TechSpot

Memory manager hungs up and pc slowed down

Inactive
By giannisk
Aug 23, 2012
  1. Hi there...
    I have recently experienced some problems with my pc (HP 2133 mini notebook, win xp-sp3).

    At first I had problems with device manager some days ago. My computer, in addition to normal use, collects data from meteorological instruments via a usb to rs232 adapter and 1-wire bus. It works all the time since last February. Two or three days ago I realized that the usb adapter was not working. the computer does not recognizes the adapter or any other usb device I plug in. If I reboot the pc it works fine for 1 or 2 hours and then stops again recognizing any usb device. Trying to investigate the problem I discovered that device manager (mmc.exe) hungs up. Since this pc has not a dvd player and it came with preinstalled win xp, I can't do a system repair using a win xp cd.

    Trying to correct this issue myself I made things worse. I downloaded and run the Gmer utility. After that the computer slowed down dramatically. It delayed in boot time, programs took long time to lunch, switcing between programs is delayed etc. Dpc latency checker before running Gmer was always in the green scale and now is always red. Process Explorer shows that IRQ and DPC uses alot of cpu time.

    Following your guide about malware removal, I run Malwarebytes tool. It fixed some things about the lunch speed of programs but not the boot up time or shutdown problems and of course the device manager hungups.

    I would greatly appreciate any help from you.
    Thank you in advance.

    Below are the logs you suggest to post.

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.21.12

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 6.0.2900.5512
    Owner :: 0E829DDD2BDB455 [administrator]

    21/8/2012 11:47:01 μμ
    mbam-log-2012-08-21 (23-47-01).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 191849
    Time elapsed: 29 minute(s), 55 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-08-22 23:26:44
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9250315AS rev.0001SDM1
    Running: rjw7r6hi.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\afwdypoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xEB3A02F4]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xEB39A5CA]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xEB3B958A]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xEB3A0A80]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xEB3B3E4E]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xEB3B423C]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xEB3BD6F6]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xEB3A0BB6]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xEB39B1E0]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xEB3BAE3C]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xEB3BA7B2]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xEB3B2D8A]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xEB3BB794]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xEB3BB99C]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xB167F004]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xB167F0D4]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xEB39ADF2]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB167ED76]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xEB3B5D8A]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xEB3BC72A]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xEB3BC060]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xEB39FEC4]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xEB3BD0FC]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xEB3A059C]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xEB39B5A4]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xEB3BCC6A]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xEB3B9F72]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xEB3B4EA4]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB167EE1E]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB167EEBA]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB167EF56]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2434 80501C44 12 Bytes [80, 0A, 3A, EB, 4E, 3E, 3B, ...]
    ? C:\WINDOWS\system32\Drivers\PROCEXP152.SYS Äåí åßíáé äõíáôÞ ç åýñåóç ôïõ êáèïñéóìÝíïõ áñ÷åßïõ áðü ôï óýóôçìá. !

    ---- User code sections - GMER 1.0.15 ----
     
  2. giannisk

    giannisk TS Rookie Topic Starter

    gmer log continued....

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[200] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[200] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[200] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[200] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[340] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[340] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[340] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[340] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[340] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[340] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[340] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[340] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe[464] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe[464] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe[464] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe[464] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe[464] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe[464] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe[464] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe[464] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\spoolsv.exe[532] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\spoolsv.exe[532] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\spoolsv.exe[532] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\spoolsv.exe[532] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\spoolsv.exe[532] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\spoolsv.exe[532] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\spoolsv.exe[532] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\spoolsv.exe[532] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\winlogon.exe[736] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\winlogon.exe[736] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\winlogon.exe[736] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\winlogon.exe[736] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\winlogon.exe[736] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\services.exe[780] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\services.exe[780] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\services.exe[780] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\lsass.exe[792] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\lsass.exe[792] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[940] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[940] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[940] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\SCardSvr.exe[948] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\SCardSvr.exe[948] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\SCardSvr.exe[948] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\SCardSvr.exe[948] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\SCardSvr.exe[948] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\SCardSvr.exe[948] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\SCardSvr.exe[948] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\SCardSvr.exe[948] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\AVG\AVG2012\avgtray.exe[1012] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\AVG\AVG2012\avgtray.exe[1012] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\AVG\AVG2012\avgtray.exe[1012] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\AVG\AVG2012\avgtray.exe[1012] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\AVG\AVG2012\avgtray.exe[1012] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\AVG\AVG2012\avgtray.exe[1012] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\AVG\AVG2012\avgtray.exe[1012] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\AVG\AVG2012\avgtray.exe[1012] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1024] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1024] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe[1060] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe[1060] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe[1060] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe[1060] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe[1060] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe[1060] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe[1060] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe[1060] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1092] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1092] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1092] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1092] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1092] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1092] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1092] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1176] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1176] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1224] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1224] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1224] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1224] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\svchost.exe[1224] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1244] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1244] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1244] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1244] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1244] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1244] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1244] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1244] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1388] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1388] USER32.dll!DefDlgProcW + 56E 7E3A42A8 5 Bytes JMP 20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\PDF Complete\pdfsvc.exe[1560] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\PDF Complete\pdfsvc.exe[1560] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\PDF Complete\pdfsvc.exe[1560] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\PDF Complete\pdfsvc.exe[1560] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\PDF Complete\pdfsvc.exe[1560] user32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\PDF Complete\pdfsvc.exe[1560] user32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\PDF Complete\pdfsvc.exe[1560] advapi32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\PDF Complete\pdfsvc.exe[1560] advapi32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1608] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1608] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1608] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1608] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1608] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1608] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1608] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1608] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
     
  3. giannisk

    giannisk TS Rookie Topic Starter

    gmer log - 3rd part

    .text C:\WINDOWS\Explorer.EXE[1672] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\Explorer.EXE[1672] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\Explorer.EXE[1672] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\Explorer.EXE[1672] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\Explorer.EXE[1672] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\Explorer.EXE[1672] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\Explorer.EXE[1672] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\AccelerometerSt.Exe[1748] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\AccelerometerSt.Exe[1748] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\AccelerometerSt.Exe[1748] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\AccelerometerSt.Exe[1748] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\AccelerometerSt.Exe[1748] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\AccelerometerSt.Exe[1748] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\AccelerometerSt.Exe[1748] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\AccelerometerSt.Exe[1748] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1884] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1884] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1884] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1884] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1884] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1884] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1884] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1884] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wscntfy.exe[2064] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wscntfy.exe[2064] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wscntfy.exe[2064] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wscntfy.exe[2064] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wscntfy.exe[2064] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wscntfy.exe[2064] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wscntfy.exe[2064] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wscntfy.exe[2064] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\S3LoadSv.exe[2204] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\S3LoadSv.exe[2204] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\S3LoadSv.exe[2204] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\S3LoadSv.exe[2204] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\S3LoadSv.exe[2204] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\S3LoadSv.exe[2204] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\S3LoadSv.exe[2204] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\S3LoadSv.exe[2204] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[2316] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[2316] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[2316] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[2316] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[2316] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[2316] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[2316] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[2316] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[2392] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[2392] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[2392] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[2392] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[2392] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[2392] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[2392] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\svchost.exe[2392] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2460] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2460] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2460] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2460] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2460] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2460] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2460] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2460] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\ctfmon.exe[2548] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\ctfmon.exe[2548] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\ctfmon.exe[2548] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\ctfmon.exe[2548] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\ctfmon.exe[2548] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\ctfmon.exe[2548] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\ctfmon.exe[2548] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\system32\ctfmon.exe[2548] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\alg.exe[2632] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\alg.exe[2632] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\alg.exe[2632] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\alg.exe[2632] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\alg.exe[2632] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\alg.exe[2632] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\alg.exe[2632] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\WINDOWS\System32\alg.exe[2632] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3928] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3928] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3928] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3928] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3928] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3928] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3928] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3928] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4056] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4056] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4056] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4056] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4056] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4056] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4056] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4056] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Documents and Settings\Owner\ÅðéöÜíåéá åñãáóßáò\rjw7r6hi.exe[4088] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Documents and Settings\Owner\ÅðéöÜíåéá åñãáóßáò\rjw7r6hi.exe[4088] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Documents and Settings\Owner\ÅðéöÜíåéá åñãáóßáò\rjw7r6hi.exe[4088] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Documents and Settings\Owner\ÅðéöÜíåéá åñãáóßáò\rjw7r6hi.exe[4088] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Documents and Settings\Owner\ÅðéöÜíåéá åñãáóßáò\rjw7r6hi.exe[4088] USER32.dll!FindWindowA 7E3A82E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Documents and Settings\Owner\ÅðéöÜíåéá åñãáóßáò\rjw7r6hi.exe[4088] USER32.dll!FindWindowW 7E3AC9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Documents and Settings\Owner\ÅðéöÜíåéá åñãáóßáò\rjw7r6hi.exe[4088] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Documents and Settings\Owner\ÅðéöÜíåéá åñãáóßáò\rjw7r6hi.exe[4088] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [EB3A53F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [EB3A524C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [EB3A5A3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [EB3A39A6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [EB3A39A6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [EB3A53F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [EB3A524C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [EB3A5A3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [EB3A53F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [EB3A39A6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [EB3A5A3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [EB3A524C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [EB3A5A3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [EB3A524C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [EB3A53F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [EB3A39A6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [EB3A53F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [EB3A524C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [EB3A5A3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [EB3A53F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [EB3A39A6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [EB3A5A3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [EB3A524C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\System32\svchost.exe[200] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\svchost.exe[340] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe[464] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\spoolsv.exe[532] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\winlogon.exe[736] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\services.exe[780] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\lsass.exe[792] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\svchost.exe[940] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\WINDOWS\System32\SCardSvr.exe[948] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\AVG\AVG2012\avgtray.exe[1012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe[1060] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\WINDOWS\System32\svchost.exe[1092] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\svchost.exe[1168] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\WINDOWS\System32\svchost.exe[1224] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[1244] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\svchost.exe[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1388] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10003E90] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1388] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [10004380] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1388] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [10004340] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1388] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [10009EF0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1388] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [10009EF0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1388] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [100020F0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1388] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [10009EF0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1388] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1388] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [7C8841F8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1388] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
    IAT C:\WINDOWS\system32\svchost.exe[1412] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\PDF Complete\pdfsvc.exe[1560] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1608] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\WINDOWS\Explorer.EXE[1672] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\AccelerometerSt.Exe[1748] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1884] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\wscntfy.exe[2064] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\S3LoadSv.exe[2204] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\svchost.exe[2392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\WINDOWS\system32\ctfmon.exe[2548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\WINDOWS\System32\alg.exe[2632] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3928] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4056] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Documents and Settings\Owner\ÅðéöÜíåéá åñãáóßáò\rjw7r6hi.exe[4088] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    ---- Registry - GMER 1.0.15 ----
     
  4. giannisk

    giannisk TS Rookie Topic Starter

    4rth part

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa3\3Í\3\xbd\3\x384\3µ\3Ã\3\xb7\3 \0Ä\3\xb7\3\xbb\3µ\3Ì\3Á\3\xb1\3Ã\3\xb7\3Â\3/\0\xb2\3\x2015\3\xbd\3Ä\3µ\3¿\3 \0Ä\3\xb7\3Â\3 \0M\0i\0c\0r\0o\0s\0o\0f\0t 1?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3Ã\3Í\3\xb3\3Ç\3Á\3¿\3\xbd\3¿\3Â\3 \0À\3Á\3¿\3Ã\3\xb1\3Á\3¼\3¿\3\xb3\3\xad\3\xb1\3Â\3 \0R\0A\0S 1?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3À\3µ\3Å\3¸\3µ\3\x2015\3\xb1\3Â\3 \0À\3\xb1\3Á\3\xac\3\xbb\3\xbb\3\xb7\3\xbb\3\xb7\3 1?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3\xb1\3º\3\xad\3Ä\3¿\3 \0Ç\3Á\3¿\3\xbd\3¿\3\x384\3¹\3\xb1\3\xb3\3Á\3\xac\3¼\3¼\3\xb1\3Ä\3¿\3Â\3 \0M\0i\0n\0i\0p\0o\0r\0t 1?2?3?4?
    Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares@\x2022\3º\3Ä\3Å\3À\3É\3Ä\3\xae\3Â\0032 CSCFlags=0?MaxUses=4294967295?Path=Microsoft XPS Document Writer,LocalsplOnly?Permissions=0?Remark=Microsoft XPS Document Writer?Type=1?
    Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares@\x2022\3º\3Ä\3Å\3À\3É\3Ä\3\xae\3Â\0033 CSCFlags=0?MaxUses=4294967295?Path=HP Photosmart C4380 series,LocalsplOnly?Permissions=0?Remark=HP Photosmart C4380 series?Type=1?
    Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{da584c35-5987-41d5-a932-c1b13905381a}@\xa7\3\xb1\3Á\3\xb1\3º\3Ä\3\xb7\3Á\3¹\3Ã\3Ä\3¹\3º\3\xac\3 \0\xb1\3À\3¿\3¸\3\xae\3º\3\xb7\3Â\3 \0\x384\3µ\3\x384\3¿\3¼\3\xad\3\xbd\3É\3\xbd\3 33
    Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa3\3Í\3\xbd\3\x384\3µ\3Ã\3\xb7\3 \0Ä\3\xb7\3\xbb\3µ\3Ì\3Á\3\xb1\3Ã\3\xb7\3Â\3/\0\xb2\3\x2015\3\xbd\3Ä\3µ\3¿\3 \0Ä\3\xb7\3Â\3 \0M\0i\0c\0r\0o\0s\0o\0f\0t 1?
    Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3Ã\3Í\3\xb3\3Ç\3Á\3¿\3\xbd\3¿\3Â\3 \0À\3Á\3¿\3Ã\3\xb1\3Á\3¼\3¿\3\xb3\3\xad\3\xb1\3Â\3 \0R\0A\0S 1?
    Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3À\3µ\3Å\3¸\3µ\3\x2015\3\xb1\3Â\3 \0À\3\xb1\3Á\3\xac\3\xbb\3\xbb\3\xb7\3\xbb\3\xb7\3 1?
    Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3\xb1\3º\3\xad\3Ä\3¿\3 \0Ç\3Á\3¿\3\xbd\3¿\3\x384\3¹\3\xb1\3\xb3\3Á\3\xac\3¼\3¼\3\xb1\3Ä\3¿\3Â\3 \0M\0i\0n\0i\0p\0o\0r\0t 1?2?3?4?
    Reg HKLM\SYSTEM\ControlSet002\Services\LanmanServer\Shares@\x2022\3º\3Ä\3Å\3À\3É\3Ä\3\xae\3Â\0032 CSCFlags=0?MaxUses=4294967295?Path=Microsoft XPS Document Writer,LocalsplOnly?Permissions=0?Remark=Microsoft XPS Document Writer?Type=1?
    Reg HKLM\SYSTEM\ControlSet002\Services\LanmanServer\Shares@\x2022\3º\3Ä\3Å\3À\3É\3Ä\3\xae\3Â\0033 CSCFlags=0?MaxUses=4294967295?Path=HP Photosmart C4380 series,LocalsplOnly?Permissions=0?Remark=HP Photosmart C4380 series?Type=1?
    Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{da584c35-5987-41d5-a932-c1b13905381a}@\xa7\3\xb1\3Á\3\xb1\3º\3Ä\3\xb7\3Á\3¹\3Ã\3Ä\3¹\3º\3\xac\3 \0\xb1\3À\3¿\3¸\3\xae\3º\3\xb7\3Â\3 \0\x384\3µ\3\x384\3¿\3¼\3\xad\3\xbd\3É\3\xbd\3 33
    Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\1567345968\Groups@\x9f\3¼\3\xac\3\x384\3µ\3Â\3 1
    Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\1567345968\Groups@\x201d\3¹\3\xb1\3¸\3\xad\3Ã\3¹\3¼\3¿\3Â\3 1

    ---- EOF - GMER 1.0.15 ----
     
  5. giannisk

    giannisk TS Rookie Topic Starter

    DDS logs

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
    Run by Owner at 18:43:37 on 2012-08-23
    Microsoft Windows XP Home Edition 5.1.2600.3.1253.30.1032.18.894.513 [GMT 3:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ZoneAlarm Free Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    svchost.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\PDF Complete\pdfsvc.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\AccelerometerSt.Exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\WINDOWS\system32\S3LoadSv.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Owner\Επιφάνεια εργασίας\dds.com
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60282
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Zonealarm Helper Object: {2a841f7a-a014-4da5-b6d9-8b913dfb7a8c} - c:\program files\check point software technologies ltd\zonealarm\1.5.20.3\bh\zonealarm.dll
    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_22\bin\ssv.dll
    BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre1.6.0_22\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre1.6.0_22\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    TB: ZoneAlarm Security Toolbar: {438fae3e-bdef-44d3-ab8b-0c7c8350df59} - c:\program files\check point software technologies ltd\zonealarm\1.5.20.3\zonealarmTlbr.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
    mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.Exe
    mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
    mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...VZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTI2MTY3MDMxLVRCOSsyLUZMKzktRjEwTSs1LVFJWDErMy1MSUMrMi1GTDEwKzEtU1AxKzEtU1AxVEIrMS1TVVArNC1TUDFTNCsx"&"prod=90"&"ver=10.0.1375
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279356262421
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\wjy5wsex.default\
    FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre1.6.0_22\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre1.6.0_22\bin\new_plugin\npjp2.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extensions.zonealarm.autoRvrt, false
    FF - user.js: extensions.zonealarm_i.newTab - false
    FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN17885596215291-1043&toolbarId=base&affiliateId=1600&Lan=en&utid=289c385c0000000000000021009721f8&q=
    FF - user.js: extensions.zonealarm.id - 289c385c0000000000000021009721f8
    FF - user.js: extensions.zonealarm.instlDay - 15573
    FF - user.js: extensions.zonealarm.vrsn - 1.5.20.3
    FF - user.js: extensions.zonealarm.vrsni - 1.5.20.3
    FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.20.323:12:21
    FF - user.js: extensions.zonealarm.prtnrId - checkpoint
    FF - user.js: extensions.zonealarm.prdct - zonealarm
    FF - user.js: extensions.zonealarm.aflt - 1600
    FF - user.js: extensions.zonealarm_i.smplGrp - none
    FF - user.js: extensions.zonealarm.tlbrId - base
    FF - user.js: extensions.zonealarm.instlRef - ZLN17885596215291-1043
    FF - user.js: extensions.zonealarm.dfltLng - en
    FF - user.js: extensions.zonealarm.excTlbr - false
    FF - user.js: extensions.zonealarm.admin - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 31952]
    R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 235216]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 41040]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 301248]
    R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2012-3-19 525840]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
    R2 DisplayLinkService;DisplayLink Service;c:\program files\displaylink core software\DisplayLinkService.exe [2009-3-10 447848]
    R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-3-16 27016]
    R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-3-16 497280]
    R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2010-7-17 777240]
    R2 S3LoadSv;S3LoadSv;c:\windows\system32\s3loadsv.exe [2009-1-20 69632]
    R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-7-17 239160]
    R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2010-7-17 561152]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\scutum50.sys --> c:\windows\system32\drivers\Scutum50.sys [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 250568]
    S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2012-6-13 23456]
    S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-14 136176]
    S3 gupdatem;Υπηρεσία Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-14 136176]
    S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-8-22 9728]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-2 113120]
    S3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\drivers\NANMp50.sys [2011-2-3 36408]
    S3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\drivers\NANSp50.sys [2011-2-3 35384]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-3-10 137600]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-3-10 8576]
    S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2011-2-18 627072]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 Metric Conversion Calculator Installer;Metric Conversion Calculator Installer;c:\program files\digital design ltd\metric conversion calculator\mccinst.exe [2012-1-14 421888]
    .
    =============== Created Last 30 ================
    .
    2012-08-21 20:41:08 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
    2012-08-21 20:40:45 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-08-21 20:40:43 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-21 20:40:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-21 20:12:16 -------- d-----w- c:\program files\Check Point Software Technologies LTD
    2012-08-21 12:27:50 -------- d-----w- c:\documents and settings\all users\application data\PDFC
    2012-08-21 12:21:58 66048 ----a-w- c:\windows\system32\drivers\ser2pl.sys
    2012-08-21 12:20:31 -------- d-----w- C:\PL2303_Prolific_DriverInstaller_v1.5.0
    2012-07-27 20:51:30 184248 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    .
    ==================== Find3M ====================
    .
    2012-08-23 15:05:10 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-23 15:05:09 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-06 13:58:54 78336 ----a-w- c:\windows\system32\browser.dll
    2012-07-04 14:05:12 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 18:26:49 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-06-28 21:33:20 672768 ----a-w- c:\windows\system32\wininet.dll
    2012-06-28 21:33:20 61952 ----a-w- c:\windows\system32\tdc.ocx
    2012-06-28 21:33:19 81920 ----a-w- c:\windows\system32\ieencode.dll
    2012-06-28 21:30:49 371712 ----a-w- c:\windows\system32\html.iec
    2012-06-05 15:49:57 1372672 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-05 15:49:57 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32:35 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 12:19:46 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 12:19:46 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 12:19:44 16408 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 12:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 12:19:24 19480 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 12:19:02 18672 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-06-02 12:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 12:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-05-31 13:21:59 604160 ----a-w- c:\windows\system32\crypt32.dll
    .
    ============= FINISH: 18:45:28.50 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 17/7/2010 10:32:32 πμ
    System Uptime: 23/8/2012 5:51:45 μμ (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 3030
    Processor: VIA C7-M Processor 1600MHz | CPU 1 | 1596/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 213.581 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Προσαρμογέας δικτύου Broadcom 802.11g
    Device ID: PCI\VEN_14E4&DEV_4315&SUBSYS_137D103C&REV_01\4&895F35C&0&0010
    Manufacturer: Broadcom
    Name: Προσαρμογέας δικτύου Broadcom 802.11g
    PNP Device ID: PCI\VEN_14E4&DEV_4315&SUBSYS_137D103C&REV_01\4&895F35C&0&0010
    Service: BCM43XX
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Broadcom NetLink (TM) Gigabit Ethernet
    Device ID: PCI\VEN_14E4&DEV_169C&SUBSYS_969C14E4&REV_03\4&172FB5D3&0&1899
    Manufacturer: Broadcom
    Name: Broadcom NetLink (TM) Gigabit Ethernet
    PNP Device ID: PCI\VEN_14E4&DEV_169C&SUBSYS_969C14E4&REV_03\4&172FB5D3&0&1899
    Service: b57w2k
    .
    ==== System Restore Points ===================
    .
    RP569: 15/6/2012 3:01:16 πμ - Software Distribution Service 3.0
    RP570: 16/6/2012 3:01:01 πμ - Software Distribution Service 3.0
    RP571: 17/6/2012 3:00:50 πμ - Software Distribution Service 3.0
    RP572: 18/6/2012 3:00:53 πμ - Software Distribution Service 3.0
    RP573: 19/6/2012 3:00:47 πμ - Software Distribution Service 3.0
    RP574: 20/6/2012 3:00:26 πμ - Software Distribution Service 3.0
    RP575: 20/6/2012 10:32:00 πμ - Software Distribution Service 3.0
    RP576: 20/6/2012 1:06:35 μμ - Software Distribution Service 3.0
    RP577: 4/7/2012 1:04:07 μμ - Removed Java(TM) 6 Update 31
    RP578: 6/7/2012 9:01:06 πμ - Installed Java(TM) 6 Update 33
    RP579: 12/7/2012 3:00:26 πμ - Software Distribution Service 3.0
    RP580: 12/7/2012 7:04:45 μμ - Installed Windows Media Player Firefox Plugin
    RP581: 3/8/2012 4:35:36 πμ - Σημείο ελέγχου συστήματος
    RP582: 16/8/2012 9:13:22 πμ - Software Distribution Service 3.0
    RP583: 16/8/2012 11:30:27 πμ - Software Distribution Service 3.0
    RP584: 16/8/2012 4:04:54 μμ - Software Distribution Service 3.0
    RP585: 17/8/2012 3:00:24 πμ - Software Distribution Service 3.0
    RP586: 18/8/2012 3:00:25 πμ - Software Distribution Service 3.0
    RP587: 18/8/2012 10:17:09 πμ - Software Distribution Service 3.0
    RP588: 18/8/2012 10:52:05 μμ - Software Distribution Service 3.0
    RP589: 21/8/2012 10:40:17 πμ - Σημείο ελέγχου συστήματος
    RP590: 21/8/2012 3:21:49 μμ - Installed PL-2303 USB-to-Serial
    RP591: 22/8/2012 9:25:05 μμ - Σημείο ελέγχου συστήματος
    .
    ==== Installed Programs ======================
    .
    Δήλωση Κωδικών Αριθμών Δραστηριότητας 1.0.1.2
    Συγκεντρωτικές καταστάσεις Πελατών-Προμηθευτών Έκδοση 2009 v1
    Πακέτο προγραμμάτων οδήγησης των Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Ενημέρωση ασφαλείας για Microsoft Windows (KB2564958)
    Ενημέρωση ασφαλείας για Windows XP (KB2393802)
    Ενημέρωση ασφαλείας για Windows XP (KB2412687)
    Ενημέρωση ασφαλείας για Windows XP (KB2419632)
    Ενημέρωση ασφαλείας για Windows XP (KB2476490)
    Ενημέρωση ασφαλείας για Windows XP (KB2476687)
    Ενημέρωση ασφαλείας για Windows XP (KB2478960)
    Ενημέρωση ασφαλείας για Windows XP (KB2478971)
    Ενημέρωση ασφαλείας για Windows XP (KB2479628)
    Ενημέρωση ασφαλείας για Windows XP (KB2479943)
    Ενημέρωση ασφαλείας για Windows XP (KB2481109)
    Ενημέρωση ασφαλείας για Windows XP (KB2482017)
    Ενημέρωση ασφαλείας για Windows XP (KB2483185)
    Ενημέρωση ασφαλείας για Windows XP (KB2485376)
    Ενημέρωση ασφαλείας για Windows XP (KB2485663)
    Ενημέρωση ασφαλείας για Windows XP (KB2497640)
    Ενημέρωση ασφαλείας για Windows XP (KB2503658)
    Ενημέρωση ασφαλείας για Windows XP (KB2503665)
    Ενημέρωση ασφαλείας για Windows XP (KB2506212)
    Ενημέρωση ασφαλείας για Windows XP (KB2506223)
    Ενημέρωση ασφαλείας για Windows XP (KB2507618)
    Ενημέρωση ασφαλείας για Windows XP (KB2507938)
    Ενημέρωση ασφαλείας για Windows XP (KB2508272)
    Ενημέρωση ασφαλείας για Windows XP (KB2508429)
    Ενημέρωση ασφαλείας για Windows XP (KB2509553)
    Ενημέρωση ασφαλείας για Windows XP (KB2510581)
    Ενημέρωση ασφαλείας για Windows XP (KB2511455)
    Ενημέρωση ασφαλείας για Windows XP (KB2524375)
    Ενημέρωση ασφαλείας για Windows XP (KB2530548)
    Ενημέρωση ασφαλείας για Windows XP (KB2535512)
    Ενημέρωση ασφαλείας για Windows XP (KB2536276-v2)
    Ενημέρωση ασφαλείας για Windows XP (KB2536276)
    Ενημέρωση ασφαλείας για Windows XP (KB2544521)
    Ενημέρωση ασφαλείας για Windows XP (KB2544893-v2)
    Ενημέρωση ασφαλείας για Windows XP (KB2544893)
    Ενημέρωση ασφαλείας για Windows XP (KB2555917)
    Ενημέρωση ασφαλείας για Windows XP (KB2559049)
    Ενημέρωση ασφαλείας για Windows XP (KB2562937)
    Ενημέρωση ασφαλείας για Windows XP (KB2566454)
    Ενημέρωση ασφαλείας για Windows XP (KB2567053)
    Ενημέρωση ασφαλείας για Windows XP (KB2567680)
    Ενημέρωση ασφαλείας για Windows XP (KB2570222)
    Ενημέρωση ασφαλείας για Windows XP (KB2570947)
    Ενημέρωση ασφαλείας για Windows XP (KB2584146)
    Ενημέρωση ασφαλείας για Windows XP (KB2585542)
    Ενημέρωση ασφαλείας για Windows XP (KB2586448)
    Ενημέρωση ασφαλείας για Windows XP (KB2592799)
    Ενημέρωση ασφαλείας για Windows XP (KB2598479)
    Ενημέρωση ασφαλείας για Windows XP (KB2603381)
    Ενημέρωση ασφαλείας για Windows XP (KB2618444)
    Ενημέρωση ασφαλείας για Windows XP (KB2618451)
    Ενημέρωση ασφαλείας για Windows XP (KB2619339)
    Ενημέρωση ασφαλείας για Windows XP (KB2620712)
    Ενημέρωση ασφαλείας για Windows XP (KB2621440)
    Ενημέρωση ασφαλείας για Windows XP (KB2624667)
    Ενημέρωση ασφαλείας για Windows XP (KB2631813)
    Ενημέρωση ασφαλείας για Windows XP (KB2633171)
    Ενημέρωση ασφαλείας για Windows XP (KB2639417)
    Ενημέρωση ασφαλείας για Windows XP (KB2641653)
    Ενημέρωση ασφαλείας για Windows XP (KB2646524)
    Ενημέρωση ασφαλείας για Windows XP (KB2647516)
    Ενημέρωση ασφαλείας για Windows XP (KB2647518)
    Ενημέρωση ασφαλείας για Windows XP (KB2653956)
    Ενημέρωση ασφαλείας για Windows XP (KB2655992)
    Ενημέρωση ασφαλείας για Windows XP (KB2659262)
    Ενημέρωση ασφαλείας για Windows XP (KB2660465)
    Ενημέρωση ασφαλείας για Windows XP (KB2661637)
    Ενημέρωση ασφαλείας για Windows XP (KB2675157)
    Ενημέρωση ασφαλείας για Windows XP (KB2676562)
    Ενημέρωση ασφαλείας για Windows XP (KB2685939)
    Ενημέρωση ασφαλείας για Windows XP (KB2686509)
    Ενημέρωση ασφαλείας για Windows XP (KB2691442)
    Ενημέρωση ασφαλείας για Windows XP (KB2695962)
    Ενημέρωση ασφαλείας για Windows XP (KB2698365)
    Ενημέρωση ασφαλείας για Windows XP (KB2699988)
    Ενημέρωση ασφαλείας για Windows XP (KB2705219)
    Ενημέρωση ασφαλείας για Windows XP (KB2707511)
    Ενημέρωση ασφαλείας για Windows XP (KB2709162)
    Ενημέρωση ασφαλείας για Windows XP (KB2712808)
    Ενημέρωση ασφαλείας για Windows XP (KB2718523)
    Ενημέρωση ασφαλείας για Windows XP (KB2719985)
    Ενημέρωση ασφαλείας για Windows XP (KB2722913)
    Ενημέρωση ασφαλείας για Windows XP (KB2723135)
    Ενημέρωση ασφαλείας για Windows XP (KB2731847)
    Ενημέρωση για Windows XP (KB2541763)
    Ενημέρωση για Windows XP (KB2607712)
    Ενημέρωση για Windows XP (KB2616676)
    Ενημέρωση για Windows XP (KB2641690)
    Ενημέρωση για Windows XP (KB2718704)
    Ενημέρωση για Windows XP (KB971029)
    Επείγουσα επιδιόρθωση για Windows XP (KB2570791)
    Επείγουσα επιδιόρθωση για Windows XP (KB2633952)
    Επείγουσα επιδιόρθωση για Windows XP (KB961118)
    1-Wire Drivers Version 4.03
    32 Bit HP CIO Components Installer
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.5
    AVG 2012
    Dios
    DisplayLink Core Software
    Download Updater (AOL LLC)
    Elpis
    Eusing Free Registry Cleaner
    EVEREST Home Edition v2.20
    FreeCAD 0.11
    Google Chrome
    Google Earth
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    HP 3D DriveGuard
    HP Photosmart All-In-One Driver Software 10.0 Rel .2
    HP Quick Launch Buttons
    HP USB Docking Video
    HP Webcam
    HP Webcam Application
    inSSIDer 2.0
    IZArc 4.1.2
    Java Auto Updater
    Java(TM) 6 Update 22
    jv16 PowerTools 2011
    Malwarebytes Anti-Malware version 1.62.0.1300
    Metric Conversion Calculator
    MF Series driver version 2.1040.0.4
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft_VC100_CRT_SP1_x86
    Mozilla Firefox 14.0 (x86 el)
    Mozilla Maintenance Service
    MSVC80_x86_v2
    MSVC90_x86
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NetGraph - network monitor
    NetSurveyor 2.0.9686.0
    Nokia Connectivity Cable Driver
    Nokia Suite
    OBD-DIAG V1.00.02
    OneSix Server
    OpenOffice.org 3.3
    Opera 12.01
    PC Connectivity Solution
    PDF Complete
    PL-2303 USB-to-Serial
    Platform
    PowerTools Lite 2011
    PS_AIO_02_Software_Min
    QLBCASL
    Satellite Antenna Alignment v2.77.0
    Scan
    SCR3xxx Smart Card Reader
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    SIW version 2011.07.07
    Skype™ 5.5
    SoundMAX
    SVG Edit
    Toolbox
    Total Network Monitor 1.1.3 (build 1550)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VC 9.0 Runtime
    VIA Διαχειριστής Συσκευών Πλατφόρμας
    VIA Chrome9 HC IGP Family Display
    Weather Display 10.37R Build 14
    WebFldrs XP
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Yahoo! Messenger
    YoWindow
    ZoneAlarm Firewall
    ZoneAlarm Free
    ZoneAlarm LTD Toolbar
    ZoneAlarm Security
    ZoneAlarm Security Toolbar
    ZTE_MF6X6_USB_MODEM_Cosmote
    .
    ==== Event Viewer Messages From Past Week ========
    .
    22/8/2012 6:20:18 μμ, πληροφορίες: Windows File Protection [64021] - Δεν ήταν δυνατή η αντιγραφή του αρχείου c:\program files\common files\microsoft shared\web server extensions\40\bin\cfgwiz.exe του συστήματος στο χώρο προσωρινής αποθήκευσης για DLL. Ο συγκεκριμένος κωδικός σφάλματος είναι 0x000004c7 [Η λειτουργία ακυρώθηκε από το χρήστη. ]. Αυτό το αρχείο είναι απαραίτητο για τη διατήρηση της σταθερότητας του συστήματος.
    22/8/2012 6:20:18 μμ, πληροφορίες: Windows File Protection [64018] - Η σάρωση αρχείων της Προστασίας αρχείων των Windows ακυρώθηκε με αλληλεπίδραση χρήστη. Το όνομα του χρήστη είναι Owner.
    22/8/2012 6:19:36 μμ, πληροφορίες: Windows File Protection [64021] - Δεν ήταν δυνατή η αντιγραφή του αρχείου c:\program files\common files\microsoft shared\web server extensions\40\_vti_bin\_vti_aut\author.exe του συστήματος στο χώρο προσωρινής αποθήκευσης για DLL. Ο συγκεκριμένος κωδικός σφάλματος είναι 0x000004c7 [Η λειτουργία ακυρώθηκε από το χρήστη. ]. Αυτό το αρχείο είναι απαραίτητο για τη διατήρηση της σταθερότητας του συστήματος.
    22/8/2012 6:19:27 μμ, πληροφορίες: Windows File Protection [64021] - Δεν ήταν δυνατή η αντιγραφή του αρχείου c:\program files\common files\microsoft shared\web server extensions\40\isapi\_vti_aut\author.dll του συστήματος στο χώρο προσωρινής αποθήκευσης για DLL. Ο συγκεκριμένος κωδικός σφάλματος είναι 0x000004c7 [Η λειτουργία ακυρώθηκε από το χρήστη. ]. Αυτό το αρχείο είναι απαραίτητο για τη διατήρηση της σταθερότητας του συστήματος.
    22/8/2012 6:19:04 μμ, πληροφορίες: Windows File Protection [64021] - Δεν ήταν δυνατή η αντιγραφή του αρχείου c:\program files\common files\microsoft shared\web server extensions\40\_vti_bin\_vti_adm\admin.exe του συστήματος στο χώρο προσωρινής αποθήκευσης για DLL. Ο συγκεκριμένος κωδικός σφάλματος είναι 0x000004c7 [Η λειτουργία ακυρώθηκε από το χρήστη. ]. Αυτό το αρχείο είναι απαραίτητο για τη διατήρηση της σταθερότητας του συστήματος.
    22/8/2012 6:18:55 μμ, πληροφορίες: Windows File Protection [64021] - Δεν ήταν δυνατή η αντιγραφή του αρχείου c:\program files\common files\microsoft shared\web server extensions\40\isapi\_vti_adm\admin.dll του συστήματος στο χώρο προσωρινής αποθήκευσης για DLL. Ο συγκεκριμένος κωδικός σφάλματος είναι 0x000004c7 [Η λειτουργία ακυρώθηκε από το χρήστη. ]. Αυτό το αρχείο είναι απαραίτητο για τη διατήρηση της σταθερότητας του συστήματος.
    22/8/2012 6:17:46 μμ, πληροφορίες: Windows File Protection [64016] - Η σάρωση αρχείων της Προστασίας αρχείων των Windows ξεκίνησε.
    .
    ==== End Of File ===========================
     
  6. giannisk

    giannisk TS Rookie Topic Starter

    Sorry !!!!

    The title of this topic is incorrect !!! It is the DEVICE MANAGER that hung up, NOT the memory manager.
    I don't know how to fix the topic title..... someone here let fix it, please...
     
  7. Broni

    Broni Malware Annihilator Posts: 47,647   +267

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================

    First of all mmc.exe is not Device Manager but Microsoft Management Console so have to clarify what actually hangs up and what are the symptoms of it.
    In fact Microsoft Management Console is not essential process and it can be safely disabled.

    Then GMER is just a scanner. It doesn't make any changes so it could make your computer running worse or better.
    I
     
  8. giannisk

    giannisk TS Rookie Topic Starter

    Ok, thank you for your quick reply. Maybe it is just a symptosis that the strange behavior started after using Gmer.
    As regarding mmc, when I try to use device manager to scan computer for any hardware change it hungs. Event viewer reports that mmc.exe hangs up.

    Τύπος συμβάντος: Σφάλμα
    Προέλευση συμβάντος: Application Hang
    Κατηγορία συμβάντος: (101)
    Αναγνωριστικό συμβάντος: 1002
    Ημερομηνία: 23/8/2012
    Ώρα: 2:42:30 μμ
    Χρήστης: Δ/Υ
    Υπολογιστής: 0E829DDD2BDB455
    Περιγραφή:
    Κρεμασμένη εφαρμογή mmc.exe, έκδοση 5.2.3790.4136, στοιχείο ελέγχου κρεμάσματος hungapp, έκδοση 0.0.0.0, διεύθυνση κρεμάσματος 0x00000000.

    Για περισσότερες πληροφορίες, επισκεφθείτε το Κέντρο Βοήθειας και Υποστήριξης στο http://go.microsoft.com/fwlink/events.asp.
    Δεδομένα:
    0000: 41 70 70 6c 69 63 61 74 Applicat
    0008: 69 6f 6e 20 48 61 6e 67 ion Hang
    0010: 20 20 6d 6d 63 2e 65 78 mmc.ex
    0018: 65 20 35 2e 32 2e 33 37 e 5.2.37
    0020: 39 30 2e 34 31 33 36 20 90.4136
    0028: 69 6e 20 68 75 6e 67 61 in hunga
    0030: 70 70 20 30 2e 30 2e 30 pp 0.0.0
    0038: 2e 30 20 61 74 20 6f 66 .0 at of
    0040: 66 73 65 74 20 30 30 30 fset 000
    0048: 30 30 30 30 30 00000

    Sorry for the greeks but win-xp is in the greek language.

    Any suggestions?
     
  9. Broni

    Broni Malware Annihilator Posts: 47,647   +267

    So far I don't see anything malicious there but let's run one more scan...

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  10. giannisk

    giannisk TS Rookie Topic Starter

    well, I run Combofix and here is the output.
    Note: Combofix failed to download and install Recovery Console.

    ComboFix 12-08-22.03 - Owner 23/08/2012 23:32:12.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1253.30.1032.18.894.575 [GMT 3:00]
    Running from: c:\documents and settings\Owner\+Ώώ?-Ίίώά ί±ήά?-ά?\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ZoneAlarm Free Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Owner\Local Settings\Temporary Internet files\Windows12111_ConfigRepository.bin
    c:\windows\system32\SET41A.tmp
    c:\windows\system32\SET41F.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-23 to 2012-08-23 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-21 20:41 . 2012-08-21 20:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
    2012-08-21 20:40 . 2012-08-21 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-08-21 20:40 . 2012-08-21 20:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-21 20:40 . 2012-07-03 10:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-21 20:12 . 2012-08-21 20:12 125 ----a-w- C:\user.js
    2012-08-21 20:12 . 2012-08-21 20:12 -------- d-----w- c:\program files\Check Point Software Technologies LTD
    2012-08-21 12:30 . 2012-08-21 12:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\hpqLog
    2012-08-21 12:27 . 2012-08-21 12:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PDFC
    2012-08-21 12:21 . 2011-10-07 13:21 66048 ----a-w- c:\windows\system32\drivers\ser2pl.sys
    2012-08-21 12:20 . 2012-08-21 12:20 -------- d-----w- C:\PL2303_Prolific_DriverInstaller_v1.5.0
    2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-23 15:05 . 2012-04-10 22:25 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-23 15:05 . 2011-05-17 06:54 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-06 13:58 . 2008-04-15 12:00 78336 ----a-w- c:\windows\system32\browser.dll
    2012-07-04 14:05 . 2010-07-17 07:23 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 18:26 . 2008-04-15 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-06-28 21:33 . 2008-04-15 12:00 672768 ----a-w- c:\windows\system32\wininet.dll
    2012-06-28 21:33 . 2008-04-15 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
    2012-06-28 21:33 . 2008-04-15 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
    2012-06-28 21:30 . 2008-04-15 12:00 371712 ----a-w- c:\windows\system32\html.iec
    2012-06-05 15:49 . 2008-04-15 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-05 15:49 . 2008-04-15 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32 . 2008-04-15 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 12:19 . 2010-07-17 08:44 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 12:19 . 2010-07-17 08:44 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 12:19 . 2010-07-17 08:44 16408 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 12:19 . 2010-07-17 07:26 329240 ----a-w- c:\windows\system32\wucltui.dll
    2012-06-02 12:19 . 2010-07-17 07:26 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 12:19 . 2010-07-17 07:26 210968 ----a-w- c:\windows\system32\wuweb.dll
    2012-06-02 12:19 . 2010-07-17 08:44 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 12:19 . 2010-07-17 07:26 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 12:19 . 2010-07-17 07:26 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 12:19 . 2008-04-15 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
    2012-06-02 12:19 . 2010-07-17 08:44 19480 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 12:19 . 2010-07-17 07:26 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 12:19 . 2010-07-17 07:26 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 12:19 . 2010-07-18 06:12 18672 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-06-02 12:18 . 2010-07-18 06:12 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-06-02 12:18 . 2010-07-18 06:12 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-05-31 13:21 . 2008-04-15 12:00 604160 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-13 03:19 . 2012-06-20 07:41 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-04-15 181816]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-12-11 1044480]
    "AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-04-11 77672]
    "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-08-08 319000]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-03-19 73360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-unins...EIrMS1TVVArNC1TUDFTNCsx&prod=90&ver=10.0.1375" [?]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^OneSix Editor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\OneSix Editor.lnk
    backup=c:\windows\pss\OneSix Editor.lnk001946E2.startup
    backupExtension=001946E2.startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^OneSix.lnk]
    path=c:\documents and settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\OneSix.lnk
    backup=c:\windows\pss\OneSix.lnk001949E0.startup
    backupExtension=001949E0.startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Opera\\opera.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Documents and Settings\\Owner\\Τα έγγραφά μου\\Ληφθέντα αρχεία\\WBR-6800(EZStart_1.0.1.0_HW-1)_2009-09-04\\WBR-6800(EZStart_1.0.1.0_HW-1)_2009-09-04\\ezWBR.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
    "c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/4/2012 4:50 πμ 24896]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16/3/2011 4:03 μμ 31952]
    R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28/3/2008 10:14 πμ 24064]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/1/2011 6:41 πμ 235216]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5/4/2011 12:59 πμ 301248]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14/2/2012 4:53 πμ 193288]
    R2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [10/3/2009 8:47 πμ 447848]
    R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [16/3/2012 7:06 μμ 27016]
    R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [16/3/2012 7:07 μμ 497280]
    R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [17/7/2010 11:32 πμ 777240]
    R2 S3LoadSv;S3LoadSv;c:\windows\system32\s3loadsv.exe [20/1/2009 4:22 μμ 69632]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 1:32 μμ 139856]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 1:32 μμ 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 1:32 μμ 17232]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [17/7/2010 11:06 πμ 239160]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4/7/2012 5:25 μμ 5160568]
    S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\Drivers\Scutum50.sys --> c:\windows\system32\Drivers\Scutum50.sys [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [11/4/2012 1:25 πμ 250568]
    S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [13/6/2012 12:32 μμ 23456]
    S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/8/2010 12:44 μμ 136176]
    S3 gupdatem;Υπηρεσία Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14/8/2010 12:44 μμ 136176]
    S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [22/8/2008 9:56 μμ 9728]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2/6/2012 8:51 μμ 113120]
    S3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\drivers\NANMp50.sys [3/2/2011 12:43 πμ 36408]
    S3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\drivers\NANSp50.sys [3/2/2011 12:43 πμ 35384]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [10/3/2012 7:40 μμ 137600]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [10/3/2012 7:40 μμ 8576]
    S4 Metric Conversion Calculator Installer;Metric Conversion Calculator Installer;c:\program files\Digital Design Ltd\Metric Conversion Calculator\mccinst.exe [14/1/2012 6:53 μμ 421888]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 15:05]
    .
    2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-14 09:43]
    .
    2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-14 09:43]
    .
    2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1482476501-527237240-1003Core.job
    - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-04 13:56]
    .
    2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1482476501-527237240-1003UA.job
    - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-04 13:56]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wjy5wsex.default\
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extensions.zonealarm.autoRvrt, false
    FF - user.js: extensions.zonealarm_i.newTab - false
    FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN17885596215291-1043&toolbarId=base&affiliateId=1600&Lan=en&utid=289c385c0000000000000021009721f8&q=
    FF - user.js: extensions.zonealarm.id - 289c385c0000000000000021009721f8
    FF - user.js: extensions.zonealarm.instlDay - 15573
    FF - user.js: extensions.zonealarm.vrsn - 1.5.20.3
    FF - user.js: extensions.zonealarm.vrsni - 1.5.20.3
    FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.20.323:12
    FF - user.js: extensions.zonealarm.prtnrId - checkpoint
    FF - user.js: extensions.zonealarm.prdct - zonealarm
    FF - user.js: extensions.zonealarm.aflt - 1600
    FF - user.js: extensions.zonealarm_i.smplGrp - none
    FF - user.js: extensions.zonealarm.tlbrId - base
    FF - user.js: extensions.zonealarm.instlRef - ZLN17885596215291-1043
    FF - user.js: extensions.zonealarm.dfltLng - en
    FF - user.js: extensions.zonealarm.excTlbr - false
    FF - user.js: extensions.zonealarm.admin - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-ISW - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-08-23 23:50
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
    "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(684)
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    .
    - - - - - - - > 'lsass.exe'(740)
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    .
    Completion time: 2012-08-23 23:55:49
    ComboFix-quarantined-files.txt 2012-08-23 20:55
    .
    Pre-Run: 14 Κατάλογοι 229,250,510,848 διαθέσιμα byte
    Post-Run: 17 Κατάλογοι 230,288,314,368 διαθέσιμα byte
    .
    - - End Of File - - FE601CED1375C0DB9992081B292E7AE6
     
  11. Broni

    Broni Malware Annihilator Posts: 47,647   +267

    There is an issue with Microsoft links.

    Install Recovery Console manually.

    Download following file...

    Windows XP Home: http://download.cnet.com/Windows-XP...loppy-Boot-Install/3000-18493_4-10728296.html
    Windows XP Professional: http://download.cnet.com/Windows-XP...Floppy-Boot-Install/3000-2383_4-10727796.html

    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools


    • Drag the downloaded file onto ComboFix.exe and drop it.

      [​IMG]
    • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

      [​IMG]
    • At the next prompt, click 'Yes' to run the full ComboFix scan.
    • When the tool is finished, it will produce a report for you.
    Please post the C:\ComboFix.txt.

    ====================================

    I don't see anything malicious there so you may want to create new topic in Windows forum regarding your issue.
     
     
  12. giannisk

    giannisk TS Rookie Topic Starter

    Ok, I installed Recovery Console manually.
    I will create a new topic as you suggest.

    Thank you for your help.
     
  13. Broni

    Broni Malware Annihilator Posts: 47,647   +267

    You're very welcome [​IMG]
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.