Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

AVE.exe keeps returning, cpu 100%, freezing

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

AVE.exe keeps returning, cpu 100%, freezing

Unread postby CalvinQuest » April 20th, 2010, 9:32 pm

Hi and thanks for reading this.
I've finally got my computer stable enough to post this. Originally whatever sickness my computer had prevented me from installing malwarebytes (deleting it) and had changed my registry so I couldn't log in. It is now in a relatively stable state, and I've been able to update and run malwarebytes (previously I was prevented from updating). If it helps, I had previously recovered (I thought) from the google redirecting virus.
Description:
After running malwarebytes and superantispyware and spybot and having fixed everything. However, every time I connect to the internet, after some time (to me it's still random when), my browser shuts off and ave.exe is back!
I'll also notice several rundll32.exe running when I go to Task Manager.
Sometimes my cpu is heavily used by svchost.exe or AcroRd32.exe in the 50-100% range. Sometimes firefox also runs high cpu %, and I don't think it used to.
Lastly, when trying to shut down or restart, my computer can hang.

My HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:13 PM, on 4/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDC722E8-B9F3-4D04-B881-AA2C308A9C2B}: NameServer = 10.101.11.1
O20 - AppInit_DLLs: wunufuzo.dll c:\windows\system32\nisimose.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: zukunuhir - {0a57f8a8-d023-43de-8c9e-78aacf842901} - c:\windows\system32\garowori.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {0a57f8a8-d023-43de-8c9e-78aacf842901} - c:\windows\system32\garowori.dll (file missing)
O23 - Service: hpdj - HP - C:\DOCUME~1\me\LOCALS~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8404 bytes

My Uninstall list:
AC-3 ACM Codec
ACDSee 8
Ad-Aware SE Professional
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.1.0
Adobe Reader Chinese Simplified Fonts
Adobe Shockwave Player 11.5
AnswerWorks 4.0 Runtime - English
AOL Instant Messenger
AOLIcon
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Broadcom Management Programs
BSPlayer
Calc98
CCleaner
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Support 3.1
Dell Wireless WLAN Card
Digital Content Portal
Digital Line Detect
Dolet Light for Finale 2006
EAX(tm) Unified (SHELL)
EndNote X2
eyeQ
Finale 2006
FLV Player 1.3.3
Fraps (remove only)
GIMP 2.4.6
Graph 4.2
HijackThis 2.0.2
HLM 6 for Windows (Student Edition)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
iPod for Windows 2005-09-23
ISI ResearchSoft - Export Helper
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 19
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Macromedia Flash Player
Magic ISO Maker v5.4 (build 0251)
Malwarebytes' Anti-Malware
Maxtor Manager
Maxtor Manager
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Small Business Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Reader
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mixer
Modem Helper
MoRUN.net Sticker
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero Suite
NetWaiting
PowerISO
QuickBooks Simple Start Special Edition
QuickSet
QuickTime
RealPlayer
Replay AV 8
Replay Converter 2.8
Rhapsody Player Engine
Rhapsody Player Engine
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Search Assist
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Sonic Activation Module
Sound Blaster Audigy ADVANCED MB Demo
SPSS 13.0 for Windows
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SUPERAntiSpyware Free Edition
Symantec KB-DocID:2003093015493306
Synaptics Pointing Device Driver
System Requirements Lab for Intel
The Core Media Player 4.0
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
URL Assistant
Ventrilo Client
Viewpoint Media Player
WexTech AnswerWorks
Winamp
Windows Imaging Component
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinPcap 3.1
WinRAR archiver
Xfire (remove only)
ZoneAlarm
ZoneAlarm Toolbar

I'm grateful for any help
Last edited by CalvinQuest on May 7th, 2010, 7:32 pm, edited 1 time in total.
CalvinQuest
Regular Member
 
Posts: 20
Joined: April 20th, 2010, 8:53 pm
Advertisement
Register to Remove

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby MWR 3 day Mod » April 24th, 2010, 2:34 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby melboy » April 24th, 2010, 5:58 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please DO NOT run any other tools or scans whilst I am helping you.
  5. It is important that you reply to this thread. Do not start a new topic.
  6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  7. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


===============================================================


DDS

Please disable any anti-malware program that will block scripts from running before running DDS.

Please download DDS from one of the links below and save it to your desktop:

Link1
Link2
Link3

Disable any script blocker, and then double click dds.scr to run the tool. A command window will appear, this is normal.

Image
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

Please copy & paste the contents of :
  • DDS.txt
  • Attach.txt
And post them in your next reply.



Gmer

Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
    See image below
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.



In your next reply:
  1. DDS.txt
  2. Attach.txt
  3. GMER log
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby CalvinQuest » April 25th, 2010, 6:07 pm

Hi melboy, thank you so much for your help.
I ran the DDS just fine (the file HOPE is what I renamed malwarebytes to keep it from getting auto-deleted).
However, I couldn't complete the GMER scan. I tried multiple times, with it always ending in either my computer freezing, or suddenly blue screen and immediately rebooting. This is after many hours (7+) for each scan, and I assume it is almost done when it usually happens (when it gets to reading the files I think). One time I tried to save it during a scan, and I will include what I could save, although it's incomplete.

DDS


DDS (Ver_10-03-17.01) - NTFSx86
Run by me at 14:54:47.90 on Sun 04/25/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.531 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\me\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.cnn.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program

files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program

files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [CTSVolFE.exe] "c:\program files\creative\mixer\CTSVolFE.exe" /r
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0

\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10

\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\miniey~1.lnk - c:\program files\infinite mind

lc\eyeq\ARLaunch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80

\tools\binn\sqlmangr.exe
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11

\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: wunufuzo.dll c:\windows\system32\nisimose.dll
SSODL: zukunuhir - {0a57f8a8-d023-43de-8c9e-78aacf842901} - No File
STS: {0a57f8a8-d023-43de-8c9e-78aacf842901} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, maivvvoi.dll
LSA: Notification Packages = scecli wunufuzo.dll
Hosts: 127.0.0.1 http://www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\me\applic~1\mozilla\firefox\profiles\xdvvoe8p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {FE1DD508-100D-4367-97B1-E97AAEFDAD94} - c:\documents and settings\me\local

settings\application data\{fe1dd508-100d-4367-97b1-e97aaefdad94}\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-

0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-

0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref

("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-

3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-4-20 486280]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 476528]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-26 1251720]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-9-18

24652]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32

\zonelabs\vsmon.exe -service [?]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 XDva090;XDva090;\??\c:\windows\system32\xdva090.sys --> c:\windows\system32\XDva090.sys [?]
S3 XDva190;XDva190;\??\c:\windows\system32\xdva190.sys --> c:\windows\system32\XDva190.sys [?]
S3 XDva269;XDva269;\??\c:\windows\system32\xdva269.sys --> c:\windows\system32\XDva269.sys [?]
S3 XDva275;XDva275;\??\c:\windows\system32\xdva275.sys --> c:\windows\system32\XDva275.sys [?]
S3 XDva279;XDva279;\??\c:\windows\system32\xdva279.sys --> c:\windows\system32\XDva279.sys [?]
S3 XDva288;XDva288;\??\c:\windows\system32\xdva288.sys --> c:\windows\system32\XDva288.sys [?]

=============== Created Last 30 ================

2010-04-23 01:56:03 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-04-23 01:56:03 77824 ----a-w- c:\windows\system32\xvid.ax
2010-04-23 01:56:02 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-04-23 01:56:02 0 d-----w- c:\program files\Xvid
2010-04-21 01:03:58 0 d-----w- c:\docume~1\me\applic~1\CheckPoint
2010-04-21 01:03:40 0 d-----w- c:\program files\CheckPoint
2010-04-21 01:03:38 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-04-21 01:03:29 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-04-21 01:03:28 0 d-----w- c:\windows\system32\ZoneLabs
2010-04-21 01:03:27 422437 ----a-w- c:\windows\system32\vsconfig.xml
2010-04-21 01:03:27 0 d-----w- c:\program files\Zone Labs
2010-04-21 01:02:56 0 d-----w- c:\windows\Internet Logs
2010-04-21 00:41:00 0 d-----w- c:\program files\Trend Micro
2010-04-20 19:26:01 0 ----a-w- c:\windows\system32\tmp.tmp
2010-04-20 19:25:29 11776 ----a-w- c:\windows\system32\maivvvoi.dll
2010-04-16 09:10:46 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-04-16 09:10:18 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-16 09:10:18 0 d-----w- c:\docume~1\me\applic~1\SUPERAntiSpyware.com
2010-04-15 01:37:05 0 d-----w- C:\HOPE2
2010-04-15 01:34:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-15 01:34:03 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 01:34:03 0 d-----w- c:\program files\HOPE
2010-04-12 01:24:35 0 d-----w- c:\program files\Winamp Detect
2010-04-10 19:32:58 54156 ---ha-w- c:\windows\QTFont.qfn
2010-04-10 19:32:58 1409 ----a-w- c:\windows\QTFont.for
2010-04-09 08:27:01 0 d-----w- c:\windows\system32\wbem\Repository.001
2010-04-09 08:25:59 76800 ------w- c:\windows\system32\qutil.dll
2010-04-09 08:23:23 33792 -c----w- c:\windows\system32\dllcache\custsat.dll
2010-04-09 08:09:53 19569 ----a-w- c:\windows\003325_.tmp
2010-04-07 22:12:03 0 d-----w- c:\program files\SystemRequirementsLab
2010-04-07 20:30:48 162304 ----a-w- c:\windows\system32\wuaucpl.cpl
2010-04-07 20:21:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-07 18:41:35 0 d-----w- C:\VundoFix Backups
2010-04-06 20:13:15 139264 ----a-w- c:\windows\system32\igfxres.dll
2010-04-06 19:58:59 9216 -c--a-w- c:\windows\system32\dllcache\EXCH_rwnh.dll
2010-04-06 19:57:51 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2010-04-06 19:56:59 94720 -c--a-w- c:\windows\system32\dllcache\certmap.ocx
2010-04-06 19:56:09 25065 ----a-w- c:\windows\system32\wmpscheme.xml
2010-04-06 19:56:04 299552 ----a-w- c:\windows\WMSysPrx.prx
2010-04-06 19:55:36 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-04-06 19:55:29 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-04-06 19:53:43 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-04-06 19:53:31 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-04-06 19:53:31 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-04-06 19:53:31 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-04-06 19:53:31 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-04-06 19:53:31 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-04-06 19:49:56 184320 ----a-w- c:\windows\system32\accwiz.exe
2010-04-06 19:40:13 13608 ----a-r- c:\windows\SETDB.tmp
2010-04-06 19:40:09 1086182 ----a-r- c:\windows\SETC3.tmp
2010-04-06 19:33:51 13608 ----a-r- c:\windows\SETD7.tmp
2010-04-06 19:33:44 1086182 ----a-r- c:\windows\SETC2.tmp
2010-04-06 16:46:22 13608 ----a-r- c:\windows\SETD6.tmp
2010-04-06 16:46:17 1086182 ----a-r- c:\windows\SETC1.tmp
2010-04-06 16:32:45 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-04-06 16:29:49 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-04-06 16:29:48 129536 ----a-w- c:\windows\system32\ksproxy.ax
2010-04-06 16:26:35 13608 ----a-r- c:\windows\SETD5.tmp
2010-04-06 16:26:30 1086182 ----a-r- c:\windows\SETC0.tmp
2010-04-06 06:23:22 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-04-06 06:23:20 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2010-04-06 06:20:51 13608 ----a-r- c:\windows\SET161.tmp
2010-04-06 06:20:46 1086182 ----a-r- c:\windows\SET152.tmp
2010-04-06 06:18:28 1028858 ----a-w- c:\windows\setupapi.log.0.old
2010-04-06 04:45:59 0 d-sh--w- c:\documents and settings\me\.COMMgr
2010-04-05 22:35:56 0 d-----w- c:\windows\Recent
2010-04-05 01:00:55 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2010-04-05 01:00:35 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-04-05 01:00:17 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-04-05 01:00:17 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2010-04-05 00:58:54 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2010-04-05 00:58:44 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2010-04-05 00:58:37 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2010-04-05 00:58:15 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-04-05 00:58:06 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2010-04-05 00:58:06 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2010-04-05 00:58:02 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-04-05 00:57:54 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2010-04-05 00:57:51 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2010-04-05 00:54:01 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

==================== Find3M ====================

2010-04-20 14:58:54 153344 ----a-w- c:\windows\system32\drivers\dmio.sys
2010-04-06 19:50:45 23428 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-13 01:02:38 261632 ----a-w- c:\windows\PEV.exe
2010-03-06 03:20:26 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-02-23 02:10:33 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-02-19 02:21:25 24 ----a-w- c:\docume~1\me\applic~1\cqfyto.dat
2007-03-09 07:12:32 27648 --sha-w- c:\windows\system32\AVSredirect.dll

============= FINISH: 14:57:27.78 ===============

Attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/6/2010 12:59:43 PM
System Uptime: 4/25/2010 2:51:35 PM (0 hours ago)

Motherboard: Dell Inc. | | 0MG532
Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | Microprocessor | 1596/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 81 GiB total, 28.402 GiB free.
D: is FIXED (NTFS) - 25 GiB total, 4.991 GiB free.
E: is CDROM ()
F: is CDROM ()

