Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijack Log- Fake Visa Verification Site [CLOSED]

Started by decane , Jun 23 2008 10:03 PM

  • This topic is locked This topic is locked

#106
fenzodahl512
Posted 05 July 2008 - 11:22 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts

:) I literally compressed the files within the last 2 weeks. I was running out of space so I did it. Afterwards someone told me that it could present problems in the future. I guess they were right.

I don't have any CDs so I'm going to try the 2nd option.

I should have something to post within the next 30 minutes.



Ok.. Will wait for your report..


--------------

At

9. At the command prompt, type the following: compact ntldr /u <the drive letter>:\ntldr

Replace it with compact ntldr /u C:\ntldr
  • 0

Advertisements

#107
decane
Posted 05 July 2008 - 12:12 PM

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Sorry it took so long. I couldn't get the 2nd option to work. I have a Sony Vaio Laptop.

I held down the F10 key and nothing happened. I then tried holding down f8 - it gave me a bunch of options (safe mode, boot logging, etc...), but nothing about the recovery console. I tried to press Alt + D anyway but nothing happened.


Since that didn't work. I decompress all of the files on my c-drive and rebooted. I still got the following screen:

NTDLR is compressed.
Press Ctrl+Alt+Del to restart
  • 0

#108
fenzodahl512
Posted 05 July 2008 - 12:30 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
One bonus question.... Do you have a blank cd?

Err.. another bonus question.. Does your laptop have cd/dvd writer?

As we need to burn something to a cd/dvd before we can use it.. :)
  • 0

#109
decane
Posted 05 July 2008 - 01:08 PM

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
I have a blank cd and a cd writer. However, I don't have any blank CDs with me at the present time.

I have an external hard-drive. Can I use that instead or do I need to go get a blank CD?
  • 0

#110
fenzodahl512
Posted 05 July 2008 - 01:44 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
It's ok.. When you have a blank cd, please do the following..

1. Please download RC.iso and save it to your Desktop.. Don't do anything with it yet.. We will later..


2. Please download ISO Recorder and save it to your Desktop.. Double-click it and install it to your computer..


3. Please navigate this website on tutorial how to use ISO Recorder to burn RC.iso into your blank CD.. You need to burn RC.iso into your cd and will need to use this cd upon rebooting..


4. Please reboot your laptop and press either Delete or F2 button upon rebooting to load into bios.


5. Please change your Boot sequence or Boot Priority into CD/DVD first and Hard Disk (HDD) in second order.. Please navigate this website for some idea on how to change your boot order.. Make sure you Save your setting before exit the BIOS..


6. Please put the CD that contains RC.iso into CD/DVD drive.. and reboot your computer.. You should be able to enter into Recovery Console.. Please perform the fixmbr command that I've instruct to you as before..


7. Tell me about it.. Also, tell me if you have any difficulty to do that..


Regards
fenzodahl512
  • 0

#111
decane
Posted 05 July 2008 - 03:28 PM

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Ok. I'm trying not celebrate, but so far so good. I performed a transaction and the pop-up did not appear :)

1. I followed your instructions regarding the CD and was able to access the recovery console.
2. I was able to select c:windows
3. It did not ask me for a password.
4. I typed fixmbr.
5. When I restarted the computer, I got very nervous. The recovery wizard appeared and asked me if I wanted to reset the computer to the original manufacturer's settings. I'm not sure if this is what you expected to happen. I hit cancel so I did NOT reset it to the original settings. Did I make the correct choice?
6. The computer rebooted.
7. I performed a transaction and did not get the pop-up. :)
8. However, I did have to enter my hotmail password twice and as I'm typing this message the cursor is occasionally jumping around the screen. So I don't know if my laptop is still infected.

Did I do what you expected?

Please let me know if you think the fix took and how to confirm that my PC is fixed.

Thanks.
  • 0

#112
decane
Posted 05 July 2008 - 03:44 PM

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
I had some xtra time so I want back & read some of your previous instructions. I figured I would post a few logs so that you would have something to look at when you get this message.

I was finally able to run. the mbr.exe. Below is the log.

It looks like there may still be an issue:

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
malicious code @ sector 0x950e4c1 size 0x1e4 !
copy of MBR has been found in sector 62 !
  • 0

#113
decane
Posted 05 July 2008 - 04:09 PM

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
I was finally able to run the gmer.exe. Below are the results:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-07-05 18:07:09
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwClose [0xEE015A00]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xF2C30040]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xF2C2C930]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateKey [0xF2C37A80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xF2C30510]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcess [0xEE015730]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcessEx [0xEE0158A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSection [0xEE016340]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xEE015F90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateThread [0xEE016C60]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xF2C30600]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xF2C2CF20]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xF2C386E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xF2C38440]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDuplicateObject [0xEE015B60]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadDriver [0xEE013F80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xF2C388B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwMapViewOfSection [0xF2C3A270]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xF2C2CD70]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenProcess [0xEE015520]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenSection [0xEE016170]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xF2C36150]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xEE016910]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xF2C39250]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xF2C38CB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xF2C2FC00]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xF2C39080]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwResumeThread [0xEE016C10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xF2C30220]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetContextThread [0xEE016F90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xEE017560]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xEE012C40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetSystemInformation [0xF2C2A1C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetValueKey [0xF2C38140]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSuspendThread [0xEE016BC0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xEE0142F0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwTerminateProcess [0xEE016760]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwUnloadDriver [0xF2C2A5F0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwWriteVirtualMemory [0xEE015A20]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[284] [0xEE011D40]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[285] [0xEE011D50]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[286] [0xEE011D60]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[287] [0xEE011D80]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[288] [0xEE011DA0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[289] [0xEE011DD0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[290] [0xEE011DE0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[291] [0xEE011E00]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[292] [0xEE011E10]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[293] [0xEE011ED0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[294] [0xEE011FA0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[295] [0xEE011FE0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[296] [0xEE012020]

Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ 10, 05, C3, F2, 70, 68, C3, ... ]
.text ntoskrnl.exe!_abnormal_termination + 21C 804E2878 1 Byte [ 70 ]
.text ntoskrnl.exe!_abnormal_termination + 21E 804E287A 2 Bytes [ C2, F2 ]
.text ntoskrnl.exe!IoIsOperationSynchronous 804E875A 5 Bytes JMP EE017E80 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80512919 5 Bytes JMP EE017980 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
? C:\DOCUME~1\Michael\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\spoolsv.exe[172] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Mozilla Firefox\firefox.exe[260] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\System32\svchost.exe[328] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\System32\wdfmgr.exe[344] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\NOTEPAD.EXE[400] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Sony\giga pocket\RM_SV.exe[928] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1196] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Bonjour\mDNSResponder.exe[1232] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\sony\giga pocket\shwserv.exe[1260] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\System32\nvsvc32.exe[1296] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Documents and Settings\Michael\Desktop\gmer.exe[1404] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[1532] C:\WINDOWS\system32\KERNEL32.dll time/date stamp mismatch;
? D:\Program Files D Drive\aawservice.exe[1820] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\System32\alg.exe[2260] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Sony\HotKey Utility\HKserv.exe[2656] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\System32\ezSP_Px.exe[2672] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\WDBtnMgr.exe[2708] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2744] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Sony\HotKey Utility\HKWnd.exe[2768] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2808] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\iTunes\iTunesHelper.exe[2860] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[2900] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Quicken\bagent.exe[2924] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\ctfmon.exe[3004] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Microsoft Office\Office\OSA.EXE[3220] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\PowerPanel\Program\PcfMgr.exe[3244] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\iPod\bin\iPodService.exe[3308] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Sony\USBSircs\usbsircs.exe[3412] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F2C34CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F2C351C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F2C35320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F2C34E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F2C34E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F2C34CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F2C351C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F2C35320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F2C34CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F2C34E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F2C35320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F2C351C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F2C35320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F2C351C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F2C34CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F2C42330] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F2C34E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F2C34CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F2C351C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F2C35320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F2C35320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F2C351C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F2C34E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F2C34CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F2C34CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F2C34E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F2C35320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F2C351C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [F2C2D5C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [F2C2D770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [F2C2D2D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [F2C2D670] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C884FB0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C884FB0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C884FB0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [7C884FB0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [7C884FB0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\Iphlpapi.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[172] @ C:\WINDOWS\system32\Iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C884FB0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C884FB0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C884FB0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [7C884FB0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[260] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[
  • 0

#114
decane
Posted 05 July 2008 - 04:16 PM

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
the log was cut-off so I attached a file.

Attached Files

  • Attached File  gmer.txt   309.07KB   179 downloads

  • 0

#115
decane
Posted 05 July 2008 - 04:56 PM

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:55:16, on 7/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files D Drive\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Quicken\bagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\USBSircs\usbsircs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program Files D Drive\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: ChatSpace Java Client 4.0.0.325 - http://chat.scout.co...va/cms40325.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep....42037/sb02a.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1213760249984
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.su...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17B862B6-8450-4D45-8B32-78FC1B919154}: NameServer = 209.137.160.7,209.137.171.10
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - D:\Program Files D Drive\Quickbooks PRO2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files D Drive\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - D:\Program Files D Drive\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Perssv - Primax Electronics Ltd. - (no file)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11153 bytes
  • 0

Advertisements

#116
decane
Posted 05 July 2008 - 05:02 PM

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
DSS Scan

Deckard's System Scanner v20071014.68
Run by Michael on 2008-07-05 18:56:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).
System Drive C: has 0.83 GiB (less than 15%) free.


-- HijackThis (run as Michael.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:55, on 7/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files D Drive\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Quicken\bagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\USBSircs\usbsircs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Michael\Desktop\dss.exe
D:\PROGRA~1\Michael.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: ChatSpace Java Client 4.0.0.325 - http://chat.scout.co...va/cms40325.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep....42037/sb02a.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1213760249984
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.su...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17B862B6-8450-4D45-8B32-78FC1B919154}: NameServer = 209.137.160.7,209.137.171.10
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - D:\Program Files D Drive\Quickbooks PRO2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files D Drive\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - D:\Program Files D Drive\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Perssv - Primax Electronics Ltd. - (no file)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11188 bytes

-- Files created between 2008-06-05 and 2008-07-05 -----------------------------

2008-07-04 00:41:19 0 d-------- C:\WINDOWS\ERUNT
2008-06-30 18:27:34 0 d-------- C:\WINDOWS\Sun
2008-06-30 18:27:34 0 d-------- C:\Documents and Settings\Michael\Application Data\Sun
2008-06-30 18:25:30 0 d-------- C:\Program Files\Java
2008-06-30 18:25:06 0 d-------- C:\Program Files\Common Files\Java
2008-06-29 23:09:44 2706 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-29 23:08:44 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-29 23:08:44 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-29 23:08:44 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-29 23:08:44 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-29 23:08:44 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-29 23:08:43 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-29 23:08:43 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-29 23:08:43 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-29 21:57:48 0 d-------- C:\Documents and Settings\Michael\Application Data\ArcSoft
2008-06-29 12:17:02 0 d-------- C:\Documents and Settings\Michael\DoctorWeb
2008-06-28 23:36:58 0 d-------- C:\cmdcons
2008-06-28 13:29:23 68096 --a------ C:\WINDOWS\zip.exe
2008-06-28 13:29:23 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-28 13:29:23 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-28 13:29:23 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-28 13:29:23 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-28 13:29:23 98816 --a------ C:\WINDOWS\sed.exe
2008-06-28 13:29:23 80412 --a------ C:\WINDOWS\grep.exe
2008-06-28 13:29:23 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-22 23:44:25 0 d-------- C:\Program Files\Panda Security
2008-06-22 12:11:09 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-22 12:10:35 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-22 12:10:35 0 d-------- C:\Documents and Settings\Michael\Application Data\SUPERAntiSpyware.com
2008-06-22 11:34:24 0 d-------- C:\Documents and Settings\Michael\Application Data\Malwarebytes
2008-06-22 11:34:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-22 11:33:06 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-22 10:39:53 0 d-------- C:\VundoFix Backups
2008-06-19 00:10:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-18 23:45:26 34520 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-06-18 19:42:03 0 d-------- C:\Program Files\WebEx
2008-06-18 19:42:02 36864 --a------ C:\Documents and Settings\Michael\atwbxdet.dll <Not Verified; ; atwbxdet Module>
2008-06-18 18:30:22 0 d-------- C:\Program Files\Bonjour
2008-06-18 01:13:18 0 d-------- C:\Documents and Settings\Michael\Application Data\Template
2008-06-17 23:40:40 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-15 23:00:56 0 d-------- C:\WINDOWS\system32\DRVSTORE
2008-06-15 22:59:57 0 d-------- C:\Program Files\Common Files\Apple
2008-06-15 22:53:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-14 08:55:55 0 d-------- C:\WINDOWS\pss
2008-06-14 00:58:37 0 d-------- C:\WINDOWS\Prefetch
2008-06-14 00:44:15 0 d-------- C:\WINDOWS\system32\scripting
2008-06-14 00:44:08 0 d-------- C:\WINDOWS\l2schemas
2008-06-14 00:44:07 0 d-------- C:\WINDOWS\system32\en
2008-06-14 00:35:16 0 d-------- C:\WINDOWS\network diagnostic
2008-06-13 21:21:57 0 d-------- C:\WINDOWS\peernet
2008-06-13 21:21:53 0 d-------- C:\WINDOWS\provisioning
2008-06-13 21:17:42 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-13 21:08:10 0 d-------- C:\WINDOWS\EHome
2008-06-11 18:46:15 51304 --a------ C:\WINDOWS\system32\drivers\atnt40k.sys
2008-06-08 19:34:47 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-08 08:40:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia


-- Find3M Report ---------------------------------------------------------------

2008-07-02 11:49:01 0 d-------- C:\Documents and Settings\Michael\Application Data\Adobe
2008-06-30 18:25:06 0 d-------- C:\Program Files\Common Files
2008-06-29 16:05:18 0 d-------- C:\Program Files\Common Files\Motive
2008-06-24 18:13:36 0 d-------- C:\Documents and Settings\Michael\Application Data\Mozilla
2008-06-18 20:53:23 0 d-------- C:\Program Files\Windows NT
2008-06-18 19:06:03 0 d-------- C:\Program Files\Symantec
2008-06-18 19:05:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-18 19:04:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-18 18:59:16 0 d-------- C:\Program Files\Microsoft Money
2008-06-18 18:40:07 0 d-------- C:\Program Files\Lavasoft
2008-06-18 18:34:58 0 d-------- C:\Documents and Settings\Michael\Application Data\Apple Computer
2008-06-15 23:35:48 0 d-------- C:\Program Files\iTunes
2008-06-15 23:34:51 0 d-------- C:\Program Files\iPod
2008-06-15 23:19:36 0 d-------- C:\Program Files\Apple Software Update
2008-06-15 23:12:10 0 d-------- C:\Program Files\QuickTime
2008-06-14 01:08:04 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-14 00:44:56 0 d-------- C:\Program Files\Messenger
2008-06-14 00:44:06 0 d-------- C:\Program Files\Movie Maker
2008-06-13 23:41:53 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-13 23:36:36 0 d-------- C:\Program Files\Common Files\Real
2008-06-13 23:36:18 0 d-------- C:\Documents and Settings\Michael\Application Data\Real
2008-06-12 18:40:08 0 d-------- C:\Program Files\imGiant
2008-05-31 09:15:55 0 d-------- C:\Program Files\BitComet
2008-05-28 10:08:20 0 d-------- C:\Documents and Settings\Michael\Application Data\Lavasoft
2008-05-07 18:59:38 0 d-------- C:\Documents and Settings\Michael\Application Data\AdobeUM


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [05/02/2003 18:51]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [06/26/2003 19:00]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [08/20/2002 13:29]
"VAIO Recovery"="C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 01:08]
"WD Button Manager"="WDBtnMgr.exe" [09/24/2006 14:31 C:\WINDOWS\system32\WDBtnMgr.exe]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [03/21/2006 21:30]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/30/2003 01:14]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [03/21/2006 14:19]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/14/2008 00:11]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickenScheduledUpdates"="C:\Program Files\Quicken\bagent.exe" [05/07/2007 14:17]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 16:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 20:12]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [9/12/1997]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 7:05:56 AM]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [9/12/1997]
PowerPanel.lnk - C:\Program Files\PowerPanel\Program\PcfMgr.exe [8/7/2003 5:45:44 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [9/11/2007 9:38:44 AM]
Remocon Driver.lnk - C:\Program Files\Sony\USBSircs\usbsircs.exe [9/11/2004 12:44:05 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Timer Recording Manager.lnk
backup=C:\WINDOWS\pss\Timer Recording Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
ICO.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmaTel StacMon]
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]
"c:\program files\support.com\client\bin\tgcmd.exe" /server

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=D:\Program Files D Drive\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - GMER
*Newly Created Service* - MBR



-- End of Deckard's System Scanner: finished at 2008-07-05 19:00:25 ------------
  • 0

#117
fenzodahl512
Posted 06 July 2008 - 01:35 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Wow... That's an improvement.. A major one :)


Now, please delete the textfile mbr2.txt from your Desktop...

Remember the runthis.bat file that we make earlier... Please run that.. A new textfile name mbr2.txt (again...) will be created into your Desktop.. please post its content here.. Waiting for your news :)
  • 0

#118
decane
Posted 06 July 2008 - 06:43 AM

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
I'm back :) . I feel much better about the situation than I have in a few weeks. I'm ready to knock this thing out for good. I'll be around from 8:30am to 4:30pm EST and then again after 10:00pm EST

On another positive note, I am able to hibernate my laptop for the first time since I've been infected.

Were you able to read all of my comments and the logs? Just in case I reposted a few of my comments/questions.

4. I typed fixmbr.
5. When I restarted the computer, I got very nervous. The recovery wizard appeared and asked me if I wanted to reset the computer to the original manufacturer's settings. I'm not sure if this is what you expected to happen. I hit cancel so I did NOT reset it to the original settings. Did I make the correct choice?
6. The computer rebooted.
7. I performed a transaction and did not get the pop-up. smile.gif
8. However, I did have to enter my hotmail password twice and as I'm typing this message the cursor is occasionally jumping around the screen. So I don't know if my laptop is still infected.

Did I do what you expected?

Please let me know if you think the fix took and how to confirm that my PC is fixed.

Thanks.
-----------------------

Below is the result of runthis.bat. It looks the same as when I ran the mbr.exe

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
malicious code @ sector 0x950e4c1 size 0x1e4 !
copy of MBR has been found in sector 62 !
  • 0

#119
fenzodahl512
Posted 06 July 2008 - 08:51 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Erm.. lets do this....

Copy mbr.exe from your Desktop to C:\Windows folder

Then go to Start >> Run >> copy/paste mbr.exe -f >> Press Enter..




NEXT


Please double click mbr.exe again (which is located in your Desktop).. and post the content of mbr.txt textfile..



NEXT


Please run Dr.Web CureIt! again..
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Move incurable
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.


Please post the Dr.Web CureIt! logfile along with mbr.txt content in your next reply..


Regards
fenzodahl512
  • 0

#120
decane
Posted 06 July 2008 - 09:00 AM

decane

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
I'm working on it.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP