exe
C:Program FilesNorton SystemWorksNswUiTray.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnTrayFw.exe
C:Program FilesVerizonMcciTrayApp.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesMaxtorMaxBlastMaxBlastMonitor.exe
C:Program FilesMaxtorMaxBlastTimounterMonitor.exe
C:Program FilesCommon FilesMaxtorSchedule2schedhlp.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesVerizonVSPVerizonServicepoint.exe
C:Program FilesIObitIObit Security 360IS360tray.exe
C:Program FilesMicrosoft Security Essentialsmsseces.exe
C:Program FilesIObitAdvanced SystemCare 3AWC.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:Program FilesVerizonVSPVerizonServicepointComHandler.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Documents and SettingsMeDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://verizon-online.aol.com
uURLSearchHooks: Verizon - AOL Toolbar Search Class: {c200e798-529d-4847-8b76-4abeb4658d41} - c:program filesverizon - aol toolbarverizontb.dll
mURLSearchHooks: H - No File
BHO: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:progra~1yahoo!companioninstallscpnyt.dll
BHO: CKeyScramblerBHO Object: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:program fileskeyscramblerKeyScramblerIE.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:program filesrealrealplayerrpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:progra~1spybot~1SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:program filesnorton antivirusengine16.8.0.41IPSBHO.DLL
BHO: Verizon - AOL Toolbar Loader: {86916f9e-4c81-42f8-9d60-4a1a54dae898} - c:program filesverizon - aol toolbarverizontb.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:program filescheckpointzaforcefieldtrustcheckerbinTrustCheckerIEPlugin.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:progra~1yahoo!companioninstallscpnYTSingleInstance.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:program filescheckpointzaforcefieldtrustcheckerbinTrustCheckerIEPlugin.dll
TB: Verizon - AOL Toolbar: {9a964391-f5af-4fad-9964-51c4ed876f20} - c:program filesverizon - aol toolbarverizontb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:progra~1yahoo!companioninstallscpnyt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Advanced SystemCare 3] "c:program filesiobitadvanced systemcare 3AWC.exe" /startup
uRun: [UpdateFlow.Verizon] c:program filesverizonmccibrowser.exe -appkey=verizon -url=file://c:program filesverizonofflineupdateredirector.htm
uRun: [SUPERAntiSpyware] c:program filessuperantispywareSUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:program filesspybot - search & destroyTeaTimer.exe
uRun: [uTorrent] "c:program filesutorrentuTorrent.exe"
mRun: [NSWosCheck] "c:program filesnorton systemworksosCheck.exe"
mRun: [NswUiTray] c:program filesnorton systemworksNswUiTray.exe
mRun: [NVIDIA nTune] "c:program filesnvidia corporationntunenTune.exe" clear
mRun: [NvMediaCenter] RUNDLL32.EXE c:windowssystem32NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
mRun: [ZoneAlarm Client] "c:program fileszone labszonealarmzlclient.exe"
mRun: [ISW] "c:program filescheckpointzaforcefieldForceField.exe" /icon="hidden"
mRun: [nTrayFw] c:program filesnvidia corporationnetworkaccessmanagerbinnTrayFw.exe
mRun: [Verizon_McciTrayApp] "c:program filesverizonMcciTrayApp.exe"
mRun: [TkBellExe] "c:program filescommon filesrealupdate_obrealsched.exe" -osboot
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [MaxBlastMonitor.exe] c:program filesmaxtormaxblastMaxBlastMonitor.exe
mRun: [AcronisTimounterMonitor] c:program filesmaxtormaxblastTimounterMonitor.exe
mRun: [Maxtor Scheduler2 Service] "c:program filescommon filesmaxtorschedule2schedhlp.exe"
mRun: [HP Software Update] c:program fileshphp software updateHPWuSchd2.exe
mRun: [VerizonServicepoint.exe] "c:program filesverizonvspVerizonServicepoint.exe" /AUTORUN
mRun: [IObit Security 360] "c:program filesiobitiobit security 360IS360tray.exe" /autostart
mRun: [MSSE] "c:program filesmicrosoft security essentialsmsseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:progra~1common~1micros~1dwdwtrig20.exe" -t
IE: &Verizon - AOL Toolbar Search - c:documents and settingsall usersapplication dataverizon - aol toolbarietoolbarresourcesen-uslocalsearch.html
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:program filesnorton systemworksnorton cleanupWCQuick.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:program fileskeyscramblerKeyScramblerIE.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:progra~1spybot~1SDHelper.dll
LSP: %SYSTEMROOT%system32nvappfilter.dll
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1273309463812
Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:program filessuperantispywareSASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:docume~1meapplic~1mozillafirefoxprofiles988c47da.default
FF - prefs.js: browser.startup.homepage - hxxp://verizon-online.aol.com/
FF - component: c:documents and settingsall usersapplication datanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}nortonipsffplgncomponentsIPSFFPl.dll
FF - component: c:documents and settingsmeapplication datamozillafirefoxprofiles988c47da.defaultextensionskeyscrambler@qfx.software.corporationcomponentsKeyScramblerIE.dll
FF - component: c:program filescheckpointzaforcefieldtrustcheckercomponentsTrustCheckerMozillaPlugin.dll
FF - component: c:program filesrealrealplayerbrowserrecordfirefoxextcomponentsnprpffbrowserrecordext.dll
FF - plugin: c:documents and settingsmeapplication datamove networkspluginsnpqmp071503000010.dll
FF - plugin: c:program filescommon filesmotivenpMotive.dll
FF - plugin: c:program filesverizonvspnprpspa.dll
FF - plugin: c:windowssystem32c2mpnpdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_colors", true);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_popup_windows", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.enable_click_image_resizing", true);
c:program filesmozilla firefoxgreprefsall.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.high_water_mark", 32);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.gc_frequency", 1600);
c:program filesmozilla firefoxgreprefsall.js - pref("network.auth.force-generic-ntlm", false);
c:program filesmozilla firefoxgreprefsall.js - pref("svg.smil.enabled", false);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.trackpoint_hack.enabled", -1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.debug", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.agedWeight", 2);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.bucketSize", 1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.maxTimeGroupings", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.timeGroupingSize", 604800);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.boundaryWeight", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.prefixWeight", 5);
c:program filesmozilla firefoxgreprefsall.js - pref("html5.enable", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("lightweightThemes.update.enabled", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.allTabs.previews", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.update.notifyUser", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("toolbar.customization.usesheet", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.enable", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.max", 20);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:windowssystem32driversnav1008000.029SymEFA.sys [2010-2-5 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:windowssystem32driversnav1008000.029BHDrvx86.sys [2010-2-5 259632]
R1 ccHP;Symantec Hash Provider;c:windowssystem32driversnav1008000.029cchpx86.sys [2010-2-5 482432]
R1 IDSxpx86;IDSxpx86;c:documents and settingsall usersapplication datanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}nortondefinitionsipsdefs20100505.001IDSXpx86.sys [2010-5-8 329592]
R1 MpFilter;Microsoft Malware Protection Driver;c:windowssystem32driversMpFilter.sys [2009-12-2 149040]
R1 SASDIFSV;SASDIFSV;c:program filessuperantispywaresasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2010-5-6 68168]
R1 vsdatant;vsdatant;c:windowssystem32vsdatant.sys [2009-12-10 486280]
R2 Active@ Disk Monitor;Active@ Disk Monitor;c:program fileslsoft technologies incactive@ hard disk monitorDiskMonitorService.exe [2009-12-22 1127944]
R2 Application Updater;Application Updater;c:program filesapplication updaterApplicationUpdater.exe [2010-1-8 380928]
R2 IS360service;IS360service;c:program filesiobitiobit security 360is360srv.exe [2010-3-21 311568]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:program filescheckpointzaforcefieldISWKL.sys [2009-10-14 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:program filescheckpointzaforcefieldISWSVC.exe [2009-10-14 476528]
R2 MaxSch2Svc;Maxtor Scheduler2 Service;c:program filescommon filesmaxtorschedule2schedul2.exe [2008-6-27 431384]
R2 Norton AntiVirus;Norton AntiVirus;c:program filesnorton antivirusengine16.8.0.41ccSvcHst.exe [2010-2-5 117640]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:program filesnorton pc checkupengine2.0.2.543SymcPCCULaunchSvc.exe [2010-5-6 103280]
R2 NProtectService;Norton UnErase Protection;c:progra~1norton~3norton~1NPROTECT.EXE [2008-9-25 95600]
R2 PCCUJobMgr;Common Client Job Manager Service;c:program filesnorton pc checkupengine2.0.2.543ccSvcHst.exe [2010-5-6 126392]
R2 ServicepointService;ServicepointService;c:program filesverizonvspServicepointService.exe [2010-3-16 689392]
R2 StarWindServiceAE;StarWind AE Service;c:program filesalcohol softalcohol 52starwindStarWindServiceAE.exe [2007-5-28 275968]
R2 vsmon;TrueVector Internet Monitor;c:windowssystem32zonelabsvsmon.exe -service --> c:windowssystem32zonelabsvsmon.exe -service [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program filescommon filessymantec sharedeengineEraserUtilRebootDrv.sys [2009-12-13 102448]
R3 KeyScrambler;KeyScrambler;c:windowssystem32driverskeyscrambler.sys [2009-12-11 113896]
R3 NAVENG;NAVENG;c:documents and settingsall usersapplication datanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}nortondefinitionsvirusdefs20100512.022NAVENG.SYS [2010-5-13 85552]
R3 NAVEX15;NAVEX15;c:documents and settingsall usersapplication datanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}nortondefinitionsvirusdefs20100512.022NAVEX15.SYS [2010-5-13 1347504]
S2 PEVSystemStart;PEVSystemStart;c:combofixPEV.cfxxe [2010-5-10 256512]

