Thank You for your continued assitance, Agent ST.
I have used Webroot's Spysweeper for quite a few years based on good reviews, although their antivirus engine (via Sophos) is only fair since it results in too many false positives and missed samples. It is distressing that Anti Spyware software is tested much too weakly by magazines and websites. Spyware software needs something rigorous that tests the "best of the best" like AV-Comparitives, or even something like VB 100 to let us know what meets minimum acceptable performance. I started using Zonealarm AV & Firewall when they started licensing Kaspersky's AV engine.
***
I have used XP Antispy for years. It is a Freeware/Donationware utility written by German programmer Christian Taubenheim which can be dowloaded from Softpedia, MajorGeeks, Afterdawn and numerous other sites. It originally allowed you to stop Windows from "spying" on you - sending various sorts of info back to Microsoft. It has evolved over the years so that it allows you to enable or shut off various functions of Windows to increase pivacy or increase security, a dashboard that allows you to adjust various settings without having to hunt them all down and change them manually or edit your registry. As spyware has become a large threat over the years, the name has come to be confusing.
Screen shots here:
http://www.snapfiles...s/xpantispy.htmComputer rebooted. Although my mouse did not work, I was able to use the Enter key since the OK button on the dialogue box had the focus.
As the computer finished rebooting, it generated a "The system has recovered from a serious error" message.
GMER Log found below:GMER 1.0.15.15641 -
http://www.gmer.netRootkit scan 2011-10-23 16:41:16
Windows 5.1.2600 Service Pack 2 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-19
WDC_WD1600JS-00NCB1 rev.10.02E02
Running: g---mer.exe; Driver: C:\DOCUME~1\Jeff\LOCALS~1\Temp\pwloypob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab)
ZwAdjustPrivilegesToken [0xA817D66E]
SSDT 8A4EBDC8
ZwAllocateVirtualMemory
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwClose [0xA817DF02]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwConnectPort
[0xA802B2F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwCreateEvent
[0xA817E7D0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwCreateFile
[0xA80255CA]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwCreateKey
[0xA804458A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwCreateMutant
[0xA817E6A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwCreateNamedPipeFile
[0xA817D274]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwCreatePort
[0xA802BA80]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwCreateProcess
[0xA803EE4E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwCreateProcessEx
[0xA803F23C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwCreateSection
[0xA80486F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwCreateSemaphore
[0xA817E902]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab)
ZwCreateSymbolicLinkObject [0xA818058C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwCreateThread
[0xA817DBA0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort
[0xA802BBB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwDebugActiveProcess
[0xA817FF36]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwDeleteFile
[0xA80261E0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwDeleteKey
[0xA8045E3C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwDeleteValueKey
[0xA80457B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwDeviceIoControlFile
[0xA817E178]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwDuplicateObject
[0xA803DD8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwEnumerateKey
[0xA817CFAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwEnumerateValueKey
[0xA817D056]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwFsControlFile
[0xA817DF84]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwLoadDriver
[0xA817FFC8]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwLoadKey [0xA8046794]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwLoadKey2
[0xA804699C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwMapViewOfSection
[0xA8048A5E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwNotifyChangeKey
[0xA817D1A2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwOpenEvent
[0xA817E872]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwOpenFile
[0xA8025DF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwOpenKey
[0xA817C6BE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwOpenMutant
[0xA817E740]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwOpenProcess
[0xA8041160]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwOpenSection
[0xA81805B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwOpenSemaphore
[0xA817E9A4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwOpenThread
[0xA8040D8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwQueryKey
[0xA817D100]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab)
ZwQueryMultipleValueKey [0xA817CD28]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwQuerySection
[0xA8180958]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwQueryValueKey
[0xA817C978]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwQueueApcThread
[0xA81802A6]
SSDT 8A4EBCD8
ZwReadVirtualMemory
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwRenameKey
[0xA804772A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwReplaceKey
[0xA8047060]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwReplyPort
[0xA817ED2E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab)
ZwReplyWaitReceivePort [0xA817EBF4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort
[0xA802AEC4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwRestoreKey
[0xA80480FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwResumeThread
[0xA8180E30]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwSaveKey
[0xA817C32A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwSecureConnectPort
[0xA802B59C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwSetContextThread
[0xA817DDBE]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwSetInformationFile
[0xA80265A4]
SSDT 8A4F3CA0
ZwSetInformationKey
SSDT 8A4F39D0
ZwSetInformationProcess
SSDT 8A4EBFA8
ZwSetInformationThread
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwSetInformationToken
[0xA817F586]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwSetSecurityObject
[0xA8047C6A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab)
ZwSetSystemInformation [0xA8180A98]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwSetValueKey
[0xA8044F72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwSuspendProcess
[0xA8180B7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwSuspendThread
[0xA8180CA4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling
Driver/Check Point Software Technologies LTD) ZwSystemDebugControl
[0xA803FEA4]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
(SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)
ZwTerminateProcess [0xA7FA8640]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwTerminateThread
[0xA817D956]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwUnmapViewOfSection
[0xA818080E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab) ZwWriteVirtualMemory
[0xA817DAE0]
Code BA729C9C
ZwRequestPort
Code BA729BFC
ZwTraceEvent
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab)
FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter
[fre_wxp_x86]/Kaspersky Lab)
IoIsOperationSynchronous
Code BA729C9B
NtRequestPort
Code BA729BFB
NtTraceEvent
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess
804EAEA0 5 Bytes JMP A8171FA8
\SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky
Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous
804EF828 5 Bytes JMP A8172382
\SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky
Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2C50
80503A24 12 Bytes [80, BA, 02,
A8, 4E, EE, 03, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2C60
80503A34 16 Bytes [F6, 86, 04,
A8, 02, E9, 17, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D1C
80503AF0 12 Bytes [C8, FF, 17,
A8, 94, 67, 04, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D60
80503B34 4 Bytes CALL D2ACE350
.text ntkrnlpa.exe!ZwCallbackReturn + 2E98
80503C6C 16 Bytes [2A, 77, 04,
A8, 60, 70, 04, ...]
