google redirect keeps coming back after Malwarebytes removes it.

[explanationneeded(NED)]

As the subject says I've got the google redirect virus on my laptop running vista 32 bit,

I have ran scans with AVG, Super anti spyware and malware bytes.

Help removing it would be appreciated.

NED.

[kahdah]

Hello explanationneeded(NED)

Welcome to Malwarebytes.

=====================

• Download OTL to your desktop.
  
• Double click on OTL to run it.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    

====================

Download This file. Note its name and save it to your root folder, such as C:\.

• Disconnect from the Internet and close all running programs.
  
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  
• Click on this link to see a list of programs that should be disabled.
  
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  
• Allow the driver to load if asked.
  
• You may be prompted to scan immediately if it detects rootkit activity.
  
• If you are prompted to scan your system click "Yes" to begin the scan.
  
• If not prompted, click the "Rootkit/Malware" tab.
  
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  
• Select all drives that are connected to your system to be scanned.
  
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
  
• When the scan is finished, click Save to save the scan results to your Desktop.
  
• Save the file as Results.log and copy/paste the contents in your next reply.
  
• Exit the program and re-enable all active protection when done.
  

[explanationneeded(NED)]

cheers kahdah,

Here are the files

otl

OTL logfile created on: 29/12/2010 19:20:55 - Run 1

OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\Mr Kemp\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free

6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 223.08 Gb Total Space | 158.81 Gb Free Space | 71.19% Space Free | Partition Type: NTFS

Drive D: | 623.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 9.77 Gb Total Space | 3.33 Gb Free Space | 34.12% Space Free | Partition Type: NTFS

Computer Name: DELLBOY | User Name: Mr Kemp | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mr Kemp\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)

PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)

PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)

PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\stacsv.exe (IDT, Inc.)

PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\AEstSrv.exe (Andrea Electronics Corporation)

PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)

PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

PRC - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)

PRC - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe (OLYMPUS IMAGING CORP.)

========== Modules (SafeList) ==========

MOD - C:\Users\Mr Kemp\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies)

MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985

d\msvcr80.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985

d\msvcp80.dll (Microsoft Corporation)

MOD - C:\Program Files\Texthelp Systems\Read And Write 8\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()

SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)

SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)

SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)

SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)

SRV - (vvdsvc) -- C:\Windows\System32\nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)

SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)

SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)

SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\stacsv.exe (IDT, Inc.)

SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\AEstSrv.exe (Andrea Electronics Corporation)

SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (DM1Service) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe (OLYMPUS IMAGING CORP.)

========== Driver Services (SafeList) ==========

DRV - (vsdatant7) -- C:\Windows\System32\drivers\vsdatant.win7.sys File not found

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found

DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )

DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)

DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)

DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)

DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)

DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)

DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)

DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)

DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)

DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys ()

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ()

DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (s117obex) -- C:\Windows\System32\drivers\s117obex.sys (MCCI Corporation)

DRV - (s117mdm) -- C:\Windows\System32\drivers\s117mdm.sys (MCCI Corporation)

DRV - (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s117mgmt.sys (MCCI Corporation)

DRV - (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM) -- C:\Windows\System32\drivers\s117unic.sys (MCCI Corporation)

DRV - (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS) -- C:\Windows\System32\drivers\s117nd5.sys (MCCI Corporation)

DRV - (s117mdfl) -- C:\Windows\System32\drivers\s117mdfl.sys (MCCI Corporation)

DRV - (s117bus) Sony Ericsson Device 117 driver (WDM) -- C:\Windows\System32\drivers\s117bus.sys (MCCI Corporation)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=1081201

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.startup.homepage: "about:blank"

FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:2.23b2

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1

FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0

FF - prefs.js..extensions.enabledItems: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd}:2.6.0.15

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178

FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.023.001

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13

FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4c15104c&v=6.010.023.001&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:00:49 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/11/13 03:55:39 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/28 18:12:04 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2010/11/30 10:04:47 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 10:04:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 10:04:57 | 000,000,000 | ---D | M]

[2009/07/18 21:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mr Kemp\AppData\Roaming\mozilla\Extensions

[2009/07/18 21:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mr Kemp\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/12/29 18:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mr Kemp\AppData\Roaming\mozilla\Firefox\Profiles\12mizp3c.default\extensions

[2010/08/09 05:56:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mr Kemp\AppData\Roaming\mozilla\Firefox\Profiles\12mizp3c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/06/13 17:27:43 | 000,000,000 | ---D | M] (ZoneAlarm Toolbar) -- C:\Users\Mr Kemp\AppData\Roaming\mozilla\Firefox\Profiles\12mizp3c.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}

[2010/08/08 12:25:41 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Mr Kemp\AppData\Roaming\mozilla\Firefox\Profiles\12mizp3c.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2010/12/12 08:56:23 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Mr Kemp\AppData\Roaming\mozilla\Firefox\Profiles\12mizp3c.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2010/08/09 05:56:33 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Users\Mr Kemp\AppData\Roaming\mozilla\Firefox\Profiles\12mizp3c.default\extensions\fastdial@telega.phpnet.us

[2010/10/30 19:49:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/12/11 10:04:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/12/28 18:12:04 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX

[2010/11/30 10:04:47 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.010.023.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED

[2010/11/13 03:55:39 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER

[2010/12/11 10:04:45 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/12/11 10:04:45 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010/09/10 08:02:20 | 000,119,808 | ---- | M] (Google) -- C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

[2010/12/11 10:04:48 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2009/12/18 02:43:52 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2009/10/08 07:26:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2009/10/08 07:26:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2009/10/08 07:26:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2009/10/08 07:26:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2009/10/08 07:26:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2009/10/08 07:26:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2009/10/08 07:26:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2010/09/01 14:51:58 | 000,035,136 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll

[2010/10/27 05:24:34 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/10/27 05:24:34 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/12/09 16:44:10 | 000,002,359 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml

[2010/10/27 05:24:34 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/10/27 05:24:34 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/10/27 05:24:34 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/10/27 05:24:34 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/09/10 08:02:24 | 000,002,020 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\googledesktop.xml

[2010/10/27 05:24:34 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/10/27 05:24:34 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (txthlpBHO Class) - {060235DC-6D84-47BD-95D7-A4EF5099A59D} - C:\Program Files\Texthelp Systems\Read And Write 8\texthelpbho.dll ()

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe File not found

O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - HKCU..\Run: [CRLGLTask] File not found

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Mr Kemp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\Mr Kemp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O4 - Startup: C:\Users\Mr Kemp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (Reg Error: Key error.)

O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (AVGRSSTX.DLL) - File not found

O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [1996/11/07 17:19:30 | 000,450,560 | R--- | M] () - D:\automenu.exe -- [ CDFS ]

O32 - AutoRun File - [1999/10/07 18:11:58 | 000,011,902 | R--- | M] () - D:\autorun.apm -- [ CDFS ]

O32 - AutoRun File - [1999/02/03 02:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation) - D:\autorun.exe -- [ CDFS ]

O32 - AutoRun File - [1999/04/15 14:40:06 | 000,000,029 | R--- | M] () - D:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{a3bab775-a2e7-11df-92d5-0025647e05ed}\Shell - "" = AutoRun

O33 - MountPoints2\{a3bab775-a2e7-11df-92d5-0025647e05ed}\Shell\AutoRun\command - "" = D:\autorun.exe -- [1999/02/03 02:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/29 17:51:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES

[2010/12/29 17:51:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES

[2010/12/29 17:51:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN

[2010/12/29 17:28:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders

[2010/12/28 18:11:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/12/22 15:41:45 | 000,000,000 | ---D | C] -- C:\Users\Mr Kemp\AppData\Roaming\vlc

[2010/12/22 13:26:53 | 000,000,000 | ---D | C] -- C:\Users\Mr Kemp\Documents\vlc

[2010/12/17 16:15:06 | 000,000,000 | ---D | C] -- C:\Users\Mr Kemp\Documents\New Folder (3)

[2010/12/15 18:39:39 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010/12/15 18:39:34 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll

[2010/12/15 18:39:34 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll

[2010/12/15 18:39:34 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll

[2010/12/15 18:39:30 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe

[2010/12/15 18:39:27 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010/12/15 18:39:27 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll

[2010/12/15 18:39:27 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2010/12/15 18:39:21 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010/12/15 18:39:20 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2010/12/15 18:39:19 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2010/12/15 18:39:17 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2010/12/15 18:39:17 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010/12/15 18:39:17 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll

[2010/12/15 18:39:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010/12/15 15:19:07 | 000,000,000 | ---D | C] -- C:\Users\Mr Kemp\AppData\Roaming\Malwarebytes

[2010/12/15 15:18:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/12/15 15:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/12/15 15:18:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/12/15 15:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/12/14 23:50:57 | 000,000,000 | ---D | C] -- C:\Users\Mr Kemp\Documents\New Folder (2)

[2010/12/12 09:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center

[2010/12/11 08:58:14 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys

[2010/12/11 08:54:46 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll

[2010/12/11 08:54:45 | 000,252,536 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys

[2010/12/11 08:51:06 | 000,000,000 | ---D | C] -- C:\Users\Mr Kemp\AppData\Roaming\PCDr

[2010/12/10 20:12:20 | 000,000,000 | ---D | C] -- C:\Users\Mr Kemp\AppData\Local\eapapi32

[2010/12/10 14:49:34 | 000,008,192 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\E_DCINST.DLL

[2010/12/10 14:49:31 | 000,086,528 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FLBEJE.DLL

[2010/12/10 14:49:29 | 000,078,848 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FD4BEJE.DLL

[2010/12/10 14:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON

[2010/12/10 14:43:58 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICSDK2.dll

[2010/12/10 14:43:58 | 000,120,992 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EpPicPrt.dll

[2010/12/10 14:43:58 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICEntry.dll

[2010/12/10 14:43:58 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICSDK.dll

[2010/12/10 14:43:58 | 000,071,840 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EPPicMgr.dll

[2010/12/10 14:43:51 | 000,000,000 | ---D | C] -- C:\Users\Mr Kemp\AppData\Roaming\InstallShield

[2010/12/08 17:14:51 | 000,000,000 | ---D | C] -- C:\Users\Mr Kemp\Documents\Desktop\text files

[2010/12/08 04:12:38 | 000,251,728 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys

[2010/11/30 10:10:44 | 000,000,000 | ---D | C] -- C:\Users\Mr Kemp\AppData\Local\AVG Security Toolbar

[2010/11/30 10:08:45 | 000,000,000 | ---D | C] -- C:\Users\Mr Kemp\AppData\Roaming\AVG10

[2010/11/30 10:05:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2010/11/30 10:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar

[2010/11/30 10:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10

[2010/11/30 10:02:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG

[2010/11/30 02:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[1 C:\Users\Mr Kemp\Documents\*.tmp files -> C:\Users\Mr Kemp\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/29 19:22:42 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/12/29 18:15:18 | 001,973,742 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/12/29 18:15:18 | 000,798,886 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/12/29 18:11:50 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/12/29 18:08:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/12/29 18:08:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/12/29 18:08:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/12/29 18:07:54 | 3177,598,976 | -HS- | M] () -- C:\hiberfil.sys

[2010/12/29 18:06:04 | 000,000,945 | ---- | M] () -- C:\Users\Mr Kemp\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/12/29 17:55:49 | 000,295,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/12/29 15:48:30 | 102,903,039 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm

[2010/12/29 15:46:06 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2010/12/28 18:12:28 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk

[2010/12/27 18:45:38 | 000,000,680 | ---- | M] () -- C:\Users\Mr Kemp\AppData\Local\d3d9caps.dat

[2010/12/22 22:32:39 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/12/22 13:38:37 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/12/17 15:25:53 | 000,011,682 | ---- | M] () -- C:\Users\Mr Kemp\Documents\Desktop\todo.docx

[2010/12/17 00:23:08 | 000,000,162 | -H-- | M] () -- C:\Users\Mr Kemp\Documents\Desktop\~$todo.docx

[2010/12/16 03:24:28 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0768540C-E23A-4EE5-AE8E-1D6C837101D1}.job

[2010/12/15 15:54:26 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[2010/12/11 12:39:00 | 000,018,944 | ---- | M] () -- C:\Users\Mr Kemp\Documents\darts.xls

[2010/12/11 08:59:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01009.Wdf

[2010/12/11 08:59:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2010/12/09 17:30:14 | 000,040,960 | ---- | M] () -- C:\Users\Mr Kemp\Documents\experimenthyperlinks.doc

[2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys

[2010/12/08 00:45:04 | 000,033,677 | ---- | M] () -- C:\Users\Mr Kemp\Documents\jobs database1.xlsx

[2010/12/03 17:32:22 | 000,033,661 | ---- | M] () -- C:\Users\Mr Kemp\Documents\jobs database.xlsx

[2010/12/01 01:37:34 | 000,034,304 | ---- | M] () -- C:\Users\Mr Kemp\Documents\Rescued document 1.doc

[1 C:\Users\Mr Kemp\Documents\*.tmp files -> C:\Users\Mr Kemp\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/29 15:48:30 | 102,903,039 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm

[2010/12/22 13:38:37 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2010/12/17 00:23:08 | 000,000,162 | -H-- | C] () -- C:\Users\Mr Kemp\Documents\Desktop\~$todo.docx

[2010/12/15 15:18:48 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/12/12 09:40:08 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[2010/12/12 09:40:07 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2010/12/11 08:59:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01009.Wdf

[2010/12/11 08:59:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2010/12/11 08:58:22 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf

[2010/12/10 14:43:58 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat

[2010/12/10 14:43:58 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat

[2010/12/10 14:43:58 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat

[2010/12/10 14:43:58 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat

[2010/12/10 14:43:58 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat

[2010/12/10 14:43:58 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat

[2010/12/10 14:43:58 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat

[2010/12/10 14:43:58 | 000,013,732 | ---- | C] () -- C:\Windows\System32\EPPICLocal_EN.cfg

[2010/12/10 14:43:58 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat

[2010/12/10 14:43:58 | 000,006,442 | ---- | C] () -- C:\Windows\System32\EPPICLocal_IT.cfg

[2010/12/10 14:43:58 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_PT.cfg

[2010/12/10 14:43:58 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_BP.cfg

[2010/12/10 14:43:58 | 000,006,335 | ---- | C] () -- C:\Windows\System32\EPPICLocal_GE.cfg

[2010/12/10 14:43:58 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_FR.cfg

[2010/12/10 14:43:58 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_CF.cfg

[2010/12/10 14:43:58 | 000,006,122 | ---- | C] () -- C:\Windows\System32\EPPICLocal_DU.cfg

[2010/12/10 14:43:58 | 000,006,103 | ---- | C] () -- C:\Windows\System32\EPPICLocal_ES.cfg

[2010/12/10 14:43:58 | 000,005,817 | ---- | C] () -- C:\Windows\System32\EPPICLocal_KO.cfg

[2010/12/10 14:43:58 | 000,005,436 | ---- | C] () -- C:\Windows\System32\EPPICLocal_SC.cfg

[2010/12/10 14:43:58 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat

[2010/12/10 14:43:58 | 000,002,889 | ---- | C] () -- C:\Windows\System32\EPPICLocal_RU.cfg

[2010/12/10 14:43:58 | 000,002,426 | ---- | C] () -- C:\Windows\System32\EPPICLocal_TC.cfg

[2010/12/10 14:43:58 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat

[2010/12/10 14:43:58 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat

[2010/12/10 14:43:58 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat

[2010/12/10 14:43:58 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat

[2010/12/10 14:43:58 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat

[2010/12/10 14:43:58 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat

[2010/12/10 14:43:58 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat

[2010/12/10 14:43:58 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat

[2010/12/10 14:43:58 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat

[2010/12/10 14:43:58 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini

[2010/12/09 19:26:53 | 000,018,944 | ---- | C] () -- C:\Users\Mr Kemp\Documents\darts.xls

[2010/12/09 14:39:20 | 000,040,960 | ---- | C] () -- C:\Users\Mr Kemp\Documents\experimenthyperlinks.doc

[2010/12/08 17:26:36 | 000,011,682 | ---- | C] () -- C:\Users\Mr Kemp\Documents\Desktop\todo.docx

[2010/12/08 00:45:03 | 000,033,677 | ---- | C] () -- C:\Users\Mr Kemp\Documents\jobs database1.xlsx

[2010/12/01 01:37:34 | 000,034,304 | ---- | C] () -- C:\Users\Mr Kemp\Documents\Rescued document 1.doc

[2010/11/30 10:04:33 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk

[2010/09/12 16:04:27 | 000,000,635 | ---- | C] () -- C:\Windows\Sta2.INI

[2010/04/13 22:28:44 | 000,000,680 | ---- | C] () -- C:\Users\Mr Kemp\AppData\Local\d3d9caps.dat

[2010/02/24 19:02:35 | 000,004,668 | ---- | C] () -- C:\Windows\WININIT.INI

[2010/02/24 19:02:33 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI

[2010/02/24 18:57:18 | 000,000,000 | ---- | C] () -- C:\Windows\Dssole.INI

[2010/02/24 18:57:03 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DM1USBAPIVB.dll

[2009/10/22 15:15:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/06/23 18:36:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009/05/29 21:37:20 | 000,146,944 | ---- | C] () -- C:\Users\Mr Kemp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/12/01 10:02:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1489.dll

[2008/12/01 08:23:12 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll

[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 10:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/02/15 17:57:06 | 000,000,000 | ---D | M] -- C:\Users\Mr Kemp\AppData\Roaming\Acapela Group

[2010/11/30 10:08:45 | 000,000,000 | ---D | M] -- C:\Users\Mr Kemp\AppData\Roaming\AVG10

[2009/07/02 10:03:04 | 000,000,000 | ---D | M] -- C:\Users\Mr Kemp\AppData\Roaming\Canon

[2010/06/13 17:28:31 | 000,000,000 | ---D | M] -- C:\Users\Mr Kemp\AppData\Roaming\CheckPoint

[2010/09/28 21:20:45 | 000,000,000 | ---D | M] -- C:\Users\Mr Kemp\AppData\Roaming\Feedreader

[2010/02/24 17:48:06 | 000,000,000 | ---D | M] -- C:\Users\Mr Kemp\AppData\Roaming\Inspiration Software

[2010/12/12 08:58:36 | 000,000,000 | ---D | M] -- C:\Users\Mr Kemp\AppData\Roaming\PCDr

[2010/02/24 21:13:56 | 000,000,000 | ---D | M] -- C:\Users\Mr Kemp\AppData\Roaming\pdfaloud

[2010/02/24 21:06:54 | 000,000,000 | ---D | M] -- C:\Users\Mr Kemp\AppData\Roaming\pdfaloud 3.0

[2010/09/14 09:12:40 | 000,000,000 | ---D | M] -- C:\Users\Mr Kemp\AppData\Roaming\Star Trek Armada II Fleet Operations

[2010/02/24 18:47:59 | 000,000,000 | ---D | M] -- C:\Users\Mr Kemp\AppData\Roaming\Texthelp Systems

[2010/02/15 17:58:01 | 000,000,000 | ---D | M] -- C:\Users\Mr Kemp\AppData\Roaming\Xtranormal

[2010/12/15 15:54:26 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

[2010/12/29 18:07:08 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2010/12/29 15:46:06 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

[2010/12/16 03:24:28 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0768540C-E23A-4EE5-AE8E-1D6C837101D1}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Mr Kemp\Documents\experiment.avi:TOC.WMV

< End of report >

Ned

[explanationneeded(NED)]

OTL Extras logfile created on: 29/12/2010 19:20:55 - Run 1

OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\Mr Kemp\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free

6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 223.08 Gb Total Space | 158.81 Gb Free Space | 71.19% Space Free | Partition Type: NTFS

Drive D: | 623.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 9.77 Gb Total Space | 3.33 Gb Free Space | 34.12% Space Free | Partition Type: NTFS

Computer Name: DELLBOY | User Name: Mr Kemp | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{06A64E67-6B39-4AD2-B061-9026BEC453CA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |

"{42C5A889-B5F1-4A43-8938-7BE092FF33E2}" = rport=139 | protocol=6 | dir=out | app=system |

"{45A0B1A1-6057-412F-BEB8-D0BDA4D976F6}" = lport=139 | protocol=6 | dir=in | app=system |

"{499C9F41-DFAE-4921-97F5-6BBA36783A8B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{51D865B4-E677-4313-A6D7-499F686197F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{871B8409-0558-4701-96C0-C5A308650852}" = rport=137 | protocol=17 | dir=out | app=system |

"{8A2A317A-D22A-4552-96FC-8F6C0E63F851}" = lport=137 | protocol=17 | dir=in | app=system |

"{BE1F8761-1496-48A6-9B29-2F4CF153B843}" = lport=445 | protocol=6 | dir=in | app=system |

"{C8396523-5AEB-4A5F-8375-3FBD2021E2A1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{D49F3378-5CBA-4811-BFCD-51F9F37A8903}" = rport=445 | protocol=6 | dir=out | app=system |

"{D4F44283-EB7B-4800-9927-41CA8313A2E7}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D94E0C4F-8252-400E-A738-85AF2681A49B}" = lport=138 | protocol=17 | dir=in | app=system |

"{F57744DE-94ED-4E2C-A74A-EE31FE6834FD}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01971F46-B906-44D5-8C44-16153C3A82D2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

"{0C4E7160-F731-4445-93FD-4E80A9C6D8D7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{14B30697-DC9F-4516-A448-A73024893A50}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

"{2B376FB7-F265-48CD-A531-DE64F615FBE3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{2BBCD56B-EFBB-42E3-82D3-8BF383E18DF9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{30381762-C908-4725-AE60-1959C0AFA3D5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{379D6FF6-958E-4D1E-A21E-36FF466C19EC}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |

"{39FAA971-9C2F-4C80-B3CA-18BF9B5A8B51}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

"{4E9A1158-835E-4503-BB62-BBB7A0E478B6}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{58653226-2F88-49AB-BEBA-036C99BC8B5D}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |

"{598AED16-BC6A-4874-A0CC-D0D407EAEA19}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{5ADB2B68-3A5E-4ACB-A555-AFE9665865E0}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |

"{5FDD307D-D0A6-4079-B7A9-ABFC78F2B2FB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{972AD4FE-A3BE-4994-A9F6-E19281768F31}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{979754F6-7401-4803-896D-F9F0AF03EB9A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{9D5B528E-A22E-4A67-A605-B8EAD5D11F71}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

"{9F222248-332C-40D6-98F3-898B933F3B05}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |

"{C1EFAA6E-A599-4306-A6EB-AD3821004968}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{D06B9847-D520-4B7B-9A7C-407193473B60}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |

"{D6C4D890-9678-451A-B3D9-3E19893F11FB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{D7E54869-9D94-43CA-8A57-997A6A1F220B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

"{DC8E780D-9E33-4733-AD02-C5234B7641C7}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{F1C2F2BB-DD39-48B7-80CC-7D8A860FFF97}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

"{F24183A0-7D0E-4FD1-8779-924FB1D8AD27}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{F2511933-7C74-4DB2-A756-8976B04B57CC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{FBD2590D-4080-4010-95F6-D2F4A786F468}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"{FCB0F4CC-DF41-42F5-A9A1-C3654742EC49}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center

"{04E7A3BB-DB38-481C-A809-35FA60C78EDF}" = AVG 2011

"{053B3DA8-91B5-4682-A130-715412A1A252}" = Paint.NET v3.5.4

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data

"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{1696C54E-599A-4BA2-9941-BB70C4727887}" = Xtranormal State - Voicepack-English-UK-Daniel

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype

[explanationneeded(NED)]

GMER 1.0.15.15530 - http://www.gmer.net

Rootkit scan 2010-12-29 20:33:26

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FBEO

Running: q5xjeu0f.exe; Driver: C:\Users\MRKEMP~1\AppData\Local\Temp\fxtdapod.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x8FB2E570]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcCreatePort [0x8FB2EE46]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x8FB2DFC6]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x8FB27884]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x8FB48FA8]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x8FB2EAD0]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x8FB2EC2E]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x8FB285B4]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x8FB4AA50]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x8FB4A346]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x8FB4B41A]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x8FB4B658]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x8FB4BB0A]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x8FB2816C]

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAEE75780]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x8FB4C4E0]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x8FB4BDD4]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x8FB2DB5E]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x8FB4CF40]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x8FB289BE]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0x8FB4CA68]

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x8FB49A6A]

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x8FBCC660]

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAEE758D0]

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAEE75970]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 13D 822C88A0 8 Bytes [70, E5, B2, 8F, 46, EE, B2, ...] {JO 0xffffffffffffffe7; MOV DL, 0x8f; INC ESI; OUT DX, AL ; MOV DL, 0x8f}

.text ntkrnlpa.exe!KeSetEvent + 1C1 822C8924 4 Bytes [C6, DF, B2, 8F]

.text ntkrnlpa.exe!KeSetEvent + 1D9 822C893C 4 Bytes [84, 78, B2, 8F]

.text ntkrnlpa.exe!KeSetEvent + 1E9 822C894C 4 Bytes [A8, 8F, B4, 8F] {TEST AL, 0x8f; MOV AH, 0x8f}

.text ntkrnlpa.exe!KeSetEvent + 205 822C8968 4 Bytes JMP D8BF8FB2

.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\aestsrv.exe[720] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\aestsrv.exe[720] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\aestsrv.exe[720] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\aestsrv.exe[720] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\aestsrv.exe[720] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\aestsrv.exe[720] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\aestsrv.exe[720] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\aestsrv.exe[720] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\aestsrv.exe[720] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\wininit.exe[772] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\wininit.exe[772] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\wininit.exe[772] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\wininit.exe[772] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\wininit.exe[772] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\wininit.exe[772] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\wininit.exe[772] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\wininit.exe[772] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\wininit.exe[772] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[788] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[788] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[788] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[788] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[788] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[788] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[788] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[788] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[788] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\WLTRYSVC.EXE[872] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\WLTRYSVC.EXE[872] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\WLTRYSVC.EXE[872] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\WLTRYSVC.EXE[872] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\WLTRYSVC.EXE[872] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\WLTRYSVC.EXE[872] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\WLTRYSVC.EXE[872] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\WLTRYSVC.EXE[872] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\WLTRYSVC.EXE[872] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\services.exe[880] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\services.exe[880] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\services.exe[880] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\services.exe[880] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\services.exe[880] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\services.exe[880] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\services.exe[880] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\services.exe[880] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\services.exe[880] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\lsass.exe[892] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\lsass.exe[892] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\lsass.exe[892] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\lsass.exe[892] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\lsass.exe[892] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\lsass.exe[892] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\lsass.exe[892] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\lsass.exe[892] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\lsm.exe[900] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\lsm.exe[900] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\lsm.exe[900] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\lsm.exe[900] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\lsm.exe[900] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\lsm.exe[900] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\lsm.exe[900] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\lsm.exe[900] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\lsm.exe[900] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Bonjour\mDNSResponder.exe[936] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Bonjour\mDNSResponder.exe[936] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Bonjour\mDNSResponder.exe[936] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Bonjour\mDNSResponder.exe[936] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Bonjour\mDNSResponder.exe[936] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Bonjour\mDNSResponder.exe[936] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Bonjour\mDNSResponder.exe[936] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Bonjour\mDNSResponder.exe[936] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Bonjour\mDNSResponder.exe[936] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Olympus\DeviceDetector\DM1Service.exe[972] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Olympus\DeviceDetector\DM1Service.exe[972] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Olympus\DeviceDetector\DM1Service.exe[972] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Olympus\DeviceDetector\DM1Service.exe[972] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Olympus\DeviceDetector\DM1Service.exe[972] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Olympus\DeviceDetector\DM1Service.exe[972] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Olympus\DeviceDetector\DM1Service.exe[972] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Olympus\DeviceDetector\DM1Service.exe[972] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Olympus\DeviceDetector\DM1Service.exe[972] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe[1028] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe[1028] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe[1028] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe[1028] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe[1028] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe[1028] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe[1028] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe[1028] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe[1028] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\bcmwltry.exe[1048] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\bcmwltry.exe[1048] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\bcmwltry.exe[1048] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\bcmwltry.exe[1048] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\bcmwltry.exe[1048] KERNEL32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\bcmwltry.exe[1048] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\bcmwltry.exe[1048] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\bcmwltry.exe[1048] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\bcmwltry.exe[1048] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1132] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1132] USER32.dll!IsWindowUnicode + 37 758290B5 5 Bytes JMP 20C79270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1144] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1144] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1144] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1144] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1144] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1144] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1212] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1212] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1212] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1212] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1212] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1212] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[1360] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[1360] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[1360] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[1360] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[1360] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[1360] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[1360] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[1360] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[1360] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\rundll32.exe[1380] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\rundll32.exe[1380] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\rundll32.exe[1380] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\rundll32.exe[1380] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\rundll32.exe[1380] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\rundll32.exe[1380] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\rundll32.exe[1380] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\rundll32.exe[1380] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\rundll32.exe[1380] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[1392] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[1392] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[1392] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[1392] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[1392] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[1392] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[1392] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[1392] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[1392] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1416] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1416] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1416] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1416] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1416] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1416] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1416] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\STacSV.exe[1464] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\STacSV.exe[1464] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\STacSV.exe[1464] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\STacSV.exe[1464] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\STacSV.exe[1464] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\STacSV.exe[1464] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\STacSV.exe[1464] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\STacSV.exe[1464] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\STacSV.exe[1464] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1640] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1640] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1640] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\spoolsv.exe[1652] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\spoolsv.exe[1652] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\spoolsv.exe[1652] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\spoolsv.exe[1652] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\spoolsv.exe[1652] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\spoolsv.exe[1652] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\spoolsv.exe[1652] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\spoolsv.exe[1652] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\spoolsv.exe[1652] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1700] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1700] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1700] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1700] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1700] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1700] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1700] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1700] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1700] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Dell\DellDock\DockLogin.exe[1784] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Dell\DellDock\DockLogin.exe[1784] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Dell\DellDock\DockLogin.exe[1784] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Dell\DellDock\DockLogin.exe[1784] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Dell\DellDock\DockLogin.exe[1784] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Dell\DellDock\DockLogin.exe[1784] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Dell\DellDock\DockLogin.exe[1784] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Dell\DellDock\DockLogin.exe[1784] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Dell\DellDock\DockLogin.exe[1784] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1800] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1800] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1800] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1800] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1800] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1800] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1800] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1800] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1800] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1844] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1844] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1844] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1844] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1844] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1844] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1844] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1844] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[1844] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\explorer.exe[1964] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\explorer.exe[1964] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\explorer.exe[1964] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\explorer.exe[1964] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP

[explanationneeded(NED)]

20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\explorer.exe[1964] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\explorer.exe[1964] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\explorer.exe[1964] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\explorer.exe[1964] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\explorer.exe[1964] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\Apoint.exe[2080] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\Apoint.exe[2080] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\Apoint.exe[2080] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\Apoint.exe[2080] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\Apoint.exe[2080] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\Apoint.exe[2080] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\Apoint.exe[2080] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\Apoint.exe[2080] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\Apoint.exe[2080] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[2084] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[2084] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[2084] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[2084] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[2084] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[2128] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[2128] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[2128] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[2128] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[2128] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[2128] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[2128] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[2128] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\svchost.exe[2128] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\NOTEPAD.EXE[2188] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\NOTEPAD.EXE[2188] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\NOTEPAD.EXE[2188] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\NOTEPAD.EXE[2188] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\NOTEPAD.EXE[2188] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\NOTEPAD.EXE[2188] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\NOTEPAD.EXE[2188] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\NOTEPAD.EXE[2188] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\NOTEPAD.EXE[2188] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[2220] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[2220] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[2220] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[2220] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[2220] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[2220] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[2220] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\svchost.exe[2220] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\RUNDLL32.EXE[2268] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\RUNDLL32.EXE[2268] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\RUNDLL32.EXE[2268] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\RUNDLL32.EXE[2268] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\RUNDLL32.EXE[2268] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\RUNDLL32.EXE[2268] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\RUNDLL32.EXE[2268] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\RUNDLL32.EXE[2268] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\RUNDLL32.EXE[2268] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2700] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2700] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2700] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2700] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2700] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2700] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2700] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2700] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2700] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\hkcmd.exe[2896] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\hkcmd.exe[2896] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\hkcmd.exe[2896] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\hkcmd.exe[2896] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\hkcmd.exe[2896] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\hkcmd.exe[2896] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\hkcmd.exe[2896] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\hkcmd.exe[2896] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\hkcmd.exe[2896] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2932] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2932] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2932] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2932] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2932] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2932] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2932] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2932] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2932] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\SearchIndexer.exe[2968] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\SearchIndexer.exe[2968] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\SearchIndexer.exe[2968] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\SearchIndexer.exe[2968] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\SearchIndexer.exe[2968] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\SearchIndexer.exe[2968] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\SearchIndexer.exe[2968] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\SearchIndexer.exe[2968] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\SearchIndexer.exe[2968] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\igfxpers.exe[3212] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\igfxpers.exe[3212] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\igfxpers.exe[3212] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\igfxpers.exe[3212] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\igfxpers.exe[3212] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\igfxpers.exe[3212] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\igfxpers.exe[3212] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\igfxpers.exe[3212] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\System32\igfxpers.exe[3212] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\igfxsrvc.exe[3280] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\igfxsrvc.exe[3280] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\igfxsrvc.exe[3280] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\igfxsrvc.exe[3280] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\igfxsrvc.exe[3280] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\igfxsrvc.exe[3280] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\igfxsrvc.exe[3280] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\igfxsrvc.exe[3280] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\igfxsrvc.exe[3280] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3312] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3312] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3312] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3312] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3312] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3312] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3312] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3312] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3312] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Google\Update\GoogleUpdate.exe[3332] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Google\Update\GoogleUpdate.exe[3332] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Google\Update\GoogleUpdate.exe[3332] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Google\Update\GoogleUpdate.exe[3332] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Google\Update\GoogleUpdate.exe[3332] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Google\Update\GoogleUpdate.exe[3332] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Google\Update\GoogleUpdate.exe[3332] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Google\Update\GoogleUpdate.exe[3332] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Google\Update\GoogleUpdate.exe[3332] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Dell\QuickSet\quickset.exe[3348] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Dell\QuickSet\quickset.exe[3348] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Dell\QuickSet\quickset.exe[3348] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Dell\QuickSet\quickset.exe[3348] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Dell\QuickSet\quickset.exe[3348] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Dell\QuickSet\quickset.exe[3348] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Dell\QuickSet\quickset.exe[3348] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Dell\QuickSet\quickset.exe[3348] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Dell\QuickSet\quickset.exe[3348] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\wbem\wmiprvse.exe[3424] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\wbem\wmiprvse.exe[3424] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\wbem\wmiprvse.exe[3424] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

[explanationneeded(NED)]

.text C:\Windows\system32\wbem\wmiprvse.exe[3424] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\wbem\wmiprvse.exe[3424] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\wbem\wmiprvse.exe[3424] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\wbem\wmiprvse.exe[3424] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\wbem\wmiprvse.exe[3424] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\wbem\wmiprvse.exe[3424] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3440] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3440] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3440] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3440] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3440] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3440] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3440] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3440] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3440] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3444] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3444] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3444] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3444] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3444] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3444] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3444] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3444] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3444] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IDT\WDM\sttray.exe[3608] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IDT\WDM\sttray.exe[3608] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IDT\WDM\sttray.exe[3608] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IDT\WDM\sttray.exe[3608] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IDT\WDM\sttray.exe[3608] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IDT\WDM\sttray.exe[3608] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IDT\WDM\sttray.exe[3608] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IDT\WDM\sttray.exe[3608] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IDT\WDM\sttray.exe[3608] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3688] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3688] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3688] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3688] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3688] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3688] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3688] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3688] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3688] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\iTunes\iTunesHelper.exe[3716] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\iTunes\iTunesHelper.exe[3716] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\iTunes\iTunesHelper.exe[3716] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\iTunes\iTunesHelper.exe[3716] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\iTunes\iTunesHelper.exe[3716] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\iTunes\iTunesHelper.exe[3716] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\iTunes\iTunesHelper.exe[3716] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\iTunes\iTunesHelper.exe[3716] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\iTunes\iTunesHelper.exe[3716] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4080] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4080] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4080] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4080] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4080] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4080] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4080] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4080] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4080] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4092] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4092] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4092] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4092] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4092] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4092] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4092] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4092] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4092] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\ApMsgFwd.exe[4232] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\ApMsgFwd.exe[4232] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\ApMsgFwd.exe[4232] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\ApMsgFwd.exe[4232] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\ApMsgFwd.exe[4232] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\ApMsgFwd.exe[4232] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\ApMsgFwd.exe[4232] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\ApMsgFwd.exe[4232] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\ApMsgFwd.exe[4232] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\q5xjeu0f.exe[4280] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\q5xjeu0f.exe[4280] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\q5xjeu0f.exe[4280] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\q5xjeu0f.exe[4280] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\q5xjeu0f.exe[4280] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\q5xjeu0f.exe[4280] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\q5xjeu0f.exe[4280] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\q5xjeu0f.exe[4280] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\q5xjeu0f.exe[4280] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4436] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4436] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4436] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4436] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4436] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4436] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4436] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4436] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4436] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\notepad.exe[4496] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\notepad.exe[4496] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\notepad.exe[4496] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\notepad.exe[4496] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\notepad.exe[4496] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\notepad.exe[4496] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\notepad.exe[4496] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\notepad.exe[4496] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\notepad.exe[4496] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\HidFind.exe[4516] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\HidFind.exe[4516] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\HidFind.exe[4516] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\HidFind.exe[4516] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\HidFind.exe[4516] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\HidFind.exe[4516] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\HidFind.exe[4516] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\HidFind.exe[4516] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\HidFind.exe[4516] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\notepad.exe[4564] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\notepad.exe[4564] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\notepad.exe[4564] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\notepad.exe[4564] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\notepad.exe[4564] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\notepad.exe[4564] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\notepad.exe[4564] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\notepad.exe[4564] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\notepad.exe[4564] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\Apntex.exe[4680] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\Apntex.exe[4680] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\Apntex.exe[4680] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\Apntex.exe[4680] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\Apntex.exe[4680] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\Apntex.exe[4680] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\Apntex.exe[4680] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\Apntex.exe[4680] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\DellTPad\Apntex.exe[4680] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\iPod\bin\iPodService.exe[5300] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\iPod\bin\iPodService.exe[5300] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\iPod\bin\iPodService.exe[5300] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\iPod\bin\iPodService.exe[5300] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\iPod\bin\iPodService.exe[5300] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\iPod\bin\iPodService.exe[5300] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\iPod\bin\iPodService.exe[5300] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\iPod\bin\iPodService.exe[5300] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\iPod\bin\iPodService.exe[5300] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[5596] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[5596] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[5596] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[5596] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[5596] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[5596] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[5596] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[5596] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[5596] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Users\Mr Kemp\Downloads\OTL.exe[5728] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Users\Mr Kemp\Downloads\OTL.exe[5728] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Users\Mr Kemp\Downloads\OTL.exe[5728] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Users\Mr Kemp\Downloads\OTL.exe[5728] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Users\Mr Kemp\Downloads\OTL.exe[5728] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Users\Mr Kemp\Downloads\OTL.exe[5728] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Users\Mr Kemp\Downloads\OTL.exe[5728] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Users\Mr Kemp\Downloads\OTL.exe[5728] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Users\Mr Kemp\Downloads\OTL.exe[5728] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\rundll32.exe[6048] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\rundll32.exe[6048] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\rundll32.exe[6048] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\rundll32.exe[6048] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\rundll32.exe[6048] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\rundll32.exe[6048] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\rundll32.exe[6048] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\rundll32.exe[6048] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\rundll32.exe[6048] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\NOTEPAD.EXE[6124] ntdll.dll!NtAccessCheckByType 77154044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\NOTEPAD.EXE[6124] ntdll.dll!NtAlpcImpersonateClientOfPort 77154214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\NOTEPAD.EXE[6124] ntdll.dll!NtImpersonateClientOfPort 771549E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\NOTEPAD.EXE[6124] ntdll.dll!NtSetInformationProcess 77155324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\NOTEPAD.EXE[6124] kernel32.dll!OpenProcess 768C7267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\NOTEPAD.EXE[6124] ADVAPI32.dll!ImpersonateNamedPipeClient 75AA3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\NOTEPAD.EXE[6124] ADVAPI32.dll!SetThreadToken 75AB8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\NOTEPAD.EXE[6124] USER32.dll!FindWindowA 75829D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Windows\system32\NOTEPAD.EXE[6124] USER32.dll!FindWindowW 7583A441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\aestsrv.exe[720] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\system32\wininit.exe[772] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[788] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\System32\WLTRYSVC.EXE[872] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\system32\lsass.exe[892] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\system32\lsm.exe[900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Program Files\Bonjour\mDNSResponder.exe[936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Program Files\Olympus\DeviceDetector\DM1Service.exe[972] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe[1028] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\System32\bcmwltry.exe[1048] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\system32\svchost.exe[1144] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\system32\svchost.exe[1212] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\System32\svchost.exe[1360] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\System32\rundll32.exe[1380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\System32\svchost.exe[1392] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\system32\svchost.exe[1416] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\STacSV.exe[1464] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\system32\svchost.exe[1640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\System32\spoolsv.exe[1652] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\system32\svchost.exe[1700] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Program Files\Dell\DellDock\DockLogin.exe[1784] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\system32\svchost.exe[1844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\explorer.exe[1964] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Program Files\DellTPad\Apoint.exe[2080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\system32\svchost.exe[2084] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\system32\svchost.exe[2128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\system32\NOTEPAD.EXE[2188] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\System32\svchost.exe[2220] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\system32\RUNDLL32.EXE[2268] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2700] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\System32\hkcmd.exe[2896] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[2932] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\system32\SearchIndexer.exe[2968] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\System32\igfxpers.exe[3212] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\system32\igfxsrvc.exe[3280] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3312] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Program Files\Google\Update\GoogleUpdate.exe[3332] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Program Files\Dell\QuickSet\quickset.exe[3348] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3440] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3444] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Program Files\IDT\WDM\sttray.exe[3608] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Program Files\iTunes\iTunesHelper.exe[3716] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4092] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Program Files\DellTPad\ApMsgFwd.exe[4232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\q5xjeu0f.exe[4280] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Program Files\Windows Media Player\wmpnetwk.exe[4436] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\notepad.exe[4496] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Program Files\DellTPad\HidFind.exe[4516] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\notepad.exe[4564] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Program Files\DellTPad\Apntex.exe[4680] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Program Files\iPod\bin\iPodService.exe[5300] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[5596] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Users\Mr Kemp\Downloads\OTL.exe[5728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\system32\rundll32.exe[6048] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

IAT C:\Windows\system32\NOTEPAD.EXE[6124] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- EOF - GMER 1.0.15 ----

Ned. (longer files than I thought they would be)

[kahdah]

No problem they are long

Can you post also post the most recent mbam log that shows the infections being removed?

[explanationneeded(NED)]

No problem they are long

Can you post also post the most recent mbam log that shows the infections being removed?

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

I hope this is the correct log

Database version: 5379

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

27/12/2010 12:05:32

mbam-log-2010-12-27 (12-05-32).txt

Scan type: Full scan (C:\|E:\|)

Objects scanned: 313673

Time elapsed: 1 hour(s), 37 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Mr Kemp\AppData\Local\Temp\Low\0.13257231284909832.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Users\Mr Kemp\AppData\Local\Temp\Low\ifsfsmgyv\sukxhxxlajb.exe (Trojan.FakeAlert) -> Delete on reboot.

Ned

[kahdah]

Thank you.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :Commands
  [emptytemp]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
  
• It will produce a log for you on reboot, please post that log in your next reply.
  

================================Malwarebytes' Anti-Malware=================================

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

• Click on the update tab then click on Check for updates.
  
• If an update is found, it will download and install the latest version.
  
• Once the update has loaded, go to the Scanner tab and select "Perform quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

================================Online scan=================================

* Go here to run an online scannner from ESET.

• Note: You will need to use Internet explorer for this scan
  
• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the activex control to install
  
• Click Start
  
• Check next options: Remove found threats and Scan unwanted applications.
  
• Click Scan
  
• Wait for the scan to finish
  
• Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[explanationneeded(NED)]

I've run the scans eset came up with two threats should I remove them?

All processes killed

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Currys

->Temp folder emptied: 1281205 bytes

->Temporary Internet Files folder emptied: 54611 bytes

->Java cache emptied: 1615348 bytes

->FireFox cache emptied: 3881038 bytes

->Flash cache emptied: 5898 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Mr Kemp

->Temp folder emptied: 1964325866 bytes

->Temporary Internet Files folder emptied: 734355190 bytes

->Java cache emptied: 135682 bytes

->FireFox cache emptied: 70719786 bytes

->Flash cache emptied: 193124 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 68154749 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 92079 bytes

RecycleBin emptied: 1128674387 bytes

Total Files Cleaned = 3,789.00 mb

OTL by OldTimer - Version 3.2.18.2 log created on 12292010_214501

Files\Folders moved on Reboot...

C:\Users\Mr Kemp\AppData\Local\Temp\~DFE9A7.tmp moved successfully.

C:\Users\Mr Kemp\AppData\Local\Mozilla\Firefox\Profiles\12mizp3c.default\Cache\_CACHE_001_ moved successfully.

C:\Users\Mr Kemp\AppData\Local\Mozilla\Firefox\Profiles\12mizp3c.default\Cache\_CACHE_002_ moved successfully.

C:\Users\Mr Kemp\AppData\Local\Mozilla\Firefox\Profiles\12mizp3c.default\Cache\_CACHE_003_ moved successfully.

C:\Users\Mr Kemp\AppData\Local\Mozilla\Firefox\Profiles\12mizp3c.default\Cache\_CACHE_MAP_ moved successfully.

C:\Users\Mr Kemp\AppData\Local\Mozilla\Firefox\Profiles\12mizp3c.default\urlclassifier3.sqlite moved successfully.

C:\Users\Mr Kemp\AppData\Local\Mozilla\Firefox\Profiles\12mizp3c.default\XUL.mfl moved successfully.

File\Folder C:\Windows\temp\ZLT0407d.TMP not found!

Registry entries deleted on Reboot...

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5419

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

29/12/2010 22:05:28

mbam-log-2010-12-29 (22-05-28).txt

Scan type: Quick scan

Objects scanned: 155805

Time elapsed: 4 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[kahdah]

Yes before you close the window choose export to file and save the log to your desktop and post it in your next reply then remove the threats and choose uninstall application on close.

[explanationneeded(NED)]

log file

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred O

[kahdah]

Hmm is that the entire log?

Check to see if it saved the log here as well > C:\Program Files\Eset\Eset Online scanner\log.txt

[kahdah]

@jamahle you will need to start your own topic to get help.

[explanationneeded(NED)]

Hmm is that the entire log?

Check to see if it saved the log here as well > C:\Program Files\Eset\Eset Online scanner\log.txt

It is the entire log , would restarting the computer help?

[kahdah]

No it is not necessary how are things running now?

[explanationneeded(NED)]

Doesn't currently seem to be redirecting, but in the past it has gone away for a day or two.

Ned

p.s. thank you

[kahdah]

You are welcome.

For now I will leave this thread open for a few days.

Make sure that the redirects are gone and let me know and we can wrap it up.

[explanationneeded(NED)]

You are welcome.

For now I will leave this thread open for a few days.

Make sure that the redirects are gone and let me know and we can wrap it up.

Ok I'll let you know,

Thank you again

Ned

[kahdah]

Ok.

[explanationneeded(NED)]

Ok I'll let you know,

Thank you again

Ned

Haven't been using the laptop much the last few days. that being said had no problems so far.

Ned

[kahdah]

Great.

Please install the newest version of Adobe reader from here > http://get.adobe.com/reader/

It will automatically uninstall the old version.

======Next======

• Double click on OTL to run it.
  
• Click on the Cleanup button at the top.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  
• This will remove itself and other tools we may have used.
  

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  
• Scroll down to where it says "(JRE) then click on it
  
• Click the "Download" button to the right.
  
• Select your Platform: "Windows".
  
• Select your Language: "Multi-language".
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
• Click Continue and the page will refresh.
  
• Click on the link to download Windows Offline Installation and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
  

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

After that your all set.

===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

How did I get infected in the first place? Also this one by Tony Klein.

If your computer is slow Things you can do if your computer is slow.

PC Safety and Security - What Do I Need? Security suggestions and general hints and tips for PC security.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...

===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware

superantispyware

===Free antivirus links===

This is antivirus and antispyware.

Microsoft Security Essentials

This is free antispyware protection and Antivirus protection.

AVG free

This is just antivirus protection.

Antivir

This is antivirus and antispyware protection.

Avast

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!