=============== Created Last 30 ================

2010-05-13 05:30:43 20 ----a-w- c:documents and settingsmedefogger_reenable
2010-05-11 03:40:35 6144 --sha-w- c:windowsThumbs.db
2010-05-11 01:43:52 0 d-----w- c:program filesESET
2010-05-11 01:16:51 274288 ----a-w- c:windowssystem32mucltui.dll
2010-05-11 01:16:51 16736 ----a-w- c:windowssystem32mucltui.dll.mui
2010-05-10 22:18:16 0 d-s---w- C:ComboFix
2010-05-10 10:58:07 0 d-----w- c:docume~1meapplic~1SafeReturner
2010-05-10 10:58:03 0 d-----w- c:program filesSafe Returner
2010-05-10 09:29:09 221568 ------w- c:windowssystem32MpSigStub.exe
2010-05-10 09:17:20 0 d-----w- c:program filesMicrosoft Security Essentials
2010-05-10 07:20:59 0 d-sha-r- C:cmdcons
2010-05-10 06:45:24 77312 ----a-w- c:windowsMBR.exe
2010-05-10 06:45:24 256512 ----a-w- c:windowsPEV.exe
2010-05-10 06:45:24 161792 ----a-w- c:windowsSWREG.exe
2010-05-10 06:45:23 98816 ----a-w- c:windowssed.exe
2010-05-10 03:29:52 0 d-----w- c:docume~1alluse~1applic~1SUPERAntiSpyware.com
2010-05-10 03:29:34 0 d-----w- c:program filesSUPERAntiSpyware
2010-05-10 03:29:34 0 d-----w- c:docume~1meapplic~1SUPERAntiSpyware.com
2010-05-10 03:29:14 0 d-----w- c:program filescommon filesWise Installation Wizard
2010-05-08 07:32:53 0 d-----w- c:windowspss
2010-05-08 05:05:12 0 d-----w- c:windowssystem32NtmsData
2010-05-06 10:03:27 0 d-----w- c:docume~1meapplic~1Tific
2010-05-06 10:03:09 0 d-----w- c:windowssystem32driversNortonPCCheckup
2010-05-06 10:03:08 0 d-----w- c:program filesNorton PC Checkup

==================== Find3M ====================

2010-05-12 19:58:52 691696 ----a-w- c:windowssystem32driverssptd.sys
2010-04-29 19:39:38 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:windowssystem32driversmbam.sys
2010-03-10 06:15:52 420352 ----a-w- c:windowssystem32vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:windowssystem32wininet.dll
2010-02-16 14:08:49 2146304 ----a-w- c:windowssystem32ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- c:windowssystem32ntkrnlpa.exe

============= FINISH: 1:43:31.00 ===============

I tried to run gmer. No good. First time it ran 2 hours and hung up on one file for 2 more. After a hard reboot I shut off anything that might be running and tried again. Let it run overnight but the PC shut off sometime after I turned in. No log file. I'll run it again while at work...

Sorry if this is supposed to be all in one post...

Here is the combofix log from the first time I ran it. Subsequently I installed recovery console and ran it again, apparently without saving the log though.

ComboFix 10-05-09.04 - Me 05/10/2010 3:03.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2487 [GMT -4:00]
Running from: c:documents and settingsMeDesktopComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:program filesDealio Toolbar
c:program filesDealio ToolbarFFchrome.manifest
c:program filesDealio ToolbarFFchromecontentchevron.js
c:program filesDealio ToolbarFFchromecontentchevron.xul
c:program filesDealio ToolbarFFchromecontentlogin.js
c:program filesDealio ToolbarFFchromecontentlogin.xul
c:program filesDealio ToolbarFFchromecontentparser.js
c:program filesDealio ToolbarFFchromecontentRssTickerWidget.js
c:program filesDealio ToolbarFFchromecontentsearchbox.js
c:program filesDealio ToolbarFFchromecontentsearchbox.xul
c:program filesDealio ToolbarFFchromecontentwidgichevron.js
c:program filesDealio ToolbarFFchromecontentwidgicomm.js
c:program filesDealio ToolbarFFchromecontentwidgihandling.js
c:program filesDealio ToolbarFFchromecontentwidgilisteners.js
c:program filesDealio ToolbarFFchromecontentwidgitoolbarplugin.js
c:program filesDealio ToolbarFFchromecontentwidgitoolbarplugin.xul
c:program filesDealio ToolbarFFchromecontentwidgiui.js
c:program filesDealio ToolbarFFchromelocaleEN-USsearchbox.dtd
c:program filesDealio ToolbarFFchromelocaleEN-USwidgitoolbarplugin.dtd
c:program filesDealio ToolbarFFchromelocaleEN-USwidgitoolbarplugin.properties
c:program filesDealio ToolbarFFchromelocaleEN-USyahoo-search.gif
c:program filesDealio ToolbarFFchromeskinamazon.gif
c:program filesDealio ToolbarFFchromeskinapple.gif
c:program filesDealio ToolbarFFchromeskinbarnes.gif
c:program filesDealio ToolbarFFchromeskinbestbuy.gif
c:program filesDealio ToolbarFFchromeskinchevron.gif
c:program filesDealio ToolbarFFchromeskindealio_logo.gif
c:program filesDealio ToolbarFFchromeskindealio_logo_hover.gif
c:program filesDealio ToolbarFFchromeskinebay.gif
c:program filesDealio ToolbarFFchromeskinicon_settings.gif
c:program filesDealio ToolbarFFchromeskinmacys.gif
c:program filesDealio ToolbarFFchromeskinnewegg.gif
c:program filesDealio ToolbarFFchromeskinoverstock.gif
c:program filesDealio ToolbarFFchromeskinsearch-button-hover.gif
c:program filesDealio ToolbarFFchromeskinsearch-button.gif
c:program filesDealio ToolbarFFchromeskinsearch-chevron-hover.gif
c:program filesDealio ToolbarFFchromeskinsearch-chevron.gif
c:program filesDealio ToolbarFFchromeskinsearch_amazon.gif
c:program filesDealio ToolbarFFchromeskinsearch_dealio.gif
c:program filesDealio ToolbarFFchromeskinsearch_ebay.gif
c:program filesDealio ToolbarFFchromeskinsearch_yahoo.gif
c:program filesDealio ToolbarFFchromeskinsearchbox.css
c:program filesDealio ToolbarFFchromeskinseparator.gif
c:program filesDealio ToolbarFFchromeskintarget.gif
c:program filesDealio ToolbarFFchromeskinwalmart.gif
c:program filesDealio ToolbarFFchromeskinwidgitoolbarplugin.css
c:program filesDealio ToolbarFFcomponentsconfig.ini
c:program filesDealio ToolbarFFcomponentsdealioToolbarFF.dll
c:program filesDealio ToolbarFFcomponentsIFBHOHelperWidgiToolbar.xpt
c:program filesDealio ToolbarFFcomponentsIFBHOWidgiToolbar.xpt
c:program filesDealio ToolbarFFinstall.rdf
c:program filesDealio ToolbarIE4.0.2config.ini
c:program filesDealio ToolbarIE4.0.2dealioToolbarIE.dll
c:program filesDealio ToolbarResamazon.gif
c:program filesDealio ToolbarResapple.gif
c:program filesDealio ToolbarResbarnes.gif
c:program filesDealio ToolbarResbestbuy.gif
c:program filesDealio ToolbarResdealio_logo.gif
c:program filesDealio ToolbarResdealio_logo_hover.gif
c:program filesDealio ToolbarResebay.gif
c:program filesDealio ToolbarResicon_settings.gif
c:program filesDealio ToolbarResmacys.gif
c:program filesDealio ToolbarResnewegg.gif
c:program filesDealio ToolbarResoverstock.gif
c:program filesDealio ToolbarRessearch-button-hover.gif
c:program filesDealio ToolbarRessearch-button.gif
c:program filesDealio ToolbarRessearch-chevron-hover.gif
c:program filesDealio ToolbarRessearch-chevron.gif
c:program filesDealio ToolbarRessearch_amazon.gif
c:program filesDealio ToolbarRessearch_dealio.gif
c:program filesDealio ToolbarRessearch_ebay.gif
c:program filesDealio ToolbarRessearch_yahoo.gif
c:program filesDealio ToolbarRestarget.gif
c:program filesDealio ToolbarReswalmart.gif
c:program filesDealio ToolbarReswidgets.xml
c:program filesDealio ToolbarWidgiHelper.exe
c:program filesSearch Settings
c:program filesSearch SettingsFFchrome.manifest
c:program filesSearch SettingsFFchromecontentplugin.js
c:program filesSearch SettingsFFchromecontentplugin.xul
c:program filesSearch SettingsFFchromecontentprotection.js
c:program filesSearch SettingsFFchromecontentutils.js
c:program filesSearch SettingsFFchromelocaleen-USsearchsettingsplugin.dtd
c:program filesSearch SettingsFFchromelocaleen-USsearchsettingsplugin.properties
c:program filesSearch SettingsFFcomponentsIFBHOSearch.xpt
c:program filesSearch SettingsFFcomponentsIFBHOSearchHelperEngine.xpt
c:program filesSearch SettingsFFcomponentsIFHelperPreferences.xpt
c:program filesSearch SettingsFFcomponentsSearchSettingsFF.dll
c:program filesSearch SettingsFFinstall.rdf
c:program filesSearch SettingsSearchSettings.exe
c:program filesSearch SettingsSearchSettingsRes409.dll
c:windowssystem32AutoRun.inf
c:windowssystem32Thumbs.db

Infected copy of c:windowssystem32driverskbdclass.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 )))))))))))))))))))))))))))))))
.

2010-05-10 03:31 . 2010-05-10 03:31 63488 ----a-w- c:documents and settingsMeApplication DataSUPERAntiSpyware.comSUPERAntiSpywareSDDLLSSD10006.dll
2010-05-10 03:31 . 2010-05-10 03:31 52224 ----a-w- c:documents and settingsMeApplication DataSUPERAntiSpyware.comSUPERAntiSpywareSDDLLSSD10005.dll
2010-05-10 03:31 . 2010-05-10 03:31 117760 ----a-w- c:documents and settingsMeApplication DataSUPERAntiSpyware.comSUPERAntiSpywareSDDLLSUIREPAIR.DLL
2010-05-10 03:29 . 2010-05-10 03:29 -------- d-----w- c:documents and settingsAll UsersApplication DataSUPERAntiSpyware.com
2010-05-10 03:29 . 2010-05-10 03:29 -------- d-----w- c:program filesSUPERAntiSpyware
2010-05-10 03:29 . 2010-05-10 03:29 -------- d-----w- c:documents and settingsMeApplication DataSUPERAntiSpyware.com
2010-05-10 03:29 . 2010-05-10 03:29 -------- d-----w- c:program filesCommon FilesWise Installation Wizard
2010-05-08 07:36 . 2010-05-08 07:36 -------- d-sh--w- c:documents and settingsAdministratorIETldCache
2010-05-08 05:05 . 2010-05-08 05:05 -------- d-----w- c:windowssystem32NtmsData
2010-05-06 10:03 . 2010-05-06 10:05 -------- d-----w- c:documents and settingsMeLocal SettingsApplication DataTific
2010-05-06 10:03 . 2010-05-06 10:03 -------- d-----w- c:documents and settingsMeApplication DataTific
2010-05-06 10:03 . 2010-05-06 10:03 -------- d-----w- c:windowssystem32driversNortonPCCheckup
2010-05-06 10:03 . 2010-05-06 10:03 -------- d-----w- c:program filesNorton PC Checkup