.text ...
.text ntkrnlpa.exe!NtTraceEvent
80534374 5 Bytes JMP BA729C00
PAGE ntkrnlpa.exe!NtRequestPort
805A1520 5 Bytes JMP BA729CA0
.text win32k.sys!EngPaint + 4F1
BF8255EF 5 Bytes JMP BA7295C0
.text win32k.sys!CLIPOBJ_bEnum + 2982
BF831388 5 Bytes JMP BA729700
.text win32k.sys!EngUnmapFontFileFD + EE41
BF841183 5 Bytes JMP BA729660
.text win32k.sys!FONTOBJ_pxoGetXform + DE42
BF85AD4E 5 Bytes JMP BA729A20
.text win32k.sys!EngCreateClip + 19C1
BF913245 2 Bytes JMP BA729AC0
.text win32k.sys!EngCreateClip + 19C4
BF913248 2 Bytes [E1, FA]
{LOOPZ 0xfffffffffffffffc}
.text win32k.sys!EngCreateClip + 1F51
BF9137D5 5 Bytes JMP BA729B60
.text win32k.sys!EngCreateClip + 2597
BF913E1B 5 Bytes JMP BA729840
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\brsvc01a.exe[356]
ntdll.dll!NtAccessCheckByType
7C90CE8E 5 Bytes JMP 20CB8791 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[356]
ntdll.dll!NtImpersonateClientOfPort
7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[356]
ntdll.dll!NtSetInformationProcess
7C90DC9E 5 Bytes JMP 20CB89AB C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[356] kernel32.dll!OpenProcess
7C830A01 5 Bytes JMP 20CB846C
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[356] USER32.dll!FindWindowA
7E42DE87 5 Bytes JMP 20CB828F
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[356] USER32.dll!FindWindowW
7E42E13A 5 Bytes JMP 20CB825A
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[356]
ADVAPI32.dll!ImpersonateNamedPipeClient
77DD7406 5 Bytes JMP 20CB8E5D C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[356] ADVAPI32.dll!SetThreadToken
77DDF141 5 Bytes JMP 20CB9036
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[460] ntdll.dll!NtAccessCheckByType
7C90CE8E 5 Bytes JMP 20CB8791
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[460]
ntdll.dll!NtImpersonateClientOfPort
7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[460]
ntdll.dll!NtSetInformationProcess
7C90DC9E 5 Bytes JMP 20CB89AB C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!OpenProcess
7C830A01 5 Bytes JMP 20CB846C
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[460]
ADVAPI32.dll!ImpersonateNamedPipeClient
77DD7406 5 Bytes JMP 20CB8E5D C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[460] ADVAPI32.dll!SetThreadToken
77DDF141 5 Bytes JMP 20CB9036
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[460] USER32.dll!FindWindowA
7E42DE87 5 Bytes JMP 20CB828F
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[460] USER32.dll!FindWindowW
7E42E13A 5 Bytes JMP 20CB825A
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[468] ntdll.dll!NtAccessCheckByType
7C90CE8E 5 Bytes JMP 20CB8791
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[468]
ntdll.dll!NtImpersonateClientOfPort
7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[468]
ntdll.dll!NtSetInformationProcess
7C90DC9E 5 Bytes JMP 20CB89AB C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[468] kernel32.dll!OpenProcess
7C830A01 5 Bytes JMP 20CB846C
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[468] USER32.dll!FindWindowA
7E42DE87 5 Bytes JMP 20CB828F
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[468] USER32.dll!FindWindowW
7E42E13A 5 Bytes JMP 20CB825A
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[468]
ADVAPI32.dll!ImpersonateNamedPipeClient
77DD7406 5 Bytes JMP 20CB8E5D C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[468] ADVAPI32.dll!SetThreadToken
77DDF141 5 Bytes JMP 20CB9036
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[800]
ntdll.dll!NtAccessCheckByType
7C90CE8E 5 Bytes JMP 20CB8791 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[800]
ntdll.dll!NtImpersonateClientOfPort
7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[800]
ntdll.dll!NtSetInformationProcess
7C90DC9E 5 Bytes JMP 20CB89AB C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!OpenProcess
7C830A01 5 Bytes JMP 20CB846C
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[800]
ADVAPI32.dll!ImpersonateNamedPipeClient
77DD7406 5 Bytes JMP 20CB8E5D C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[800] ADVAPI32.dll!SetThreadToken
77DDF141 5 Bytes JMP 20CB9036
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[800] USER32.dll!FindWindowA
7E42DE87 5 Bytes JMP 20CB828F
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[800] USER32.dll!FindWindowW
7E42E13A 5 Bytes JMP 20CB825A
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[820] ntdll.dll!NtAccessCheckByType
7C90CE8E 5 Bytes JMP 20CB8791
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[820] ntdll.dll!NtImpersonateClientOfPort
7C90D3FE 5 Bytes JMP 20CB8D58
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[820] ntdll.dll!NtSetInformationProcess
7C90DC9E 5 Bytes JMP 20CB89AB
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[820] kernel32.dll!OpenProcess
7C830A01 5 Bytes JMP 20CB846C
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[820]
ADVAPI32.dll!ImpersonateNamedPipeClient
77DD7406 5 Bytes JMP 20CB8E5D C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[820] ADVAPI32.dll!SetThreadToken
77DDF141 5 Bytes JMP 20CB9036
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[820] USER32.dll!GetCursor
7E41D749 5 Bytes JMP 00B61080
C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\Explorer.EXE[820] USER32.dll!DrawIconEx
7E41EB4E 5 Bytes JMP 00B61120
C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\Explorer.EXE[820] USER32.dll!GetIconInfo
7E41F052 5 Bytes JMP 00B61030
C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\Explorer.EXE[820] USER32.dll!FindWindowA
7E42DE87 5 Bytes JMP 20CB828F
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[820] USER32.dll!FindWindowW
7E42E13A 5 Bytes JMP 20CB825A
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[820] SHELL32.dll!SHFileOperationW
7CA6FDEE 5 Bytes JMP 00B01102
C:\Program Files\Unlocker\UnlockerHook.dll
.text C:\WINDOWS\system32\services.exe[848]
ntdll.dll!NtAccessCheckByType
7C90CE8E 5 Bytes JMP 20CB8791 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[848]
ntdll.dll!NtImpersonateClientOfPort
7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[848]
ntdll.dll!NtSetInformationProcess
7C90DC9E 5 Bytes JMP 20CB89AB C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!OpenProcess
7C830A01 5 Bytes JMP 20CB846C
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[848]
ADVAPI32.dll!ImpersonateNamedPipeClient
77DD7406 5 Bytes JMP 20CB8E5D C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[848] ADVAPI32.dll!SetThreadToken
77DDF141 5 Bytes JMP 20CB9036
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[848] USER32.dll!FindWindowA
7E42DE87 5 Bytes JMP 20CB828F
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[848] USER32.dll!FindWindowW
7E42E13A 5 Bytes JMP 20CB825A
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[872] ntdll.dll!NtAccessCheckByType
7C90CE8E 5 Bytes JMP 20CB8791
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[872]
ntdll.dll!NtImpersonateClientOfPort
7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[872]
ntdll.dll!NtSetInformationProcess
7C90DC9E 5 Bytes JMP 20CB89AB C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[872]
ADVAPI32.dll!ImpersonateNamedPipeClient
77DD7406 5 Bytes JMP 20CB8E5D C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[872] ADVAPI32.dll!SetThreadToken
77DDF141 5 Bytes JMP 20CB9036
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[872] USER32.dll!FindWindowA
7E42DE87 5 Bytes JMP 20CB828F
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[872] USER32.dll!FindWindowW
7E42E13A 5 Bytes JMP 20CB825A
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\Program
Files\Webroot\WebrootSecurity\WRConsumerService.exe[1036]
ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\Program
Files\Webroot\WebrootSecurity\WRConsumerService.exe[1036]
ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\Program
Files\Webroot\WebrootSecurity\WRConsumerService.exe[1036]
ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\Program
Files\Webroot\WebrootSecurity\WRConsumerService.exe[1036] kernel32.dll!OpenProcess
7C830A01 5 Bytes JMP 20CB846C C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\Program
Files\Webroot\WebrootSecurity\WRConsumerService.exe[1036]
ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7406 5 Bytes JMP 20CB8E5D
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\Program
Files\Webroot\WebrootSecurity\WRConsumerService.exe[1036]
ADVAPI32.dll!SetThreadToken 77DDF141 5 Bytes JMP 20CB9036
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\Program
Files\Webroot\WebrootSecurity\WRConsumerService.exe[1036] USER32.dll!FindWindowA
7E42DE87 5 Bytes JMP 20CB828F C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\Program
Files\Webroot\WebrootSecurity\WRConsumerService.exe[1036] USER32.dll!FindWindowW
7E42E13A 5 Bytes JMP 20CB825A C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1060]
ntdll.dll!NtAccessCheckByType
7C90CE8E 5 Bytes JMP 20CB8791 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1060]
ntdll.dll!NtImpersonateClientOfPort
7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1060]
ntdll.dll!NtSetInformationProcess
7C90DC9E 5 Bytes JMP 20CB89AB C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!OpenProcess
7C830A01 5 Bytes JMP 20CB846C
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1060]
ADVAPI32.dll!ImpersonateNamedPipeClient
77DD7406 5 Bytes JMP 20CB8E5D C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!SetThreadToken
77DDF141 5 Bytes JMP 20CB9036
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!FindWindowA
7E42DE87 5 Bytes JMP 20CB828F
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!FindWindowW
7E42E13A 5 Bytes JMP 20CB825A
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1088] ntdll.dll!NtAccessCheckByType
7C90CE8E 5 Bytes JMP 20CB8791
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1088]
ntdll.dll!NtImpersonateClientOfPort
7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1088]
ntdll.dll!NtSetInformationProcess
7C90DC9E 5 Bytes JMP 20CB89AB C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1088] kernel32.dll!OpenProcess
7C830A01 5 Bytes JMP 20CB846C
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1088] USER32.dll!FindWindowA
7E42DE87 5 Bytes JMP 20CB828F
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1088] USER32.dll!FindWindowW
7E42E13A 5 Bytes JMP 20CB825A
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1088]
ADVAPI32.dll!ImpersonateNamedPipeClient
77DD7406 5 Bytes JMP 20CB8E5D C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1088] ADVAPI32.dll!SetThreadToken
77DDF141 5 Bytes JMP 20CB9036
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1136]
ntdll.dll!NtAccessCheckByType
7C90CE8E 5 Bytes JMP 20CB8791 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1136]
ntdll.dll!NtImpersonateClientOfPort
7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1136]
ntdll.dll!NtSetInformationProcess
7C90DC9E 5 Bytes JMP 20CB89AB C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!OpenProcess
7C830A01 5 Bytes JMP 20CB846C
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1136]
ADVAPI32.dll!ImpersonateNamedPipeClient
77DD7406 5 Bytes JMP 20CB8E5D C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!SetThreadToken
77DDF141 5 Bytes JMP 20CB9036
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1136] USER32.dll!FindWindowA
7E42DE87 5 Bytes JMP 20CB828F
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1136] USER32.dll!FindWindowW
7E42E13A 5 Bytes JMP 20CB825A
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1232]
ntdll.dll!NtAccessCheckByType 7C90CE8E 5
Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1232]
ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5
Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1232]
ntdll.dll!NtSetInformationProcess 7C90DC9E 5
Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1232]
kernel32.dll!OpenProcess 7C830A01 5
Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1232]
ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7406 5
Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1232]
ADVAPI32.dll!SetThreadToken 77DDF141 5
Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1232]
USER32.dll!FindWindowA 7E42DE87 5
Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1232]
USER32.dll!FindWindowW 7E42E13A 5
Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxtray.exe[1240]
ntdll.dll!NtAccessCheckByType
7C90CE8E 5 Bytes JMP 20CB8791 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxtray.exe[1240]
ntdll.dll!NtImpersonateClientOfPort
7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxtray.exe[1240]
ntdll.dll!NtSetInformationProcess
7C90DC9E 5 Bytes JMP 20CB89AB C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxtray.exe[1240] kernel32.dll!OpenProcess
7C830A01 5 Bytes JMP 20CB846C
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxtray.exe[1240] USER32.dll!FindWindowA
7E42DE87 5 Bytes JMP 20CB828F
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxtray.exe[1240] USER32.dll!FindWindowW
7E42E13A 5 Bytes JMP 20CB825A
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxtray.exe[1240]
ADVAPI32.dll!ImpersonateNamedPipeClient
77DD7406 5 Bytes JMP 20CB8E5D C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxtray.exe[1240] ADVAPI32.dll!SetThreadToken
77DDF141 5 Bytes JMP 20CB9036
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1288]
ntdll.dll!NtAccessCheckByType
7C90CE8E 5 Bytes JMP 20CB8791 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1288]
ntdll.dll!NtImpersonateClientOfPort
7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1288]
ntdll.dll!NtSetInformationProcess
7C90DC9E 5 Bytes JMP 20CB89AB C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!OpenProcess
7C830A01 5 Bytes JMP 20CB846C
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1288]
ADVAPI32.dll!ImpersonateNamedPipeClient
77DD7406 5 Bytes JMP 20CB8E5D C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!SetThreadToken
77DDF141 5 Bytes JMP 20CB9036
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1288] USER32.dll!FindWindowA
7E42DE87 5 Bytes JMP 20CB828F
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1288] USER32.dll!FindWindowW
7E42E13A 5 Bytes JMP 20CB825A
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[1460] ntdll.dll!NtAccessCheckByType
7C90CE8E 5 Bytes JMP 20CB8791
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[1460]
ntdll.dll!NtImpersonateClientOfPort
7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[1460]
ntdll.dll!NtSetInformationProcess
7C90DC9E 5 Bytes JMP 20CB89AB C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[1460] kernel32.dll!OpenProcess
7C830A01 5 Bytes JMP 20CB846C
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[1460] USER32.dll!FindWindowA
7E42DE87 5 Bytes JMP 20CB828F
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[1460] USER32.dll!FindWindowW
7E42E13A 5 Bytes JMP 20CB825A
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[1460]
ADVAPI32.dll!ImpersonateNamedPipeClient
77DD7406 5 Bytes JMP 20CB8E5D C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[1460] ADVAPI32.dll!SetThreadToken
77DDF141 5 Bytes JMP 20CB9036
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1508]
ntdll.dll!NtAccessCheckByType
7C90CE8E 5 Bytes JMP 20CB8791 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1508]
ntdll.dll!NtImpersonateClientOfPort
7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1508]
ntdll.dll!NtSetInformationProcess
7C90DC9E 5 Bytes JMP 20CB89AB C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!OpenProcess
7C830A01 5 Bytes JMP 20CB846C
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1508]
ADVAPI32.dll!ImpersonateNamedPipeClient
77DD7406 5 Bytes JMP 20CB8E5D C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!SetThreadToken
77DDF141 5 Bytes JMP 20CB9036
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!FindWindowA
7E42DE87 5 Bytes JMP 20CB828F
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!FindWindowW
7E42E13A 5 Bytes JMP 20CB825A
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxsrvc.exe[1624]
ntdll.dll!NtAccessCheckByType
7C90CE8E 5 Bytes JMP 20CB8791 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxsrvc.exe[1624]
ntdll.dll!NtImpersonateClientOfPort
7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxsrvc.exe[1624]
ntdll.dll!NtSetInformationProcess
7C90DC9E 5 Bytes JMP 20CB89AB C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxsrvc.exe[1624] kernel32.dll!OpenProcess
7C830A01 5 Bytes JMP 20CB846C
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxsrvc.exe[1624] USER32.dll!FindWindowA
7E42DE87 5 Bytes JMP 20CB828F
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxsrvc.exe[1624] USER32.dll!FindWindowW
7E42E13A 5 Bytes JMP 20CB825A
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxsrvc.exe[1624]
ADVAPI32.dll!ImpersonateNamedPipeClient
77DD7406 5 Bytes JMP 20CB8E5D C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxsrvc.exe[1624] ADVAPI32.dll!SetThreadToken
77DDF141 5 Bytes JMP 20CB9036
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[1660]
ntdll.dll!NtAccessCheckByType
7C90CE8E 5 Bytes JMP 20CB8791 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[1660]
ntdll.dll!NtImpersonateClientOfPort
7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[1660]
ntdll.dll!NtSetInformationProcess
7C90DC9E 5 Bytes JMP 20CB89AB C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[1660] kernel32.dll!OpenProcess
7C830A01 5 Bytes JMP 20CB846C
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[1660] USER32.dll!FindWindowA
7E42DE87 5 Bytes JMP 20CB828F
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[1660] USER32.dll!FindWindowW
7E42E13A 5 Bytes JMP 20CB825A
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[1660]
ADVAPI32.dll!ImpersonateNamedPipeClient
77DD7406 5 Bytes JMP 20CB8E5D C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[1660] ADVAPI32.dll!SetThreadToken
77DDF141 5 Bytes JMP 20CB9036
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1840]
ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes
JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1840]
ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes
JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1840]
ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes
JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1840]
kernel32.dll!OpenProcess 7C830A01 5 Bytes
JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1840]
ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7406 5 Bytes
JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1840]
ADVAPI32.dll!SetThreadToken 77DDF141 5 Bytes
JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1840]
USER32.dll!FindWindowA 7E42DE87 5 Bytes
JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1840]
USER32.dll!FindWindowW 7E42E13A 5 Bytes
JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1884]
ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1884]
ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1884]
ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1884]
kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1884]
ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7406 5 Bytes JMP 20CB8E5D
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1884]
ADVAPI32.dll!SetThreadToken 77DDF141 5 Bytes JMP 20CB9036
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1884]
USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20CB828F
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1884]
USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20CB825A
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1920]
ntdll.dll!NtAccessCheckByType
7C90CE8E 5 Bytes JMP 20CB8791 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1920]
ntdll.dll!NtImpersonateClientOfPort
7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1920]
ntdll.dll!NtSetInformationProcess
7C90DC9E 5 Bytes JMP 20CB89AB C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!OpenProcess
7C830A01 5 Bytes JMP 20CB846C
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1920]
ADVAPI32.dll!ImpersonateNamedPipeClient
77DD7406 5 Bytes JMP 20CB8E5D C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!SetThreadToken
77DDF141 5 Bytes JMP 20CB9036
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1920] USER32.dll!FindWindowA
7E42DE87 5 Bytes JMP 20CB828F
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1920] USER32.dll!FindWindowW
7E42E13A 5 Bytes JMP 20CB825A
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[2012]
kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP
20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm
Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[2012]
USER32.dll!DefDlgProcW + 56E 7E423D08 2 Bytes JMP
20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm
Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[2012]
USER32.dll!DefDlgProcW + 571 7E423D0B 2 Bytes [89,
A2]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2052]
ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes
JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2052]
ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes
JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2052]
ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes
JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2052]
kernel32.dll!OpenProcess 7C830A01 5 Bytes
JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2052]
USER32.dll!FindWindowA 7E42DE87 5 Bytes
JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2052]
USER32.dll!FindWindowW 7E42E13A 5 Bytes
JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2052]
ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7406 5 Bytes
JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2052]
ADVAPI32.dll!SetThreadToken 77DDF141 5 Bytes
JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2084] ntdll.dll!NtAccessCheckByType
7C90CE8E 5 Bytes JMP 20CB8791
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2084] ntdll.dll!NtImpersonateClientOfPort
7C90D3FE 5 Bytes JMP 20CB8D58
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2084] ntdll.dll!NtSetInformationProcess
7C90DC9E 5 Bytes JMP 20CB89AB
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2084] kernel32.dll!OpenProcess
7C830A01 5 Bytes JMP 20CB846C
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2084] USER32.dll!FindWindowA
7E42DE87 5 Bytes JMP 20CB828F
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2084] USER32.dll!FindWindowW
7E42E13A 5 Bytes JMP 20CB825A
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2084]
ADVAPI32.dll!ImpersonateNamedPipeClient
77DD7406 5 Bytes JMP 20CB8E5D C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2084] ADVAPI32.dll!SetThreadToken
77DDF141 5 Bytes JMP 20CB9036
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2128]
ntdll.dll!NtAccessCheckByType 7C90CE8E 5
Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2128]
ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5
Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2128]
ntdll.dll!NtSetInformationProcess 7C90DC9E 5
Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2128]
kernel32.dll!OpenProcess 7C830A01 5
Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2128]
ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7406 5
Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2128]
ADVAPI32.dll!SetThreadToken 77DDF141 5
Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2128]
USER32.dll!FindWindowA 7E42DE87 5
Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2128]
USER32.dll!FindWindowW 7E42E13A 5
Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Jeff\Desktop\g---mer.exe[2156]
ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP
20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm
Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Jeff\Desktop\g---mer.exe[2156]
ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP
20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm
Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Jeff\Desktop\g---mer.exe[2156]
ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP
20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm
Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Jeff\Desktop\g---mer.exe[2156]
kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP
20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm
Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Jeff\Desktop\g---mer.exe[2156]
USER32.dll!GetCursor 7E41D749 5 Bytes JMP
00E11080 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Documents and Settings\Jeff\Desktop\g---mer.exe[2156]
USER32.dll!DrawIconEx 7E41EB4E 5 Bytes JMP
00E11120 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Documents and Settings\Jeff\Desktop\g---mer.exe[2156]
USER32.dll!GetIconInfo 7E41F052 5 Bytes JMP
00E11030 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Documents and Settings\Jeff\Desktop\g---mer.exe[2156]
USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP
20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm
Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Jeff\Desktop\g---mer.exe[2156]
USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP
20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm
Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Jeff\Desktop\g---mer.exe[2156]
ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7406 5 Bytes JMP
20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm
Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Jeff\Desktop\g---mer.exe[2156]
ADVAPI32.dll!SetThreadToken 77DDF141 5 Bytes JMP
20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm
Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2292]
ntdll.dll!NtAccessCheckByType
7C90CE8E 5 Bytes JMP 20CB8791 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2292]
ntdll.dll!NtImpersonateClientOfPort
7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2292]
ntdll.dll!NtSetInformationProcess
7C90DC9E 5 Bytes JMP 20CB89AB C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2292] kernel32.dll!OpenProcess
7C830A01 5 Bytes JMP 20CB846C
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2292]
ADVAPI32.dll!ImpersonateNamedPipeClient
77DD7406 5 Bytes JMP 20CB8E5D C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2292] ADVAPI32.dll!SetThreadToken
77DDF141 5 Bytes JMP 20CB9036
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2292] USER32.dll!FindWindowA
7E42DE87 5 Bytes JMP 20CB828F
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2292] USER32.dll!FindWindowW
7E42E13A 5 Bytes JMP 20CB825A
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2336]
ntdll.dll!NtAccessCheckByType
7C90CE8E 5 Bytes JMP 20CB8791 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2336]
ntdll.dll!NtImpersonateClientOfPort
7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2336]
ntdll.dll!NtSetInformationProcess
7C90DC9E 5 Bytes JMP 20CB89AB C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2336] kernel32.dll!OpenProcess
7C830A01 5 Bytes JMP 20CB846C
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2336] USER32.dll!FindWindowA
7E42DE87 5 Bytes JMP 20CB828F
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2336] USER32.dll!FindWindowW
7E42E13A 5 Bytes JMP 20CB825A
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2336]
ADVAPI32.dll!ImpersonateNamedPipeClient
77DD7406 5 Bytes JMP 20CB8E5D C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2336] ADVAPI32.dll!SetThreadToken
77DDF141 5 Bytes JMP 20CB9036
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Tablet.exe[2532] ntdll.dll!NtAccessCheckByType
7C90CE8E 5 Bytes JMP 20CB8791
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Tablet.exe[2532]
ntdll.dll!NtImpersonateClientOfPort
7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Tablet.exe[2532]
ntdll.dll!NtSetInformationProcess
7C90DC9E 5 Bytes JMP 20CB89AB C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Tablet.exe[2532] kernel32.dll!OpenProcess
7C830A01 5 Bytes JMP 20CB846C
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Tablet.exe[2532] USER32.dll!FindWindowA
7E42DE87 5 Bytes JMP 20CB828F
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Tablet.exe[2532] USER32.dll!FindWindowW
