Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

vbs generic, trojan 19, win32.ramnit.h


  • Please log in to reply
7 replies to this topic

#1 fsa259

fsa259

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 AM

Posted 11 November 2010 - 05:35 PM

AVG kept detecting VBS generic on several of my normal document files and various help files. I did a scan and it also found several Trojan Generic 19 CNHY and Trojan cryptic BGI. Ran malwarebytes & AVG in safe mode. Still same problem.

Bitdefender seemed to be detecting and failing to repair a lot of system files with ramnit.

I got frustrated and reformatted my C Drive from a built in recovery partition. As I downloaded my normal antimalware programmes, the whole cycle started again!


DDS (Ver_10-11-10.01) - NTFSx86
Run by SAMSUNG at 21:56:22.43 on 11/11/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1125 [GMT 0:00]

AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\SAMSUNG\Start Menu\Programs\Startup\srvsxb32.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\SAMSUNG\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0\bin\jusched.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [<NO NAME>]
mRun: [EDS] c:\program files\samsung\samsung eds\EDSAgent.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe
mRun: [BatteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe
mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\samsung\start menu\programs\startup\srvsxb32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\samsung\applic~1\mozilla\firefox\profiles\1qo5bzt5.default\
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJPI150.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-2-12 4300]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-1-15 30208]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-11-11 38224]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-2-12 238464]

=============== Created Last 30 ================

2010-11-11 21:40:56 -------- d-----w- c:\docume~1\samsung\applic~1\Malwarebytes
2010-11-11 21:40:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-11 21:40:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-11 21:40:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-11 21:40:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-11 21:10:08 -------- d--h--w- C:\$AVG
2010-11-11 21:08:21 -------- d-----w- c:\docume~1\samsung\applic~1\AVG10
2010-11-11 21:08:15 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-11-11 20:56:19 -------- d-----w- c:\program files\temp
2010-11-11 20:55:45 -------- d-----w- c:\program files\Microsoft
2010-11-11 20:54:00 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-11-11 20:53:05 -------- d-----w- c:\windows\system32\drivers\AVG
2010-11-11 20:53:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-11-11 20:52:43 -------- d-----w- c:\program files\AVG
2010-11-11 20:49:59 -------- d-----w- c:\program files\uTorrent
2010-11-11 20:49:30 -------- d-----w- c:\docume~1\samsung\applic~1\uTorrent
2010-11-11 20:47:59 -------- d-----w- c:\program files\CCleaner
2010-11-11 20:46:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-11-11 20:33:19 -------- d-----w- c:\documents and settings\samsung\Bluetooth Software

==================== Find3M ====================


============= FINISH: 22:00:21.42 ===============

BC AdBot (Login to Remove)

 


#2 fsa259

fsa259
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 AM

Posted 11 November 2010 - 06:31 PM

Ramnit A is incurable...according to my googling. Does the same apply to Ramnit H?

Could it be that the recovery partition is also affected? If so, im in a bit of a problem as i dont have an external CD drive and my laptop doesnt have one built in........any way around that?

#3 fsa259

fsa259
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 AM

Posted 11 November 2010 - 06:34 PM

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-11 23:32:49
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM160HI rev.HH100-06
Running: gmer.exe; Driver: C:\DOCUME~1\SAMSUNG\LOCALS~1\Temp\pwtorfog.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[136] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[136] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[136] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[136] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[136] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[136] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002742C
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[136] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[136] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20027503
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[136] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[136] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[136] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\WINDOWS\System32\alg.exe[148] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20015A5B
.text C:\WINDOWS\System32\alg.exe[148] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200171EC
.text C:\WINDOWS\System32\alg.exe[148] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2001745A
.text C:\WINDOWS\System32\alg.exe[148] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2001753D
.text C:\WINDOWS\System32\alg.exe[148] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20017765
.text C:\WINDOWS\System32\alg.exe[148] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2001742C
.text C:\WINDOWS\System32\alg.exe[148] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20017611
.text C:\WINDOWS\System32\alg.exe[148] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20017503
.text C:\WINDOWS\System32\alg.exe[148] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2001757D
.text C:\WINDOWS\System32\alg.exe[148] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200176B8
.text C:\WINDOWS\System32\alg.exe[148] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200175C4
.text C:\WINDOWS\Explorer.EXE[164] ntdll.dll!NtQueryDirectoryFile + 6 7C90D756 4 Bytes [90, 61, 58, 01]
.text C:\WINDOWS\Explorer.EXE[164] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\Explorer.EXE[164] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\WINDOWS\Explorer.EXE[164] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\WINDOWS\Explorer.EXE[164] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\WINDOWS\Explorer.EXE[164] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002742C
.text C:\WINDOWS\Explorer.EXE[164] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\WINDOWS\Explorer.EXE[164] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20027503
.text C:\WINDOWS\Explorer.EXE[164] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\WINDOWS\Explorer.EXE[164] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\WINDOWS\Explorer.EXE[164] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[488] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[488] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[488] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[488] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[488] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[488] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002742C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[488] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[488] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20027503
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[488] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[488] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[488] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\Program Files\Internet Explorer\iexplore.exe[528] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\Program Files\Internet Explorer\iexplore.exe[528] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\Program Files\Internet Explorer\iexplore.exe[528] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\Program Files\Internet Explorer\iexplore.exe[528] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\Program Files\Internet Explorer\iexplore.exe[528] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\Program Files\Internet Explorer\iexplore.exe[528] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002742C
.text C:\Program Files\Internet Explorer\iexplore.exe[528] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\Program Files\Internet Explorer\iexplore.exe[528] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20027503
.text C:\Program Files\Internet Explorer\iexplore.exe[528] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\Program Files\Internet Explorer\iexplore.exe[528] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\Program Files\Internet Explorer\iexplore.exe[528] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\WINDOWS\system32\svchost.exe[636] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20015A5B
.text C:\WINDOWS\system32\svchost.exe[636] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200171EC
.text C:\Program Files\Java\jre1.5.0\bin\jusched.exe[856] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\Program Files\Java\jre1.5.0\bin\jusched.exe[856] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\csrss.exe[876] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\csrss.exe[876] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\winlogon.exe[924] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\winlogon.exe[924] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\winlogon.exe[924] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\WINDOWS\system32\winlogon.exe[924] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\WINDOWS\system32\winlogon.exe[924] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\WINDOWS\system32\winlogon.exe[924] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002742C
.text C:\WINDOWS\system32\winlogon.exe[924] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\WINDOWS\system32\winlogon.exe[924] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20027503
.text C:\WINDOWS\system32\winlogon.exe[924] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\WINDOWS\system32\winlogon.exe[924] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\WINDOWS\system32\winlogon.exe[924] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\WINDOWS\system32\services.exe[972] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\services.exe[972] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002742C
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20027503
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\WINDOWS\system32\lsass.exe[984] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\lsass.exe[984] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002742C
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20027503
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\WINDOWS\RTHDCPL.EXE[1064] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\RTHDCPL.EXE[1064] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe[1188] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe[1188] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002742C
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20027503
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\WINDOWS\system32\igfxtray.exe[1272] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\igfxtray.exe[1272] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\hkcmd.exe[1292] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\hkcmd.exe[1292] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\igfxpers.exe[1308] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\igfxpers.exe[1308] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\igfxext.exe[1320] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\igfxext.exe[1320] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\System32\svchost.exe[1380] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\System32\svchost.exe[1380] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002742C
.text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20027503
.text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1452] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1452] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1452] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1452] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1452] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1452] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002742C
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1452] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1452] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20027503
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1452] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1452] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1452] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\WINDOWS\system32\svchost.exe[1524] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\svchost.exe[1524] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\svchost.exe[1524] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\WINDOWS\system32\svchost.exe[1524] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\WINDOWS\system32\svchost.exe[1524] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\WINDOWS\system32\svchost.exe[1524] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002742C
.text C:\WINDOWS\system32\svchost.exe[1524] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\WINDOWS\system32\svchost.exe[1524] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20027503
.text C:\WINDOWS\system32\svchost.exe[1524] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\WINDOWS\system32\svchost.exe[1524] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\WINDOWS\system32\svchost.exe[1524] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1532] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1532] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\igfxsrvc.exe[1544] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\igfxsrvc.exe[1544] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\svchost.exe[1660] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\WINDOWS\system32\svchost.exe[1660] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\WINDOWS\system32\svchost.exe[1660] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\WINDOWS\system32\svchost.exe[1660] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002742C
.text C:\WINDOWS\system32\svchost.exe[1660] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\WINDOWS\system32\svchost.exe[1660] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20027503
.text C:\WINDOWS\system32\svchost.exe[1660] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\WINDOWS\system32\svchost.exe[1660] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\WINDOWS\system32\svchost.exe[1660] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe[1804] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe[1804] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1860] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1860] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\Program Files\AVG\AVG10\avgtray.exe[1960] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\Program Files\AVG\AVG10\avgtray.exe[1960] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\Program Files\AVG\AVG10\avgtray.exe[1960] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\Program Files\AVG\AVG10\avgtray.exe[1960] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\Program Files\AVG\AVG10\avgtray.exe[1960] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\Program Files\AVG\AVG10\avgtray.exe[1960] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002742C
.text C:\Program Files\AVG\AVG10\avgtray.exe[1960] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\Program Files\AVG\AVG10\avgtray.exe[1960] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20027503
.text C:\Program Files\AVG\AVG10\avgtray.exe[1960] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\Program Files\AVG\AVG10\avgtray.exe[1960] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\Program Files\AVG\AVG10\avgtray.exe[1960] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\WINDOWS\system32\spoolsv.exe[2028] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\spoolsv.exe[2028] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\Documents and Settings\SAMSUNG\Start Menu\Programs\Startup\srvsxb32.exe[2172] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200171EC
.text C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe[2204] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe[2204] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe[2224] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe[2224] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\RUNDLL32.EXE[2504] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20015A5B
.text C:\WINDOWS\system32\RUNDLL32.EXE[2504] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200171EC
.text C:\WINDOWS\system32\RUNDLL32.EXE[2504] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2001745A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2504] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2001753D
.text C:\WINDOWS\system32\RUNDLL32.EXE[2504] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20017765
.text C:\WINDOWS\system32\RUNDLL32.EXE[2504] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2001742C
.text C:\WINDOWS\system32\RUNDLL32.EXE[2504] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20017611
.text C:\WINDOWS\system32\RUNDLL32.EXE[2504] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20017503
.text C:\WINDOWS\system32\RUNDLL32.EXE[2504] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2001757D
.text C:\WINDOWS\system32\RUNDLL32.EXE[2504] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200176B8
.text C:\WINDOWS\system32\RUNDLL32.EXE[2504] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200175C4
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2696] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20015A5B
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2696] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200171EC
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2696] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2001745A
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2696] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2001753D
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2696] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20017765
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2696] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2001742C
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2696] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20017611
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2696] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20017503
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2696] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2001757D
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2696] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200176B8
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2696] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200175C4
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2728] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20015A5B
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2728] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200171EC
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2728] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2001745A
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2728] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2001753D
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2728] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20017765
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2728] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2001742C
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2728] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20017611
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2728] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20017503
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2728] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2001757D
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2728] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200176B8
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2728] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200175C4
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3184] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20015A5B
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3184] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200171EC
.text C:\Program Files\AVG\AVG10\avgnsx.exe[3368] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20015A5B
.text C:\Program Files\AVG\AVG10\avgnsx.exe[3368] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200171EC
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3404] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20015A5B
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3404] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200171EC
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3404] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2001745A
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3404] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2001753D
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3404] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20017765
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3404] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2001742C
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3404] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20017611
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3404] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20017503
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3404] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2001757D
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3404] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200176B8
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3404] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200175C4
.text C:\WINDOWS\system32\wuauclt.exe[3828] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20015A5B
.text C:\WINDOWS\system32\wuauclt.exe[3828] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200171EC
.text C:\WINDOWS\system32\wuauclt.exe[3828] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2001745A
.text C:\WINDOWS\system32\wuauclt.exe[3828] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2001753D
.text C:\WINDOWS\system32\wuauclt.exe[3828] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20017765
.text C:\WINDOWS\system32\wuauclt.exe[3828] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2001742C
.text C:\WINDOWS\system32\wuauclt.exe[3828] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20017611
.text C:\WINDOWS\system32\wuauclt.exe[3828] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20017503
.text C:\WINDOWS\system32\wuauclt.exe[3828] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2001757D
.text C:\WINDOWS\system32\wuauclt.exe[3828] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200176B8
.text C:\WINDOWS\system32\wuauclt.exe[3828] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200175C4
.text C:\Documents and Settings\SAMSUNG\Desktop\gmer\gmer.exe[4628] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\Documents and Settings\SAMSUNG\Desktop\gmer\gmer.exe[4628] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[5624] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20015A5B
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[5624] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200171EC