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 06:43 . 2009-12-10 18:06 9144294 ----a-w- c:windowsInternet LogstvDebug.Zip
2010-05-10 05:23 . 2010-03-21 06:20 -------- d-----w- c:program filesMalwarebytes' Anti-Malware
2010-05-10 02:42 . 2009-12-09 08:27 17280 ----a-w- c:documents and settingsMeLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-05-08 06:59 . 2009-12-10 08:00 1 ----a-w- c:documents and settingsMeApplication DataOpenOffice.org3useruno_packagescachestamp.sys
2010-05-07 05:31 . 2010-05-07 05:31 108415 ----a-w- c:windowsInternet Logsvsmon_2nd_2010_05_07_01_24_39_small.dmp.zip
2010-05-07 05:24 . 2010-05-07 05:26 1805824 ----a-w- c:windowsInternet LogsxDB8B.tmp
2010-05-07 05:24 . 2010-05-07 05:26 2579456 ----a-w- c:windowsInternet LogsxDB8A.tmp
2010-05-07 04:25 . 2009-12-10 07:47 -------- d-----w- c:program filesOpenOffice.org 3
2010-05-07 04:25 . 2009-12-09 21:31 -------- d-----w- c:program filesNorton SystemWorks
2010-05-07 04:25 . 2009-12-15 07:07 -------- d-----w- c:program filesHDD Health
2010-05-06 10:03 . 2009-12-09 21:26 -------- d-----w- c:documents and settingsAll UsersApplication DataNorton
2010-05-06 10:03 . 2009-12-09 21:24 -------- d-----w- c:documents and settingsAll UsersApplication DataNortonInstaller
2010-05-06 10:02 . 2009-12-09 21:24 -------- d-----w- c:program filesNortonInstaller
2010-05-06 09:39 . 2010-03-12 07:20 439816 ----a-w- c:documents and settingsMeApplication DataRealUpdatesetup3.10setup.exe
2010-05-06 08:42 . 2009-12-11 06:09 -------- d-----w- c:documents and settingsMeApplication Datavlc
2010-05-06 08:42 . 2010-05-06 08:44 1796608 ----a-w- c:windowsInternet LogsxDB1.tmp
2010-05-06 07:13 . 2009-12-14 09:13 -------- d-----w- c:documents and settingsMeApplication DatauTorrent
2010-04-29 19:39 . 2010-03-21 06:20 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-04-29 19:39 . 2010-03-21 06:20 20952 ----a-w- c:windowssystem32driversmbam.sys
2010-03-21 06:20 . 2010-03-21 06:20 -------- d-----w- c:documents and settingsMeApplication DataMalwarebytes
2010-03-21 06:20 . 2010-03-21 06:20 -------- d-----w- c:documents and settingsAll UsersApplication DataMalwarebytes
2010-03-21 06:08 . 2010-03-21 06:08 -------- d-----w- c:documents and settingsAll UsersApplication DataIObit
2010-03-21 06:08 . 2009-12-12 09:14 -------- d-----w- c:program filesIObit
2010-03-21 05:26 . 2009-12-10 18:51 -------- d-----w- c:program filesVerizon
2010-03-21 05:26 . 2009-12-10 19:03 -------- d-----w- c:program filesCommon FilesMotive
2010-03-18 10:27 . 2010-03-18 10:27 -------- d-----w- c:program filesMSBuild
2010-03-18 10:27 . 2010-03-18 10:27 -------- d-----w- c:program filesReference Assemblies
2010-03-18 03:46 . 2010-03-18 03:46 -------- d-----w- c:program filesStreamTransport
2010-03-16 08:01 . 2010-03-16 08:01 -------- d-----w- c:documents and settingsAll UsersApplication DataRadialpoint
2010-03-10 06:15 . 2001-08-23 12:00 420352 ----a-w- c:windowssystem32vbscript.dll
2010-02-25 06:24 . 2001-08-23 12:00 916480 ----a-w- c:windowssystem32wininet.dll
2010-02-24 13:11 . 2001-08-23 12:00 455680 ----a-w- c:windowssystem32driversmrxsmb.sys
2010-02-16 14:08 . 2001-08-23 12:00 2146304 ----a-w- c:windowssystem32ntoskrnl.exe
2010-02-16 13:25 . 2001-08-17 13:48 2024448 ----a-w- c:windowssystem32ntkrnlpa.exe
2010-02-12 04:33 . 2001-08-23 12:00 100864 ----a-w- c:windowssystem326to4svc.dll
2010-02-11 12:02 . 2001-08-23 12:00 226880 ----a-w- c:windowssystem32driverstcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Advanced SystemCare 3"="c:program filesIObitAdvanced SystemCare 3AWC.exe" [2009-11-20 2335880]
"SpybotSD TeaTimer"="c:program filesSpybot - Search & DestroyTeaTimer.exe" [2009-03-05 2260480]
"HDDHealth"="c:program filesHDD HealthHDDHealth.exe" [2008-06-15 1692672]
"AlcoholAutomount"="c:program filesAlcohol SoftAlcohol 52axcmd.exe" [2009-04-24 203416]
"UpdateFlow.Verizon"="c:program filesVerizonMcciBrowser.exe" [2010-03-17 1048576]
"SUPERAntiSpyware"="c:program filesSUPERAntiSpywareSUPERAntiSpyware.exe" [2010-05-06 2017280]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"NSWosCheck"="c:program filesNorton SystemWorksosCheck.exe" [2008-09-25 160112]
"NswUiTray"="c:program filesNorton SystemWorksNswUiTray.exe" [2008-09-25 85360]
"NVIDIA nTune"="c:program filesNVIDIA CorporationnTunenTune.exe" [2004-11-09 532480]
"NvMediaCenter"="c:windowssystem32NvMcTray.dll" [2009-11-21 110184]
"NvCplDaemon"="c:windowssystem32NvCpl.dll" [2009-11-21 12669544]
"ZoneAlarm Client"="c:program filesZone LabsZoneAlarmzlclient.exe" [2009-11-22 1037192]
"ISW"="c:program filesCheckPointZAForceFieldForceField.exe" [2009-10-14 730480]
"nTrayFw"="c:program filesNVIDIA CorporationNetworkAccessManagerbinnTrayFw.exe" [2005-04-29 266240]
"Verizon_McciTrayApp"="c:program filesVerizonMcciTrayApp.exe" [2010-03-17 1565696]
"TkBellExe"="c:program filesCommon FilesRealUpdate_OBrealsched.exe" [2009-12-11 198160]
"SunJavaUpdateSched"="c:program filesJavajre6binjusched.exe" [2009-12-11 149280]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"MaxBlastMonitor.exe"="c:program filesMaxtorMaxBlastMaxBlastMonitor.exe" [2009-12-16 1325800]
"AcronisTimounterMonitor"="c:program filesMaxtorMaxBlastTimounterMonitor.exe" [2008-06-27 904776]
"Maxtor Scheduler2 Service"="c:program filesCommon FilesMaxtorSchedule2schedhlp.exe" [2008-06-27 136472]
"HP Software Update"="c:program filesHPHP Software UpdateHPWuSchd2.exe" [2007-03-12 49152]
"VerizonServicepoint.exe"="c:program filesVerizonVSPVerizonServicepoint.exe" [2010-01-11 4281584]
"IObit Security 360"="c:program filesIObitIObit Security 360IS360tray.exe" [2009-12-24 1280272]

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:program filesSUPERAntiSpywareSASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:program filesSUPERAntiSpywareSASWINLO.dll

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"=
"c:Program FilesNVIDIA CorporationNetworkAccessManagerApache GroupApache2binApache.exe"=
"%windir%Network Diagnosticxpnetdiag.exe"=
"c:Program FilesVeoh NetworksVeohWebPlayerveohwebplayer.exe"=
"c:Program FilesYahoo!MessengerYahooMessenger.exe"=
"c:Program FilesVerizonVSPServicepointService.exe"=
"c:Program FilesuTorrentuTorrent.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:windowssystem32driversNAV1008000.029SymEFA.sys [2/5/2010 2:20 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:windowssystem32driversNAV1008000.029BHDrvx86.sys [2/5/2010 2:20 AM 259632]
R1 ccHP;Symantec Hash Provider;c:windowssystem32driversNAV1008000.029cchpx86.sys [2/5/2010 2:20 AM 482432]
R1 IDSxpx86;IDSxpx86;c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsIPSDefs20100505.001IDSXpx86.sys [5/8/2010 12:58 AM 329592]
R1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywaresasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL.SYS [5/6/2010 5:10 PM 68168]
R2 Active@ Disk Monitor;Active@ Disk Monitor;c:program filesLSoft Technologies IncActive@ Hard Disk MonitorDiskMonitorService.exe [12/22/2009 4:41 AM 1127944]
R2 Application Updater;Application Updater;c:program filesApplication UpdaterApplicationUpdater.exe [1/8/2010 1:51 AM 380928]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:program filesCheckPointZAForceFieldISWKL.sys [10/14/2009 9:30 AM 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:program filesCheckPointZAForceFieldISWSVC.exe [10/14/2009 9:30 AM 476528]
R2 MaxSch2Svc;Maxtor Scheduler2 Service;c:program filesCommon FilesMaxtorSchedule2schedul2.exe [6/27/2008 6:03 PM 431384]
R2 Norton AntiVirus;Norton AntiVirus;c:program filesNorton AntiVirusEngine16.8.0.41ccSvcHst.exe [2/5/2010 2:20 AM 117640]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:program filesNorton PC CheckupEngine2.0.2.543SymcPCCULaunchSvc.exe [5/6/2010 6:03 AM 103280]
R2 NProtectService;Norton UnErase Protection;c:progra~1NORTON~3NORTON~1NPROTECT.EXE [9/25/2008 3:53 PM 95600]
R2 PCCUJobMgr;Common Client Job Manager Service;c:program filesNorton PC CheckupEngine2.0.2.543ccSvcHst.exe [5/6/2010 6:03 AM 126392]
R2 ServicepointService;ServicepointService;c:program filesVerizonVSPServicepointService.exe [3/16/2010 4:01 AM 689392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program filesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [12/13/2009 1:45 AM 102448]
R3 KeyScrambler;KeyScrambler;c:windowssystem32driverskeyscrambler.sys [12/11/2009 3:59 AM 113896]
S2 IS360service;IS360service;c:program filesIObitIObit Security 360is360srv.exe [3/21/2010 2:08 AM 311568]
S4 sptd;sptd;c:windowssystem32driverssptd.sys [12/16/2009 3:27 AM 721904]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-02-08 c:windowsTasksNorton SystemWorks One Button Checkup.job
- c:program filesNorton SystemWorksOBC.exe [2008-09-25 19:52]

2010-05-10 c:windowsTasksUser_Feed_Synchronization-{A59EA435-AA32-4D9B-AED6-EBBFFBC822E0}.job
- c:windowssystem32msfeedssync.exe [2009-03-08 09:31]

2010-05-04 c:windowsTasksWebReg Deskjet F4100 series.job
- c:program filesHPDigital Imagingbinhpqwrg.exe [2007-03-12 02:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://verizon-online.aol.com
IE: &Verizon - AOL Toolbar Search - c:documents and settingsAll UsersApplication DataVerizon - AOL ToolbarieToolbarresourcesen-USlocalsearch.html
LSP: %SYSTEMROOT%system32nvappfilter.dll
FF - ProfilePath - c:documents and settingsMeApplication DataMozillaFirefoxProfiles988c47da.default
FF - prefs.js: browser.search.selectedEngine - Answers.com
FF - prefs.js: browser.startup.homepage - hxxp://verizon-online.aol.com/
FF - component: c:documents and settingsAll UsersApplication DataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonIPSFFPlgncomponentsIPSFFPl.dll
FF - component: c:documents and settingsMeApplication DataMozillaFirefoxProfiles988c47da.defaultextensionskeyscrambler@qfx.software.corporationcomponentsKeyScramblerIE.dll
FF - component: c:program filesCheckPointZAForceFieldTrustCheckercomponentsTrustCheckerMozillaPlugin.dll
FF - component: c:program filesRealRealPlayerbrowserrecordfirefoxextcomponentsnprpffbrowserrecordext.dll
FF - plugin: c:documents and settingsMeApplication DataMove Networkspluginsnpqmp071503000010.dll
FF - plugin: c:program filesCommon FilesMotivenpMotive.dll
FF - plugin: c:program filesVerizonVSPnprpspa.dll
FF - plugin: c:windowssystem32C2MPnpdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:program filesMozilla Firefoxgreprefsall.js - pref("ui.use_native_colors", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.auth.force-generic-ntlm", false);
c:program filesMozilla Firefoxgreprefsall.js - pref("svg.smil.enabled", false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:program filesDealio ToolbarIE4.0.2dealioToolbarIE.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:program filesDealio ToolbarIE4.0.2dealioToolbarIE.dll
HKLM-Run-SearchSettings - c:program filesSearch SettingsSearchSettings.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINESystemControlSet001ServicesNorton AntiVirus]
"ImagePath"=""c:program filesNorton AntiVirusEngine16.8.0.41ccSvcHst.exe" /s "Norton AntiVirus" /m "c:program filesNorton AntiVirusEngine16.8.0.41diMaster.dll" /prefetch:1"
--

[HKEY_LOCAL_MACHINESystemControlSet001ServicesPCCUJobMgr]
"ImagePath"=""c:program filesNorton PC CheckupEngine2.0.2.543ccSvcHst.exe" /s "PCCUJobMgr" /m "c:program filesNorton PC CheckupEngine2.0.2.543diMaster.dll" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1068)
c:program filesSUPERAntiSpywareSASWINLO.dll
c:windowssystem32WININET.dll
c:program filesCheckPointZAForceFieldPluginsISWSHEX.dll
c:windowsWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989MSVCR80.dll

- - - - - - - > 'lsass.exe'(1124)
c:windowssystem32relog_ap.dll
c:windowssystem32nvappfilter.dll
c:program filesCheckPointZAForceFieldPluginsISWSHEX.dll
.
Completion time: 2010-05-10 03:14:15
ComboFix-quarantined-files.txt 2010-05-10 07:14

Pre-Run: 108,189,069,312 bytes free
Post-Run: 108,189,532,160 bytes free

- - End Of File - - C4F6E1E6EA55F252AE41DD7CC218271C

Attached Files


Edited by boopme, 13 May 2010 - 12:45 PM.
Merged posts into one~~boopme


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:26 AM

Posted 13 May 2010 - 02:05 PM

Hello mejohn,

I found your other topic......is your computer still running well? On gmer, uncheck everything but the "Sections" box and see if it will run that way. gmer can be difficult to run, so it isn't just you. smile.gif Also I'd like to have a scan with your MBAM. If it doesn't show anything let me know. Other wise please post the report.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 mejohn

mejohn
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 13 May 2010 - 11:54 PM

Hello Teacup. Thanks, that did the trick with gmer. So far my PC is still running. MBAM says I had 18 files/entries infected with koobface. I noticed combofix listed among them, should I take any special action? Re-run combofix? Re-download and run? I already hit "remove" on impulse. I hope that doesn't complicate things. First here is the gmer log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-13 22:53:46
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Me\LOCALS~1\Temp\agqiraow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C7C 80504518 4 Bytes JMP 110ECF76
.text ntkrnlpa.exe!ZwCallbackReturn + 2D54 805045F0 12 Bytes [00, 2F, CA, 8A, 80, A0, D1, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2DC4 80504660 2 Bytes [C0, 26]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB5012380, 0x5414D5, 0xE8000020]
.text ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709
.text ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0
.text ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923
.text ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\spoolsv.exe[328] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[328] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[328] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[328] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[328] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[328] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[328] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[328] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[412] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[412] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[412] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[412] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[412] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[412] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[412] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[412] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe[448] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe[448] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe[448] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe[448] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe[448] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe[448] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe[448] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe[448] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[464] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[464] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[464] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[464] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[464] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[464] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[464] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[464] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[504] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[504] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[504] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[504] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[504] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[504] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[504] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[504] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[508] ntdll.dll!NtTestAlert 7C90DE8E 5 Bytes JMP 71AE0000
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[540] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[540] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[540] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[540] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[540] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[540] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[540] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[540] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[572] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[572] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[572] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[572] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[572] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[572] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[572] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[572] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[592] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[592] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[592] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[592] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[592] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[592] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[592] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[592] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[720] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[720] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[720] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[720] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[720] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[720] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[720] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe[732] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe[732] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe[732] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe[732] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe[732] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe[732] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe[732] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe[732] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Motive\McciCMService.exe[792] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Motive\McciCMService.exe[792] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Motive\McciCMService.exe[792] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Motive\McciCMService.exe[792] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Motive\McciCMService.exe[792] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Motive\McciCMService.exe[792] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Motive\McciCMService.exe[792] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Motive\McciCMService.exe[792] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[824] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[824] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[824] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[824] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[824] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[824] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[824] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[824] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Norton PC Checkup\Engine\2.0.2.543\SymcPCCULaunchSvc.exe[872] ntdll.dll!NtTestAlert 7C90DE8E 5 Bytes JMP 71AE0000
.text C:\WINDOWS\System32\smss.exe[952] ntdll.dll!NtTestAlert 7C90DE8E 5 Bytes JMP 71AE0000
.text C:\WINDOWS\system32\csrss.exe[1048] ntdll.dll!NtTestAlert 7C90DE8E 5 Bytes JMP 71AE0000
.text C:\WINDOWS\system32\winlogon.exe[1072] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1072] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1072] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1072] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1072] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1072] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1072] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1072] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE[1092] ntdll.dll!NtTestAlert 7C90DE8E 5 Bytes JMP 71AE0000
.text C:\WINDOWS\system32\services.exe[1116] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1116] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1116] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1116] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1116] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1116] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1116] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1128] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1128] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1128] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1128] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1128] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1128] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1128] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Norton PC Checkup\Engine\2.0.2.543\ccSvcHst.exe[1244] ntdll.dll!NtTestAlert 7C90DE8E 5 Bytes JMP 71AE0000
.text C:\WINDOWS\system32\nvsvc32.exe[1288] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1288] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1288] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1288] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1288] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1288] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1288] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1288] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe[1316] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe[1316] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe[1316] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe[1316] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe[1316] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe[1316] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe[1316] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe[1316] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1376] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1376] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft Security Essentials\MsMpEng.exe[1420] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft Security Essentials\MsMpEng.exe[1420] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft Security Essentials\MsMpEng.exe[1420] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft Security Essentials\MsMpEng.exe[1420] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft Security Essentials\MsMpEng.exe[1420] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft Security Essentials\MsMpEng.exe[1420] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft Security Essentials\MsMpEng.exe[1420] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft Security Essentials\MsMpEng.exe[1420] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\SOUNDMAN.EXE[1448] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\SOUNDMAN.EXE[1448] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\SOUNDMAN.EXE[1448] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\SOUNDMAN.EXE[1448] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\SOUNDMAN.EXE[1448] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\SOUNDMAN.EXE[1448] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\SOUNDMAN.EXE[1448] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\SOUNDMAN.EXE[1448] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1468] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1468] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1468] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1468] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1468] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1564] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1564] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1564] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1564] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1564] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1564] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1564] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[1564] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1616] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1616] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1616] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1616] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1616] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1616] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1616] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1616] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1644] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1644] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1644] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1644] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1644] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1644] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1644] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[1644] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1700] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1700] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1700] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1700] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1892] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1892] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1892] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1892] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1892] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1892] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1892] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1892] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2104] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2104] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2104] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2104] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2104] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2104] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2104] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2104] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Verizon\VSP\ServicepointService.exe[2140] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Verizon\VSP\ServicepointService.exe[2140] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Verizon\VSP\ServicepointService.exe[2140] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Verizon\VSP\ServicepointService.exe[2140] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Verizon\VSP\ServicepointService.exe[2140] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Verizon\VSP\ServicepointService.exe[2140] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Verizon\VSP\ServicepointService.exe[2140] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Verizon\VSP\ServicepointService.exe[2140] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE[2212] ntdll.dll!NtTestAlert 7C90DE8E 5 Bytes JMP 71AE0000
.text C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2288] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2288] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2288] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2288] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2288] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2288] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2288] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2288] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2308] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2308] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2308] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2308] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2308] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2308] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2308] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2308] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2384] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2384] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2384] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2384] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2384] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2384] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2384] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2384] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[2464] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[2464] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[2464] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[2464] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[2464] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[2464] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[2464] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[2464] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2536] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2536] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2536] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2536] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2536] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2536] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2536] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2536] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2572] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2572] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2572] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2572] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2572] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2572] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2572] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2572] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3772] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3772] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3772] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3772] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3772] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3772] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3772] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3772] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe[3784] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe[3784] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe[3784] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe[3784] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe[3784] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe[3784] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe[3784] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe[3784] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Norton SystemWorks\NswUiTray.exe[3812] ntdll.dll!NtTestAlert 7C90DE8E 5 Bytes JMP 71AE0000
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3840] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3840] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3840] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3840] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3840] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3840] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3840] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3840] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe[4364] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe[4364] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe[4364] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe[4364] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe[4364] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe[4364] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe[4364] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe[4364] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4444] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4444] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4444] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4444] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4444] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4444] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4444] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4444] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4488] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4488] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4488] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4488] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4488] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4488] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4488] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4488] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Me\Desktop\gmer\gmer.exe[4500] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Me\Desktop\gmer\gmer.exe[4500] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Me\Desktop\gmer\gmer.exe[4500] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Documents and Settings\Me\Desktop\gmer\gmer.exe[4500] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Me\Desktop\gmer\gmer.exe[4500] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Me\Desktop\gmer\gmer.exe[4500] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Me\Desktop\gmer\gmer.exe[4500] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Documents and Settings\Me\Desktop\gmer\gmer.exe[4500] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001
.text C:\Documents and Settings\Me\Desktop\gmer\gmer.exe[4500] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\Me\Desktop\gmer\gmer.exe[4500] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Me\Desktop\gmer\gmer.exe[4500] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Me\Desktop\gmer\gmer.exe[4500] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Me\Desktop\gmer\gmer.exe[4500] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Me\Desktop\gmer\gmer.exe[4500] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\Me\Desktop\gmer\gmer.exe[4500] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Me\Desktop\gmer\gmer.exe[4500] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Documents and Settings\Me\Desktop\gmer\gmer.exe[4500] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\Me\Desktop\gmer\gmer.exe[4500] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Documents and Settings\Me\Desktop\gmer\gmer.exe[4500] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Me\Desktop\gmer\gmer.exe[4500] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Security 360\is360.exe[4608] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Security 360\is360.exe[4608] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Security 360\is360.exe[4608] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Security 360\is360.exe[4608] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Security 360\is360.exe[4608] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Security 360\is360.exe[4608] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Security 360\is360.exe[4608] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Security 360\is360.exe[4608] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4612] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4612] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4612] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4612] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4612] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4612] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4612] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4612] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[4640] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[4640] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[4640] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[4640] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[4640] user32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[4640] user32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[4640] advapi32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[4640] advapi32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Security 360\IS360tray.exe[4920] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Security 360\IS360tray.exe[4920] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Security 360\IS360tray.exe[4920] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Security 360\IS360tray.exe[4920] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Security 360\IS360tray.exe[4920] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Security 360\IS360tray.exe[4920] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Security 360\IS360tray.exe[4920] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Security 360\IS360tray.exe[4920] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe[5164] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe[5164] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe[5164] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe[5164] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe[5164] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe[5164] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe[5164] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe[5164] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5324] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5324] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5324] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5324] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5324] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5324] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5324] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5324] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[5604] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[5604] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[5604] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[5604] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[5604] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[5604] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[5604] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[5604] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[5716] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[5716] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[5716] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[5716] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[5716] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 209A37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[5716] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[5716] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[5716] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C291E8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Norton PC Checkup\Engine\2.0.2.543\ccSvcHst.exe[5728] ntdll.dll!NtTestAlert 7C90DE8E 5 Bytes JMP 71AE0000
.text C:\Program Files\Verizon\McciTrayApp.exe[5736] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Verizon\McciTrayApp.exe[5736] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Verizon\McciTrayApp.exe[5736] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Verizon\McciTrayApp.exe[5736] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Verizon\McciTrayApp.exe[5736] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Verizon\McciTrayApp.exe[5736] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Verizon\McciTrayApp.exe[5736] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Verizon\McciTrayApp.exe[5736] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[5852] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[5852] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[5852] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[5852] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02140001
.text C:\WINDOWS\Explorer.EXE[5852] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[5852] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[5852] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[5852] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[5852] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[5852] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[5852] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[5852] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\WINDOWS\Explorer.EXE[5852] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[5852] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0C 0x41 0xBE 0x30 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x11 0xB3 0x85 0x70 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x4C 0x45 0xCA 0x2F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0C 0x41 0xBE 0x30 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x11 0xB3 0x85 0x70 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x4C 0x45 0xCA 0x2F ...

---- EOF - GMER 1.0.15 ----





*Now for the MBAM log, original, before I "removed" crud:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4099

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/14/2010 12:28:26 AM
mbam-log-2010-05-14 (00-28-26).txt

Scan type: Full scan (C:\|)
Objects scanned: 179094
Time elapsed: 53 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{f64c750b-279a-4586-b5a3-9df9fd1d4283} (Worm.Koobface) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{49aa4825-1220-452f-b6b0-8ae456842cb9} (Worm.Koobface) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a3a37682-7161-4a3e-bc56-3ec0822a5913} (Worm.Koobface) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3e6454d1-c9c4-4e0e-8386-d2ca72968f92} (Worm.Koobface) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{9e0851d3-001a-49b3-baf0-d4a1f6f369b8} (Worm.Koobface) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f2fd1401-e881-457d-a0b6-cf5001d7f04d} (Worm.Koobface) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b9742a63-fcf4-44ed-bc01-31d52ad8184b} (Worm.Koobface) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HP\Digital Imaging\ncpmlinst2.dll (Worm.Koobface) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HP\Digital Imaging\ncuiapi2.dll (Worm.Koobface) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HP\Digital Imaging\bin\copy2.dll (Worm.Koobface) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe (Worm.Koobface) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ComboFix\Catchme.tmp (Trojan.Agent) -> No action taken.
C:\ComboFix\catchme.cfxxe (Trojan.Agent) -> No action taken.
C:\Program Files\HP\Digital Imaging\ncpmlinst2.dll (Worm.Koobface) -> No action taken.
C:\Program Files\HP\Digital Imaging\ncuiapi2.dll (Worm.Koobface) -> No action taken.
C:\Program Files\HP\Digital Imaging\bin\copy2.dll (Worm.Koobface) -> No action taken.
C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe (Worm.Koobface) -> No action taken.
C:\System Volume Information\_restore{69A6BFC5-1BD3-409D-91BF-B98F165A2E0B}\RP1\A0000125.exe (Trojan.Agent) -> No action taken.


#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:26 AM

Posted 14 May 2010 - 12:51 AM

Hello,

Let MBAM clean what it found, if you haven't already. thumbup2.gif

Yes, let's have another look with ComboFix, please. Not sure why MBAM detected it like that though.


Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 mejohn

mejohn
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 14 May 2010 - 11:05 PM

Okay. Should I have disabled my nvidea firewall too? I just remembered it has "anti-hacking" features enabled. Um..sorry.
Here is the latest combofix log:


ComboFix 10-05-13.03 - Me 05/14/2010 22:55:24.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2314 [GMT -4:00]
Running from: c:\documents and settings\Me\Desktop\ComboFix2.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Me\Application Data\Dealio
c:\documents and settings\Me\Application Data\Dealio\res\widgets.xml
c:\documents and settings\Me\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml

.
((((((((((((((((((((((((( Files Created from 2010-04-15 to 2010-05-15 )))))))))))))))))))))))))))))))
.

2010-05-11 17:49 . 2010-05-11 17:49 -------- d-----w- c:\documents and settings\Me\Local Settings\Application Data\PCHealth
2010-05-11 17:49 . 2010-05-11 17:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-05-11 01:43 . 2010-05-11 01:43 -------- d-----w- c:\program files\ESET
2010-05-11 01:16 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-05-10 10:58 . 2010-05-10 10:58 -------- d-----w- c:\documents and settings\Me\Application Data\SafeReturner
2010-05-10 10:58 . 2010-05-10 11:00 -------- d-----w- c:\program files\Safe Returner
2010-05-10 09:29 . 2010-05-06 14:36 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-10 09:17 . 2010-05-10 09:17 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-10 09:09 . 2010-05-10 09:09 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-05-10 03:31 . 2010-05-14 03:15 63488 ----a-w- c:\documents and settings\Me\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-10 03:31 . 2010-05-10 03:31 52224 ----a-w- c:\documents and settings\Me\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-10 03:31 . 2010-05-14 03:15 117760 ----a-w- c:\documents and settings\Me\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-10 03:29 . 2010-05-10 03:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-10 03:29 . 2010-05-10 03:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-10 03:29 . 2010-05-10 03:29 -------- d-----w- c:\documents and settings\Me\Application Data\SUPERAntiSpyware.com
2010-05-10 03:29 . 2010-05-10 03:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-08 07:36 . 2010-05-08 07:36 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-05-08 05:05 . 2010-05-08 05:05 -------- d-----w- c:\windows\system32\NtmsData
2010-05-06 10:03 . 2010-05-13 05:15 -------- d-----w- c:\documents and settings\Me\Local Settings\Application Data\Tific
2010-05-06 10:03 . 2010-05-06 10:03 -------- d-----w- c:\documents and settings\Me\Application Data\Tific
2010-05-06 10:03 . 2010-05-06 10:03 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckup
2010-05-06 10:03 . 2010-05-06 10:03 -------- d-----w- c:\program files\Norton PC Checkup

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-15 02:47 . 2009-12-14 09:13 -------- d-----w- c:\documents and settings\Me\Application Data\uTorrent
2010-05-14 12:27 . 2009-12-10 18:06 2214364 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-05-13 07:08 . 2010-05-13 07:12 792576 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-05-12 19:58 . 2009-12-16 07:27 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-12 19:44 . 2009-12-11 06:09 -------- d-----w- c:\documents and settings\Me\Application Data\vlc
2010-05-11 03:40 . 2009-12-12 05:02 -------- d-----w- c:\program files\Windows Media Connect 2
2010-05-11 03:40 . 2009-12-10 18:51 -------- d-----w- c:\program files\Verizon
2010-05-11 03:40 . 2009-12-13 05:38 -------- d-----w- c:\program files\PC Inspector File Recovery
2010-05-10 09:17 . 2009-12-09 08:27 17280 ----a-w- c:\documents and settings\Me\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-10 05:23 . 2010-03-21 06:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-08 06:59 . 2009-12-10 08:00 1 ----a-w- c:\documents and settings\Me\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-07 05:31 . 2010-05-07 05:31 108415 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_05_07_01_24_39_small.dmp.zip
2010-05-07 05:24 . 2010-05-07 05:26 1805824 ----a-w- c:\windows\Internet Logs\xDB8B.tmp
2010-05-07 05:24 . 2010-05-07 05:26 2579456 ----a-w- c:\windows\Internet Logs\xDB8A.tmp
2010-05-07 04:25 . 2009-12-10 07:47 -------- d-----w- c:\program files\OpenOffice.org 3
2010-05-07 04:25 . 2009-12-09 21:31 -------- d-----w- c:\program files\Norton SystemWorks
2010-05-07 04:25 . 2009-12-15 07:07 -------- d-----w- c:\program files\HDD Health
2010-05-06 10:03 . 2009-12-09 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-05-06 10:03 . 2009-12-09 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-05-06 10:02 . 2009-12-09 21:24 -------- d-----w- c:\program files\NortonInstaller
2010-05-06 09:39 . 2010-03-12 07:20 439816 ----a-w- c:\documents and settings\Me\Application Data\Real\Update\setup3.10\setup.exe
2010-05-06 08:42 . 2010-05-06 08:44 1796608 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-04-29 19:39 . 2010-03-21 06:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-03-21 06:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-21 06:20 . 2010-03-21 06:20 -------- d-----w- c:\documents and settings\Me\Application Data\Malwarebytes
2010-03-21 06:20 . 2010-03-21 06:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-21 06:08 . 2010-03-21 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-03-21 06:08 . 2009-12-12 09:14 -------- d-----w- c:\program files\IObit
2010-03-21 05:26 . 2009-12-10 19:03 -------- d-----w- c:\program files\Common Files\Motive
2010-03-18 10:27 . 2010-03-18 10:27 -------- d-----w- c:\program files\MSBuild
2010-03-18 10:27 . 2010-03-18 10:27 -------- d-----w- c:\program files\Reference Assemblies
2010-03-18 03:46 . 2010-03-18 03:46 -------- d-----w- c:\program files\StreamTransport
2010-03-16 08:01 . 2010-03-16 08:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Radialpoint
2010-03-10 06:15 . 2001-08-23 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2001-08-23 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2001-08-23 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2001-08-17 13:48 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-11-20 2335880]
"UpdateFlow.Verizon"="c:\program files\Verizon\McciBrowser.exe" [2010-03-17 1048576]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-06 2017280]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-14 314160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSWosCheck"="c:\program files\Norton SystemWorks\osCheck.exe" [2008-09-25 160112]
"NswUiTray"="c:\program files\Norton SystemWorks\NswUiTray.exe" [2008-09-25 85360]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\\nTune.exe" [2004-11-09 532480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 266240]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-11 198160]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"MaxBlastMonitor.exe"="c:\program files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2009-12-16 1325800]
"AcronisTimounterMonitor"="c:\program files\Maxtor\MaxBlast\TimounterMonitor.exe" [2008-06-27 904776]
"Maxtor Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2008-06-27 136472]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2010-01-11 4281584]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"HDDHealth"=c:\program files\HDD Health\HDDHealth.exe -wl
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1008000.029\SymEFA.sys [2/5/2010 2:20 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1008000.029\BHDrvx86.sys [2/5/2010 2:20 AM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1008000.029\cchpx86.sys [2/5/2010 2:20 AM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100505.001\IDSXpx86.sys [5/8/2010 12:58 AM 329592]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 68168]
R2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [12/22/2009 4:41 AM 1127944]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [1/8/2010 1:51 AM 380928]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [3/21/2010 2:08 AM 311568]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [10/14/2009 9:30 AM 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [10/14/2009 9:30 AM 476528]
R2 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [6/27/2008 6:03 PM 431384]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [2/5/2010 2:20 AM 117640]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.2.543\SymcPCCULaunchSvc.exe [5/6/2010 6:03 AM 103280]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~3\NORTON~1\NPROTECT.EXE [9/25/2008 3:53 PM 95600]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.2.543\ccSvcHst.exe [5/6/2010 6:03 AM 126392]
R2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [3/16/2010 4:01 AM 689392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/13/2009 1:45 AM 102448]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [12/11/2009 3:59 AM 113896]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/16/2009 3:27 AM 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-05-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]

2010-02-08 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2008-09-25 19:52]

2010-05-15 c:\windows\Tasks\User_Feed_Synchronization-{A59EA435-AA32-4D9B-AED6-EBBFFBC822E0}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://verizon-online.aol.com
IE: &Verizon - AOL Toolbar Search - c:\documents and settings\All Users\Application Data\Verizon - AOL Toolbar\ieToolbar\resources\en-US\local\search.html
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\Me\Application Data\Mozilla\Firefox\Profiles\988c47da.default\
FF - prefs.js: browser.startup.homepage - hxxp://verizon-online.aol.com/
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\Me\Application Data\Mozilla\Firefox\Profiles\988c47da.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Me\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Verizon\VSP\nprpspa.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-14 22:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.2.543\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.2.543\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1080)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

- - - - - - - > 'lsass.exe'(1136)
c:\windows\system32\relog_ap.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\system32\nvappfilter.dll
.
Completion time: 2010-05-14 23:01:32
ComboFix-quarantined-files.txt 2010-05-15 03:01
ComboFix2.txt 2010-05-10 22:13
ComboFix3.txt 2010-05-10 11:16
ComboFix4.txt 2010-05-10 07:28
ComboFix5.txt 2010-05-10 22:18

Pre-Run: 105,788,514,304 bytes free
Post-Run: 106,390,048,768 bytes free

- - End Of File - - 2E3BA59BD92F51C6F58464EFFF85F7BD



#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:26 AM

Posted 14 May 2010 - 11:16 PM

I think it's all right.....doesn't look like it interfered with deletions.

That *should* have been the end of Dealio. How is it running tonight? Is MBAM coming up clean now? smile.gif
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 mejohn

mejohn
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 15 May 2010 - 12:52 AM

Good to hear. Unfortunately, I didn't think to update MBAM until after running it again. Both of witch I should a thought of...
Anyway, I don't see Dealio *but* "Trojan.Agent" did appear. So I guess its update/re-run MBAM? Sorry. I must be turning into a difficult case. Sorry forgot the MBAM log... Should I worry that it seems associated to my Norton?


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4099

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/15/2010 1:30:21 AM
mbam-log-2010-05-15 (01-30-21).txt

Scan type: Full scan (C:\|)
Objects scanned: 178642
Time elapsed: 32 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\RECYCLER\NPROTECT\00000467.CF~ (Trojan.Agent) -> Quarantined and deleted successfully.




So I re-ran MBAM after update and it was clean. Unfortunately I fouled up. I half assumed my PC was good and half got bored and completely stopped following direction. SUPERAntySpyware was already on my machine and I ran it before it even occured to me it was stupid. My bad. I know from experience how it is to try and help somebody that doesn't listen. I'm sorry Tea, It won't happen again. As it happens SAS did turn up another Trojan in another nprotect file though. Here is the log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/15/2010 at 03:00 AM

Application Version : 4.37.1000

Core Rules Database Version : 4939
Trace Rules Database Version: 2751

Scan type : Complete Scan
Total Scan Time : 00:19:56

Memory items scanned : 661
Memory threats detected : 0
Registry items scanned : 5117
Registry threats detected : 0
File items scanned : 21786
File threats detected : 1

Trojan.Dropper/Gen
C:\RECYCLER\NPROTECT\00000579.EXE

Edited by mejohn, 15 May 2010 - 02:51 AM.


#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:26 AM

Posted 15 May 2010 - 12:30 PM

No need to be sorry. smile.gif I may not be able to see what you see in front of you, but I've asked you to follow directions from a stranger. None of it is really "easy". You've helped me out immensely by telling me what's going on there, things that you've done, and that you can see. thumbup2.gif

Those files are not a threat, and you *should* be able to get rid of them by emptying Norton's quarantine.

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

Please download ATF Cleaner by Atribune.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Let me know how all that went. I believe you're good to go after that, unless you have other questions. smile.gif

tea


Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 mejohn

mejohn
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 17 May 2010 - 09:04 PM

Hi Tea, so far so good. There is one issue regarding my Norton AV 2009 and its flagging of "Backdoor.Tidserv!inf" nastiness.

NAV sees it in 2 files and 1 browser cache. If I click on "browser cache" nothing comes up in the Details box. Clicking "Files" shows two c:\qoobox\ entries. This is after emptying my Norton Recycling bin. The first file is "c:\qoobox\32788r22fwjfw\kbdclass.sys" and the other is "c:\qoobox\quarentine\c\windows\system32\drivers\kbdclass.sys.vir", whatever those are.

Norton lists the "Risk State" for this as "Not safe to remove" and advises a manual removal, followed by a "Quick Scan" to confirm removal. This came up even before I found bleeping computer, hopefully something we did has already cleared it. Norton refuses to think so though. I had tried the removal instructions from Norton, but I'm sure I didn't get the desired effect. It seemed like I copied the right file names in repair console, in the format indicated. The only response was a "command not recognized" every time I tried.

I've run that "quick scan" a few times and it doesn't show anything. Does that mean that the files are gone but NAV just won't tell itself that? Am I just supposed to remove it from the alert list now? I'll fell like a bigger n00b for bothering you if its just that NAV won't automatically indicate its resolved. Thanks for you patience...

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:26 AM

Posted 17 May 2010 - 09:18 PM

Hello smile.gif

Qoobox is a folder ComboFix made. Those files are not a threat to you, as they've been renamed and stored there. They will be removed when we remove ComboFix, since I'm assuming you haven't removed it as per my last directions, and Norton will hush up about it. thumbup2.gif

tea

EDIT: To be a little more specific......if you have deleted Qoobox and run ATF Cleaner and Norton is still hoarding those files, then yes you most certainly can delete them if you like. smile.gif If they still show up, we'll do a bit more housekeeping and make them go away!

Edited by teacup61, 17 May 2010 - 09:25 PM.

Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 mejohn

mejohn
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 22 May 2010 - 02:15 AM

Thanks Tea' that seems to have done it. I've been away from my PC past few days or I'd have thanked you sooner. Ran everything I had, updated and ran again. Clean bill o' health. With all the junk that was on my machine, should I just burn my checkbook or what? Kept a close eye on my accounts after realizing I did my taxes on this hard drive. Routing numbers etc. Just being stupid? Thanks again.

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:26 AM

Posted 23 May 2010 - 01:18 PM

No problem, and you're most welcome. thumbup2.gif

Not stupid at all!! If you've been keeping a close eye on things, then I think you're all right. *Usually* if someone was actively going for your info they would have already used it and you would know. I think it's always a good idea to change any passwords you have for banking and other sensitive accounts, but I don't think you need to burn the checkbook in this case. smile.gif

Thank you for getting back to me!

Take care,
tea


Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:26 AM

Posted 01 June 2010 - 09:15 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users