7E42E13A 5 Bytes JMP 20CB825A
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Tablet.exe[2532]
ADVAPI32.dll!ImpersonateNamedPipeClient
77DD7406 5 Bytes JMP 20CB8E5D C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Tablet.exe[2532] ADVAPI32.dll!SetThreadToken
77DDF141 5 Bytes JMP 20CB9036
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\Program Files\CursorXP\CursorXP.exe[2548]
ntdll.dll!NtAccessCheckByType 7C90CE8E 5
Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CursorXP\CursorXP.exe[2548]
ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5
Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CursorXP\CursorXP.exe[2548]
ntdll.dll!NtSetInformationProcess 7C90DC9E 5
Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CursorXP\CursorXP.exe[2548]
kernel32.dll!OpenProcess 7C830A01 5
Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CursorXP\CursorXP.exe[2548]
USER32.dll!FindWindowA 7E42DE87 5
Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CursorXP\CursorXP.exe[2548]
USER32.dll!FindWindowW 7E42E13A 5
Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CursorXP\CursorXP.exe[2548]
ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7406 5
Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CursorXP\CursorXP.exe[2548]
ADVAPI32.dll!SetThreadToken 77DDF141 5
Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[2620] ntdll.dll!NtAccessCheckByType
7C90CE8E 5 Bytes JMP 20CB8791
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[2620]
ntdll.dll!NtImpersonateClientOfPort
7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[2620]
ntdll.dll!NtSetInformationProcess
7C90DC9E 5 Bytes JMP 20CB89AB C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[2620] kernel32.dll!OpenProcess
7C830A01 5 Bytes JMP 20CB846C
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[2620]
ADVAPI32.dll!ImpersonateNamedPipeClient
77DD7406 5 Bytes JMP 20CB8E5D C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[2620] ADVAPI32.dll!SetThreadToken
77DDF141 5 Bytes JMP 20CB9036
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[2620] USER32.dll!FindWindowA
7E42DE87 5 Bytes JMP 20CB828F
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[2620] USER32.dll!FindWindowW
7E42E13A 5 Bytes JMP 20CB825A
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2672]
ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP
20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm
Browser Security/Check Point Software Technologies)
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2672]
ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP
20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm
Browser Security/Check Point Software Technologies)
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2672]
ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP
20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm
Browser Security/Check Point Software Technologies)
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2672]
kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP
20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm
Browser Security/Check Point Software Technologies)
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2672]
USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP
20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm
Browser Security/Check Point Software Technologies)
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2672]
USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP
20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm
Browser Security/Check Point Software Technologies)
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2672]
ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7406 5 Bytes JMP
20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm
Browser Security/Check Point Software Technologies)
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2672]
ADVAPI32.dll!SetThreadToken 77DDF141 5 Bytes JMP
20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm
Browser Security/Check Point Software Technologies)
.text C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP
Pro.exe[2760] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP
20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm
Browser Security/Check Point Software Technologies)
.text C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP
Pro.exe[2760] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP
20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm
Browser Security/Check Point Software Technologies)
.text C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP
Pro.exe[2760] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP
20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm
Browser Security/Check Point Software Technologies)
.text C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP
Pro.exe[2760] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP
20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm
Browser Security/Check Point Software Technologies)
.text C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP
Pro.exe[2760] ADVAPI32.DLL!ImpersonateNamedPipeClient 77DD7406 5 Bytes JMP
20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm
Browser Security/Check Point Software Technologies)
.text C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP
Pro.exe[2760] ADVAPI32.DLL!SetThreadToken 77DDF141 5 Bytes JMP
20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm
Browser Security/Check Point Software Technologies)
.text C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP
Pro.exe[2760] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP
20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm
Browser Security/Check Point Software Technologies)
.text C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP
Pro.exe[2760] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP
20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm
Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2780]
ntdll.dll!NtAccessCheckByType 7C90CE8E 5
Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2780]
ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5
Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2780]
ntdll.dll!NtSetInformationProcess 7C90DC9E 5
Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2780]
kernel32.dll!OpenProcess 7C830A01 5
Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2780]
USER32.dll!FindWindowA 7E42DE87 5
Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2780]
USER32.dll!FindWindowW 7E42E13A 5
Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2780]
ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7406 5
Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2780]
ADVAPI32.dll!SetThreadToken 77DDF141 5
Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WallMaster\wallmast.exe[3280]
ntdll.dll!NtAccessCheckByType 7C90CE8E 5
Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WallMaster\wallmast.exe[3280]
ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5
Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WallMaster\wallmast.exe[3280]
ntdll.dll!NtSetInformationProcess 7C90DC9E 5
Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WallMaster\wallmast.exe[3280]
kernel32.dll!OpenProcess 7C830A01 5
Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WallMaster\wallmast.exe[3280]
user32.dll!FindWindowA 7E42DE87 5
Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WallMaster\wallmast.exe[3280]
user32.dll!FindWindowW 7E42E13A 5
Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WallMaster\wallmast.exe[3280]
advapi32.dll!ImpersonateNamedPipeClient 77DD7406 5
Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WallMaster\wallmast.exe[3280]
advapi32.dll!SetThreadToken 77DDF141 5
Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3684]
ntdll.dll!NtAccessCheckByType
7C90CE8E 5 Bytes JMP 20CB8791 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3684]
ntdll.dll!NtImpersonateClientOfPort
7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3684]
ntdll.dll!NtSetInformationProcess
7C90DC9E 5 Bytes JMP 20CB89AB C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3684] kernel32.dll!OpenProcess
7C830A01 5 Bytes JMP 20CB846C
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3684]
ADVAPI32.dll!ImpersonateNamedPipeClient
77DD7406 5 Bytes JMP 20CB8E5D C:\Program
Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3684] ADVAPI32.dll!SetThreadToken
77DDF141 5 Bytes JMP 20CB9036
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3684] USER32.dll!FindWindowA
7E42DE87 5 Bytes JMP 20CB828F
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3684] USER32.dll!FindWindowW
7E42E13A 5 Bytes JMP 20CB825A
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser
Security/Check Point Software Technologies)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs
ssfs0bbc.sys (Spy Sweeper
FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
Device \Driver\Tcpip \Device\Ip
vsdatant.sys (ZoneAlarm
Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Ip
89FA1CF8
Device \Driver\Tcpip \Device\Ip
89EF3E10
Device \Driver\Tcpip \Device\Tcp
vsdatant.sys (ZoneAlarm
Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp
89FA1CF8
Device \Driver\Tcpip \Device\Tcp
89EF3E10
Device \Driver\Tcpip \Device\Udp
vsdatant.sys (ZoneAlarm
Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp
89FA1CF8
Device \Driver\Tcpip \Device\Udp
89EF3E10
Device \Driver\Tcpip \Device\RawIp
vsdatant.sys (ZoneAlarm
Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp
89FA1CF8
Device \Driver\Tcpip \Device\RawIp
89EF3E10
Device \Driver\Tcpip \Device\IPMULTICAST
vsdatant.sys (ZoneAlarm
Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST
89FA1CF8
Device \Driver\Tcpip \Device\IPMULTICAST
89EF3E10
---- EOF - GMER 1.0.15 ----
******
OTL log here:
All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ISW deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== REGISTRY ==========
========== FILES ==========
File\Folder c:\windows\TEMP\SST-49AFC6E8-E9FC-4FCF-9B71-4D605442DED6.tmp not found.
< type "C:\Qoobox\ComboFix2.txt" /c >ComboFix 11-10-02.03 - Jeff 10/04/2011 7:12.6.4 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1554 [GMT -4:00]
Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-04 to 2011-10-04 )))))))))))))))))))))))))))))))
.
.
2011-10-04 11:10 . 2011-10-04 11:10 -------- d-----w- c:\windows\LastGood
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 05:55 . 2011-03-30 00:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 16:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 17:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 19:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 04:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-03_11.11.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-04 11:07 . 2011-10-04 11:07 16384 c:\windows\Temp\Perflib_Perfdata_f0.dat
- 2011-06-06 02:46 . 2011-10-03 05:03 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-06 02:46 . 2011-10-04 11:07 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-11 06:49 . 2011-10-04 11:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-08-11 06:49 . 2011-10-03 05:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-04-08 02:46 . 2011-10-04 11:07 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2011-04-08 02:46 . 2011-10-03 05:03 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-10-04 11:10 . 2011-08-21 07:09 475736 c:\windows\LastGood\system32\DRIVERS\7826020drv.sys
+ 2011-10-04 11:10 . 2011-08-21 07:09 133208 c:\windows\LastGood\system32\DRIVERS\74437105.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3ce45c4f-bfff-4988-9a3c-a75c1f491319}"= "c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3ce45c4f-bfff-4988-9a3c-a75c1f491319}"= "c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3CE45C4F-BFFF-4988-9A3C-A75C1F491319}"= "c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-20 128000]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-08-09 389352]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-27 4611456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-22 16126464]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-07-22 72336]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]
"ISW"="" [BU]
.
c:\documents and settings\Jeff\Start Menu\Programs\Startup\
ButtonBoogie.lnk - c:\program files\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe [2010-8-11 303104]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ButtonBoogie.lnk - c:\program files\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe [2010-8-11 303104]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2010-8-11 114688]
WallMaster.lnk - c:\program files\WallMaster\wallmast.exe [2010-8-11 288256]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-4-6 147456]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R0 26488742;26488742 Boot Guard Driver;c:\windows\system32\drivers\26488742.sys [5/11/2011 1:27 AM 37392]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 12:00 PM 29808]
R1 26488741;26488741;c:\windows\system32\drivers\26488741.sys [5/11/2011 1:27 AM 128016]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [10/14/2010 5:08 PM 11352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
R1 setup_9.0.0.722_06.06.2011_04-46drv;setup_9.0.0.722_06.06.2011_04-46drv;c:\windows\system32\drivers\2034379.sys [6/6/2011 5:59 AM 315408]
R1 setup_9.0.0.722_06.06.2011_12-48drv;setup_9.0.0.722_06.06.2011_12-48drv;c:\windows\system32\drivers\5125243.sys [6/6/2011 6:25 AM 315408]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [8/11/2010 3:34 AM 20328]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [7/25/2011 8:57 AM 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [7/25/2011 8:57 AM 493184]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [6/5/2011 10:41 PM 1201640]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [8/11/2010 5:54 AM 38656]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [8/15/2010 9:52 PM 47360]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 74437105
.
Contents of the 'Scheduled Tasks' folder
.
2010-11-11 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p officejet 6100 series5E771253C1676EBED677BF361FDFC537825E15B8281518752.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 07:52]
.
2011-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1450960922-839522115-1003Core.job
- c:\documents and settings\Jeff\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-11 09:08]
.
2011-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1450960922-839522115-1003UA.job
- c:\documents and settings\Jeff\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-11 09:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\94urjx0q.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=us&.src=ym&rl=1
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3015261&SearchSource=2&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-10-04 07:18
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(604)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(660)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(3732)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CursorXP\CurXP0.dll
.
Completion time: 2011-10-04 07:20:21
ComboFix-quarantined-files.txt 2011-10-04 11:20
ComboFix2.txt 2011-10-03 11:13
.
Pre-Run: 43,767,078,912 bytes free
Post-Run: 43,757,187,072 bytes free
.
- - End Of File - - C475488956FDDDB4365C2BAAFCD6982D
C:\Documents and Settings\Jeff\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jeff\Desktop\cmd.txt deleted successfully.
< type "C:\Qoobox\ComboFix3.txt" /c >ComboFix 11-10-02.03 - Jeff 10/03/2011 7:04.5.4 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1408 [GMT -4:00]
Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jeff\Application Data\vso_ts_preview.xml
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-09-03 to 2011-10-03 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 05:55 . 2011-03-30 00:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 16:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 17:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 19:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 04:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3ce45c4f-bfff-4988-9a3c-a75c1f491319}"= "c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3ce45c4f-bfff-4988-9a3c-a75c1f491319}"= "c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3CE45C4F-BFFF-4988-9A3C-A75C1F491319}"= "c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-20 128000]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-08-09 389352]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-27 4611456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-22 16126464]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-07-22 72336]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]
.
c:\documents and settings\Jeff\Start Menu\Programs\Startup\
ButtonBoogie.lnk - c:\program files\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe [2010-8-11 303104]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ButtonBoogie.lnk - c:\program files\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe [2010-8-11 303104]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2010-8-11 114688]
WallMaster.lnk - c:\program files\WallMaster\wallmast.exe [2010-8-11 288256]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-4-6 147456]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R0 26488742;26488742 Boot Guard Driver;c:\windows\system32\drivers\26488742.sys [5/11/2011 1:27 AM 37392]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 12:00 PM 29808]
R1 26488741;26488741;c:\windows\system32\drivers\26488741.sys [5/11/2011 1:27 AM 128016]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [10/14/2010 5:08 PM 11352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
R1 setup_9.0.0.722_06.06.2011_04-46drv;setup_9.0.0.722_06.06.2011_04-46drv;c:\windows\system32\drivers\2034379.sys [6/6/2011 5:59 AM 315408]
R1 setup_9.0.0.722_06.06.2011_12-48drv;setup_9.0.0.722_06.06.2011_12-48drv;c:\windows\system32\drivers\5125243.sys [6/6/2011 6:25 AM 315408]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [8/11/2010 3:34 AM 20328]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [7/25/2011 8:57 AM 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [7/25/2011 8:57 AM 493184]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [6/5/2011 10:41 PM 1201640]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [8/11/2010 5:54 AM 38656]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [8/15/2010 9:52 PM 47360]
.
Contents of the 'Scheduled Tasks' folder
.
2010-11-11 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p officejet 6100 series5E771253C1676EBED677BF361FDFC537825E15B8281518752.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 07:52]
.
2011-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1450960922-839522115-1003Core.job
- c:\documents and settings\Jeff\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-11 09:08]
.
2011-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1450960922-839522115-1003UA.job
- c:\documents and settings\Jeff\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-11 09:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\94urjx0q.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=us&.src=ym&rl=1
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3015261&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ISW - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-10-03 07:11
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(796)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(852)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2011-10-03 07:13:17
ComboFix-quarantined-files.txt 2011-10-03 11:13
.
Pre-Run: 43,728,224,256 bytes free
Post-Run: 43,749,814,272 bytes free
.
- - End Of File - - D2DB0AF1B6916E5135688962BCBB4986
C:\Documents and Settings\Jeff\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jeff\Desktop\cmd.txt deleted successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >Are you sure (Y/N)?processed file: C:\WINDOWS\system32\drivers\etc\hosts
C:\Documents and Settings\Jeff\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jeff\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\Jeff\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jeff\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Jeff
->Temp folder emptied: 4180212 bytes
->Temporary Internet Files folder emptied: 401035 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42880409 bytes
->Google Chrome cache emptied: 375417666 bytes
->Opera cache emptied: 5944650 bytes
->Flash cache emptied: 580 bytes
User: LocalService
->Temp folder emptied: 986296 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 986296 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1300680 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 412.00 mb
[EMPTYFLASH]
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: Jeff
->Flash cache emptied: 0 bytes
User: LocalService
->Flash cache emptied: 0 bytes
User: NetworkService
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.29.1 log created on 10232011_164205
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
***
Once again, thank you very much for your assistance.
Jeff Ferreri