Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Unknown malware infection sending spam emails from PC.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unknown malware infection sending spam emails from PC.

Unread postby Naito » July 14th, 2008, 1:15 am

Having a very annoying problem with my computer, please help.

Upon startup, my Symantec antivirus shows tons of systray alerts about scanning emails being sent out. These can go as far as to fill the screen entirely. There are also several error windows that pop up in the middle of the screen, saying things like "message could not be sent from your IP", among other error messages. Eventually the Symantec Antivirus process that causes these popups (ccapp.exe) crashes and the popups stop, but judging from the general sluggishness of my PC and internet, and the frequent "server not found" errors and instances of "load forever, requiring you to hit refresh" that occur, I figure this must still be going in the background. I see no processes in Process Explorer that look any different from what usually runs on my PC at all, neither while the popups are going or after they've stopped.

Symantec also refuses to scan my computer, saying "Could not start scan. Scan engine returned error 0x20000058". Ad-Aware causes a blue screen in the middle of a scan, and Zonealarm Pro's Spyware Remover, Spybot, and AVG-Free Antivirus 8 all found nothing related to this problem. System Restore gives an error after restarting my PC, saying it failed. At this point I have no idea what to do other than post this problem here. Here's my HijackThis log, taken a couple hours ago:

===================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:02 PM, on 7/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS2\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS2\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS2\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS2\system32\oodag.exe
C:\WINDOWS2\system32\pctspk.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS2\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS2\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS2\system32\LVCOMSX.EXE
C:\WINDOWS2\system32\RUNDLL32.EXE
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\ICO.EXE
C:\WINDOWS2\system32\Pelmiced.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Documents and Settings\Dion A. Lewis\Desktop\Process XP.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.prevx.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.prevx.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.prevx.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.prevx.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users.WINDOWS2\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS2\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS2\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS2\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [{4464CE10-0385-1033-0726-010419010001}] "C:\Program Files\Common Files\{4464CE10-0385-1033-0726-010419010001}\Update.exe" mc-110-12-0001032
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS2\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS2\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS2\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS2\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS2\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS2\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Process Explorer.lnk = C:\Documents and Settings\Dion A. Lewis\Desktop\Process XP.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {7b297bfd-85e4-4092-b2af-16a91b2ea103} (WScanCtl Class) - http://www.ca.com/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS2\system32\svchosts.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: GoogleDesktopManager - GEAR Software Inc. - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS2\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS2\system32\oodag.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS2\system32\pctspk.exe
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx1\PXAgent.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS2\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 12343 bytes
===================================

Thanks in advance for your help.

EDIT: Here is a link to a screenshot of what occurs when my computer is started up, if it helps at all:

http://img295.imageshack.us/img295/6684/problemnn7.png

Note that the error popups all around the middle of the screen al pop up exactly in the center, but I spread them out so they were readable.
Naito
Active Member
 
Posts: 3
Joined: July 14th, 2008, 12:38 am
Advertisement
Register to Remove

Re: Unknown malware infection sending spam emails from PC.

Unread postby Shaba » July 17th, 2008, 8:07 am

Hi Naito

Please download gmer.zip from Gmer and save it to your desktop.

  1. Right click on gmer.zip and select Extract All....
  2. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  3. Click on the Browse button. Click on Desktop. Then click OK.
  4. Click Next. It will start extracting.
  5. Once done, check (tick) the Show extracted files box and click Finish.
  6. Double click on gmer.exe to run it.
  7. Select the Rootkit tab.
  8. On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  9. Select all drives that are connected to your system to be scanned.
  10. Click on the Scan button.
  11. When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  12. Open Notepad or a similar text editor.
  13. Paste the clipboard contents into the text editor.
  14. Save the Gmer scan log and post it in your next reply.
  15. Close Gmer.
  16. Open Command Prompt by going to Start > Run and type in cmd. Press Enter.
  17. In Command Prompt, type in net stop gmer. Press Enter.
  18. Type in exit to close Command Prompt.

Note: Do not run any programs while Gmer is running.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Unknown malware infection sending spam emails from PC.

Unread postby Naito » July 17th, 2008, 5:43 pm

I believe I may have gotten rid of the problem using a combination of running http://housecall.trendmicro.com in safe mode with networking, Malwarebytes Anti-Malware (also in safe mode) and Cureit. My computer and net are no longer laggy and I haven't gotten any alerts about mails being sent. However, I'm not sure if that means it won't come back since I did get rid of it once a few days ago only for it to suddenly come back nearly eight hours later, so here is the gmer log you asked me to post, just in case it's still around or something else is:

=================================
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-07-17 14:15:33
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwAlertResumeThread [0xF738583D]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwAllocateUserPhysicalPages [0xF7385847]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwAllocateVirtualMemory [0xF7385851]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwClose [0xF738585B]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwCompactKeys [0xF7385865]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwCompressKey [0xF738586F]
SSDT E1BF58C8 ZwConnectPort
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwCreateDirectoryObject [0xF7385879]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwCreateEvent [0xF7385883]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwCreateEventPair [0xF738588D]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xF4D9A820]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwCreateIoCompletion [0xF73858A1]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwCreateJobObject [0xF73858AB]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateKey [0xF4DA5690]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwCreateMailslotFile [0xF73858BF]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwCreateMutant [0xF73858C9]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwCreateNamedPipeFile [0xF73858D3]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xF74A0C70]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwCreatePort [0xF73858DD]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwCreateProcess [0xF73858E7]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwCreateProcessEx [0xF73858F1]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwCreateSection [0xF73858FB]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwCreateSemaphore [0xF7385905]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwCreateSymbolicLinkObject [0xF738590F]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwCreateThread [0xF7385919]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwCreateTimer [0xF7385923]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwCreateToken [0xF738592D]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xF4D9AEA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xF4DA66A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xF4DA62E0]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwDeviceIoControlFile [0xF7385955]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwDuplicateObject [0xF738595F]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwEnumerateKey [0xF7385969]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwEnumerateValueKey [0xF7385973]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwFreeUserPhysicalPages [0xF738597D]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwFreeVirtualMemory [0xF7385987]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwImpersonateAnonymousToken [0xF7385991]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwImpersonateThread [0xF738599B]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwLoadDriver [0xF73859A5]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xF4DA69E0]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwLoadKey2 [0xF73859B9]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwLockRegistryKey [0xF73859C3]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwLockVirtualMemory [0xF73859CD]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwMapViewOfSection [0xF73859D7]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xF4D9ACF0]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwOpenKey [0xF73859EB]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwOpenProcess [0xF73859F5]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwOpenProcessToken [0xF73859FF]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwOpenSection [0xF7385A09]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwOpenThread [0xF7385A13]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwOpenThreadToken [0xF7385A1D]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwProtectVirtualMemory [0xF7385A27]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwQueryInformationProcess [0xF7385A31]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwQueryInformationThread [0xF7385A3B]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwQueryKey [0xF7385A45]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwQueryMultipleValueKey [0xF7385A4F]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwQueryOpenSubKeys [0xF7385A59]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwQueryValueKey [0xF7385A63]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwQueueApcThread [0xF7385A6D]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwReadFile [0xF7385A77]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwReadVirtualMemory [0xF7385A81]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwRenameKey [0xF7385A8B]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xF4DA6CD0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xF4DA6F80]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwResumeProcess [0xF7385AA9]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwResumeThread [0xF7385AB3]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwSaveKey [0xF7385ABD]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwSaveKeyEx [0xF7385AC7]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwSaveMergedKeys [0xF7385AD1]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwSetContextThread [0xF7385ADB]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xF4D9B010]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwSetInformationKey [0xF7385AE5]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwSetInformationProcess [0xF7385AEF]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwSetInformationThread [0xF7385AF9]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwSetSystemInformation [0xF7385B03]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xF74AC4F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetValueKey [0xF4DA5E67]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwSuspendProcess [0xF7385B17]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwSuspendThread [0xF7385B21]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwSystemDebugControl [0xF7385B2B]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwTerminateJobObject [0xF7385B35]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwTerminateProcess [0xF7385B3F]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwTerminateThread [0xF7385B49]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwUnloadDriver [0xF7385B53]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwUnloadKey [0xF7385B5D]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwUnloadKeyEx [0xF7385B67]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwUnlockVirtualMemory [0xF7385B71]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwUnmapViewOfSection [0xF7385B7B]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwWriteFile [0xF7385B85]
SSDT pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/) ZwWriteVirtualMemory [0xF7385B8F]

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!_abnormal_termination + D7 804E2DA8 24 Bytes [ 79, 58, 38, F7, 83, 58, 38, ... ]
.text ntoskrnl.exe!_abnormal_termination + F3 804E2DC4 32 Bytes [ 90, 56, DA, F4, BF, 58, 38, ... ]
.text ntoskrnl.exe!_abnormal_termination + 117 804E2DE8 24 Bytes [ FB, 58, 38, F7, 05, 59, 38, ... ]
.text ntoskrnl.exe!_abnormal_termination + 197 804E2E68 1 Byte [ 7D ]
.text ntoskrnl.exe!_abnormal_termination + 199 804E2E6A 6 Bytes [ 38, F7, 87, 59, 38, F7 ]
.text ...
? srescan.sys The system cannot find the file specified. !
? C:\WINDOWS2\system32\Drivers\PROCEXP100.SYS The system cannot find the file specified. !
? System32\Drivers\hiber_WMILIB.SYS The system cannot find the file specified. !

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F4DAFFB0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [F4D9B570] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [F4D9B4C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [F4D9B670] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [F4D9B1D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS2\system32\LVCOMSX.EXE[716] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B62F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS2\system32\LVCOMSX.EXE[716] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B62DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS2\system32\LVCOMSX.EXE[716] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtClose] [00B62D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS2\system32\LVCOMSX.EXE[716] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B62DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\uTorrent\uTorrent.exe[960] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\uTorrent\uTorrent.exe[960] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\uTorrent\uTorrent.exe[960] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\uTorrent\uTorrent.exe[960] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\RocketDock\RocketDock.exe[1384] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B42F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\RocketDock\RocketDock.exe[1384] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B42DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\RocketDock\RocketDock.exe[1384] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtClose] [00B42D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\RocketDock\RocketDock.exe[1384] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B42DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS2\Explorer.EXE[1796] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01212F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS2\Explorer.EXE[1796] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01212DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS2\Explorer.EXE[1796] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtClose] [01212D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS2\Explorer.EXE[1796] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01212DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Dion A. Lewis\Desktop\Process XP.exe[2188] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Dion A. Lewis\Desktop\Process XP.exe[2188] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Dion A. Lewis\Desktop\Process XP.exe[2188] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Dion A. Lewis\Desktop\Process XP.exe[2188] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3016] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtCreateFile] [010E2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3016] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [010E2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3016] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtClose] [010E2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3016] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [010E2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS2\system32\wscntfy.exe[3144] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008F2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS2\system32\wscntfy.exe[3144] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008F2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS2\system32\wscntfy.exe[3144] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtClose] [008F2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS2\system32\wscntfy.exe[3144] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008F2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3260] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F02F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3260] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F02DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3260] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtClose] [00F02D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3260] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F02DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3276] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AC2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3276] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AC2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3276] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtClose] [00AC2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3276] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AC2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS2\system32\ICO.EXE[3568] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B92F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS2\system32\ICO.EXE[3568] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B92DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS2\system32\ICO.EXE[3568] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtClose] [00B92D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS2\system32\ICO.EXE[3568] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B92DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3624] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AA2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3624] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AA2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3624] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtClose] [00AA2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3624] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AA2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\SYMANT~1\VPTray.exe[3668] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AC2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\SYMANT~1\VPTray.exe[3668] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AC2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\SYMANT~1\VPTray.exe[3668] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtClose] [00AC2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\SYMANT~1\VPTray.exe[3668] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AC2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Dion A. Lewis\Desktop\gmer.exe[3704] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Dion A. Lewis\Desktop\gmer.exe[3704] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Dion A. Lewis\Desktop\gmer.exe[3704] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtClose] [00802D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Dion A. Lewis\Desktop\gmer.exe[3704] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS2\system32\Pelmiced.exe[3780] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B62F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS2\system32\Pelmiced.exe[3780] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B62DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS2\system32\Pelmiced.exe[3780] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtClose] [00B62D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS2\system32\Pelmiced.exe[3780] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B62DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Trillian\trillian.exe[3892] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B82F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Trillian\trillian.exe[3892] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B82DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Trillian\trillian.exe[3892] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtClose] [00B82D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Trillian\trillian.exe[3892] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B82DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\iTouch\iTouch.exe[3896] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C22F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\iTouch\iTouch.exe[3896] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C22DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\iTouch\iTouch.exe[3896] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtClose] [00C22D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\iTouch\iTouch.exe[3896] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C22DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\AVG\AVG8\avgtray.exe[3936] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C72F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\AVG\AVG8\avgtray.exe[3936] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C72DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\AVG\AVG8\avgtray.exe[3936] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtClose] [00C72D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\AVG\AVG8\avgtray.exe[3936] @ C:\WINDOWS2\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C72DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 84396EB8

AttachedDevice \FileSystem\Ntfs \Ntfs pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/)
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \FileSystem\Fastfat \FatCdrom 83EFDFB0
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip pxtdi.sys (PREVX Security Agent for Windows. TDI module/Prevx Limited, http://www.prevx1.com/)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Tcp pxtdi.sys (PREVX Security Agent for Windows. TDI module/Prevx Limited, http://www.prevx1.com/)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Cdrom \Device\CdRom0 84008708
Device \FileSystem\Rdbss \Device\FsWrap 840D3FB0
Device \Driver\Cdrom \Device\CdRom1 84008708
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 84004570
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 84004570
Device \Driver\atapi \Device\Ide\IdePort0 84004570
Device \Driver\atapi \Device\Ide\IdePort1 84004570
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 84004570
Device \Driver\Cdrom \Device\CdRom2 84008708
Device \FileSystem\Srv \Device\LanmanServer 8406E0F0
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Udp pxtdi.sys (PREVX Security Agent for Windows. TDI module/Prevx Limited, http://www.prevx1.com/)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\RawIp pxtdi.sys (PREVX Security Agent for Windows. TDI module/Prevx Limited, http://www.prevx1.com/)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 840D2A88
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 840D2A88
Device \FileSystem\Npfs \Device\NamedPipe 840D1780
Device \FileSystem\Msfs \Device\Mailslot 840C8348
Device \Driver\Vax347s \Device\Scsi\Vax347s1 840F3680
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 840F3680
Device \FileSystem\Fastfat \Fat 83EFDFB0

AttachedDevice \FileSystem\Fastfat \Fat pxfsf.sys (PREVX Security Agent for Windows/Prevx Limited, http://www.prevx1.com/)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 840C16D8
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 840C16D8
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 840C16D8
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 840C16D8
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 840C16D8
Device \FileSystem\Cdfs \Cdfs 840DC620

---- Modules - GMER 1.0.14 ----

Module _________ F7403000-F741B000 (98304 bytes)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40@ljej40 0x07 0x68 0x3A 0xE0 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}@DisplayName Alcohol 120%
Reg HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6@ProductName Alcohol 120%
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{24BEAAA5-A423-AD78-E1B5-DE88EC632237}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{24BEAAA5-A423-AD78-E1B5-DE88EC632237}@bbbpgipcccofbhmbcaemblgbmilgekfmpiab 0x61 0x62 0x6F 0x66 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{24BEAAA5-A423-AD78-E1B5-DE88EC632237}@abbpgipcccofbhmbcanbmkijiimfbajlpa 0x61 0x62 0x70 0x66 ...

---- EOF - GMER 1.0.14 ----
=================================

Thanks for the help.
Naito
Active Member
 
Posts: 3
Joined: July 14th, 2008, 12:38 am

Re: Unknown malware infection sending spam emails from PC.

Unread postby Shaba » July 18th, 2008, 3:05 am

Hi

GMER log is fine.

Can you please post cureit and Malwarebytes Anti-Malware scan logs as well if available?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Unknown malware infection sending spam emails from PC.

Unread postby Naito » July 18th, 2008, 3:21 am

Glad to hear that ^_^ I don't have a Cureit log and don't even remember seeing it give me one, but I did save the Malwarebytes Anti-Malware one, and here it is:

==========================
Malwarebytes' Anti-Malware 1.20
Database version: 948
Windows 5.1.2600 Service Pack 2

4:22:09 PM 7/16/2008
mbam-log-7-16-2008 (16-22-09).txt

Scan type: Quick Scan
Objects scanned: 80322
Time elapsed: 44 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\a5c31b2f (Rootkit.Win32.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\a5c31b2f (Rootkit.Win32.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a5c31b2f (Rootkit.Win32.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS2\system32\drivers\a5c31b2f.sys (Rootkit.Win32.Agent) -> Quarantined and deleted successfully.
==========================
Naito
Active Member
 
Posts: 3
Joined: July 14th, 2008, 12:38 am

Re: Unknown malware infection sending spam emails from PC.

Unread postby Shaba » July 18th, 2008, 5:40 am

Hi

Yes, it deleted spambot :)

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Unknown malware infection sending spam emails from PC.

Unread postby Shaba » July 23rd, 2008, 9:16 am

Due to Lack of Response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 305 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware