1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Cannot Access Internet HTTP, HTTPS, and FTP blocked

Discussion in 'Virus & Other Malware Removal' started by tim5755, May 20, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. tim5755

    tim5755 Thread Starter

    Joined:
    Mar 21, 2010
    Messages:
    33
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-06-02 06:19:30
    Windows 5.1.2600 Service Pack 3
    Running: ikiwzz8g.exe; Driver: C:\DOCUME~1\Daddy\LOCALS~1\Temp\awtcqpog.sys

    ---- System - GMER 1.0.15 ----
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xA2485542]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwClose [0xA2485DBA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwConnectPort [0xA24868CC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateEvent [0xA2486DCC]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xA235083A]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xA23720AC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateMutant [0xA2486CA4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xA2485148]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreatePort [0xA2486B60]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateSection [0xA2485304]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateSemaphore [0xA2486EFE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xA2488784]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateThread [0xA2485A58]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xA2486C02]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xA2488176]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xA23516FC]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xA2373B54]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xA237344A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xA2486524]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwDuplicateObject [0xA2489146]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwEnumerateKey [0xA2484E80]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xA2484F2A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwFsControlFile [0xA2486330]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwLoadDriver [0xA2488208]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xA237451E]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xA237475C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwMapViewOfSection [0xA2488838]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xA2485076]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenEvent [0xA2486E6E]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xA23511EE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenKey [0xA2484592]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenMutant [0xA2486D3C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenProcess [0xA2485740]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenSection [0xA24887AE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenSemaphore [0xA2486FA0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenThread [0xA2485664]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueryKey [0xA2484FD4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xA2484BFC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQuerySection [0xA2488B50]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueryValueKey [0xA248484C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueueApcThread [0xA248849E]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xA23755E4]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xA2374ED8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwReplyPort [0xA248732A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xA24871F0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xA2487E9C]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xA2376044]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwResumeThread [0xA2489028]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSaveKey [0xA24841FE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSecureConnectPort [0xA248660A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSetContextThread [0xA2485C76]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xA2351B06]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSetInformationToken [0xA248786C]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xA2375B6C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSetSystemInformation [0xA2488C90]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xA2372B6E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSuspendProcess [0xA2488D74]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSuspendThread [0xA2488E9C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSystemDebugControl [0xA24880A2]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwTerminateProcess [0xA24858B8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwTerminateThread [0xA248580E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xA2488A06]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xA2485998]
    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) IoIsOperationSynchronous
    ---- Kernel code sections - GMER 1.0.15 ----
    .text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP A247A9D4 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab)
    .text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP A247ADAE \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab)
    .text ntkrnlpa.exe!ZwCallbackReturn + 2C98 80504534 16 Bytes [04, 53, 48, A2, FE, 6E, 48, ...]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2D54 805045F0 12 Bytes [08, 82, 48, A2, 1E, 45, 37, ...] {OR [EDX+0x451ea248], AL; AAA ; MOV [0xa237475c], AL}
    .text ntkrnlpa.exe!ZwCallbackReturn + 2ED0 8050476C 16 Bytes [E4, 55, 37, A2, D8, 4E, 37, ...] {IN AL, 0x55; AAA ; MOV [0xa2374ed8], AL; SUB DH, [EBX+0x48]; MOV [0xa24871f0], AL}
    .text ntkrnlpa.exe!ZwCallbackReturn + 2FC4 80504860 12 Bytes [74, 8D, 48, A2, 9C, 8E, 48, ...]
    ---- User code sections - GMER 1.0.15 ----
    .text C:\WINDOWS\System32\svchost.exe[212] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[212] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[212] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[212] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[212] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[212] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[212] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[212] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[216] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[216] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[216] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[216] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[216] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[216] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[216] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[216] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[304] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[304] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[304] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[304] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[304] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[304] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[304] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[304] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[368] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[368] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[368] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[368] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[368] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[368] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[368] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[368] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[508] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[508] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[584] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[584] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[584] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[584] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[684] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[684] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[684] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[684] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[684] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[684] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[684] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[684] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\winlogon.exe[716] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\winlogon.exe[716] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\winlogon.exe[716] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\winlogon.exe[716] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\winlogon.exe[716] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\winlogon.exe[716] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\winlogon.exe[716] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\winlogon.exe[716] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\services.exe[760] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\services.exe[760] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\services.exe[760] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\services.exe[760] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\services.exe[760] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\lsass.exe[772] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\lsass.exe[772] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\lsass.exe[772] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\lsass.exe[772] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\lsass.exe[772] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[960] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[960] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[960] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[960] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\ehome\mcrdsvc.exe[1072] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\ehome\mcrdsvc.exe[1072] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\ehome\mcrdsvc.exe[1072] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\ehome\mcrdsvc.exe[1072] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\ehome\mcrdsvc.exe[1072] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\ehome\mcrdsvc.exe[1072] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\ehome\mcrdsvc.exe[1072] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\ehome\mcrdsvc.exe[1072] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1124] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1124] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\iPod\bin\iPodService.exe[1196] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\iPod\bin\iPodService.exe[1196] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\iPod\bin\iPodService.exe[1196] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\iPod\bin\iPodService.exe[1196] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\iPod\bin\iPodService.exe[1196] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\iPod\bin\iPodService.exe[1196] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\iPod\bin\iPodService.exe[1196] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\iPod\bin\iPodService.exe[1196] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[1372] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[1372] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[1372] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[1372] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[1372] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[1372] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[1372] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[1372] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1456] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1456] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C39270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\spoolsv.exe[1532] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\spoolsv.exe[1532] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\spoolsv.exe[1532] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\spoolsv.exe[1532] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\spoolsv.exe[1532] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\spoolsv.exe[1532] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\spoolsv.exe[1532] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\spoolsv.exe[1532] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1648] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1648] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1648] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1648] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1684] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1684] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1684] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1684] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1684] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1684] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1684] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1684] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1696] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1696] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1696] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1696] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1696] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1696] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1696] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1696] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\eHome\ehRecvr.exe[1732] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\eHome\ehRecvr.exe[1732] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\eHome\ehRecvr.exe[1732] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\eHome\ehRecvr.exe[1732] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\eHome\ehRecvr.exe[1732] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\eHome\ehRecvr.exe[1732] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\eHome\ehRecvr.exe[1732] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\eHome\ehRecvr.exe[1732] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\eHome\ehSched.exe[1748] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\eHome\ehSched.exe[1748] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\eHome\ehSched.exe[1748] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\eHome\ehSched.exe[1748] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\eHome\ehSched.exe[1748] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\eHome\ehSched.exe[1748] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\eHome\ehSched.exe[1748] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1920] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1920] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1920] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1920] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1920] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1920] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1920] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1920] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1948] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1948] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1948] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1948] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1948] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1948] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1948] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1948] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[2020] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[2020] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[2020] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[2020] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[2020] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[2020] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[2020] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[2020] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[2032] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[2032] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[2032] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[2032] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[2032] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[2032] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[2032] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[2032] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2176] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2176] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2176] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2176] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2176] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2176] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2176] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2176] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\dllhost.exe[2464] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\dllhost.exe[2464] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\dllhost.exe[2464] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\dllhost.exe[2464] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\dllhost.exe[2464] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\dllhost.exe[2464] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\dllhost.exe[2464] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\dllhost.exe[2464] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\alg.exe[2640] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\alg.exe[2640] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\alg.exe[2640] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\alg.exe[2640] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\alg.exe[2640] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\alg.exe[2640] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\alg.exe[2640] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\System32\alg.exe[2640] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe[2976] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe[2976] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe[2976] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe[2976] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe[2976] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe[2976] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe[2976] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe[2976] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3056] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3056] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3056] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3056] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3056] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 209B37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3056] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3056] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3056] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C39270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wscntfy.exe[3156] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wscntfy.exe[3156] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wscntfy.exe[3156] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wscntfy.exe[3156] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wscntfy.exe[3156] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wscntfy.exe[3156] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wscntfy.exe[3156] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wscntfy.exe[3156] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\Explorer.EXE[3200] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\Explorer.EXE[3200] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\Explorer.EXE[3200] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\Explorer.EXE[3200] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\Explorer.EXE[3200] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\Explorer.EXE[3200] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\Explorer.EXE[3200] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\Explorer.EXE[3200] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Documents and Settings\Daddy\Desktop\ikiwzz8g.exe[3556] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Documents and Settings\Daddy\Desktop\ikiwzz8g.exe[3556] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Documents and Settings\Daddy\Desktop\ikiwzz8g.exe[3556] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Documents and Settings\Daddy\Desktop\ikiwzz8g.exe[3556] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Documents and Settings\Daddy\Desktop\ikiwzz8g.exe[3556] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Documents and Settings\Daddy\Desktop\ikiwzz8g.exe[3556] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Documents and Settings\Daddy\Desktop\ikiwzz8g.exe[3556] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Documents and Settings\Daddy\Desktop\ikiwzz8g.exe[3556] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\hkcmd.exe[3832] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\hkcmd.exe[3832] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\hkcmd.exe[3832] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\hkcmd.exe[3832] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\hkcmd.exe[3832] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\hkcmd.exe[3832] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\hkcmd.exe[3832] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\WINDOWS\system32\hkcmd.exe[3832] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[3872] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[3872] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[3872] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[3872] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[3872] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[3872] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[3872] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[3872] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3884] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3884] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3884] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3884] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3884] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3884] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3884] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3884] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3908] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3908] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3908] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3908] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3908] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3908] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3908] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3908] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\iTunes\iTunesHelper.exe[3984] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\iTunes\iTunesHelper.exe[3984] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\iTunes\iTunesHelper.exe[3984] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\iTunes\iTunesHelper.exe[3984] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\iTunes\iTunesHelper.exe[3984] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\iTunes\iTunesHelper.exe[3984] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\iTunes\iTunesHelper.exe[3984] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    .text C:\Program Files\iTunes\iTunesHelper.exe[3984] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    ---- User IAT/EAT - GMER 1.0.15 ----
    IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[216] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[304] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\WINDOWS\System32\svchost.exe[368] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\svchost.exe[508] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\svchost.exe[584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[684] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\winlogon.exe[716] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\services.exe[760] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\lsass.exe[772] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\svchost.exe[960] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\WINDOWS\ehome\mcrdsvc.exe[1072] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\WINDOWS\System32\svchost.exe[1124] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\Program Files\iPod\bin\iPodService.exe[1196] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\svchost.exe[1320] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[1372] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\svchost.exe[1404] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\spoolsv.exe[1532] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\svchost.exe[1648] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1684] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\Program Files\Bonjour\mDNSResponder.exe[1696] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\WINDOWS\eHome\ehRecvr.exe[1732] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\WINDOWS\eHome\ehSched.exe[1748] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\svchost.exe[1856] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1920] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1948] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\WINDOWS\System32\svchost.exe[2020] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\Program Files\Canon\CAL\CALMAIN.exe[2032] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2176] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\dllhost.exe[2464] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\WINDOWS\System32\alg.exe[2640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe[2976] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3056] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\wscntfy.exe[3156] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\WINDOWS\Explorer.EXE[3200] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\Documents and Settings\Daddy\Desktop\ikiwzz8g.exe[3556] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\hkcmd.exe[3832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[3872] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3884] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3908] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    IAT C:\Program Files\iTunes\iTunesHelper.exe[3984] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
    ---- Devices - GMER 1.0.15 ----
    Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    Device \FileSystem\Fastfat \Fat 9BA79D20
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
    ---- EOF - GMER 1.0.15 ----
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,710
    Are you still unable to connect to the Internet?
     
  3. tim5755

    tim5755 Thread Starter

    Joined:
    Mar 21, 2010
    Messages:
    33
    Yes, the PC can get to the internet. Seems to be working very clean/fast.
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,710
    Please do an online scan with Kaspersky WebScanner

    Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have Java then you will need to go to the following link and download the latest version:

    JRE 6 Update 20

    Instructions for Kaspersky scan:

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure the following is checked.
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    9. Please post this log in your next reply.
     
  5. tim5755

    tim5755 Thread Starter

    Joined:
    Mar 21, 2010
    Messages:
    33
    Sorry for the delay in responding. Below is the Kapersky Scan results. Thnaks for the help.

    --------------------------------------------------------------------------------
    Infected:
    Wednesday, June 16, 2010
    Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Tuesday, June 15, 2010 22:39:52
    Records in database: 4282988
    --------------------------------------------------------------------------------
    Scan settings:
    scan using the following database: extended
    Scan archives: Infected:
    Scan e-mail databases: yes
    Scan area - My Computer:
    C:\
    D:\
    Scan statistics:
    Objects scanned: 147811
    Threats found: 5
    Infected objects found: 6
    Suspicious objects found: 0
    Scan duration: 03:53:55

    File name / Threat / Threats count
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7332063C.exe Infected: Trojan-Spy.Win32.Ardamax.h 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7332063C.exe Infected: not-a-virus:Monitor.Win32.Ardamax.e 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7332063C.exe Infected: not-a-virus:Monitor.Win32.Ardamax.o 2
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7332063C.exe Infected: Trojan-Dropper.Win32.Agent.bcw 1
    C:\Documents and Settings\Tim Hall\Application Data\Sun\Java\Deployment\cache\6.0\54\445d036-5da3db03 Infected: Exploit.Java.Agent.f 1
    Selected area has been scanned.
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,710
    Go to Control Panel - Java - General tab - Under Temporary Internet Files click on Settings and then on the Temporary File Settings screen click on Delete Files. Then put a check in both boxes and click OK.

    Then please post a new HijackThis log.
     
  7. tim5755

    tim5755 Thread Starter

    Joined:
    Mar 21, 2010
    Messages:
    33
    Completed Java steps. Log below

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:15:59 PM, on 6/16/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Airhogs\AirhogsFlightSimFullVersion\AirhogsLauncher.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\Documents and Settings\Tim Hall\Desktop\HijackThis.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.khou.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2061126
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.americangirl.com/fun/travel/fr/index.php?section=game"
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1241224055526
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.59.downloads.es....80.139.91_51883&=&req=1213839743948OneCC.cab
    O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.disneyphotopass.com/software/ImageUploader4.cab
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    --
    End of file - 9729 bytes
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,710
    Rescan with HijackThis, close all other browser windows, place a check mark beside the following entries and then click on "Fix Checked".

    O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.59.downloads.est...43948OneCC.cab

    Please open HijackThis.
    Click on Open Misc Tools Section
    Make sure that both boxes beside "Generate StartupList Log" are checked:
    • List all minor sections(Full)
    • List Empty Sections(Complete)
    Click Generate StartupList Log.
    Click Yes at the prompt.
    It will open a text file. Please copy the entire contents of that page and paste it here.
     
  9. tim5755

    tim5755 Thread Starter

    Joined:
    Mar 21, 2010
    Messages:
    33
    Completed Fix in Hijackthis and ran Generate Startuplist, log below

    StartupList report, 6/17/2010, 9:41:06 PM
    StartupList version: 1.52.2
    Started from : C:\Documents and Settings\Tim Hall\Desktop\HijackThis.EXE
    Detected: Windows XP SP3 (WinNT 5.01.2600)
    Detected: Internet Explorer v8.00 (8.00.6001.18702)
    * Using default options
    * Including empty and uninteresting sections
    * Showing rarely important sections
    ==================================================
    Running processes:
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Documents and Settings\Tim Hall\Desktop\HijackThis.com
    --------------------------------------------------
    Listing of startup folders:
    Shell folders Startup:
    [C:\Documents and Settings\Tim Hall\Start Menu\Programs\Startup]
    *No files*
    Shell folders AltStartup:
    *Folder not found*
    User shell folders Startup:
    *Folder not found*
    User shell folders AltStartup:
    *Folder not found*
    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    Shell folders Common AltStartup:
    *Folder not found*
    User shell folders Common Startup:
    *Folder not found*
    User shell folders Alternate Common Startup:
    *Folder not found*
    --------------------------------------------------
    Checking Windows NT UserInit:
    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*
    [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    *Registry value not found*
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*
    --------------------------------------------------
    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
    HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    hpqSRMon = C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    AppleSyncNotifier = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
    ISW = "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
    ZoneAlarm Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    --------------------------------------------------
    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No values found*
    --------------------------------------------------
    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *No values found*
    --------------------------------------------------
    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registry key not found*
    --------------------------------------------------
    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *No values found*
    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    SUPERAntiSpyware = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    Shockwave Updater = C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.americangirl.com/fun/travel/fr/index.php?section=game"
    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *No values found*
    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    *No values found*
    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *No values found*
    --------------------------------------------------
    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*
    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    [OptionalComponents]
    *No values found*
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *No subkeys found*
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registry key not found*
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *No subkeys found*
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    *No subkeys found*
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *No subkeys found*
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    *No subkeys found*
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *No subkeys found*
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*
    --------------------------------------------------
    File association entry for .EXE:
    HKEY_CLASSES_ROOT\exefile\shell\open\command
    (Default) = "%1" %*
    --------------------------------------------------
    File association entry for .COM:
    HKEY_CLASSES_ROOT\ComFile\shell\open\command
    (Default) = "%1" %*
    --------------------------------------------------
    File association entry for .BAT:
    HKEY_CLASSES_ROOT\batfile\shell\open\command
    (Default) = "%1" %*
    --------------------------------------------------
    File association entry for .PIF:
    HKEY_CLASSES_ROOT\piffile\shell\open\command
    (Default) = "%1" %*
    --------------------------------------------------
    File association entry for .SCR:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command
    (Default) = "%1" /S
    --------------------------------------------------
    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command
    (Default) = C:\WINDOWS\system32\mshta.exe "%1" %*
    --------------------------------------------------
    File association entry for .TXT:
    HKEY_CLASSES_ROOT\txtfile\shell\open\command
    (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
    --------------------------------------------------
    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)
    [<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
    StubPath = C:\WINDOWS\system32\ieudinit.exe
    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    [>{26923b43-4d38-484f-9b9e-de460746276c}] *
    StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
    [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
    StubPath = "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
    StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
    [KB910393] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    [{407408d4-94ed-4d86-ab69-a7f649d112ee}] *
    StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    [{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll
    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
    StubPath = c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
    [{8b15971b-5355-4c82-8c07-7e181ea07608}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
    --------------------------------------------------
    Enumerating ICQ Agent Autostart apps:
    HKCU\Software\Mirabilis\ICQ\Agent\Apps
    *Registry key not found*
    --------------------------------------------------
    Load/Run keys from C:\WINDOWS\WIN.INI:
    load=*INI section not found*
    run=*INI section not found*
    Load/Run keys from Registry:
    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found*
    --------------------------------------------------
    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*
    Shell & screensaver key from Registry:
    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\system32\ssmypics.scr
    drivers=*Registry value not found*
    Policies Shell key:
    HKCU\..\Policies: Shell=*Registry value not found*
    HKLM\..\Policies: Shell=*Registry value not found*
    --------------------------------------------------
    Checking for EXPLORER.EXE instances:
    C:\WINDOWS\Explorer.exe: PRESENT!
    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present
    C:\WINDOWS\Fonts\Explorer.exe: not present
    --------------------------------------------------
    Checking for superhidden extensions:
    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden
    --------------------------------------------------
    Verifying REGEDIT.EXE integrity:
    - Regedit.exe found in C:\WINDOWS
    - .reg open command is normal (regedit.exe %1)
    - Company name OK: 'Microsoft Corporation'
    - Original filename OK: 'REGEDIT.EXE'
    - File description: 'Registry Editor'
    Registry check passed
    --------------------------------------------------
    Enumerating Browser Helper Objects:
    (no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
    HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll - {0347C33E-8762-4905-BF09-768834316C61}
    (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    ZoneAlarm Toolbar Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}
    (no name) - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (no name) - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}
    Browser Address Error Redirector - C:\Program Files\BAE\BAE.dll - {CA6319C0-31B7-401E-A518-A07C3DB8F777}
    HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}
    --------------------------------------------------
    Enumerating Task Scheduler jobs:
    AppleSoftwareUpdate.job
    Google Software Updater.job
    --------------------------------------------------
    Enumerating Download Program Files:
    [Garmin Communicator Plug-In]
    CODEBASE = https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
    OSD = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\OSD96E9.OSD
    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\system32\Adobe\Director\SwDir.dll
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\system32\Adobe\Director\SwDir.dll
    CODEBASE = http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    [MUCatalogWebControl Class]
    InProcServer32 = C:\WINDOWS\system32\MicrosoftUpdateCatalogWebControl.dll
    CODEBASE = http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1241224055526
    [Symantec RuFSI Utility Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
    CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    [Java Plug-in 1.6.0_03]
    InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    [HPObjectInstaller Class]
    InProcServer32 = C:\Program Files\Hewlett-Packard\eSupportDiags\HPCommunication.dll
    CODEBASE = http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
    [Get_ActiveX Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\HPGETD~1.OCX
    CODEBASE = https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    [Java Plug-in 1.6.0_03]
    InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    [Java Plug-in 1.6.0_03]
    InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx
    CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    [Virtools WebPlayer Class]
    InProcServer32 = C:\Program Files\Virtools Web Player 3.5\WebPlayer.ocx
    CODEBASE = http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe
    [get_atlcom Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\gp.ocx
    CODEBASE = http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    [Image Uploader Control]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx
    CODEBASE = http://www.disneyphotopass.com/software/ImageUploader4.cab
    --------------------------------------------------
    Enumerating Winsock LSP files:
    NameSpace #1: C:\WINDOWS\System32\mswsock.dll
    NameSpace #2: C:\WINDOWS\System32\winrnr.dll
    NameSpace #3: C:\WINDOWS\System32\mswsock.dll
    NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll
    Protocol #1: C:\WINDOWS\system32\mswsock.dll
    Protocol #2: C:\WINDOWS\system32\mswsock.dll
    Protocol #3: C:\WINDOWS\system32\mswsock.dll
    Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #6: C:\WINDOWS\system32\mswsock.dll
    Protocol #7: C:\WINDOWS\system32\mswsock.dll
    Protocol #8: C:\WINDOWS\system32\mswsock.dll
    Protocol #9: C:\WINDOWS\system32\mswsock.dll
    Protocol #10: C:\WINDOWS\system32\mswsock.dll
    Protocol #11: C:\WINDOWS\system32\mswsock.dll
    Protocol #12: C:\WINDOWS\system32\mswsock.dll
    Protocol #13: C:\WINDOWS\system32\mswsock.dll
    --------------------------------------------------
    Enumerating Windows NT/2000/XP services
    abp480n5: \SystemRoot\system32\DRIVERS\ABP480N5.SYS (disabled)
    Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
    adpu160m: \SystemRoot\system32\DRIVERS\adpu160m.sys (disabled)
    Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
    AFD: \SystemRoot\System32\drivers\afd.sys (system)
    Intel AGP Bus Filter: \SystemRoot\system32\DRIVERS\agp440.sys (disabled)
    Compaq AGP Bus Filter: \SystemRoot\system32\DRIVERS\agpCPQ.sys (disabled)
    Aha154x: \SystemRoot\system32\DRIVERS\aha154x.sys (disabled)
    aic78u2: \SystemRoot\system32\DRIVERS\aic78u2.sys (disabled)
    aic78xx: \SystemRoot\system32\DRIVERS\aic78xx.sys (disabled)
    Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
    Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
    AliIde: \SystemRoot\system32\DRIVERS\aliide.sys (disabled)
    ALI AGP Bus Filter: \SystemRoot\system32\DRIVERS\alim1541.sys (disabled)
    AMD AGP Bus Filter Driver: \SystemRoot\system32\DRIVERS\amdagp.sys (disabled)
    amsint: \SystemRoot\system32\DRIVERS\amsint.sys (disabled)
    Apple Mobile Device: "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" (autostart)
    Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    asc: \SystemRoot\system32\DRIVERS\asc.sys (disabled)
    asc3350p: \SystemRoot\system32\DRIVERS\asc3350p.sys (disabled)
    asc3550: \SystemRoot\system32\DRIVERS\asc3550.sys (disabled)
    ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
    RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
    Standard IDE/ESDI Hard Disk Controller: \SystemRoot\system32\DRIVERS\atapi.sys (disabled)
    ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
    Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
    Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    Bonjour Service: "C:\Program Files\Bonjour\mDNSResponder.exe" (autostart)
    Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    catchme: \??\C:\DOCUME~1\Daddy\LOCALS~1\Temp\catchme.sys (manual start)
    cbidf: \SystemRoot\system32\DRIVERS\cbidf2k.sys (disabled)
    Canon Camera Access Library 8: C:\Program Files\Canon\CAL\CALMAIN.exe (autostart)
    Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
    cd20xrnt: \SystemRoot\system32\DRIVERS\cd20xrnt.sys (disabled)
    CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
    Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
    ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
    .NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
    CmdIde: \SystemRoot\system32\DRIVERS\cmdide.sys (disabled)
    COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
    Cpqarray: \SystemRoot\system32\DRIVERS\cpqarray.sys (disabled)
    CryptSvc: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    dac2w2k: \SystemRoot\system32\DRIVERS\dac2w2k.sys (disabled)
    dac960nt: \SystemRoot\system32\DRIVERS\dac960nt.sys (disabled)
    DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
    DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Disk Driver: system32\DRIVERS\disk.sys (system)
    DLABOIOM: System32\DLA\DLABOIOM.SYS (autostart)
    DLACDBHM: System32\Drivers\DLACDBHM.SYS (system)
    DLADResN: System32\DLA\DLADResN.SYS (autostart)
    DLAIFS_M: System32\DLA\DLAIFS_M.SYS (autostart)
    DLAOPIOM: System32\DLA\DLAOPIOM.SYS (autostart)
    DLAPoolM: System32\DLA\DLAPoolM.SYS (autostart)
    DLARTL_N: System32\Drivers\DLARTL_N.SYS (system)
    DLAUDFAM: System32\DLA\DLAUDFAM.SYS (autostart)
    DLAUDF_M: System32\DLA\DLAUDF_M.SYS (autostart)
    Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
    dmboot: System32\drivers\dmboot.sys (disabled)
    Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
    dmload: System32\drivers\dmload.sys (system)
    Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
    DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
    Wired AutoConfig: %SystemRoot%\System32\svchost.exe -k dot3svc (manual start)
    dpti2o: \SystemRoot\system32\DRIVERS\dpti2o.sys (disabled)
    Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
    DRVMCDB: System32\Drivers\DRVMCDB.SYS (system)
    DRVNDDM: System32\Drivers\DRVNDDM.SYS (autostart)
    DSproct: \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (manual start)
    Intel(R) PRO Adapter Driver: system32\DRIVERS\e100b325.sys (manual start)
    Intel(R) PRO/1000 PCI Express Network Connection Driver: system32\DRIVERS\e1e5132.sys (manual start)
    Extensible Authentication Protocol Service: %SystemRoot%\System32\svchost.exe -k eapsvcs (manual start)
    Symantec Eraser Control driver: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (system)
    Media Center Receiver Service: C:\WINDOWS\eHome\ehRecvr.exe (autostart)
    Media Center Scheduler Service: C:\WINDOWS\eHome\ehSched.exe (autostart)
    Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Event Log: %SystemRoot%\system32\services.exe (autostart)
    COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
    Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Fax: %systemroot%\system32\fxssvc.exe (autostart)
    Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
    D-Link PCI Fast Ethernet Adapter Driver Service: system32\DRIVERS\dlkfet5b.sys (manual start)
    Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
    FltMgr: system32\drivers\fltmgr.sys (system)
    Windows Presentation Foundation Font Cache 3.0.0.0: c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)
    Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
    GEAR ASPI Filter Driver: System32\Drivers\GEARAspiWDM.sys (manual start)
    getPlus(R) Helper: %SystemRoot%\System32\svchost.exe -k getPlusHelper (manual start)
    Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
    Google Software Updater: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (autostart)
    Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
    Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
    Health Key and Certificate Management Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    hpn: \SystemRoot\system32\DRIVERS\hpn.sys (disabled)
    hpqcxs08: %SystemRoot%\system32\svchost.exe -k hpdevmgmt (manual start)
    HP CUE DeviceDiscovery Service: %SystemRoot%\system32\svchost.exe -k hpdevmgmt (autostart)
    IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)
    Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)
    USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)
    HSFHWBS2: system32\DRIVERS\HSFHWBS2.sys (manual start)
    HSF_DP: system32\DRIVERS\HSF_DP.sys (manual start)
    HTTP: System32\Drivers\HTTP.sys (manual start)
    HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
    i2omp: \SystemRoot\system32\DRIVERS\i2omp.sys (disabled)
    i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
    Intel(R) Matrix Storage Event Monitor: C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (autostart)
    ialm: system32\DRIVERS\igxpmp32.sys (manual start)
    Intel RAID Controller: system32\drivers\iaStor.sys (system)
    InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
    Windows CardSpace: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
    CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
    IMAPI CD-Burning COM Service: %systemroot%\system32\imapi.exe (manual start)
    ini910u: \SystemRoot\system32\DRIVERS\ini910u.sys (disabled)
    IntelIde: \SystemRoot\system32\DRIVERS\intelide.sys (disabled)
    Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
    IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
    IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
    IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
    IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
    iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
    IPSEC driver: system32\DRIVERS\ipsec.sys (system)
    IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
    PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
    ZoneAlarm Toolbar ISWKL: \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (autostart)
    ZoneAlarm Toolbar IswSvc: "C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe" (autostart)
    Dual Mode Camera: System32\Drivers\jl2005c.sys (manual start)
    Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
    Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
    kl1: System32\DRIVERS\kl1.sys (system)
    Kaspersky Lab Driver: system32\DRIVERS\klif.sys (system)
    Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
    Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
    McAfee Security Scan Component Host Service: "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" (manual start)
    Media Center Extender Service: C:\WINDOWS\ehome\mcrdsvc.exe (autostart)
    Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
    mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)
    Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
    MHN: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    MHN driver: system32\DRIVERS\mhndrv.sys (manual start)
    NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
    Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
    Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
    Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
    mraid35x: \SystemRoot\system32\DRIVERS\mraid35x.sys (disabled)
    WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
    MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
    Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
    Windows Installer: %systemroot%\system32\msiexec.exe /V (manual start)
    Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
    Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
    Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
    Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
    Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
    NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
    Network Access Protection Agent: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
    Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
    NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
    Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
    Net Driver HPZ12: %SystemRoot%\System32\svchost.exe -k HPZ12 (autostart)
    NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
    NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
    Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
    Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
    Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
    Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Net.Tcp Port Sharing Service: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled)
    Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
    Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    nv: system32\DRIVERS\nv4_mini.sys (manual start)
    IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
    IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
    Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
    Parallel port driver: system32\DRIVERS\parport.sys (manual start)
    PCI Bus Driver: system32\DRIVERS\pci.sys (system)
    PCIIde: \SystemRoot\system32\DRIVERS\pciide.sys (disabled)
    perc2: \SystemRoot\system32\DRIVERS\perc2.sys (disabled)
    perc2hib: \SystemRoot\system32\DRIVERS\perc2hib.sys (disabled)
    Plug and Play: %SystemRoot%\system32\services.exe (autostart)
    Pml Driver HPZ12: %SystemRoot%\System32\svchost.exe -k HPZ12 (autostart)
    IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
    WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
    Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
    QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
    Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
    PxHelp20: System32\Drivers\PxHelp20.sys (system)
    ql1080: \SystemRoot\system32\DRIVERS\ql1080.sys (disabled)
    Ql10wnt: \SystemRoot\system32\DRIVERS\ql10wnt.sys (disabled)
    ql12160: \SystemRoot\system32\DRIVERS\ql12160.sys (disabled)
    ql1240: \SystemRoot\system32\DRIVERS\ql1240.sys (disabled)
    ql1280: \SystemRoot\system32\DRIVERS\ql1280.sys (disabled)
    Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
    Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
    Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
    Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
    Rdbss: system32\DRIVERS\rdbss.sys (system)
    RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
    Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
    Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
    Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
    Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
    Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
    Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
    Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
    QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
    Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
    SASDIFSV: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (system)
    SASKUTIL: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (system)
    Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
    Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Secdrv: system32\DRIVERS\secdrv.sys (manual start)
    Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
    Serial port driver: system32\DRIVERS\serial.sys (system)
    Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    SIS AGP Bus Filter: \SystemRoot\system32\DRIVERS\sisagp.sys (disabled)
    BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
    Sparrow: \SystemRoot\system32\DRIVERS\sparrow.sys (disabled)
    Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
    Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
    System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
    System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Srv: system32\DRIVERS\srv.sys (manual start)
    SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
    SigmaTel High Definition Audio CODEC: system32\drivers\sthda.sys (manual start)
    Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
    BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
    Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
    Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
    MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{6F6160A9-C71A-4D34-91A0-5B9E71074979} (manual start)
    symc810: \SystemRoot\system32\DRIVERS\symc810.sys (disabled)
    symc8xx: \SystemRoot\system32\DRIVERS\symc8xx.sys (disabled)
    sym_hi: \SystemRoot\system32\DRIVERS\sym_hi.sys (disabled)
    sym_u3: \SystemRoot\system32\DRIVERS\sym_u3.sys (disabled)
    Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
    Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
    Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
    Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
    Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
    Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    TosIde: \SystemRoot\system32\DRIVERS\toside.sys (disabled)
    Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Ulead Burning Helper: C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (autostart)
    ultra: \SystemRoot\system32\DRIVERS\ultra.sys (disabled)
    Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
    Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
    Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
    Apple Mobile USB Driver: System32\Drivers\usbaapl.sys (manual start)
    Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
    Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
    Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
    Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
    USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
    USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
    Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
    VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
    VIA AGP Bus Filter: \SystemRoot\system32\DRIVERS\viaagp.sys (disabled)
    ViaIde: \SystemRoot\system32\DRIVERS\viaide.sys (disabled)
    vsdatant: System32\vsdatant.sys (system)
    TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
    Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
    Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
    Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
    WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
    winachsf: system32\DRIVERS\HSF_CNXT.sys (manual start)
    Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
    Windows Media Player Network Sharing Service: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start)
    Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
    Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)
    Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
    Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)
    Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

    --------------------------------------------------
    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*
    Windows NT checkdisk command:
    BootExecute = autocheck autochk *
    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: *Registry value not found*
    --------------------------------------------------
    Enumerating ShellServiceObjectDelayLoad items:
    PostBootReminder: C:\WINDOWS\system32\shell32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\system32\webcheck.dll
    SysTray: C:\WINDOWS\system32\stobject.dll
    WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    *No values found*
    --------------------------------------------------
    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    *No values found*
    --------------------------------------------------
    End of report, 43,055 bytes
    Report generated in 0.235 seconds
    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,710
    I'm sorry but I asked for the wrong log last time. I meant to ask for an uninstall list log and not a startup one. So please do the following:

    Open HijackThis and click on the Open Misc Tools section button. Click on the Open Uninstall Manager button. Click the Save List button. Save the list then copy and paste it here.
     
  11. tim5755

    tim5755 Thread Starter

    Joined:
    Mar 21, 2010
    Messages:
    33
    Uninstall List Log:


    32 Bit HP CIO Components Installer
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Reader 7.0.9
    Adobe Shockwave Player 11.5
    AGEIA PhysX v2.4.4
    AirhogsFlightSimFullVersion 1.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Panorama Maker 4
    Arthur's Birthday
    Barbie(TM) as The Princess and the Pauper
    Barbie(TM) Beauty Boutique(TM) CD-ROM
    Bonjour
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon PhotoRecord
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Catz (remove only)
    Clifford Thinking Adventures
    CLUE Classic
    Conexant D850 56K V.9x DFVc Modem
    Corel VideoStudio 12
    Critical Update for Windows Media Player 11 (KB959772)
    Dell CinePlayer
    Dell Driver Reset Tool
    Dell Support 3.2.1
    Digital Content Portal
    Digital Line Detect
    Dig'nRigs
    DING!
    Disney's Mickey Mouse Toddler
    Disney's Ready to Read with Pooh
    DMNetVuObserVer1_7_0
    Dreamship Tales
    EarthLink Setup Files
    EducateU
    ESPNMotion
    eText typeSmart
    File Uploader
    Games, Music, & Photos Launcher
    GemMaster Mystic
    Genius Physics (remove only)
    Google Earth
    Google SketchUp 6
    Google SketchUp 6
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    Google Updater
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 10.0
    HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
    HP Imaging Device Functions 10.0
    HP Photosmart All-In-One Software 8.0
    HP Photosmart Essential
    HP Photosmart Essential 2.5
    HP PSC & OfficeJet 4.2
    HP Smart Web Printing 4.60
    HP Software Update
    HP Solution Center 10.0
    HP Update
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Matrix Storage Manager
    iTunes
    Java(TM) 6 Update 3
    JumpStart Animal Field Trip
    JumpStart Arts and Crafts
    JumpStart Music
    Kidz Cam Photo Editing Software
    LEGO Chess
    LEGO Digital Designer
    Malwarebytes' Anti-Malware
    McAfee Security Scan Plus
    Meade Astronomical Software
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Small Business Edition 2003
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Text-to-Speech Engine 4.0 (English)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Mighty Math Number Heroes
    MobileMe Control Panel
    Modem Helper
    Mozilla Firefox (3.6)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery Club Detective Academy
    Nancy Drew: Secret of Shadow Ranch
    NetWaiting
    Nikon Message Center
    Nikon Transfer
    OpenOffice.org 2.1
    Otto
    overland
    Personalized Learning Center
    Princess Magical Dress-Up
    QuickTime
    Reader Rabbit Preschool
    Reader Rabbit Thinking Adventures Ages 4-6
    Reader Rabbit's Math Ages 4-6
    RealArcade
    RealPlayer
    Roxio DLA
    Roxio MyDVD LE
    Roxio RecordNow Audio
    Roxio RecordNow Copy
    Roxio RecordNow Data
    Safari
    SearchAssist
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Encoder (KB979332)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Shop for HP Supplies
    Skies of War
    SmartSound Quicktracks Plugin
    Sonic Activation Module
    Sonic Encoders
    Sonic Update Manager
    Sony Picture Utility
    SpaceStationSim
    SUPERAntiSpyware Free Edition
    The ClueFinders Reading Adventures Ages 9-12
    Third Grade Adventures
    Typing Instructor Deluxe
    Typing Instructor for Kids
    Uninstall Dual Mode Camera
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    URL Assistant
    VC 9.0 Runtime
    VC 9.0 Runtime
    Windows Internet Explorer 8
    Windows Media Encoder 9 Series
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Media Center Edition 2005 KB908246
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    Yahoo! Toolbar
    ZoneAlarm Security Suite
    ZoneAlarm Toolbar
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,710
    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

    Upgrading Java:

    • Download the latest version of Java Runtime Environment (JRE) 6 Update 20 .
    • Click the "Download" button to the right.
    • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 20 License Agreement.".
    • Click on Continue.
    • Click on the link to download Windows Offline Installation (jre-6u20-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment, JRE, J2SE or Java(TM) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.


    This is the older version of Java that you need to uninstall:

    Java(TM) 6 Update 3

    Once you've done that please post a new HijackThis log.
     
  13. tim5755

    tim5755 Thread Starter

    Joined:
    Mar 21, 2010
    Messages:
    33
    Completed Java delete and upgrade. Hijackthis log below.

    ***************************

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:37:51 PM, on 6/24/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Tim Hall\Desktop\HijackThis.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.khou.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2061126
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.americangirl.com/fun/travel/fr/index.php?section=game"
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1241224055526
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.disneyphotopass.com/software/ImageUploader4.cab
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    --
    End of file - 9719 bytes
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,710
    How are things now?
     
  15. tim5755

    tim5755 Thread Starter

    Joined:
    Mar 21, 2010
    Messages:
    33
    Seems to be running well. Big thanks. Do I need to clear off the tools added during troubleshooting? Also, any advice for keeping the kids from downloading stuff? They use a seperate limited account, and I have Zone Alarm security suite running with parental controls on, but it still seems to allow certain files to be downlinked.

    Thanks
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/924259