==== System Restore Points ===================

RP3: 4/9/2010 1:37:43 AM - Installed Windows XP KB923561.
RP4: 4/10/2010 1:40:57 PM - System Checkpoint
RP5: 4/12/2010 12:09:33 AM - System Checkpoint
RP6: 4/13/2010 1:33:16 AM - System Checkpoint
RP7: 4/14/2010 2:34:54 AM - System Checkpoint
RP8: 4/16/2010 2:10:12 AM - Installed SUPERAntiSpyware Free Edition
RP9: 4/20/2010 1:21:38 AM - System Checkpoint

==== Installed Programs ======================

AC-3 ACM Codec
ACDSee 8
Ad-Aware SE Professional
Adobe Audition 1.5
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.1.0
Adobe Reader Chinese Simplified Fonts
Adobe Shockwave Player 11.5
AnswerWorks 4.0 Runtime - English
AOL Instant Messenger
AOLIcon
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Broadcom Management Programs
BSPlayer
Calc98
CCleaner
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Support 3.1
Dell System Restore
Dell Wireless WLAN Card
Digital Content Portal
Digital Line Detect
Dolet Light for Finale 2006
EAX(tm) Unified (SHELL)
EndNote X2
eyeQ
Finale 2006
FLV Player 1.3.3
Fraps (remove only)
GIMP 2.4.6
Graph 4.2
HijackThis 2.0.2
HLM 6 for Windows (Student Edition)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
iPod for Windows 2005-09-23
ISI ResearchSoft - Export Helper
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java Auto Updater
Java(TM) 6 Update 19
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Macromedia Flash Player
Magic ISO Maker v5.4 (build 0251)
Malwarebytes' Anti-Malware
Maxtor Manager
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Small Business Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Reader
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mixer
Modem Helper
MoRUN.net Sticker
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero Suite
NetWaiting
PowerISO
QuickBooks Simple Start Special Edition
QuickSet
QuickTime
RealPlayer
Replay AV 8
Replay Converter 2.8
Rhapsody Player Engine
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Search Assist
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Sonic Activation Module
Sound Blaster Audigy ADVANCED MB Demo
SPSS 13.0 for Windows
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SUPERAntiSpyware Free Edition
Symantec KB-DocID:2003093015493306
Synaptics Pointing Device Driver
System Requirements Lab for Intel
The Core Media Player 4.0
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
URL Assistant
Viewpoint Media Player
WebFldrs XP
WexTech AnswerWorks
Winamp
Winamp Detector Plug-in
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinPcap 3.1
WinRAR archiver
Xvid 1.2.2 final uninstall
ZoneAlarm
ZoneAlarm Toolbar

==== Event Viewer Messages From Past Week ========

4/25/2010 1:23:47 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning

COM Service service to connect.
4/25/2010 1:23:47 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due

to the following error: The service did not respond to the start or control request in a timely fashion.
4/22/2010 4:29:53 PM, error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the

error.
4/21/2010 11:01:50 PM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has

done this 1 time(s).
4/21/2010 11:01:50 PM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated

unexpectedly. It has done this 1 time(s).
4/21/2010 11:01:50 PM, error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has

done this 1 time(s).
4/21/2010 11:01:50 PM, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done

this 1 time(s).
4/21/2010 11:01:50 PM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly.

It has done this 1 time(s).
4/21/2010 11:01:50 PM, error: Service Control Manager [7034] - The System Event Notification service terminated

unexpectedly. It has done this 1 time(s).
4/21/2010 11:01:50 PM, error: Service Control Manager [7034] - The Shell Hardware Detection service terminated

unexpectedly. It has done this 1 time(s).
4/21/2010 11:01:50 PM, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done

this 1 time(s).
4/21/2010 11:01:50 PM, error: Service Control Manager [7034] - The Security Center service terminated unexpectedly. It has

done this 1 time(s).
4/21/2010 11:01:50 PM, error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has

done this 1 time(s).
4/21/2010 11:01:50 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated

unexpectedly. It has done this 1 time(s).
4/21/2010 11:01:50 PM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated

unexpectedly. It has done this 1 time(s).
4/21/2010 11:01:50 PM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It

has done this 1 time(s).
4/21/2010 11:01:50 PM, error: Service Control Manager [7034] - The Logical Disk Manager service terminated unexpectedly.

It has done this 1 time(s).
4/21/2010 11:01:50 PM, error: Service Control Manager [7034] - The Distributed Link Tracking Client service terminated

unexpectedly. It has done this 1 time(s).
4/21/2010 11:01:50 PM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has

done this 1 time(s).
4/21/2010 11:01:50 PM, error: Service Control Manager [7034] - The CryptSvc service terminated unexpectedly. It has done

this 1 time(s).
4/21/2010 11:01:50 PM, error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It

has done this 1 time(s).
4/21/2010 11:01:50 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It

has done this 1 time(s).
4/21/2010 11:01:50 PM, error: Service Control Manager [7034] - The Automatic Updates service terminated unexpectedly. It

has done this 1 time(s).
4/21/2010 11:01:50 PM, error: Service Control Manager [7031] - The Windows Time service terminated unexpectedly. It has

done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/21/2010 11:01:50 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the

service.
4/21/2010 11:01:50 PM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/21/2010 11:01:50 PM, error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has

done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
4/21/2010 11:01:50 PM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It

has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
4/21/2010 11:01:50 PM, error: Service Control Manager [7031] - The Background Intelligent Transfer Service service

terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:

Restart the service.
4/21/2010 10:37:42 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TrueVector

Internet Monitor service to connect.
4/21/2010 10:37:42 AM, error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due

to the following error: The service did not respond to the start or control request in a timely fashion.
4/20/2010 8:00:38 AM, error: Service Control Manager [7001] - The hpdj service depends on the Print Spooler service which

failed to start because of the following error: The service cannot be started, either because it is disabled or because it

has no enabled devices associated with it.
4/20/2010 8:00:38 AM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which

failed to start because of the following error: The service cannot be started, either because it is disabled or because it

has no enabled devices associated with it.
4/20/2010 8:00:31 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file

on the boot partition and that is large enough to contain all physical memory.
4/20/2010 8:00:31 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
4/20/2010 7:58:52 AM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32

\drivers\dmio.sys could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to

verify the integrity of the file at a later time.
4/20/2010 7:22:58 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system

file dmio.sys. This file was restored to the original version to maintain system stability. The file version of the system

file is 2600.5512.503.0.
4/20/2010 3:43:46 PM, error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done

this 1 time(s).

==== End Of File ===========================
Last edited by CalvinQuest on April 26th, 2010, 7:43 pm, edited 3 times in total.
CalvinQuest
Regular Member
 
Posts: 20
Joined: April 20th, 2010, 8:53 pm

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby CalvinQuest » April 25th, 2010, 6:08 pm

Sorry for double post, the forum said it was too long for 1 post.

GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-25 07:26:49
Windows 5.1.2600 Service Pack 3
Running: sqlvtxh5.exe; Driver: C:\DOCUME~1\me\LOCALS~1\Temp\fxtdypod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xA757E630]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xA7577D80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xA759C070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xA757EE40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xA7595D30]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xA7596150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xA75A0240]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xA757EFB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xA7578C60]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xA759D780]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xA759D160]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xA7594E70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xA759E080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xA759E2B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xA7578750]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xA7598450]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xA7598020]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xA759F430]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xA759EA40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xA757E180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xA759F0D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xA757E910]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xA7579080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xA759F8E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xA759C970]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xA7596D20]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA74E9320]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C58 805044E4 2 Bytes [80, 7D]
.text ntkrnlpa.exe!ZwCallbackReturn + 2C7C 80504508 12 Bytes [40, EE, 57, A7, 30, 5D, 59, ...] {INC EAX; OUT DX, AL ; PUSH EDI; CMPSD ; XOR [EBP+0x59], BL; CMPSD ; PUSH EAX; POPA ; POP ECX; CMPSD }
.text ntkrnlpa.exe!ZwCallbackReturn + 2C8C 80504518 2 Bytes [40, 02]
.text ntkrnlpa.exe!ZwCallbackReturn + 2CBC 80504548 2 Bytes [60, 8C]
.text ntkrnlpa.exe!ZwCallbackReturn + 2CBF 8050454B 5 Bytes [A7, 80, D7, 59, A7] {CMPSD ; ADC BH, 0x59; CMPSD }
.text ...
.rsrc C:\WINDOWS\system32\drivers\dmio.sys entry point in ".rsrc" section [0xF745AB14]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[192] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[192] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[192] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[220] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[220] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[220] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[220] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[220] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[220] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[220] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[220] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\bcmwltry.exe[276] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\bcmwltry.exe[276] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\bcmwltry.exe[276] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\bcmwltry.exe[276] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\bcmwltry.exe[276] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\bcmwltry.exe[276] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\bcmwltry.exe[276] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\bcmwltry.exe[276] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[452] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[452] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[452] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[452] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[452] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[452] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[452] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[452] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[816] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[816] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[816] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[816] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[816] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[860] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[860] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[860] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[860] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[860] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[860] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[860] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[860] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[872] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[872] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[872] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[872] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[872] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[872] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[872] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1132] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1132] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 0084000A
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 0085000A
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 006E000C
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1308] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1308] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1308] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1308] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1308] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1308] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1308] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1384] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1384] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1384] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1384] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1384] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1616] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1616] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C291E8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Maxtor\Sync\SyncServices.exe[1764] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Maxtor\Sync\SyncServices.exe[1764] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Maxtor\Sync\SyncServices.exe[1764] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Maxtor\Sync\SyncServices.exe[1764] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Maxtor\Sync\SyncServices.exe[1764] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Maxtor\Sync\SyncServices.exe[1764] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Maxtor\Sync\SyncServices.exe[1764] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Maxtor\Sync\SyncServices.exe[1764] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1820] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1820] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1820] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1820] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1820] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1820] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1820] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1820] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1896] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 02D38709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1896] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 02D38CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1896] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 02D38923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1896] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 02D383E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1896] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 02D38DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1896] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 02D38FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1896] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 02D38207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[1896] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 02D381D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1920] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1920] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1920] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1920] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1920] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1920] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1920] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1920] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2376] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2376] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2376] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2376] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2376] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 209A37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2376] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2376] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2376] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C291E8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[2400] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00A1000A
.text C:\WINDOWS\Explorer.EXE[2400] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 00AB000A
.text C:\WINDOWS\Explorer.EXE[2400] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 00A0000C
.text C:\WINDOWS\Explorer.EXE[2400] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[2400] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[2400] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[2400] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2560] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2560] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2560] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2560] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2560] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2560] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2560] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2560] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\WLTRAY.exe[2584] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\WLTRAY.exe[2584] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\WLTRAY.exe[2584] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\WLTRAY.exe[2584] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\WLTRAY.exe[2584] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\WLTRAY.exe[2584] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\WLTRAY.exe[2584] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\WLTRAY.exe[2584] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\stsystra.exe[2672] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\stsystra.exe[2672] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\stsystra.exe[2672] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\stsystra.exe[2672] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\stsystra.exe[2672] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\stsystra.exe[2672] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\stsystra.exe[2672] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\stsystra.exe[2672] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[2696] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[2696] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[2696] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[2696] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[2696] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[2696] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[2696] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[2696] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\Media Experience\PCMService.exe[2716] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\Media Experience\PCMService.exe[2716] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\Media Experience\PCMService.exe[2716] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\Media Experience\PCMService.exe[2716] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\Media Experience\PCMService.exe[2716] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\Media Experience\PCMService.exe[2716] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\Media Experience\PCMService.exe[2716] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\Media Experience\PCMService.exe[2716] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2728] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2728] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2728] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2728] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2728] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2728] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2728] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2728] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\QuickSet\quickset.exe[2740] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\QuickSet\quickset.exe[2740] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\QuickSet\quickset.exe[2740] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\QuickSet\quickset.exe[2740] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\QuickSet\quickset.exe[2740] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\QuickSet\quickset.exe[2740] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\QuickSet\quickset.exe[2740] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\QuickSet\quickset.exe[2740] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[2748] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[2748] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[2748] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[2748] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[2748] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[2748] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[2748] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[2748] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[2800] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[2800] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[2800] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[2800] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[2800] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[2800] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[2800] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[2800] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[3280] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[3280] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[3280] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[3280] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[3280] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[3280] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[3280] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[3280] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3288] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3288] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3288] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3288] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3288] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3288] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3288] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3288] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3304] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3304] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3304] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3304] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3304] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3304] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3304] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3304] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3312] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3312] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3312] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3312] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3312] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3312] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3312] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3312] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[3324] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[3324] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[3324] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[3324] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[3324] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[3324] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[3324] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[3324] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe[3356] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe[3356] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe[3356] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe[3356] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe[3356] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe[3356] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe[3356] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe[3356] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3368] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3368] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3368] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3368] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3368] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3368] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3368] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3368] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\me\Desktop\sqlvtxh5.exe[3768] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\me\Desktop\sqlvtxh5.exe[3768] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\me\Desktop\sqlvtxh5.exe[3768] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\me\Desktop\sqlvtxh5.exe[3768] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\me\Desktop\sqlvtxh5.exe[3768] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\me\Desktop\sqlvtxh5.exe[3768] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\me\Desktop\sqlvtxh5.exe[3768] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\me\Desktop\sqlvtxh5.exe[3768] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

Thanks again melboy, and sorry I can't complete the GMER scan :oops:
CalvinQuest
Regular Member
 
Posts: 20
Joined: April 20th, 2010, 8:53 pm

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby melboy » April 26th, 2010, 8:10 am

sorry I can't complete the GMER scan


That's ok, I believe I may have enough with what you have given. Tell me, Does your Zone Alarm have additional antivirus protection?



ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix: Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    For instructions on how to disable your security programs, please see this topic:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby CalvinQuest » April 26th, 2010, 3:04 pm

melboy wrote:That's ok, I believe I may have enough with what you have given. Tell me, Does your Zone Alarm have additional antivirus protection?

No I don't think so. It's just the firewall that comes from the free version.

Combofix:
ComboFix 10-04-26.02 - me 04/26/2010 11:30:23.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.664 [GMT -7:00]
Running from: c:\documents and settings\me\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\me\.COMMgr
c:\windows\system32\lsprst7.dll
c:\windows\system32\maivvvoi.dll
c:\windows\system32\ssprs.dll
c:\windows\Tasks\cxnkwspc.job
c:\windows\Tasks\tvtsyyit.job

Infected copy of c:\windows\system32\DRIVERS\dmio.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-03-26 to 2010-04-26 )))))))))))))))))))))))))))))))
.

2010-04-26 18:27 . 2008-04-14 07:14 153344 -c--a-w- c:\windows\system32\dllcache\dmio.sys
2010-04-26 18:27 . 2008-04-14 07:14 153344 ----a-w- c:\windows\system32\drivers\dmio.sys
2010-04-23 01:56 . 2009-06-07 23:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-04-23 01:56 . 2010-04-23 01:56 -------- d-----w- c:\program files\Xvid
2010-04-23 01:56 . 2009-06-07 23:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-04-21 01:02 . 2010-04-26 18:30 -------- d-----w- c:\windows\Internet Logs
2010-04-21 00:41 . 2010-04-21 00:41 -------- d-----w- c:\program files\Trend Micro
2010-04-20 03:42 . 2010-04-20 03:42 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-04-18 07:51 . 2010-04-18 07:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-04-18 07:51 . 2010-04-18 07:51 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-04-17 23:18 . 2010-04-17 23:18 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-04-16 18:43 . 2010-04-17 23:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-16 09:10 . 2010-04-16 09:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-16 09:10 . 2010-04-16 09:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-16 09:10 . 2010-04-16 09:10 -------- d-----w- c:\documents and settings\me\Application Data\SUPERAntiSpyware.com
2010-04-15 01:37 . 2010-04-15 01:44 -------- d-----w- C:\HOPE2
2010-04-15 01:34 . 2010-03-30 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-15 01:34 . 2010-04-19 17:31 -------- d-----w- c:\program files\HOPE
2010-04-15 01:34 . 2010-03-30 07:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-12 01:24 . 2010-04-12 01:24 -------- d-----w- c:\program files\Winamp Detect
2010-04-10 19:44 . 2010-04-10 19:44 -------- d-----w- c:\program files\Apple Software Update
2010-04-09 08:27 . 2010-04-09 10:32 -------- d-----w- c:\windows\system32\wbem\Repository.001
2010-04-09 08:25 . 2008-04-14 12:42 73796 ------w- c:\windows\system32\slserv.exe
2010-04-09 08:23 . 2008-04-14 12:41 33792 -c----w- c:\windows\system32\dllcache\custsat.dll
2010-04-07 22:12 . 2010-04-07 22:12 -------- d-----w- c:\program files\SystemRequirementsLab
2010-04-07 22:11 . 2010-04-07 22:11 -------- d-----w- c:\documents and settings\me\Application Data\SystemRequirementsLab
2010-04-07 20:21 . 2010-04-07 20:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-07 18:41 . 2010-04-07 18:41 -------- d-----w- C:\VundoFix Backups
2010-04-06 20:13 . 2006-07-15 00:03 139264 ----a-w- c:\windows\system32\igfxres.dll
2010-04-06 19:58 . 2001-08-18 05:36 9216 -c--a-w- c:\windows\system32\dllcache\EXCH_rwnh.dll
2010-04-06 19:57 . 2002-08-29 12:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2010-04-06 19:55 . 2008-04-14 07:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-04-06 19:55 . 2008-04-14 07:15 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-04-06 19:49 . 2008-04-14 12:42 184320 ----a-w- c:\windows\system32\accwiz.exe
2010-04-06 16:32 . 2008-04-14 07:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-04-06 16:29 . 2008-04-14 12:41 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-04-06 06:23 . 2008-04-14 12:43 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-04-06 06:23 . 2008-04-14 07:02 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2010-04-06 06:21 . 2008-04-14 12:42 146432 ----a-w- c:\windows\system\winspool.drv
2010-04-06 06:21 . 2008-04-14 07:24 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
2010-04-06 06:21 . 2002-08-29 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-04-06 06:21 . 2002-08-29 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-04-06 06:21 . 2002-08-29 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-04-06 06:21 . 2002-08-29 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-04-06 06:21 . 2008-04-14 12:42 74752 ----a-w- c:\windows\system32\storprop.dll
2010-04-06 06:18 . 2010-04-06 06:18 -------- d-s---w- c:\windows\system32\config\systemprofile\History
2010-04-05 01:01 . 2007-10-22 10:39 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2010-04-05 01:01 . 2007-10-02 16:56 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2010-04-05 01:01 . 2007-10-12 22:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2010-04-05 01:01 . 2007-10-12 22:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2010-04-05 01:01 . 2007-07-20 07:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2010-04-05 01:01 . 2007-07-20 01:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2010-04-05 01:01 . 2007-07-20 01:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2010-04-05 01:01 . 2007-07-20 01:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-04-05 01:01 . 2007-10-22 10:37 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2010-04-05 01:01 . 2007-06-21 03:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2010-04-05 01:01 . 2007-05-16 23:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2010-04-05 01:01 . 2007-05-16 23:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2010-04-05 01:01 . 2007-05-16 23:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-04-05 01:00 . 2007-04-05 01:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2010-04-05 01:00 . 2007-04-05 01:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-04-05 01:00 . 2007-03-15 23:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-04-05 01:00 . 2007-03-12 23:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2010-04-05 00:58 . 2007-03-12 23:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2010-04-05 00:58 . 2007-01-24 22:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2010-04-05 00:58 . 2006-12-08 19:02 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2010-04-05 00:58 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-04-05 00:58 . 2007-03-05 19:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2010-04-05 00:58 . 2006-09-28 23:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2010-04-05 00:58 . 2006-09-28 23:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-04-05 00:57 . 2006-07-28 16:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2010-04-05 00:57 . 2006-07-28 16:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2010-04-05 00:54 . 2005-05-26 22:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-26 18:28 . 2010-04-20 19:26 0 ----a-w- c:\windows\system32\tmp.tmp
2010-04-26 18:17 . 2006-10-15 23:00 -------- d-----w- c:\documents and settings\me\Application Data\Lavasoft
2010-04-26 18:08 . 2010-04-21 01:44 8100087 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-04-26 15:35 . 2009-02-12 01:04 -------- d-----w- c:\documents and settings\me\Application Data\EndNote
2010-04-25 08:38 . 2007-09-05 18:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-22 07:24 . 2010-04-16 09:11 117760 ----a-w- c:\documents and settings\me\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-21 01:21 . 2006-12-29 06:29 -------- d-----w- c:\program files\MOBILedit!
2010-04-21 01:20 . 2006-08-26 09:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-21 01:20 . 2006-08-26 09:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-21 01:03 . 2010-04-21 01:03 -------- d-----w- c:\documents and settings\me\Application Data\CheckPoint
2010-04-21 01:03 . 2010-04-21 01:03 -------- d-----w- c:\program files\CheckPoint
2010-04-21 01:03 . 2010-04-21 01:03 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-04-21 01:03 . 2010-04-21 01:03 -------- d-----w- c:\program files\Zone Labs
2010-04-19 07:57 . 2006-09-04 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-16 09:11 . 2010-04-16 09:11 52224 ----a-w- c:\documents and settings\me\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-12 01:29 . 2006-09-04 22:55 -------- d-----w- c:\program files\Winamp
2010-04-10 19:43 . 2006-09-02 15:47 98336 ----a-w- c:\documents and settings\me\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-10 09:34 . 2006-09-04 22:58 -------- d-----w- c:\program files\CCleaner
2010-04-09 08:29 . 2006-09-04 04:41 88037 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-07 22:11 . 2010-04-07 22:11 84480 ----a-w- c:\documents and settings\me\Application Data\SystemRequirementsLab\srlproxy_intel_4.1.66.0A.dll
2010-04-07 20:26 . 2010-04-07 20:26 503808 ----a-w- c:\documents and settings\me\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-70113c7a-n\msvcp71.dll
2010-04-07 20:26 . 2010-04-07 20:26 499712 ----a-w- c:\documents and settings\me\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-70113c7a-n\jmc.dll
2010-04-07 20:26 . 2010-04-07 20:26 61440 ----a-w- c:\documents and settings\me\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4bd0f2a4-n\decora-sse.dll
2010-04-07 20:26 . 2010-04-07 20:26 348160 ----a-w- c:\documents and settings\me\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-70113c7a-n\msvcr71.dll
2010-04-07 20:26 . 2010-04-07 20:26 12800 ----a-w- c:\documents and settings\me\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4bd0f2a4-n\decora-d3d.dll
2010-04-07 20:26 . 2006-08-26 09:29 -------- d-----w- c:\program files\Common Files\Java
2010-04-07 20:20 . 2006-08-26 09:29 -------- d-----w- c:\program files\Java
2010-04-06 19:55 . 2010-04-06 19:55 2678 ----a-w- c:\windows\java\Packages\Data\SRRZD357.DAT
2010-04-06 19:55 . 2010-04-06 19:55 558142 ----a-w- c:\windows\java\Packages\13VJN7ZZ.ZIP
2010-04-06 19:55 . 2010-04-06 19:55 2678 ----a-w- c:\windows\java\Packages\Data\PVXJV7N1.DAT
2010-04-06 19:55 . 2010-04-06 19:55 155995 ----a-w- c:\windows\java\Packages\6XZZVB9R.ZIP
2010-04-06 19:55 . 2010-04-06 19:55 2678 ----a-w- c:\windows\java\Packages\Data\BBZRTFRD.DAT
2010-04-06 19:55 . 2010-04-06 19:55 2678 ----a-w- c:\windows\java\Packages\Data\A8J5J1NV.DAT
2010-04-06 19:55 . 2010-04-06 19:55 2678 ----a-w- c:\windows\java\Packages\Data\8GGA3PB9.DAT
2010-04-06 19:50 . 2004-08-10 18:02 23428 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-06 19:50 . 2010-04-06 19:50 1663 ----a-w- c:\windows\inf\COM1DF.tmp
2010-03-06 03:20 . 2010-02-22 11:48 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-02-28 12:04 . 2010-02-28 12:04 -------- d-----w- c:\documents and settings\me\Application Data\Malwarebytes
2010-02-28 12:04 . 2010-02-28 12:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-23 09:46 . 2010-02-19 02:28 0 ----a-w- c:\windows\Lqosiwawanub.bin
2010-02-23 03:11 . 2010-02-19 02:28 120 ----a-w- c:\windows\Aliyobesitef.dat
2010-02-23 02:10 . 2010-02-23 02:10 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-02-19 02:21 . 2010-02-19 02:21 24 ----a-w- c:\documents and settings\me\Application Data\cqfyto.dat
2007-03-09 07:12 . 2007-03-09 07:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-13 1117184]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2006-07-29 188416]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-15 118784]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2002-08-29 40960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
MiniEYE-MiniREAD Launch.lnk - c:\program files\Infinite Mind LC\eyeQ\ARLaunch.exe [2006-10-22 323584]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, maivvvoi.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^me^Start Menu^Programs^Startup^monnid32.exe]
path=c:\documents and settings\me\Start Menu\Programs\Startup\monnid32.exe
backup=c:\windows\pss\monnid32.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2006-01-13 06:58 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 23:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 23:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-09-26 21:42 267064 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\meyopuvuti]
mojekeva.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2007-09-06 21:53 169264 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 23:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-13 23:28 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Spooler"=2 (0x2)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
autodl32 REG_SZ c:\windows\system32\atnfig.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [10/14/2009 6:30 AM 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [10/14/2009 6:30 AM 476528]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/18/2008 7:23 PM 24652]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 2:10 PM 32512]
S3 XDva090;XDva090;\??\c:\windows\system32\XDva090.sys --> c:\windows\system32\XDva090.sys [?]
S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?]
S3 XDva269;XDva269;\??\c:\windows\system32\XDva269.sys --> c:\windows\system32\XDva269.sys [?]
S3 XDva275;XDva275;\??\c:\windows\system32\XDva275.sys --> c:\windows\system32\XDva275.sys [?]
S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]
S3 XDva288;XDva288;\??\c:\windows\system32\XDva288.sys --> c:\windows\system32\XDva288.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\me\Application Data\Mozilla\Firefox\Profiles\xdvvoe8p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {FE1DD508-100D-4367-97B1-E97AAEFDAD94} - c:\documents and settings\me\Local Settings\Application Data\{FE1DD508-100D-4367-97B1-E97AAEFDAD94}\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{0a57f8a8-d023-43de-8c9e-78aacf842901} - (no file)
SSODL-zukunuhir-{0a57f8a8-d023-43de-8c9e-78aacf842901} - (no file)
MSConfigStartUp-zosudobed - c:\windows\system32\nisimose.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-26 11:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(872)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'explorer.exe'(3068)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\stsystra.exe
c:\docume~1\me\LOCALS~1\Temp\SSUPDATE.EXE
.
**************************************************************************
.
Completion time: 2010-04-26 11:49:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-26 18:49
ComboFix2.txt 2010-04-15 01:44
ComboFix3.txt 2010-04-07 18:38

Pre-Run: 30,077,931,520 bytes free
Post-Run: 30,059,126,784 bytes free

- - End Of File - - AF69624F28E66FB2C5EECFA95A3EFAFE

Thank you
CalvinQuest
Regular Member
 
Posts: 20
Joined: April 20th, 2010, 8:53 pm

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby melboy » April 26th, 2010, 4:25 pm

melboy wrote:Tell me, Does your Zone Alarm have additional antivirus protection?
CalvinQuest wrote:No I don't think so. It's just the firewall that comes from the free version.
In that case I can't see that your running an anti-virus - that's something we'll deal with as soon as we can. In the meantime, try to restrict your internet use to visits to this site.


I note it's not the first time combofix has been run. Have you been helped before, or did you run it yourself?


Give me an update on how things are running after running the instructions below.



TFC

  • Please download TFC by Old Timer to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.



Re-run DDS

Please disable any anti-malware program that will block scripts from running before running DDS.
  • Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, Please copy & paste the contents of :
    • DDS.txt
And post it in your next reply.


In your next reply:
  1. MBAM log
  2. DDS.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby CalvinQuest » April 26th, 2010, 7:16 pm

I ran combofix before because a co-worker told me it's good. I haven't been helped before. I didn't make any changes after running it.

malwarebytes:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4040

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

4/26/2010 4:33:27 PM
mbam-log-2010-04-26 (16-33-27).txt

Scan type: Quick scan
Objects scanned: 140600
Time elapsed: 6 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS:

DDS (Ver_10-03-17.01) - NTFSx86
Run by me at 16:34:14.04 on Mon 04/26/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.568 [GMT -7:00]

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Documents and Settings\me\Desktop\boot stuff\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.cnn.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [CTSVolFE.exe] "c:\program files\creative\mixer\CTSVolFE.exe" /r
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\miniey~1.lnk - c:\program files\infinite mind lc\eyeq\ARLaunch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, maivvvoi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\me\applic~1\mozilla\firefox\profiles\xdvvoe8p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {FE1DD508-100D-4367-97B1-E97AAEFDAD94} - c:\documents and settings\me\local settings\application data\{fe1dd508-100d-4367-97b1-e97aaefdad94}\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-4-20 486280]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 476528]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-26 1251720]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-9-18 24652]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 XDva090;XDva090;\??\c:\windows\system32\xdva090.sys --> c:\windows\system32\XDva090.sys [?]
S3 XDva190;XDva190;\??\c:\windows\system32\xdva190.sys --> c:\windows\system32\XDva190.sys [?]
S3 XDva269;XDva269;\??\c:\windows\system32\xdva269.sys --> c:\windows\system32\XDva269.sys [?]
S3 XDva275;XDva275;\??\c:\windows\system32\xdva275.sys --> c:\windows\system32\XDva275.sys [?]
S3 XDva279;XDva279;\??\c:\windows\system32\xdva279.sys --> c:\windows\system32\XDva279.sys [?]
S3 XDva288;XDva288;\??\c:\windows\system32\xdva288.sys --> c:\windows\system32\XDva288.sys [?]

=============== Created Last 30 ================

2010-04-26 18:27:35 153344 -c--a-w- c:\windows\system32\dllcache\dmio.sys
2010-04-26 18:27:35 153344 ----a-w- c:\windows\system32\drivers\dmio.sys
2010-04-23 01:56:03 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-04-23 01:56:03 77824 ----a-w- c:\windows\system32\xvid.ax
2010-04-23 01:56:02 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-04-23 01:56:02 0 d-----w- c:\program files\Xvid
2010-04-21 01:03:58 0 d-----w- c:\docume~1\me\applic~1\CheckPoint
2010-04-21 01:03:40 0 d-----w- c:\program files\CheckPoint
2010-04-21 01:03:38 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-04-21 01:03:29 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-04-21 01:03:28 0 d-----w- c:\windows\system32\ZoneLabs
2010-04-21 01:03:27 422437 ----a-w- c:\windows\system32\vsconfig.xml
2010-04-21 01:03:27 0 d-----w- c:\program files\Zone Labs
2010-04-21 01:02:56 0 d-----w- c:\windows\Internet Logs
2010-04-21 00:41:00 0 d-----w- c:\program files\Trend Micro
2010-04-16 09:10:46 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-04-16 09:10:18 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-16 09:10:18 0 d-----w- c:\docume~1\me\applic~1\SUPERAntiSpyware.com
2010-04-15 01:37:05 0 d-----w- C:\HOPE2
2010-04-15 01:34:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-15 01:34:03 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 01:34:03 0 d-----w- c:\program files\HOPE
2010-04-12 01:24:35 0 d-----w- c:\program files\Winamp Detect
2010-04-10 19:32:58 54156 ---ha-w- c:\windows\QTFont.qfn
2010-04-10 19:32:58 1409 ----a-w- c:\windows\QTFont.for
2010-04-09 08:27:01 0 d-----w- c:\windows\system32\wbem\Repository.001
2010-04-09 08:25:59 76800 ------w- c:\windows\system32\qutil.dll
2010-04-09 08:23:23 33792 -c----w- c:\windows\system32\dllcache\custsat.dll
2010-04-07 22:12:03 0 d-----w- c:\program files\SystemRequirementsLab
2010-04-07 20:30:48 162304 ----a-w- c:\windows\system32\wuaucpl.cpl
2010-04-07 20:21:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-07 18:41:35 0 d-----w- C:\VundoFix Backups
2010-04-06 20:13:15 139264 ----a-w- c:\windows\system32\igfxres.dll
2010-04-06 19:58:59 9216 -c--a-w- c:\windows\system32\dllcache\EXCH_rwnh.dll
2010-04-06 19:57:51 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2010-04-06 19:56:59 94720 -c--a-w- c:\windows\system32\dllcache\certmap.ocx
2010-04-06 19:56:09 25065 ----a-w- c:\windows\system32\wmpscheme.xml
2010-04-06 19:56:04 299552 ----a-w- c:\windows\WMSysPrx.prx
2010-04-06 19:55:36 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-04-06 19:55:29 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-04-06 19:53:43 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-04-06 19:53:31 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-04-06 19:53:31 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-04-06 19:53:31 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-04-06 19:53:31 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-04-06 19:53:31 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-04-06 19:49:56 184320 ----a-w- c:\windows\system32\accwiz.exe
2010-04-06 16:32:45 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-04-06 16:29:49 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-04-06 16:29:48 129536 ----a-w- c:\windows\system32\ksproxy.ax
2010-04-06 06:23:22 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-04-06 06:23:20 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2010-04-06 06:18:28 1028858 ----a-w- c:\windows\setupapi.log.0.old
2010-04-05 22:35:56 0 d-----w- c:\windows\Recent
2010-04-05 01:00:55 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2010-04-05 01:00:35 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-04-05 01:00:17 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-04-05 01:00:17 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2010-04-05 00:58:54 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2010-04-05 00:58:44 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2010-04-05 00:58:37 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2010-04-05 00:58:15 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-04-05 00:58:06 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2010-04-05 00:58:06 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2010-04-05 00:58:02 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-04-05 00:57:54 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2010-04-05 00:57:51 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2010-04-05 00:54:01 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

==================== Find3M ====================

2010-04-06 19:50:45 23428 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-13 01:02:38 261632 ----a-w- c:\windows\PEV.exe
2010-03-06 03:20:26 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-02-23 02:10:33 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-02-19 02:21:25 24 ----a-w- c:\docume~1\me\applic~1\cqfyto.dat
2007-03-09 07:12:32 27648 --sha-w- c:\windows\system32\AVSredirect.dll

============= FINISH: 16:36:31.23 ===============
CalvinQuest
Regular Member
 
Posts: 20
Joined: April 20th, 2010, 8:53 pm

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby melboy » April 27th, 2010, 2:01 pm

Hi

ran combofix before because a co-worker told me it's good
Good it is - But running Combofix without trained supervision isn't recommended, especially if you don't know what infection(s) you have. That's why we run preliminary scans first. ;)


How are things running?



Check a file
  • Go to VirusTotal or Jotti's
    c:\windows\system32\atnfig.dll
  • Copy/Paste the file/filepath above into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
    NOTE: if you receive a message stating:
    • File has already been analyzed, click Reanalyze file Now.
    • File has been scanned before(Jotti), click Scan again.
  • After a while, a window will open, with details of what the scans found.
  • Copy and paste the results into your next reply.




    COMBOFIX-Script
    A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

      Code: Select all
      http://malwareremoval.com/forum/viewtopic.php?p=519741#p519741
      
      Collect::
      c:\windows\Lqosiwawanub.bin
      c:\windows\Aliyobesitef.dat
      c:\documents and settings\me\Application Data\cqfyto.dat
      
      Firefox::
      FF - ProfilePath - c:\docume~1\me\applic~1\mozilla\firefox\profiles\xdvvoe8p.default
      FF - HiddenExtension: XULRunner: {FE1DD508-100D-4367-97B1-E97AAEFDAD94} -
      
      File::
      c:\documents and settings\me\Start Menu\Programs\Startup\monnid32.exe
      c:\windows\pss\monnid32.exeStartup
      C:\WINDOWS\system32\mojekeva.dll
      
      Folder::
      c:\documents and settings\me\Local Settings\Application Data\{FE1DD508-100D-4367-97B1-E97AAEFDAD94}
      
      Registry::
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
      "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
      [-HKLM\~\startupfolder\C:^Documents and Settings^me^Start Menu^Programs^Startup^monnid32.exe]
      [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\meyopuvuti]
      
      DirLook::
      C:\HOPE2
      c:\program files\HOPE
      
      FileLook::
      c:\windows\system32\atnfig.dll
      
      DDS::
      TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
      
      Extra::
      

    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

      Image
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • If you need help to disable your protection programs see here.
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    Note: When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

    • Ensure you are connected to the internet and click OK on the message box.

    ===========


    In your next reply:
    1. How are things running?
    2. VirusTotal results
    3. Combofix.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby CalvinQuest » April 27th, 2010, 8:24 pm

Hi melboy, thanks for responding.

I don't see atnfig.dll and I couldn't find it when I did a search.

Should I continue to do the Combofix step?
CalvinQuest
Regular Member
 
Posts: 20
Joined: April 20th, 2010, 8:53 pm

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby melboy » April 28th, 2010, 2:42 am

CalvinQuest wrote:I don't see atnfig.dll and I couldn't find it when I did a search.

Should I continue to do the Combofix step?


Thanks for that. Yes, continue with combofix but use this updated CFScript rather than the previous one and then give me an update on how things are running.




COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    http://malwareremoval.com/forum/viewtopic.php?p=519741#p519741
    
    Collect::
    c:\windows\Lqosiwawanub.bin
    c:\windows\Aliyobesitef.dat
    c:\documents and settings\me\Application Data\cqfyto.dat
    
    Firefox::
    FF - ProfilePath - c:\docume~1\me\applic~1\mozilla\firefox\profiles\xdvvoe8p.default
    FF - HiddenExtension: XULRunner: {FE1DD508-100D-4367-97B1-E97AAEFDAD94} -
    
    File::
    c:\documents and settings\me\Start Menu\Programs\Startup\monnid32.exe
    c:\windows\pss\monnid32.exeStartup
    C:\WINDOWS\system32\mojekeva.dll
    c:\windows\system32\atnfig.dll
    
    Folder::
    c:\documents and settings\me\Local Settings\Application Data\{FE1DD508-100D-4367-97B1-E97AAEFDAD94}
    
    Registry::
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
    [-HKLM\~\startupfolder\C:^Documents and Settings^me^Start Menu^Programs^Startup^monnid32.exe]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\meyopuvuti]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
    "autodl32"=-
    
    DirLook::
    C:\HOPE2
    c:\program files\HOPE
    
    DDS::
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
    
    Extra::
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.

===========


In your next reply:
  1. How are things running?
  2. Combofix.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby melboy » April 30th, 2010, 2:45 am

Hi CalvinQuest

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response. If you do not reply within the next 24 hours, this topic will be closed.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby CalvinQuest » April 30th, 2010, 4:55 pm

Hi melboy,
Sorry I've been busy; I'll perform the actions today.

As for how my computer's doing, it's no longer getting the AVE problem, and so far hasn't had the high cpu usage. But now every time I want to shut down, it hangs without giving the pop-up for choosing (restart, shut down, standby). The only way for me to shutdown is to use task manager.

Thanks again for your help so far :D
CalvinQuest
Regular Member
 
Posts: 20
Joined: April 20th, 2010, 8:53 pm

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby melboy » May 1st, 2010, 8:22 am

Ok, thanks for letting me know.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware