Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem With Malware And Spyware


  • Please log in to reply
9 replies to this topic

#1 Tseko

Tseko

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 09 October 2007 - 02:16 PM

PC is slow and I get pop-ups informing me I am infected with malware and spyware, even though I have internet security programme installed - Bit Defender. I have scanned my pc many times over and have updated my security programme.

Some virusses were found on my system. security programme says cannot disinfect but then says the file is "moved". I dont know if this means that the virus is cleared? Virusses detected:
Trojan.Vbs.Zapchast.
Trojan.VBS.Starter.G
Trojan.Vbs.Zapchast.B
Trojan.VBS.D


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:19, on 09/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\ckgmizjkr.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\PhoneConnectorVMC.exe
E:\vmc.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [pikohywj] c:\windows\system32\pikohywj.exe pikohywj
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [fzqvbn] c:\windows\system32\fzqvbn.exe fzqvbn
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1CD4E2DC-2DA0-4154-8723-38CB04FB6A58} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1062_XP.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188511743078
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{34D46FB4-2B95-480F-829C-2FA861E7E8B3}: NameServer = 10.145.87.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDF4463B-199B-483B-A987-332345E2E951}: NameServer = 196.207.32.69 196.43.1.11
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 10068 bytes

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:48 PM

Posted 09 October 2007 - 03:14 PM

Hello there and welcome to Bleeping Computer's security forum.
My name is David, I will be helping you with your log today.

It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O4 - HKLM\..\Run: [pikohywj] c:\windows\system32\pikohywj.exe pikohywj
O4 - HKLM\..\Run: [fzqvbn] c:\windows\system32\fzqvbn.exe fzqvbn

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.

Using Windows Explorer, please locate the following files/folders, and delete them if still present:

c:\windows\system32\pikohywj.exe
c:\windows\system32\fzqvbn.exe

I want you to clean your cache and cookies from your internet explorer.
There are a few infected files which need to be removed from your system.

Close all instances of Internet Explorer .
Go to your control panel and open "Internet Options".
Click on the "General" tab.
Click the "Delete Cookies" button, then the "Delete Files" button.
If prompted, place a tick in the "Delete all offline content" box and click OK.

Also, please clean other Temporary files and Empty the Recycle Bin

Go to start and click on the "run" button.
Type the following in the box --> cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure only Temporary Files, Temporary Internet Files, and Recycle Bin are checked.
Press OK to remove them.

Reboot back into normal mode.

Please download Combofix to your desktop.
Doubleclick combofix.exe to launch the application.

Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

#3 Tseko

Tseko
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 09 October 2007 - 04:31 PM

ComboFix 07-10-09.3 - Tseko Mogotsi 2007-10-09 23:14:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.110 [GMT 1:00]
Running from: C:\Documents and Settings\Tseko Mogotsi\Local Settings\Temporary Internet Files\Content.IE5\B6FF3ROJ\ComboFix[1].exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Guest\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\Guest\Application Data\WinAntiVirus Pro 2006\Logs\update.log
C:\Documents and Settings\Guest\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log
C:\Documents and Settings\Guest\Application Data\WinAntiVirus Pro 2006\Logs\winav.log
C:\Program Files\Common Files\companion wizard
C:\Program Files\License_Manager
C:\WINDOWS\dialerexe.ini
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\ckgmizjkr.dat
C:\WINDOWS\system32\ckgmizjkr.exe
C:\WINDOWS\system32\ckgmizjkr_nav.dat
C:\WINDOWS\system32\ckgmizjkr_navps.dat
C:\WINDOWS\system32\fzqvbn.dat
C:\WINDOWS\system32\fzqvbn_nav.dat
C:\WINDOWS\system32\fzqvbn_navps.dat
C:\WINDOWS\system32\jrvbzvtk.dat
C:\WINDOWS\system32\jrvbzvtk_nav.dat
C:\WINDOWS\system32\jrvbzvtk_navps.dat
C:\WINDOWS\system32\nptmdrh.dat
C:\WINDOWS\system32\nptmdrh_nav.dat
C:\WINDOWS\system32\nptmdrh_navps.dat
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\pikohywj.dat
C:\WINDOWS\system32\pikohywj_nav.dat
C:\WINDOWS\system32\rodihzawlw.dat
C:\WINDOWS\system32\rodihzawlw_nav.dat
C:\WINDOWS\system32\rodihzawlw_navps.dat
C:\WINDOWS\system32\sheyvngd.dat
C:\WINDOWS\system32\sheyvngd_nav.dat
C:\WINDOWS\system32\sheyvngd_navps.dat
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\vtlfzmghnr.dat
C:\WINDOWS\system32\vtlfzmghnr_nav.dat
C:\WINDOWS\system32\vtlfzmghnr_navps.dat
C:\WINDOWS\system32\xwtifcxrx.dat
C:\WINDOWS\system32\xwtifcxrx_nav.dat
C:\WINDOWS\system32\xwtifcxrx_navps.dat

.
((((((((((((((((((((((((( Files Created from 2007-09-09 to 2007-10-09 )))))))))))))))))))))))))))))))
.

2007-10-09 23:12 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-09 20:52 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-09 17:46 4,014 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-09 17:45 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-09 17:45 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-09 17:45 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-09 17:45 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-09 17:45 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-08 08:25 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2007-09-30 15:49 <DIR> d-------- C:\Program Files\Maxcast
2007-09-30 15:33 <DIR> d-------- C:\Program Files\Spyware-Secure
2007-09-12 21:11 151,008 --a------ C:\WINDOWS\system32\lnaccess.exe
2007-09-12 06:15 88,960 -ra------ C:\WINDOWS\system32\drivers\ewusbmdm.sys
2007-09-12 06:14 <DIR> d-------- C:\Program Files\Vodafone
2007-09-12 06:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-10 17:52 <DIR> d-------- C:\Documents and Settings\Tshego\Application Data\Bitdefender
2007-09-09 17:04 <DIR> d-------- C:\Program Files\Need for Speed Most Wanted - Black Edition
2007-09-09 16:39 <DIR> d-------- C:\Program Files\Quake IV

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 22:20 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2007-10-09 22:10 --------- d-----w C:\Documents and Settings\Tseko Mogotsi\Application Data\Skype
2007-10-08 10:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2007-09-24 10:36 --------- d--h--w C:\Documents and Settings\Tseko Mogotsi\Application Data\Move Networks
2007-09-23 20:59 --------- d-----w C:\Documents and Settings\Tseko Mogotsi\Application Data\OfficeUpdate12
2007-09-21 21:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-09-21 21:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-20 19:28 --------- d-----w C:\Documents and Settings\Tseko Mogotsi\Application Data\Google
2007-09-20 19:25 --------- d-----w C:\Program Files\Google
2007-09-07 21:51 --------- d-----w C:\Documents and Settings\Tseko Mogotsi\Application Data\ArcSoft
2007-09-07 10:59 --------- d-----w C:\Program Files\Ares Ultra
2007-08-30 22:36 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-30 22:20 --------- d-----w C:\Program Files\Windows Defender
2007-08-29 06:47 --------- d-----w C:\Program Files\QuickTime
2007-08-28 21:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-08-28 17:58 --------- d-----w C:\Documents and Settings\Tseko Mogotsi\Application Data\FileVOoM
2007-08-28 06:48 --------- d-----w C:\Documents and Settings\Tseko Mogotsi\Application Data\Bitdefender
2007-08-28 06:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender
2007-08-27 19:08 --------- d-----w C:\Documents and Settings\Tseko Mogotsi\Application Data\dvdcss
2007-08-22 16:52 --------- d-----w C:\Program Files\Lexmark_HostCD
2007-08-22 16:51 --------- d-----w C:\Program Files\Lexmark
2007-08-17 19:41 --------- d-----w C:\Program Files\Skype
2007-08-17 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-08-17 19:40 --------- d-----w C:\Program Files\Common Files\Skype
2007-08-14 19:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 18:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 18:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-07-30 18:18 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-20 21:03 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-07-19 06:59 3,583,488 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-12 23:31 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
2006-02-19 03:28 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-03-22 13:57]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-03-22 13:53]
"SMSERIAL"="sm56hlpr.exe" [2005-04-26 11:15 C:\WINDOWS\sm56hlpr.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 16:25]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 16:24]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-03-09 11:29]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2000-02-14 17:36 C:\WINDOWS\system32\WFXSNT40.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-29 23:24]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 12:41]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-11 23:22]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-04 23:49]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-04-02 16:48]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"License Manager"="C:\Program Files\License_Manager\license_manager.exe" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 03:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-30 12:13]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

R1 bdftdif;BitDefender Firewall TDI Filter;\??\C:\Program Files\Common Files\Softwin\BitDefender Firewall\bdftdif.sys
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial;C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
R3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
R3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
R3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fa9a9aa-c5c6-11db-b4f7-90a440c09fc7}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5801322c-7ad6-11db-b3f0-000ae4ab23d3}]
Auto\command - RavMon.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5973e2ca-5369-11db-b37b-000ae4ab23d3}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6692fbae-ded2-11db-b53f-0013ce167010}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79cadfd0-621b-11dc-b69e-000ae4ab23d3}]
AutoRun\command - E:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79cadfd1-621b-11dc-b69e-000ae4ab23d3}]
AutoRun\command - E:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8465fcc8-1b2a-11dc-b5ca-0013ce167010}]
Auto\command - RavMon.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8623ec22-fc64-11da-b23d-0013ce167010}]
Auto\command - E:\RavMonE.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e960cda-ccb4-11db-b50c-de80b25ca8c9}]
Auto\command - F:\RavMon.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a49422cb-b15a-11db-b4aa-000ae4ab23d3}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f343cea4-60ee-11dc-b696-000ae4ab23d3}]
AutoRun\command - E:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f343cea5-60ee-11dc-b696-000ae4ab23d3}]
AutoRun\command - E:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f343cea6-60ee-11dc-b696-000ae4ab23d3}]
AutoRun\command - E:\VMC_PBStarter.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-09 22:08:46 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 23:21:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-09 23:22:57
C:\ComboFix-quarantined-files.txt ... 2007-10-09 23:22
.
--- E O F ---






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:28:04, on 09/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
E:\PhoneConnectorVMC.exe
E:\vmc.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188511743078
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{34D46FB4-2B95-480F-829C-2FA861E7E8B3}: NameServer = 10.145.87.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDF4463B-199B-483B-A987-332345E2E951}: NameServer = 196.207.32.69 196.43.1.11
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 9832 bytes

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:48 PM

Posted 11 October 2007 - 03:38 PM

Hey there, not much more left to do now...how is the system running? :thumbsup:

Please open notepad and and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"="msv1_0"

Save this as "fix.reg" Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Please perform this online scan: Kaspersky Webscan
Note that this scanner will only work on Internet Explorer, so please use this browser for the scan.
Read the Requirements and Privacy statement, then select "Accept"
A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
Select "Install" to download the ActiveX controls that allows ActiveScan to run.

When the download is complete it will say ready, click "Next"
Select a target to scan: Click on "My Computer"
When the scan is complete choose to save the results as "Save as Text"
Post the Kaspersky scan results in your next reply, along with a new Hijackthis log.

#5 Tseko

Tseko
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 12 October 2007 - 11:16 AM

Hi
System is slightly better - no more pop-ups lately but still slowish.

I tried the kaspersky scan but it does not give me an option to save the scan log.

Result:

Total number of scanned objects: 82601
Number of viruses found: 5
Number of infected objects: 32
Number of suspicious objects: 0
Duration of the scan process: 01:53:31


Here is the latest Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11:52, on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Outlook Express\msimn.exe
E:\PhoneConnectorVMC.exe
E:\vmc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wiaacmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188511743078
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{34D46FB4-2B95-480F-829C-2FA861E7E8B3}: NameServer = 10.145.87.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDF4463B-199B-483B-A987-332345E2E951}: NameServer = 196.207.32.69 196.43.1.11
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 10091 bytes

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:48 PM

Posted 12 October 2007 - 11:43 AM

Download GMER from Here
Right Click the Zip and Select "Extract All"
Double Click gmer.exe to launch the program.
Click on the Rootkit Tab and then click Scan.
It takes a while to run, once complete, copy the results to notepad and save them somewhere safe.
Post those results in the next reply.

#7 Tseko

Tseko
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 12 October 2007 - 12:08 PM

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-10-12 19:09:51
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwClose
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwCreateKey
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwDeleteKey
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwDeleteValueKey
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwEnumerateKey
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwEnumerateValueKey
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwFlushKey
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwLoadKey
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys ZwOpenFile
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwOpenKey
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwQueryKey
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwQueryValueKey
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwSetValueKey
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwUnloadKey

---- User code sections - GMER 1.0.13 ----

.text C:\WINDOWS\System32\alg.exe[752] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\System32\alg.exe[752] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 10002D10 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\System32\alg.exe[752] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\System32\alg.exe[752] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 10003020 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\System32\alg.exe[752] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10002DA0 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\System32\alg.exe[752] WS2_32.dll!send 71AB428A 5 Bytes JMP 10002AA0 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\System32\alg.exe[752] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 10002D70 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\System32\alg.exe[752] WS2_32.dll!listen 71AB88D3 5 Bytes JMP 10002A60 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\System32\alg.exe[752] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 10003060 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\System32\alg.exe[752] WS2_32.dll!accept 71AC1028 5 Bytes JMP 10002F30 C:\WINDOWS\System32\sockspy.dll
.text E:\vmc.exe[1168] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text E:\vmc.exe[1168] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text E:\vmc.exe[1168] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text E:\vmc.exe[1168] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text E:\vmc.exe[1168] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text E:\vmc.exe[1168] WS2_32.dll!send 71AB428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text E:\vmc.exe[1168] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text E:\vmc.exe[1168] WS2_32.dll!listen 71AB88D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text E:\vmc.exe[1168] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text E:\vmc.exe[1168] WS2_32.dll!accept 71AC1028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text E:\PhoneConnectorVMC.exe[1772] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text E:\PhoneConnectorVMC.exe[1772] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text E:\PhoneConnectorVMC.exe[1772] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text E:\PhoneConnectorVMC.exe[1772] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text E:\PhoneConnectorVMC.exe[1772] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text E:\PhoneConnectorVMC.exe[1772] WS2_32.dll!send 71AB428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text E:\PhoneConnectorVMC.exe[1772] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text E:\PhoneConnectorVMC.exe[1772] WS2_32.dll!listen 71AB88D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text E:\PhoneConnectorVMC.exe[1772] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text E:\PhoneConnectorVMC.exe[1772] WS2_32.dll!accept 71AC1028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\Explorer.EXE[2116] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\Explorer.EXE[2116] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\Explorer.EXE[2116] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\Explorer.EXE[2116] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\Explorer.EXE[2116] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\Explorer.EXE[2116] WS2_32.dll!send 71AB428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\Explorer.EXE[2116] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\Explorer.EXE[2116] WS2_32.dll!listen 71AB88D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\Explorer.EXE[2116] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\Explorer.EXE[2116] WS2_32.dll!accept 71AC1028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe[2440] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\igfxtray.exe[2464] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00853090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\hkcmd.exe[2472] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00853090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\sm56hlpr.exe[2480] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2488] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text ...
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2564] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2564] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2564] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2564] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2564] WS2_32.dll!send 71AB428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2564] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2564] WS2_32.dll!listen 71AB88D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2564] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2564] WS2_32.dll!accept 71AC1028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2640] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[2668] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2676] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\QuickTime\qttask.exe[2684] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Softwin\BitDefender10\bdagent.exe[2840] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 009A3090 C:\WINDOWS\system32\sockspy.dll
.text ...
.text C:\Program Files\Windows Defender\MSASCui.exe[2848] ws2_32.dll!sendto 71AB2C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[2848] ws2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[2848] ws2_32.dll!bind 71AB3E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[2848] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[2848] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[2848] ws2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[2848] ws2_32.dll!listen 71AB88D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[2848] ws2_32.dll!closesocket 71AB9639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[2848] ws2_32.dll!accept 71AC1028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Messenger\msmsgs.exe[2868] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Messenger\msmsgs.exe[2868] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Messenger\msmsgs.exe[2868] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Messenger\msmsgs.exe[2868] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Messenger\msmsgs.exe[2868] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Messenger\msmsgs.exe[2868] WS2_32.dll!send 71AB428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Messenger\msmsgs.exe[2868] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Messenger\msmsgs.exe[2868] WS2_32.dll!listen 71AB88D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Messenger\msmsgs.exe[2868] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Messenger\msmsgs.exe[2868] WS2_32.dll!accept 71AC1028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2876] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2876] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2876] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2876] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2876] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2876] WS2_32.dll!send 71AB428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2876] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2876] WS2_32.dll!listen 71AB88D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2876] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Skype\Phone\Skype.exe[2876] WS2_32.dll!accept 71AC1028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2888] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00383090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2888] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 00382D10 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2888] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 00382CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2888] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00383020 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2888] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00382DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2888] WS2_32.dll!send 71AB428A 5 Bytes JMP 00382AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2888] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 00382D70 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2888] WS2_32.dll!listen 71AB88D3 5 Bytes JMP 00382A60 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2888] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00383060 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2888] WS2_32.dll!accept 71AC1028 5 Bytes JMP 00382F30 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\ctfmon.exe[2908] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Outlook Express\msimn.exe[2928] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Outlook Express\msimn.exe[2928] ws2_32.dll!sendto 71AB2C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Outlook Express\msimn.exe[2928] ws2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Outlook Express\msimn.exe[2928] ws2_32.dll!bind 71AB3E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Outlook Express\msimn.exe[2928] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Outlook Express\msimn.exe[2928] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Outlook Express\msimn.exe[2928] ws2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Outlook Express\msimn.exe[2928] ws2_32.dll!listen 71AB88D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Outlook Express\msimn.exe[2928] ws2_32.dll!closesocket 71AB9639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Outlook Express\msimn.exe[2928] ws2_32.dll!accept 71AC1028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3056] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[3616] KERNEL32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3796] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00863090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3796] ws2_32.dll!sendto 71AB2C69 5 Bytes JMP 00862D10 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3796] ws2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 00862CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3796] ws2_32.dll!bind 71AB3E00 5 Bytes JMP 00863020 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3796] ws2_32.dll!connect 71AB406A 5 Bytes JMP 00862DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3796] ws2_32.dll!send 71AB428A 5 Bytes JMP 00862AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3796] ws2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 00862D70 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3796] ws2_32.dll!listen 71AB88D3 5 Bytes JMP 00862A60 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3796] ws2_32.dll!closesocket 71AB9639 5 Bytes JMP 00863060 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3796] ws2_32.dll!accept 71AC1028 5 Bytes JMP 00862F30 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Skype\Plugin Manager\SkypePM.exe[3888] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Skype\Plugin Manager\SkypePM.exe[3888] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Skype\Plugin Manager\SkypePM.exe[3888] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Skype\Plugin Manager\SkypePM.exe[3888] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Skype\Plugin Manager\SkypePM.exe[3888] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Skype\Plugin Manager\SkypePM.exe[3888] WS2_32.dll!send 71AB428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Skype\Plugin Manager\SkypePM.exe[3888] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Skype\Plugin Manager\SkypePM.exe[3888] WS2_32.dll!listen 71AB88D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Skype\Plugin Manager\SkypePM.exe[3888] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Skype\Plugin Manager\SkypePM.exe[3888] WS2_32.dll!accept 71AC1028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5108] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5108] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F2C1 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5108] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 430A030F C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5108] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 430A0290 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5108] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 430A02D4 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5108] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 430A021C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5108] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 430A0256 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5108] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 430A034A C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5108] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F31676 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5108] ws2_32.dll!sendto 71AB2C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5108] ws2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5108] ws2_32.dll!bind 71AB3E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5108] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5108] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5108] ws2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5108] ws2_32.dll!listen 71AB88D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5108] ws2_32.dll!closesocket 71AB9639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5108] ws2_32.dll!accept 71AC1028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\DOCUME~1\TSEKOM~1\LOCALS~1\Temp\Temporary Directory 1 for gmer[1].zip\gmer.exe[5760] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll

---- Devices - GMER 1.0.13 ----

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F86431DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F86431DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F8643454] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F86431DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [9DFE27AD] bdfsdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [A88E0F10] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_NAMED_PIPE [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLOSE [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_WRITE [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_INFORMATION [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_INFORMATION [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_EA [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_EA [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FLUSH_BUFFERS [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_VOLUME_INFORMATION [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_VOLUME_INFORMATION [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DIRECTORY_CONTROL [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FILE_SYSTEM_CONTROL [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CONTROL [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SHUTDOWN [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_LOCK_CONTROL [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLEANUP [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_MAILSLOT [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_SECURITY [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_SECURITY [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_POWER [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SYSTEM_CONTROL [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CHANGE [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_QUOTA [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_QUOTA [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE_NAMED_PIPE [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CLOSE [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_READ [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_WRITE [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_INFORMATION [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_INFORMATION [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_EA [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_EA [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_FLUSH_BUFFERS [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_VOLUME_INFORMATION [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_VOLUME_INFORMATION [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DIRECTORY_CONTROL [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_FILE_SYSTEM_CONTROL [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DEVICE_CONTROL [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SHUTDOWN [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_LOCK_CONTROL [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CLEANUP [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE_MAILSLOT [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_SECURITY [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_SECURITY [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_POWER [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SYSTEM_CONTROL [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DEVICE_CHANGE [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_QUOTA [F7A47E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_QUOTA [F7A47E00] SynTP.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F8B03486] bdpredir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [A88E0F10] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [A88E0F10] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [A88E0F10] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [A88E1A9C] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [A88E1A9C] bdftdif.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F86431DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F86431DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F8643454] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F86431DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F8636F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [9DFE27AD] bdfsdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [9DFE27AD] bdfsdrv.sys

---- Files - GMER 1.0.13 ----

ADS C:\Documents and Settings\Tseko Mogotsi\Favorites\Papers :favicon

---- EOF - GMER 1.0.13 ----

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:48 PM

Posted 12 October 2007 - 01:19 PM

I assume that BitDefender is your antivirus at the moment, but there are remenants of Norton/Symnatec..
Did you try to uninstall this antivirus from your system? If so, how did you go about doing it?

#9 Tseko

Tseko
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 12 October 2007 - 06:36 PM

Yes Bit Defender is my antivirus.

Tried to uninstall Norton Symantec through add/remove programmes. I wasnt happy with it. I thought Bit Defender would do better. I couldnt seem to get rid of Norton Systemworks though. It wont delete.

#10 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:48 PM

Posted 14 October 2007 - 04:59 AM

Ok, let's start by completely removing Symantec products from your PC.
At the moment they are interfering and causing slow downs..
Follow the instructions given at this link:
http://service1.symantec.com/SUPPORT/tsgen...005033108162039

Post a new Hijackthis log once the removal tool has been run..




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users