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Processes - GMER 1.0.15 ----

Process hidden process (*** hidden *** ) 5736

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\SAMSUNG\Local Settings\Temporary Internet Files\Content.IE5\4TQB0DIV\level10[1].gif 903 bytes
File C:\Documents and Settings\SAMSUNG\Local Settings\Temporary Internet Files\Content.IE5\4TQB0DIV\russian_federation[1].gif 1201 bytes
File C:\Documents and Settings\SAMSUNG\Local Settings\Temporary Internet Files\Content.IE5\4TQB0DIV\logo[1].gif 3496 bytes
File C:\Documents and Settings\SAMSUNG\Local Settings\Temporary Internet Files\Content.IE5\4TQB0DIV\file_mod[1].gif 1598 bytes
File C:\WINDOWS\_swf_imagine digital freedom_work 0 bytes

---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-11 23:32:49
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM160HI rev.HH100-06
Running: gmer.exe; Driver: C:\DOCUME~1\SAMSUNG\LOCALS~1\Temp\pwtorfog.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[136] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[136] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[136] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[136] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[136] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[136] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002742C
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[136] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[136] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20027503
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[136] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[136] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[136] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\WINDOWS\System32\alg.exe[148] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20015A5B
.text C:\WINDOWS\System32\alg.exe[148] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200171EC
.text C:\WINDOWS\System32\alg.exe[148] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2001745A
.text C:\WINDOWS\System32\alg.exe[148] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2001753D
.text C:\WINDOWS\System32\alg.exe[148] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20017765
.text C:\WINDOWS\System32\alg.exe[148] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2001742C
.text C:\WINDOWS\System32\alg.exe[148] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20017611
.text C:\WINDOWS\System32\alg.exe[148] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20017503
.text C:\WINDOWS\System32\alg.exe[148] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2001757D
.text C:\WINDOWS\System32\alg.exe[148] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200176B8
.text C:\WINDOWS\System32\alg.exe[148] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200175C4
.text C:\WINDOWS\Explorer.EXE[164] ntdll.dll!NtQueryDirectoryFile + 6 7C90D756 4 Bytes [90, 61, 58, 01]
.text C:\WINDOWS\Explorer.EXE[164] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\Explorer.EXE[164] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\WINDOWS\Explorer.EXE[164] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\WINDOWS\Explorer.EXE[164] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\WINDOWS\Explorer.EXE[164] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002742C
.text C:\WINDOWS\Explorer.EXE[164] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\WINDOWS\Explorer.EXE[164] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20027503
.text C:\WINDOWS\Explorer.EXE[164] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\WINDOWS\Explorer.EXE[164] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\WINDOWS\Explorer.EXE[164] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[488] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[488] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[488] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[488] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[488] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[488] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002742C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[488] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[488] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20027503
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[488] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[488] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[488] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\Program Files\Internet Explorer\iexplore.exe[528] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\Program Files\Internet Explorer\iexplore.exe[528] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\Program Files\Internet Explorer\iexplore.exe[528] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\Program Files\Internet Explorer\iexplore.exe[528] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\Program Files\Internet Explorer\iexplore.exe[528] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\Program Files\Internet Explorer\iexplore.exe[528] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002742C
.text C:\Program Files\Internet Explorer\iexplore.exe[528] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\Program Files\Internet Explorer\iexplore.exe[528] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20027503
.text C:\Program Files\Internet Explorer\iexplore.exe[528] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\Program Files\Internet Explorer\iexplore.exe[528] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\Program Files\Internet Explorer\iexplore.exe[528] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\WINDOWS\system32\svchost.exe[636] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20015A5B
.text C:\WINDOWS\system32\svchost.exe[636] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200171EC
.text C:\Program Files\Java\jre1.5.0\bin\jusched.exe[856] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\Program Files\Java\jre1.5.0\bin\jusched.exe[856] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\csrss.exe[876] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\csrss.exe[876] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\winlogon.exe[924] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\winlogon.exe[924] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\winlogon.exe[924] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\WINDOWS\system32\winlogon.exe[924] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\WINDOWS\system32\winlogon.exe[924] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\WINDOWS\system32\winlogon.exe[924] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002742C
.text C:\WINDOWS\system32\winlogon.exe[924] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\WINDOWS\system32\winlogon.exe[924] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20027503
.text C:\WINDOWS\system32\winlogon.exe[924] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\WINDOWS\system32\winlogon.exe[924] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\WINDOWS\system32\winlogon.exe[924] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\WINDOWS\system32\services.exe[972] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\services.exe[972] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002742C
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20027503
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\WINDOWS\system32\lsass.exe[984] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\lsass.exe[984] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002742C
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20027503
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\WINDOWS\RTHDCPL.EXE[1064] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\RTHDCPL.EXE[1064] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe[1188] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe[1188] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002742C
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20027503
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\WINDOWS\system32\igfxtray.exe[1272] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\igfxtray.exe[1272] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\hkcmd.exe[1292] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\hkcmd.exe[1292] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\igfxpers.exe[1308] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\igfxpers.exe[1308] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\igfxext.exe[1320] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\igfxext.exe[1320] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\System32\svchost.exe[1380] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\System32\svchost.exe[1380] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002742C
.text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20027503
.text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1452] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1452] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1452] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1452] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1452] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1452] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002742C
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1452] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1452] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20027503
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1452] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1452] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1452] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\WINDOWS\system32\svchost.exe[1524] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\svchost.exe[1524] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\svchost.exe[1524] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\WINDOWS\system32\svchost.exe[1524] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\WINDOWS\system32\svchost.exe[1524] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\WINDOWS\system32\svchost.exe[1524] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002742C
.text C:\WINDOWS\system32\svchost.exe[1524] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\WINDOWS\system32\svchost.exe[1524] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20027503
.text C:\WINDOWS\system32\svchost.exe[1524] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\WINDOWS\system32\svchost.exe[1524] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\WINDOWS\system32\svchost.exe[1524] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1532] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1532] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\igfxsrvc.exe[1544] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\igfxsrvc.exe[1544] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\svchost.exe[1660] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\WINDOWS\system32\svchost.exe[1660] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\WINDOWS\system32\svchost.exe[1660] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\WINDOWS\system32\svchost.exe[1660] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002742C
.text C:\WINDOWS\system32\svchost.exe[1660] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\WINDOWS\system32\svchost.exe[1660] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20027503
.text C:\WINDOWS\system32\svchost.exe[1660] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\WINDOWS\system32\svchost.exe[1660] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\WINDOWS\system32\svchost.exe[1660] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe[1804] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe[1804] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1860] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1860] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\Program Files\AVG\AVG10\avgtray.exe[1960] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\Program Files\AVG\AVG10\avgtray.exe[1960] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\Program Files\AVG\AVG10\avgtray.exe[1960] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002745A
.text C:\Program Files\AVG\AVG10\avgtray.exe[1960] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2002753D
.text C:\Program Files\AVG\AVG10\avgtray.exe[1960] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20027765
.text C:\Program Files\AVG\AVG10\avgtray.exe[1960] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002742C
.text C:\Program Files\AVG\AVG10\avgtray.exe[1960] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20027611
.text C:\Program Files\AVG\AVG10\avgtray.exe[1960] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20027503
.text C:\Program Files\AVG\AVG10\avgtray.exe[1960] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002757D
.text C:\Program Files\AVG\AVG10\avgtray.exe[1960] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200276B8
.text C:\Program Files\AVG\AVG10\avgtray.exe[1960] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200275C4
.text C:\WINDOWS\system32\spoolsv.exe[2028] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\WINDOWS\system32\spoolsv.exe[2028] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\Documents and Settings\SAMSUNG\Start Menu\Programs\Startup\srvsxb32.exe[2172] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200171EC
.text C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe[2204] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe[2204] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe[2224] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe[2224] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\WINDOWS\system32\RUNDLL32.EXE[2504] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20015A5B
.text C:\WINDOWS\system32\RUNDLL32.EXE[2504] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200171EC
.text C:\WINDOWS\system32\RUNDLL32.EXE[2504] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2001745A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2504] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2001753D
.text C:\WINDOWS\system32\RUNDLL32.EXE[2504] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20017765
.text C:\WINDOWS\system32\RUNDLL32.EXE[2504] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2001742C
.text C:\WINDOWS\system32\RUNDLL32.EXE[2504] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20017611
.text C:\WINDOWS\system32\RUNDLL32.EXE[2504] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20017503
.text C:\WINDOWS\system32\RUNDLL32.EXE[2504] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2001757D
.text C:\WINDOWS\system32\RUNDLL32.EXE[2504] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200176B8
.text C:\WINDOWS\system32\RUNDLL32.EXE[2504] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200175C4
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2696] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20015A5B
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2696] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200171EC
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2696] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2001745A
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2696] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2001753D
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2696] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20017765
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2696] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2001742C
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2696] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20017611
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2696] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20017503
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2696] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2001757D
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2696] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200176B8
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2696] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200175C4
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2728] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20015A5B
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2728] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200171EC
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2728] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2001745A
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2728] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2001753D
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2728] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20017765
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2728] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2001742C
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2728] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20017611
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2728] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20017503
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2728] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2001757D
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2728] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200176B8
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2728] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200175C4
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3184] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20015A5B
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3184] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200171EC
.text C:\Program Files\AVG\AVG10\avgnsx.exe[3368] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20015A5B
.text C:\Program Files\AVG\AVG10\avgnsx.exe[3368] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200171EC
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3404] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20015A5B
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3404] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200171EC
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3404] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2001745A
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3404] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2001753D
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3404] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20017765
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3404] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2001742C
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3404] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20017611
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3404] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20017503
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3404] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2001757D
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3404] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200176B8
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3404] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200175C4
.text C:\WINDOWS\system32\wuauclt.exe[3828] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20015A5B
.text C:\WINDOWS\system32\wuauclt.exe[3828] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200171EC
.text C:\WINDOWS\system32\wuauclt.exe[3828] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2001745A
.text C:\WINDOWS\system32\wuauclt.exe[3828] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2001753D
.text C:\WINDOWS\system32\wuauclt.exe[3828] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20017765
.text C:\WINDOWS\system32\wuauclt.exe[3828] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2001742C
.text C:\WINDOWS\system32\wuauclt.exe[3828] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20017611
.text C:\WINDOWS\system32\wuauclt.exe[3828] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20017503
.text C:\WINDOWS\system32\wuauclt.exe[3828] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2001757D
.text C:\WINDOWS\system32\wuauclt.exe[3828] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200176B8
.text C:\WINDOWS\system32\wuauclt.exe[3828] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200175C4
.text C:\Documents and Settings\SAMSUNG\Desktop\gmer\gmer.exe[4628] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20025A5B
.text C:\Documents and Settings\SAMSUNG\Desktop\gmer\gmer.exe[4628] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200271EC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[5624] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 20015A5B
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[5624] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 200171EC

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Processes - GMER 1.0.15 ----

Process hidden process (*** hidden *** ) 5736

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\SAMSUNG\Local Settings\Temporary Internet Files\Content.IE5\4TQB0DIV\level10[1].gif 903 bytes
File C:\Documents and Settings\SAMSUNG\Local Settings\Temporary Internet Files\Content.IE5\4TQB0DIV\russian_federation[1].gif 1201 bytes
File C:\Documents and Settings\SAMSUNG\Local Settings\Temporary Internet Files\Content.IE5\4TQB0DIV\logo[1].gif 3496 bytes
File C:\Documents and Settings\SAMSUNG\Local Settings\Temporary Internet Files\Content.IE5\4TQB0DIV\file_mod[1].gif 1598 bytes
File C:\WINDOWS\_swf_imagine digital freedom_work 0 bytes

---- EOF - GMER 1.0.15 ----

#4 fsa259

fsa259
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 AM

Posted 11 November 2010 - 08:41 PM

BitDefender Online Scanner

Scan report generated at: Fri, Nov 12, 2010 - 00:48:36


Scan path: C:\Documents and Settings\SAMSUNG\My Documents;C:\Documents and Settings\All Users\Documents;C:\;D:\



Statistics

Time
03:03:46

Files
242846

Folders
2509

Boot Sectors
0

Archives
7332

Packed Files
13893




Results

Identified Viruses
2

Infected Files
98

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
98




Engines Info

Virus Definitions
6224027

Engine build
AVCORE v2.1 Windows/i386 11.0.0.42 (Oct 18 2010)

Scan plugins
18

Archive plugins
44

Unpack plugins
10

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Program Files\Adobe\Adobe Help Viewer\1.0\ahv.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Adobe\Adobe Help Viewer\1.0\ahv.exe
Disinfection failed

C:\Program Files\Adobe\Adobe Help Viewer\1.0\ahv.exe
Deleted

C:\Program Files\Adobe\Reader 8.0\Reader\JP2KLib.dll
Infected with: Win32.Ramnit.H

C:\Program Files\Adobe\Reader 8.0\Reader\JP2KLib.dll
Disinfection failed

C:\Program Files\Adobe\Reader 8.0\Reader\JP2KLib.dll
Deleted

C:\Program Files\AVG\AVG10\HtmLayout.dll
Infected with: Win32.Ramnit.H

C:\Program Files\AVG\AVG10\HtmLayout.dll
Disinfection failed

C:\Program Files\AVG\AVG10\HtmLayout.dll
Deleted

C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL
Infected with: Win32.Ramnit.H

C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL
Disinfection failed

C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL
Deleted

C:\Program Files\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\ISSetup.dll
Infected with: Win32.Ramnit.H

C:\Program Files\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\ISSetup.dll
Disinfection failed

C:\Program Files\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\ISSetup.dll
Deleted

C:\Program Files\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\setup.exe
Infected with: Win32.Ramnit.H

C:\Program Files\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\setup.exe
Disinfection failed

C:\Program Files\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\setup.exe
Deleted

C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\ISSetup.dll
Infected with: Win32.Ramnit.H

C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\ISSetup.dll
Disinfection failed

C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\ISSetup.dll
Deleted

C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe
Infected with: Win32.Ramnit.H

C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe
Disinfection failed

C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe
Deleted

C:\Program Files\InstallShield Installation Information\{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}\ISSetup.dll
Infected with: Win32.Ramnit.H

C:\Program Files\InstallShield Installation Information\{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}\ISSetup.dll
Disinfection failed

C:\Program Files\InstallShield Installation Information\{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}\ISSetup.dll
Deleted

C:\Program Files\InstallShield Installation Information\{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}\setup.exe
Infected with: Win32.Ramnit.H

C:\Program Files\InstallShield Installation Information\{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}\setup.exe
Disinfection failed

C:\Program Files\InstallShield Installation Information\{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}\setup.exe
Deleted

C:\Program Files\Marvell\Miniport Driver\installu.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Marvell\Miniport Driver\installu.exe
Disinfection failed

C:\Program Files\Marvell\Miniport Driver\installu.exe
Deleted

C:\Program Files\Realtek\Audio\InstallShield\AlcWzrd.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Realtek\Audio\InstallShield\AlcWzrd.exe
Disinfection failed

C:\Program Files\Realtek\Audio\InstallShield\AlcWzrd.exe
Deleted

C:\Program Files\Realtek\Audio\InstallShield\ChCfg.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Realtek\Audio\InstallShield\ChCfg.exe
Disinfection failed

C:\Program Files\Realtek\Audio\InstallShield\ChCfg.exe
Deleted

C:\Program Files\Realtek\Audio\InstallShield\MicCal.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Realtek\Audio\InstallShield\MicCal.exe
Disinfection failed

C:\Program Files\Realtek\Audio\InstallShield\MicCal.exe
Deleted

C:\Program Files\Realtek\Audio\InstallShield\RTHDCPL.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Realtek\Audio\InstallShield\RTHDCPL.exe
Disinfection failed

C:\Program Files\Realtek\Audio\InstallShield\RTHDCPL.exe
Deleted

C:\Program Files\Realtek\Audio\InstallShield\RTLCPL.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Realtek\Audio\InstallShield\RTLCPL.exe
Disinfection failed

C:\Program Files\Realtek\Audio\InstallShield\RTLCPL.exe
Deleted

C:\Program Files\Realtek\Audio\InstallShield\RtlUpd.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Realtek\Audio\InstallShield\RtlUpd.exe
Disinfection failed

C:\Program Files\Realtek\Audio\InstallShield\RtlUpd.exe
Deleted

C:\Program Files\Realtek\Audio\InstallShield\SkyTel.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Realtek\Audio\InstallShield\SkyTel.exe
Disinfection failed

C:\Program Files\Realtek\Audio\InstallShield\SkyTel.exe
Deleted

C:\Program Files\Samsung\Easy Display Manager\DMLauncher_XP.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Samsung\Easy Display Manager\DMLauncher_XP.exe
Disinfection failed

C:\Program Files\Samsung\Easy Display Manager\DMLauncher_XP.exe
Deleted

C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
Disinfection failed

C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
Deleted

C:\Program Files\Samsung\Easy Display Manager\EDM-BatteryWarning.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Samsung\Easy Display Manager\EDM-BatteryWarning.exe
Disinfection failed

C:\Program Files\Samsung\Easy Display Manager\EDM-BatteryWarning.exe
Deleted

C:\Program Files\Samsung\Easy Network Manager\ENM.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Samsung\Easy Network Manager\ENM.exe
Disinfection failed

C:\Program Files\Samsung\Easy Network Manager\ENM.exe
Deleted

C:\Program Files\Samsung\Easy Network Manager\HelpLaunch.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Samsung\Easy Network Manager\HelpLaunch.exe
Disinfection failed

C:\Program Files\Samsung\Easy Network Manager\HelpLaunch.exe
Deleted

C:\Program Files\Samsung\Samsung Battery Manager\KStartMem.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Samsung\Samsung Battery Manager\KStartMem.exe
Disinfection failed

C:\Program Files\Samsung\Samsung Battery Manager\KStartMem.exe
Deleted

C:\Program Files\Samsung\Samsung Magic Doctor\KStartMem.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Samsung\Samsung Magic Doctor\KStartMem.exe
Disinfection failed

C:\Program Files\Samsung\Samsung Magic Doctor\KStartMem.exe
Deleted

C:\Program Files\Samsung\Samsung Magic Doctor\OneclickSTS\FixNortonAutoProtection.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Samsung\Samsung Magic Doctor\OneclickSTS\FixNortonAutoProtection.exe
Disinfection failed

C:\Program Files\Samsung\Samsung Magic Doctor\OneclickSTS\FixNortonAutoProtection.exe
Deleted

C:\Program Files\Samsung\Samsung Recovery Solution III\devcon.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Samsung\Samsung Recovery Solution III\devcon.exe
Disinfection failed

C:\Program Files\Samsung\Samsung Recovery Solution III\devcon.exe
Deleted

C:\Program Files\Samsung\Samsung Recovery Solution III\InstDrv.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Samsung\Samsung Recovery Solution III\InstDrv.exe
Disinfection failed

C:\Program Files\Samsung\Samsung Recovery Solution III\InstDrv.exe
Deleted

C:\Program Files\Samsung\Samsung Recovery Solution III\KStartMem.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Samsung\Samsung Recovery Solution III\KStartMem.exe
Disinfection failed

C:\Program Files\Samsung\Samsung Recovery Solution III\KStartMem.exe
Deleted

C:\Program Files\Samsung\Samsung Recovery Solution III\Resdll.dll
Infected with: Win32.Ramnit.H

C:\Program Files\Samsung\Samsung Recovery Solution III\Resdll.dll
Disinfection failed

C:\Program Files\Samsung\Samsung Recovery Solution III\Resdll.dll
Deleted

C:\Program Files\Samsung\Samsung Recovery Solution III\WCScheduler.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Samsung\Samsung Recovery Solution III\WCScheduler.exe
Disinfection failed

C:\Program Files\Samsung\Samsung Recovery Solution III\WCScheduler.exe
Deleted

C:\Program Files\Synaptics\SynTP\InstNT.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Synaptics\SynTP\InstNT.exe
Disinfection failed

C:\Program Files\Synaptics\SynTP\InstNT.exe
Deleted

C:\Program Files\Synaptics\SynTP\Media\InstNT.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Synaptics\SynTP\Media\InstNT.exe
Disinfection failed

C:\Program Files\Synaptics\SynTP\Media\InstNT.exe
Deleted

C:\Program Files\Synaptics\SynTP\Media\setup.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Synaptics\SynTP\Media\setup.exe
Disinfection failed

C:\Program Files\Synaptics\SynTP\Media\setup.exe
Deleted

C:\Program Files\Synaptics\SynTP\Media\SynMood.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Synaptics\SynTP\Media\SynMood.exe
Disinfection failed

C:\Program Files\Synaptics\SynTP\Media\SynMood.exe
Deleted

C:\Program Files\Synaptics\SynTP\Media\SynZMetr.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Synaptics\SynTP\Media\SynZMetr.exe
Disinfection failed

C:\Program Files\Synaptics\SynTP\Media\SynZMetr.exe
Deleted

C:\Program Files\Synaptics\SynTP\Media\Tutorial.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Synaptics\SynTP\Media\Tutorial.exe
Disinfection failed

C:\Program Files\Synaptics\SynTP\Media\Tutorial.exe
Deleted

C:\Program Files\Synaptics\SynTP\SynMood.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Synaptics\SynTP\SynMood.exe
Disinfection failed

C:\Program Files\Synaptics\SynTP\SynMood.exe
Deleted

C:\Program Files\Synaptics\SynTP\SynZMetr.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Synaptics\SynTP\SynZMetr.exe
Disinfection failed

C:\Program Files\Synaptics\SynTP\SynZMetr.exe
Deleted

C:\Program Files\Synaptics\SynTP\Tutorial.exe
Infected with: Win32.Ramnit.H

C:\Program Files\Synaptics\SynTP\Tutorial.exe
Disinfection failed

C:\Program Files\Synaptics\SynTP\Tutorial.exe
Deleted

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btmcrcam.dll
Infected with: Win32.Ramnit.H

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btmcrcam.dll
Disinfection failed

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btmcrcam.dll
Deleted

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwiacam.dll
Infected with: Win32.Ramnit.H

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwiacam.dll
Disinfection failed

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwiacam.dll
Deleted

C:\Program Files\WIDCOMM\Bluetooth Software\gzip.exe
Infected with: Win32.Ramnit.H

C:\Program Files\WIDCOMM\Bluetooth Software\gzip.exe
Disinfection failed

C:\Program Files\WIDCOMM\Bluetooth Software\gzip.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002339.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002339.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002339.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002352.dll
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002352.dll
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002352.dll
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002354.dll
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002354.dll
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002354.dll
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002381.DLL
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002381.DLL
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002381.DLL
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002382.dll
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002382.dll
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002382.dll
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002383.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002383.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002383.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002384.dll
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002384.dll
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002384.dll
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002385.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002385.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002385.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002387.dll
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002387.dll
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002387.dll
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002388.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002388.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002388.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002391.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002391.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002391.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002392.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002392.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002392.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002393.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002393.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002393.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002394.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002394.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002394.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002395.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002395.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002395.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002396.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002396.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002396.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002397.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002397.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002397.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002398.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002398.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002398.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002399.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002399.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002399.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002400.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002400.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002400.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002401.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002401.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002401.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002402.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002402.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002402.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002403.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002403.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002403.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002404.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002404.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002404.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002405.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002405.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002405.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002406.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002406.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002406.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002407.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002407.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002407.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002408.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002408.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002408.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002409.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002409.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002409.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002410.dll
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002410.dll
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002410.dll
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002411.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002411.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002411.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002412.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002412.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002412.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002413.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002413.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002413.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002414.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002414.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002414.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002415.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002415.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002415.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002416.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002416.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002416.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002417.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002417.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002417.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002418.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002418.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002418.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002419.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002419.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002419.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002420.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002420.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002420.exe
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002421.dll
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002421.dll
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002421.dll
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002422.dll
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002422.dll
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002422.dll
Deleted

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002423.exe
Infected with: Win32.Ramnit.H

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002423.exe
Disinfection failed

C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP6\A0002423.exe
Deleted

#5 fsa259

fsa259
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 AM

Posted 11 November 2010 - 08:43 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5096

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

12/11/2010 01:42:14
mbam-log-2010-11-12 (01-42-14).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 242533
Time elapsed: 2 hour(s), 24 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\SAMSUNG\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft\watermark.exe (Trojan.Agent) -> Delete on reboot.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:38 AM

Posted 14 November 2010 - 08:43 AM

Hello fsa259.

I'm afraid I have very bad news.

Win32/Ramnit.A / Win32/Ramnit.B are file infectors with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A or VBS/Generic. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of damage can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

In my opinion, Ramnit is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Security vendors that claim to be able to remove file infectors cannot guarantee that all traces of it will be removed as they may not find all the remnants. If something goes awry during the malware removal process there is always a risk the computer may become unstable or unbootable and you could loose access to all your data.

Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).


Edited by quietman7, 14 November 2010 - 08:45 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 fsa259

fsa259
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 AM

Posted 14 November 2010 - 04:41 PM

It is just as I feared.

When you say complete rebuild, do you mean I need to delete ALL partitions and reformat the entire disk? Or just delete partition C, reformat and reinstall?

If so, and since this virus affects thumb drives, how can I safely retrieve my D drive data?

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:38 AM

Posted 14 November 2010 - 05:25 PM

When you say complete rebuild, do you mean I need to delete ALL partitions and reformat the entire disk?

Yes.

If you're not sure how to reformat or need help with reformatting, please review:These links include specific step-by-step instructions with screenshots:Vista users can refer to these instructions:Windows 7 users can refer to these instructions:Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.

Note: If you're using an IBM, Sony, HP, Compaq, Toshiba, Gateway or Dell machine, you may not have an original CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. Also be sure to read Technology Advisory Recovery Media. If the recovery partition has become infected, you will need to contact the manufacturer, explain what happened and ask them to send full recovery disks to use instead. If you lost or misplaced your recover disks, again you can contact and advise the manufacturer. In many cases they will send replacements as part of their support.

If you have made a disk image with an imaging tool (i.e. Acronis True Image, Drive Image, Ghost, Macrium Reflect, etc.) before your system was infected, then using it is another option. Disk Imaging allows you to take a complete snapshot (image) of your hard disk which can be used for system recovery in case of a hard disk disaster or malware resistent to disinfection. The image is an exact, byte-by-byte copy of an entire hard drive (partition or logical disk) which can be used to restore your system at a later time to the exact same state the system was when you imaged the disk or partition. Essentially, it will restore the computer to the state it was in when the image was made. You will then have to reinstall all programs that you added afterwards. This includes all security updates and patches from Microsoft.

If you need additional assistance with reformatting or partitioning, you can start a new topic in the Operating Systems Subforums forum.

Caution: If you are considering backing up data and reformatting due to malware infection, keep in mind, with file infectors, there is always a chance of backed up data reinfecting your system. If the data is that important to you, then you can try to salvage some of it but there is no guarantee so be forewarned that you may have to start over again afterwards if reinfected by attempting to recover your data. Only back up your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), dynamic link library (*.dll), autorun (.ini) or script files (.php, .asp, and .html) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension or adding to the existing extension as shown here so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions. Then make sure you scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

If your CD/DVD drive is unusable, another word of caution if you are considering backing up to an external usb hard drive as your only alternative. External drives are more susceptible to infection and can become compromised in the process of backing up data. I'm not saying you should not try using such devices but I want to make you aware of all your options and associated risks so you can make an informed decision if its worth that risk.Again, do not back up any files with the following file extensions: exe, .scr, .dll, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users