Total Security Help Needed

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Total Security Help Needed

Post by Jay Cee on Fri Sep 25, 2009 2:10 am

I have Dell Latitude D620 for work. I noticed on Monday some pop ups so I ran malwarebytes and removed everything it found. I went on a business trip to Denver on Tuesday. Once I got to my hotel that evening and booted up my computer I noticed this fake scanner within minutes. It will not let me boot up in any safe mode nor will it let me run malwarebytes. I even tried downloading malwarebytes again as a different file name, installed it, made sure that check for updates and launch app were checked and hit finish but this virus will not allow it to run. I have no idea what to do now. I am on my personal laptop now trying to research this but everything I find says to run malwarebytes which I have tried to do already. I would much rather take care of this on my own than hand my laptop over to the IT department. Someone please help me out. I will come back here and check on this thread a few times an hour while I am awake. I thank everyone in advance for any help you may offer.

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Fri Sep 25, 2009 5:09 am

Hi

Please download ComboFix by sUBs
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

Please save the file to your Desktop, but rename it first:




Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.

After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". [You must be registered and logged in to see this link.] if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:




  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.


Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Fri Sep 25, 2009 6:12 am

ComboFix 09-09-23.02 - jcampanioni 09/25/2009 1:46.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.577 [GMT -4:00]
Running from: c:\documents and settings\lguser\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\19806564
c:\documents and settings\All Users\Application Data\19806564\19806564
c:\documents and settings\All Users\Application Data\19806564\19806564.exe
c:\documents and settings\All Users\Application Data\19806564\pc19806564ins
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\lguser\Desktop\Total Security 2009.lnk
c:\documents and settings\lguser\Start Menu\Programs\Total Security
c:\documents and settings\lguser\Start Menu\Programs\Total Security\Total Security 2009.lnk
c:\recycler\S-1-5-21-1177238915-1383384898-682003330-1003
c:\recycler\S-1-5-21-1504304746-270059296-3381594247-1005
c:\windows\Installer\1631629.msi
c:\windows\Installer\3ba2109.msp
c:\windows\system32\41.exe
c:\windows\system32\batimeyu.dll
c:\windows\system32\bobajitu.dll
c:\windows\system32\brubnctg.ini
c:\windows\system32\csmyffjl.ini
c:\windows\system32\ddcfyxuk.ini
c:\windows\system32\dobonede.dll
c:\windows\system32\edihonay.ini
c:\windows\system32\erakupos.ini
c:\windows\system32\fidebipi.dll
c:\windows\system32\firovopa.dll.tmp
c:\windows\system32\hagebuzi.dll
c:\windows\system32\hesudipi.dll.tmp
c:\windows\system32\hofonike.exe
c:\windows\system32\hoguforu.exe
c:\windows\system32\huyowoza.dll
c:\windows\system32\jQtwyGgh.ini
c:\windows\system32\jQtwyGgh.ini2
c:\windows\system32\kakekuze.dll.tmp
c:\windows\system32\kfskftlq.ini
c:\windows\system32\knyeaucn.ini
c:\windows\system32\KSYFOqss.ini
c:\windows\system32\KSYFOqss.ini2
c:\windows\system32\mayonibe.dll
c:\windows\system32\mofohupu.dll
c:\windows\system32\mogukaho.dll
c:\windows\system32\navavaze.dll.tmp
c:\windows\system32\pmpspdew.ini
c:\windows\system32\qgtrxuhs.ini
c:\windows\system32\rigebevu.dll
c:\windows\system32\sinehotu.dll.tmp
c:\windows\system32\sipnmeoa.ini
c:\windows\system32\sufojeni.dll
c:\windows\system32\TCLTAJjl.ini
c:\windows\system32\TCLTAJjl.ini2
c:\windows\system32\tiduzane.dll
c:\windows\system32\txvpkiry.ini
c:\windows\system32\uiscghyr.ini
c:\windows\system32\wobaheve.dll
c:\windows\system32\wojogpoj.ini
c:\windows\system32\wojohilu.exe
c:\windows\system32\woyobizi.dll
c:\windows\system32\wqnyakpn.ini
c:\windows\system32\wvsjhtli.ini
c:\windows\system32\yapakati.dll
c:\windows\system32\yenejesa.exe
c:\windows\system32\yjjsedey.ini
c:\windows\system32\yubiyufo.dll
c:\windows\system32\zaluyudi.dll
c:\windows\system32\zamihesu.dll
c:\windows\system32\zodogupe.dll
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat . . . . failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . . . . failed to delete

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PROTECT
-------\Service_Protect


((((((((((((((((((((((((( Files Created from 2009-08-25 to 2009-09-25 )))))))))))))))))))))))))))))))
.

2009-09-25 01:56 . 2009-09-25 01:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-17 18:34 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-17 18:34 . 2009-09-25 02:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-17 18:34 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-15 15:04 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-22 20:14 . 2009-03-09 19:57 -------- d-----w- c:\program files\Symantec AntiVirus
2009-09-21 19:16 . 2007-08-21 18:31 -------- d-----w- c:\documents and settings\lguser\Application Data\ICAClient
2009-09-03 14:56 . 2009-07-31 19:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-02 16:05 . 2007-10-12 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-09-01 12:46 . 2007-08-21 19:07 -------- d-----w- c:\program files\LGEAD
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 19:24 . 2009-07-31 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-31 19:23 . 2009-07-31 19:23 -------- d-----w- c:\documents and settings\lguser\Application Data\SUPERAntiSpyware.com
2009-07-29 14:59 . 2007-08-21 18:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-18 17:46 . 2008-05-30 12:20 7867 ----a-w- c:\windows\system32\drivers\WWHOOK.SYS
2009-07-18 17:45 . 2008-05-30 12:20 5632 ----a-w- c:\windows\system32\drivers\SFMouse.sys
2009-07-18 17:45 . 2008-05-30 12:20 4992 ----a-w- c:\windows\system32\drivers\SFKbd.sys
2009-07-18 17:45 . 2008-05-30 12:20 35200 ----a-w- c:\windows\system32\drivers\SFFOLDER.SYS
2009-07-18 17:45 . 2008-05-30 12:20 34688 ----a-w- c:\windows\system32\drivers\sfres.sys
2009-07-18 17:45 . 2009-07-07 13:04 10240 ----a-w- c:\windows\system32\drivers\sfcdex.sys
2009-07-18 17:45 . 2008-05-30 12:20 40960 ----a-w- c:\windows\system32\drivers\SDFA.SYS
2009-07-18 17:45 . 2008-05-30 12:20 16191 ----a-w- c:\windows\system32\drivers\safandrv.sys
2009-07-18 17:45 . 2008-05-30 12:20 5632 ----a-w- c:\windows\system32\drivers\ProcHide.sys
2009-07-18 17:45 . 2008-05-30 12:20 45952 ----a-w- c:\windows\system32\drivers\Filehook.sys
2009-07-18 17:45 . 2008-05-30 12:20 32384 ----a-w- c:\windows\system32\drivers\FDDec.SYS
2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 16:21 . 2008-04-14 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2008-05-22 12:52 . 2008-05-22 12:52 1244493 -csha-w- c:\windows\system32\txvpkiry.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-04-14 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6FC59230-01FC-49D4-978C-6875091F0B4E}"= "c:\program files\MarkAny\Document SAFER\madocmgr.dll" [2005-09-22 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logoff\0\0]
"Script"=offInsert.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\0\0]
"Script"=AgentUnInstall.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\1\0]
"Script"=DNSSearch.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\2\0]
"Script"=twLogOn_2.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\3\0]
"Script"=ie.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\4\0]
"Script"=logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\5\0]
"Script"=setdns.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logoff\0\0]
"Script"=offInsert.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\0\0]
"Script"=AgentUnInstall.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\1\0]
"Script"=DNSSearch.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\2\0]
"Script"=twLogOn_2.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\3\0]
"Script"=ie.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\4\0]
"Script"=logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\5\0]
"Script"=setdns.bat

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WWCnt\\WwcNT.exe"=

R0 FileHook;SAFASOFT File System Filter;c:\windows\system32\drivers\Filehook.sys [5/30/2008 8:20 AM 45952]
R0 SFCDEX;WaterWall SFCDEX Filter;c:\windows\system32\drivers\sfcdex.sys [7/7/2009 9:04 AM 10240]
R1 PROCHIDE;ProcHide Driver;c:\windows\system32\drivers\ProcHide.sys [5/30/2008 8:20 AM 5632]
R1 Safandrv;Safandrv;c:\windows\system32\drivers\safandrv.sys [5/30/2008 8:20 AM 16191]
R1 SFkbd;SAFASOFT Keyboard Filter;c:\windows\system32\drivers\SFKbd.sys [5/30/2008 8:20 AM 4992]
R1 SFMouse;SAFASOFT Mouse Filter;c:\windows\system32\drivers\SFMouse.sys [5/30/2008 8:20 AM 5632]
R1 SFRes;SAFASOFT Resource Driver;c:\windows\system32\drivers\sfres.sys [5/30/2008 8:20 AM 34688]
R2 ADAgent;ADAgent;c:\program files\LGEAD\ADAgentService.exe [8/13/2008 5:36 PM 586752]
R2 SDFA;SDFA Driver;c:\windows\system32\drivers\SDFA.SYS [5/30/2008 8:20 AM 40960]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/1/2007 2:44 PM 24652]
R2 WWC;Ww Client 3.2 Agent;c:\wwcnt\WwcService.exe [7/7/2009 9:05 AM 233472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 12:44 PM 102448]
R3 WwHook;WwHook;c:\windows\system32\drivers\WWHOOK.SYS [5/30/2008 8:20 AM 7867]
S0 cerc6;cerc6; [x]
S0 wfM18;wfM18;c:\windows\system32\Drivers\wfM18.sys --> c:\windows\system32\Drivers\wfM18.sys [?]
S3 FDDec;SAFASOFT Encrpty Mobile Driver;c:\windows\system32\drivers\FDDec.SYS [5/30/2008 8:20 AM 32384]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464]
S3 SFfolder;SAFASOFT Encrpty Folder Driver;c:\windows\system32\drivers\SFFOLDER.SYS [5/30/2008 8:20 AM 35200]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: lge.com
TCP: {A33C4699-B92C-407E-B4AC-344A394BCB77} = 136.166.4.4,136.166.10.50
DPF: {19A9C0F9-C5FB-46A0-8B6D-A9E2D2944FEF} - [You must be registered and logged in to see this link.]
DPF: {245DF0F9-179F-4027-875A-0493B21C204F} - [You must be registered and logged in to see this link.]
DPF: {6A70986F-6565-4D86-849C-4713E1E41AA2} - [You must be registered and logged in to see this link.]
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - [You must be registered and logged in to see this link.]
DPF: {B102CB47-BE39-4572-BD36-EB978A5FF76C} - [You must be registered and logged in to see this link.]
DPF: {DFA53E3E-E703-4B36-9EE7-82101A6A43CC} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\lguser\Application Data\Mozilla\Firefox\Profiles\ultj2jdw.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

BHO-{2828f345-8474-4701-b14b-277a5e112263} - batimeyu.dll
HKLM-Run-net - c:\windows\system32\net.net
HKLM-Run-19806564 - c:\documents and settings\All Users\Application Data\19806564\19806564.exe
HKLM-Run-sesemural - c:\windows\system32\zodogupe.dll
HKLM-Run-kuvulunubu - sufojeni.dll
SharedTaskScheduler-{9f7a785f-6b51-415a-a983-0dd79f691d23} - c:\windows\system32\zodogupe.dll
SharedTaskScheduler-{b5d92bcd-0a34-4b26-bf5d-d63b59f65fe7} - c:\windows\system32\zodogupe.dll
SharedTaskScheduler-{f65af39e-cfcf-4a2b-abad-ddd3fdbbbcd3} - c:\windows\system32\zodogupe.dll
SharedTaskScheduler-{ee01c744-dfbf-4a13-8919-50f351106b20} - c:\windows\system32\zodogupe.dll
SSODL-johutamom-{9f7a785f-6b51-415a-a983-0dd79f691d23} - c:\windows\system32\zodogupe.dll
SSODL-hukezusoh-{b5d92bcd-0a34-4b26-bf5d-d63b59f65fe7} - c:\windows\system32\zodogupe.dll
SSODL-depomimeh-{f65af39e-cfcf-4a2b-abad-ddd3fdbbbcd3} - c:\windows\system32\zodogupe.dll
SSODL-vudevajok-{ee01c744-dfbf-4a13-8919-50f351106b20} - c:\windows\system32\zodogupe.dll
AddRemove-{1AA8D54D-73C3-4706-A8F5-B3ADDBCA0FA8}_is1 - c:\program files\LGEAD\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-25 01:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2456)
c:\wwcnt\SYSTEM\safaweb.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\scardsvr.exe
c:\wwcnt\WwcNT.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\wwcnt\SYSTEM\pmonitor.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\CCM\clicomp\RemCtrl\Wuser32.exe
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\rundll32.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-09-25 2:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-25 06:11

Pre-Run: 1,101,783,040 bytes free
Post-Run: 3,458,228,224 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /execute /fastdetect

308 --- E O F --- 2009-03-28 16:01

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Fri Sep 25, 2009 9:16 am

Hi

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Fri Sep 25, 2009 8:40 pm

i ran malwarebytes and followed all the instructions and everything seems fine now. my laptop is not letting me open the log tho and keeps saying there is an application error with notepad.exe. "The instruction at '0x0100739d' referenced memory at '0x0100739d'. The memory could not be 'written'."

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Fri Sep 25, 2009 9:47 pm

Hi

Please download avast! ANTIROOTKIT from [You must be registered and logged in to see this link.] and save it to your Desktop.

Note: to prevent false positives, please quit all running programs before starting the scan!
  • Double-click on aswar.exe to start the program.
  • Click Show Scan Options.
  • Make sure the following checkboxes have checkmarks in them: Hidden Files and Directories, Hidden Services and Drivers, Hidden Registry Keys and Values, Hidden Processes, Log all scanned items.
  • Click the big Scan Now! button.
  • Click View scan log. Please post the contents of that log in your next reply. If the scan log will not launch, please tell me.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Sat Sep 26, 2009 5:18 pm

i ran it and the same memory error comes up when i click on view scan log.

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Sat Sep 26, 2009 5:29 pm

Hi

Please do the following then try to run the above scan again:

Navigate to this webpage: [You must be registered and logged in to see this link.] and see the section "Fix it for me" and click the Microsoft Fix-It button. This will download a fix utility to repair the security settings on your computer, due to damages of malware or other harmful system changes. Install the file after download.

If you are able to run it, post a log. If not, please tell me.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Sat Sep 26, 2009 10:22 pm

Did the fix it, ran avast again. No rootkits were found. Same memory error message comes up when trying to view the log.

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Sat Sep 26, 2009 10:53 pm

Please download [You must be registered and logged in to see this link.] and install it.

Please do a Malwarebytes quick scan, and tell me if logs open up in Notepad++.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Sun Sep 27, 2009 12:30 am

it didnt work at first and then i editted the preferences in notepad++ and it finally opened.




Malwarebytes' Anti-Malware 1.41
Database version: 2857
Windows 5.1.2600 Service Pack 3

9/26/2009 8:28:03 PM
mbam-log-2009-09-26 (20-28-03).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 178606
Time elapsed: 1 hour(s), 0 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Sun Sep 27, 2009 12:44 am

Please use Internet Explorer and run a [You must be registered and logged in to see this link.]

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan
Please post the results in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Sun Sep 27, 2009 1:51 pm

while running the above scan new windows installer popups showed up regarding symantec antivirus. they keep saying the feature is on a network source that is unavailable "C:\DOCUME~1\lguser\LOCALS~1\Temp\~SFX49b573ef\".





BitDefender Online Scanner - Real Time Virus Report



Generated at: Sun, Sep 27, 2009 - 09:53:06


--------------------------------------------------------------------------------





Scan Info



Scanned Files
247059

Infected Files
79








Virus Detected



Trojan.Generic.2265252
1

Trojan.Generic.2443991
2

Trojan.Generic.IS.593468
4

Trojan.Generic.2342197
39

Packer.Malware.NSAnti.1
5

Trojan.Vundo.GOM
3

Trojan.Vundo.GMM
1

Application.Generic.190039
2

Trojan.FakeAV.PJ
1

Trojan.Generic.2250351
3

Trojan.Generic.2375564
2

Trojan.CryptRedol.Gen.2
4

Trojan.Generic.2243763
2

Trojan.CryptRedol.Gen.3
2

Trojan.FakeAlert.TK
2

Trojan.TDss.VS
2

Trojan.Generic.2293764
2

Generic.Malware.P!.F6CD5798
1

Application.Generic.188689
1










--------------------------------------------------------------------------------



This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Sun Sep 27, 2009 5:35 pm

Hi

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Full Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Mon Sep 28, 2009 4:58 pm

Malwarebytes' Anti-Malware 1.41
Database version: 2867
Windows 5.1.2600 Service Pack 3

9/28/2009 1:00:16 PM
mbam-log-2009-09-28 (13-00-16).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 178266
Time elapsed: 1 hour(s), 14 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Mon Sep 28, 2009 5:07 pm

Hi

Please download avast! ANTIROOTKIT from [You must be registered and logged in to see this link.] and save it to your Desktop.

Note: to prevent false positives, please quit all running programs before starting the scan!
  • Double-click on aswar.exe to start the program.
  • Click Show Scan Options.
  • Make sure the following checkboxes have checkmarks in them: hȋdden Files and Directories, hȋdden Services and Drivers, hȋdden Registry Keys and Values, hȋdden Processes, Log all scanned items.
  • Click the big Scan Now! button.
  • Click View scan log. Please post the contents of that log in your next reply. If the scan log will not launch, please tell me.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Wed Sep 30, 2009 11:31 pm

For some reason i cant paste the log into my reply. But the message "No rootkits have been found" with a green check mark did appear after the scan was complete.

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Thu Oct 01, 2009 7:00 am

Hi

Please download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  • Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  • Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Thu Oct 01, 2009 10:12 pm

SpiderKill by DragonMaster Jay ( Oct 2009 )


Microsoft Windows XP [Version 5.1.2600]

********************Drivers list********************


Volume in drive C has no label.
Volume Serial Number is FC17-E078

Directory of C:\Windows\System32\Drivers

09/26/2009 12:39 PM .
09/26/2009 12:39 PM ..
04/14/2008 08:00 AM 187,776 acpi.sys
04/14/2008 08:00 AM 11,648 acpiec.sys
04/14/2008 08:00 AM 142,592 aec.sys
08/14/2008 06:04 AM 138,496 afd.sys
04/14/2008 08:00 AM 42,368 agp440.sys
04/14/2008 08:00 AM 44,928 agpcpq.sys
04/14/2008 08:00 AM 42,752 alim1541.sys
04/14/2008 08:00 AM 43,008 amdagp.sys
04/14/2008 08:00 AM 37,376 amdk6.sys
04/14/2008 08:00 AM 37,760 amdk7.sys
08/12/2005 04:50 PM 16,128 APPDRV.SYS
04/14/2008 08:00 AM 60,800 arp1394.sys
04/14/2008 08:00 AM 14,336 asyncmac.sys
04/14/2008 08:00 AM 96,512 atapi.sys
04/14/2008 08:00 AM 59,904 atmarpc.sys
04/14/2008 08:00 AM 31,360 atmepvc.sys
04/14/2008 08:00 AM 55,808 atmlane.sys
04/14/2008 08:00 AM 352,256 atmuni.sys
08/17/2001 09:59 AM 3,072 audstub.sys
10/26/2005 10:01 AM 142,720 b57xp32.sys
04/14/2008 08:00 AM 14,208 battc.sys
09/21/2004 07:18 PM 148,830 bcbthub.sys
03/16/2007 06:10 PM 604,928 BCMWL5.SYS
03/16/2007 06:10 PM 33,664 BCMWLNPF.SYS
04/14/2008 08:00 AM 4,224 beep.sys
10/19/2004 12:39 PM 20,096 blueletaudio.sys
04/14/2008 08:00 AM 71,552 bridge.sys
11/08/2004 11:22 AM 24,152 btcusb.sys
04/14/2008 08:00 AM 17,024 bthenum.sys
10/19/2004 02:40 PM 28,207 BTHidMgr.sys
04/14/2008 08:00 AM 273,024 bthport.sys
04/14/2008 08:00 AM 18,944 bthusb.sys
09/21/2004 07:15 PM 10,804 BtNetDrv.sys
04/14/2008 08:00 AM 13,952 cbidf2k.sys
04/14/2008 12:16 AM 17,024 ccdecode.sys
04/14/2008 08:00 AM 18,688 cdaudio.sys
04/14/2008 08:00 AM 63,744 cdfs.sys
04/14/2008 08:00 AM 62,976 cdrom.sys
12/21/2004 06:29 PM 39,904 cercsr6.sys
04/14/2008 08:00 AM 262,528 cinemst2.sys
04/14/2008 08:00 AM 49,536 classpnp.sys
04/14/2008 08:00 AM 13,952 cmbatt.sys
04/14/2008 08:00 AM 10,240 compbatt.sys
04/14/2008 08:00 AM 11,776 cpqdap01.sys
04/14/2008 08:00 AM 36,736 crusoe.sys
11/30/2005 11:39 PM 141,497 del1028.cty
08/21/2007 09:35 AM disdn
04/14/2008 08:00 AM 36,352 disk.sys
04/14/2008 08:00 AM 14,208 diskdump.sys
11/18/2005 12:02 PM 5,660 DLACDBHM.SYS
11/18/2005 12:02 PM 22,684 DLARTL_N.SYS
04/14/2008 08:00 AM 799,744 dmboot.sys
04/14/2008 08:00 AM 153,344 dmio.sys
04/14/2008 08:00 AM 5,888 dmload.sys
04/14/2008 12:15 AM 52,864 DMusic.sys
04/14/2008 08:00 AM 60,160 drmk.sys
04/14/2008 08:00 AM 2,944 drmkaud.sys
09/12/2005 03:30 AM 89,264 DRVMCDB.SYS
08/12/2005 05:20 AM 40,544 DRVNDDM.SYS
12/26/2007 12:38 AM 23,552 dsNcAdpt.sys
04/14/2008 08:00 AM 10,496 dxapi.sys
04/14/2008 08:00 AM 71,168 dxg.sys
04/14/2008 08:00 AM 3,328 dxgthk.sys
09/25/2009 01:59 AM etc
04/14/2008 08:00 AM 143,744 fastfat.sys
04/14/2008 08:00 AM 27,392 fdc.sys
07/18/2009 01:45 PM 32,384 FDDec.SYS
07/18/2009 01:45 PM 45,952 Filehook.sys
04/14/2008 08:00 AM 44,544 fips.sys
04/14/2008 08:00 AM 20,480 flpydisk.sys
04/14/2008 08:00 AM 129,792 fltMgr.sys
04/14/2008 08:00 AM 12,160 fsvga.sys
04/14/2008 08:00 AM 7,936 fs_rec.sys
04/14/2008 08:00 AM 125,056 ftdisk.sys
09/21/2004 07:18 PM 116,021 fw203x.sys
04/14/2008 08:00 AM 46,464 gagp30kx.sys
03/19/2009 04:32 PM 23,400 GEARAspiWDM.sys
04/14/2008 08:00 AM 3,440,660 gm.dls
04/14/2008 08:00 AM 646 gmreadme.txt
04/14/2008 08:00 AM 144,384 hdaudbus.sys
08/12/2004 05:45 PM 113,664 Hdaudio.sys
04/14/2008 08:00 AM 36,864 hidclass.sys
04/14/2008 08:00 AM 24,960 hidparse.sys
04/14/2008 08:00 AM 10,368 hidusb.sys
12/01/2005 01:40 AM 192,512 HSXHWAZL.sys
12/01/2005 01:40 AM 669,696 HSX_CNXT.sys
12/01/2005 01:40 AM 936,960 HSX_DPV.sys
04/14/2008 08:00 AM 264,832 http.sys
04/14/2008 08:00 AM 52,480 i8042prt.sys
05/31/2007 12:38 AM 8,992 idisw2km.sys
03/30/2007 09:34 PM 5,704,672 igxpmp32.sys
04/14/2008 08:00 AM 42,112 imapi.sys
04/14/2008 08:00 AM 36,352 intelppm.sys
04/14/2008 08:00 AM 36,608 ip6fw.sys
04/14/2008 08:00 AM 32,896 ipfltdrv.sys
04/14/2008 08:00 AM 20,864 ipinip.sys
04/14/2008 08:00 AM 152,832 ipnat.sys
04/14/2008 08:00 AM 75,264 ipsec.sys
04/14/2008 08:00 AM 11,264 irenum.sys
04/14/2008 08:00 AM 37,248 isapnp.sys
04/14/2008 08:00 AM 24,576 kbdclass.sys
05/31/2007 12:38 AM 11,744 kbstuff5.sys
04/14/2008 08:00 AM 172,416 kmixer.sys
04/14/2008 08:00 AM 141,056 ks.sys
06/24/2009 07:18 AM 92,928 ksecdd.sys
08/04/2004 01:56 AM 61,952 kstvtune.ax
08/04/2004 01:56 AM 90,624 kswdmcap.ax
08/04/2004 01:56 AM 43,008 ksxbar.ax
09/10/2009 02:53 PM 19,160 mbam.sys
09/10/2009 02:54 PM 38,224 mbamswissarmy.sys
04/14/2008 08:00 AM 7,680 mcd.sys
10/04/2005 11:57 PM 12,544 mdmxsdk.sys
04/14/2008 08:00 AM 63,744 mf.sys
04/14/2008 08:00 AM 4,224 mnmdd.sys
04/14/2008 08:00 AM 30,080 modem.sys
04/14/2008 08:00 AM 23,040 mouclass.sys
04/14/2008 08:00 AM 12,160 mouhid.sys
04/14/2008 08:00 AM 42,368 mountmgr.sys
04/14/2008 08:00 AM 92,544 mqac.sys
04/14/2008 08:00 AM 180,608 mrxdav.sys
10/24/2008 07:21 AM 455,296 mrxsmb.sys
04/14/2008 08:00 AM 19,072 msfs.sys
04/14/2008 08:00 AM 35,072 msgpc.sys
04/14/2008 08:00 AM 7,552 mskssrv.sys
04/14/2008 08:00 AM 5,376 mspclock.sys
04/14/2008 08:00 AM 4,992 mspqm.sys
04/14/2008 08:00 AM 15,488 mssmbios.sys
04/14/2008 12:09 AM 5,504 mstee.sys
04/14/2008 08:00 AM 105,344 mup.sys
04/14/2008 12:16 AM 85,248 nabtsfec.sys
04/14/2008 08:00 AM 182,656 ndis.sys
04/14/2008 08:00 AM 10,880 ndisip.sys
04/14/2008 08:00 AM 10,112 ndistapi.sys
04/14/2008 08:00 AM 14,592 ndisuio.sys
04/14/2008 08:00 AM 91,520 ndiswan.sys
04/14/2008 08:00 AM 40,576 ndproxy.sys
04/14/2008 08:00 AM 34,688 netbios.sys
04/14/2008 08:00 AM 162,816 netbt.sys
04/14/2008 08:00 AM 61,824 nic1394.sys
04/14/2008 08:00 AM 12,032 nikedrv.sys
04/14/2008 08:00 AM 40,320 nmnt.sys
04/14/2008 08:00 AM 30,848 npfs.sys
04/14/2008 08:00 AM 574,976 ntfs.sys
04/14/2008 08:00 AM 2,944 null.sys
04/14/2008 08:00 AM 12,416 nwlnkflt.sys
04/14/2008 08:00 AM 32,512 nwlnkfwd.sys
04/14/2008 08:00 AM 88,320 nwlnkipx.sys
04/14/2008 08:00 AM 63,232 nwlnknb.sys
04/14/2008 08:00 AM 55,936 nwlnkspx.sys
04/14/2008 08:00 AM 163,584 nwrdr.sys
02/11/2005 05:02 AM 8,655 o2mwxp.cat
02/09/2005 02:33 PM 4,286 O2MWXP.INF
04/14/2008 08:00 AM 3,456 oprghdlr.sys
04/27/2003 10:31 PM 51,169 OXSER.SYS
11/18/2000 08:56 PM 14,380 OXSER.VXD
04/14/2008 08:00 AM 42,752 p3.sys
09/21/2004 07:18 PM 13,299 packet.sys
04/14/2008 08:00 AM 80,128 parport.sys
04/14/2008 08:00 AM 19,712 partmgr.sys
04/14/2008 08:00 AM 6,784 parvdm.sys
04/14/2008 08:00 AM 68,224 pci.sys
04/14/2008 08:00 AM 3,328 pciide.sys
04/14/2008 08:00 AM 24,960 pciidex.sys
04/14/2008 08:00 AM 120,192 pcmcia.sys
04/01/2004 05:30 PM 10,368 pfc.sys
04/14/2008 08:00 AM 146,048 portcls.sys
04/14/2008 08:00 AM 35,840 processr.sys
07/18/2009 01:45 PM 5,632 ProcHide.sys
04/14/2008 08:00 AM 69,120 psched.sys
04/14/2008 08:00 AM 17,792 ptilink.sys
04/14/2008 08:00 AM 8,832 rasacd.sys
04/14/2008 08:00 AM 51,328 rasl2tp.sys
04/14/2008 08:00 AM 41,472 raspppoe.sys
04/14/2008 08:00 AM 48,384 raspptp.sys
04/14/2008 08:00 AM 16,512 raspti.sys
04/14/2008 08:00 AM 34,432 rawwan.sys
04/14/2008 08:00 AM 175,744 rdbss.sys
04/14/2008 08:00 AM 4,224 rdpcdd.sys
04/14/2008 12:02 AM 196,224 rdpdr.sys
04/14/2008 08:00 AM 139,656 rdpwd.sys
04/14/2008 12:10 AM 57,600 redbook.sys
04/14/2008 08:00 AM 59,136 rfcomm.sys
04/14/2008 08:00 AM 12,032 rio8drv.sys
04/14/2008 08:00 AM 12,032 riodrv.sys
05/08/2008 10:02 AM 203,136 rmcast.sys
04/14/2008 08:00 AM 30,592 rndismp.sys
04/14/2008 08:00 AM 5,888 rootmdm.sys
07/18/2009 01:45 PM 16,191 safandrv.sys
08/03/2003 11:05 AM 73,728 SCBaud.cpl
12/12/2002 02:35 AM 86,016 SCBaud.w9x
04/14/2008 08:00 AM 96,384 scsiport.sys
07/11/2001 11:19 AM 5,787 SCTB.VXD
09/22/2002 04:30 AM 40,960 SCTray.exe
04/14/2008 08:00 AM 79,232 sdbus.sys
07/18/2009 01:45 PM 40,960 SDFA.SYS
04/14/2008 08:00 AM 20,480 secdrv.sys
04/14/2008 08:00 AM 15,744 serenum.sys
04/14/2008 08:00 AM 64,512 serial.sys
07/18/2009 01:45 PM 10,240 sfcdex.sys
04/14/2008 08:00 AM 11,904 sffdisk.sys
07/18/2009 01:45 PM 35,200 SFFOLDER.SYS
04/14/2008 08:00 AM 10,240 sffp_mmc.sys
04/14/2008 08:00 AM 11,008 sffp_sd.sys
07/18/2009 01:45 PM 4,992 SFKbd.sys
04/14/2008 08:00 AM 11,392 sfloppy.sys
07/18/2009 01:45 PM 5,632 SFMouse.sys
07/18/2009 01:45 PM 34,688 sfres.sys
02/10/2004 10:29 AM 48,076 Sio9502k.sys
09/17/2002 04:11 AM 77,824 SioUi2k.dll
04/14/2008 08:00 AM 40,960 sisagp.sys
03/22/2004 07:26 AM 48,556 SktBt2k.sys
03/02/2004 09:04 AM 16,486 sktsio9x.vxd
04/14/2008 08:00 AM 11,136 slip.sys
04/14/2008 08:00 AM 14,592 smclib.sys
04/14/2008 08:00 AM 25,344 sonydcam.sys
04/14/2008 12:15 AM 6,272 splitter.sys
04/14/2008 08:00 AM 73,472 sr.sys
12/11/2008 06:57 AM 333,952 srv.sys
03/24/2006 05:34 PM 1,156,648 sthda.sys
04/14/2008 08:00 AM 49,408 stream.sys
04/14/2008 08:00 AM 15,232 streamip.sys
04/14/2008 08:00 AM 4,352 swenum.sys
04/14/2008 08:00 AM 56,576 swmidi.sys
09/18/2006 05:55 PM 109,744 SYMEVENT.SYS
04/14/2008 08:00 AM 60,800 sysaudio.sys
04/14/2008 08:00 AM 14,976 tape.sys
06/20/2008 07:51 AM 361,600 tcpip.sys
06/20/2008 07:08 AM 225,856 tcpip6.sys
04/14/2008 08:00 AM 19,072 tdi.sys
04/14/2008 08:00 AM 12,040 tdpipe.sys
04/14/2008 08:00 AM 21,896 tdtcp.sys
04/14/2008 05:43 AM 40,840 termdd.sys
04/14/2008 08:00 AM 51,712 tosdvd.sys
04/14/2008 08:00 AM 21,376 tsbvcap.sys
04/14/2008 08:00 AM 12,288 tunmp.sys
04/14/2008 08:00 AM 44,672 uagp35.sys
04/14/2008 08:00 AM 66,048 udfs.sys
04/14/2008 08:00 AM 384,768 update.sys
04/14/2008 08:00 AM 12,800 usb8023.sys
06/05/2009 11:42 AM 39,424 usbaapl.sys
04/14/2008 08:00 AM 25,600 usbcamd.sys
04/14/2008 08:00 AM 25,728 usbcamd2.sys
05/18/2005 05:27 PM 7,764 usbccid.cat
05/17/2005 02:45 PM 1,872 usbccid.inf
05/13/2005 05:27 PM 28,672 usbccid.sys
04/14/2008 08:00 AM 4,736 usbd.sys
04/14/2008 08:00 AM 30,208 usbehci.sys
04/14/2008 08:00 AM 59,520 usbhub.sys
04/14/2008 08:00 AM 15,872 usbintel.sys
04/14/2008 08:00 AM 143,872 usbport.sys
04/14/2008 12:15 AM 15,104 usbscan.sys
04/14/2008 08:00 AM 26,368 usbstor.sys
04/14/2008 08:00 AM 20,608 usbuhci.sys
09/21/2004 07:18 PM 11,604 vbtenum.sys
10/19/2004 02:37 PM 61,312 VComm.sys
11/05/2004 12:39 PM 82,148 VcommMgr.sys
04/14/2008 08:00 AM 58,112 vdmindvd.sys
08/04/2004 01:56 AM 53,760 vfwwdm32.dll
04/14/2008 08:00 AM 20,992 vga.sys
09/22/2004 07:08 PM 12,504 VHIDMini.sys
04/14/2008 08:00 AM 42,240 viaagp.sys
08/04/2004 01:56 AM 28,672 vidcap.ax
04/14/2008 08:00 AM 81,664 videoprt.sys
04/14/2008 08:00 AM 52,352 volsnap.sys
04/14/2008 08:00 AM 34,560 wanarp.sys
04/14/2008 08:00 AM 83,072 wdmaud.sys
04/14/2008 08:00 AM 8,832 wmiacpi.sys
04/14/2008 08:00 AM 4,352 wmilib.sys
04/14/2008 08:00 AM 12,032 ws2ifsl.sys
07/02/2003 11:58 PM 63,488 wssbtr1f.sys
04/14/2008 12:16 AM 19,200 wstcodec.sys
07/18/2009 01:46 PM 7,867 WWHOOK.SYS
270 File(s) 28,520,997 bytes

Directory of C:\Windows\System32\Drivers\disdn

08/21/2007 09:35 AM .
08/21/2007 09:35 AM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\etc

09/25/2009 01:59 AM .
09/25/2009 01:59 AM ..
09/25/2009 01:59 AM 27 hosts
12/26/2007 06:13 PM 734 hosts.msn
03/02/2009 04:20 PM 734 hosts.sym
08/04/2004 06:00 AM 3,683 lmhosts.sam
08/04/2004 06:00 AM 407 networks
08/04/2004 06:00 AM 799 protocol
08/04/2004 06:00 AM 7,116 services
7 File(s) 13,500 bytes

Total Files Listed:
277 File(s) 28,534,497 bytes
8 Dir(s) 3,352,870,912 bytes free


***********************Hidden Drivers********************
Volume in drive C has no label.
Volume Serial Number is FC17-E078

Directory of C:\Windows\System32\Drivers



*********************Processes*******************


PROCESS PID PRIO PATH
smss.exe 632 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 680 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 704 High C:\WINDOWS\system32\winlogon.exe
services.exe 748 Normal C:\WINDOWS\system32\services.exe
lsass.exe 768 Normal C:\WINDOWS\system32\lsass.exe
svchost.exe 968 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1036 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1076 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1172 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1208 Normal C:\WINDOWS\system32\svchost.exe
spoolsv.exe 1508 Normal C:\WINDOWS\system32\spoolsv.exe
SCardSvr.exe 1544 Normal C:\WINDOWS\System32\SCardSvr.exe
svchost.exe 1956 Normal C:\WINDOWS\system32\svchost.exe
WWCSERVICE.EXE 2024 Real Time C:\WWCNT\WWCSERVICE.EXE
ADAgentService.exe 292 Normal C:\Program Files\LGEAD\ADAgentService.exe
AppleMobileDeviceService.exe 312 Normal C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
mDNSResponder.exe 328 Normal C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe 396 Normal C:\WINDOWS\system32\svchost.exe
ccSetMgr.exe 452 Normal C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
DefWatch.exe 544 Normal C:\Program Files\Symantec AntiVirus\DefWatch.exe
dsNcService.exe 576 Normal C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
MDM.EXE 684 Normal C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
NICCONFIGSVC.exe 1100 Normal C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
svchost.exe 1168 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1272 Normal C:\WINDOWS\system32\svchost.exe
Rtvscan.exe 1288 Normal C:\Program Files\Symantec AntiVirus\Rtvscan.exe
ViewpointService.exe 268 Normal C:\Program Files\Viewpoint\Common\ViewpointService.exe
WLTRYSVC.EXE 1636 Normal C:\WINDOWS\System32\WLTRYSVC.EXE
Wuser32.exe 1652 Normal C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
bcmwltry.exe 1664 Normal C:\WINDOWS\System32\bcmwltry.exe
ccEvtMgr.exe 1716 Normal C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
CcmExec.exe 1908 Normal C:\WINDOWS\system32\CCM\CcmExec.exe
wmiprvse.exe 1360 Normal C:\WINDOWS\system32\wbem\wmiprvse.exe
wmiprvse.exe 2068 Normal C:\WINDOWS\system32\wbem\wmiprvse.exe
wmiprvse.exe 2432 Normal C:\WINDOWS\system32\wbem\wmiprvse.exe
ViewMgr.exe 2936 Normal C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Explorer.EXE 3072 Normal C:\WINDOWS\Explorer.EXE
WLTRAY.exe 504 Normal C:\WINDOWS\system32\WLTRAY.exe
quickset.exe 1268 Normal C:\Program Files\Dell\QuickSet\quickset.exe
DLACTRLW.EXE 984 Normal C:\WINDOWS\System32\DLA\DLACTRLW.EXE
jusched.exe 1328 Normal C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
Acrotray.exe 1032 Normal C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
apdproxy.exe 2012 Normal C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
ccApp.exe 2792 Normal C:\Program Files\Common Files\Symantec Shared\ccApp.exe
VPTray.exe 2840 Normal C:\PROGRA~1\SYMANT~1\VPTray.exe
hkcmd.exe 2900 Normal C:\WINDOWS\system32\hkcmd.exe
igfxsrvc.exe 3008 Normal C:\WINDOWS\system32\igfxsrvc.exe
igfxpers.exe 3020 Normal C:\WINDOWS\system32\igfxpers.exe
stsystra.exe 3076 Normal C:\WINDOWS\stsystra.exe
MsnMsgr.Exe 3496 Normal C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
FNPLicensingService.exe 3944 Normal C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
ymsgr_tray.exe 3552 Normal C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
jucheck.exe 492 Normal C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
wmiprvse.exe 3660 Normal C:\WINDOWS\system32\wbem\wmiprvse.exe
cmd.exe 2384 Normal C:\WINDOWS\system32\cmd.exe
processes.exe 3176 Normal C:\Documents and Settings\lguser\Desktop\SpiderKill\SpiderKill\processes.exe


Module information for 'Explorer.EXE'(3072)
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1044480 C:\WINDOWS\Explorer.EXE 6.00.2900.5512 (xpsp.080413-2105) Windows Explorer
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5795 (xpsp_sp3_gdr.090415-1241) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
BROWSEUI.dll 75f80000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Light-weight Utility Library
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512 5.1.2600.5512
SHDOCVW.dll 7e290000 1519616 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.5848 (xpsp_sp3_gdr.090718-1251) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 610304 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.5512 (xpsp.080413-2113) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.5512 (xpsp.080413-0852) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust UI Provider
NETAPI32.dll 5b860000 348160 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) Net Win32 API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
WININET.dll 771b0000 696320 C:\WINDOWS\system32\WININET.dll 6.00.2900.5835 (xpsp_sp3_gdr.090626-1535) Internet Extensions for Win32
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.5512 (xpsp.080413-2105) Windows NT Image Helper
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) Windows Shell Common Dll
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
LPK.DLL 629c0000 36864 C:\WINDOWS\system32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
USP10.dll 74d90000 438272 C:\WINDOWS\system32\USP10.dll 1.0420.2600.5512 (xpsp.080413-2105) Uniscribe Unicode script processor
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
apphelp.dll 77b40000 139264 C:\WINDOWS\system32\apphelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
msctfime.ime 755c0000 188416 C:\WINDOWS\system32\msctfime.ime 5.1.2600.5512 (xpsp.080413-2105) Microsoft Text Frame Work Service IME
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.5512 (xpsp.080413-2105) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.5512 (xpsp.080413-2111) Offline Network Agent
themeui.dll 5ba60000 462848 C:\WINDOWS\system32\themeui.dll 6.00.2900.5512 (xpsp.080413-2105) Windows Theme API
MSIMG32.dll 76380000 20480 C:\WINDOWS\system32\MSIMG32.dll 5.1.2600.5512 (xpsp.080413-2105) GDIEXT Client DLL
xpsp2res.dll 1160000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
actxprxy.dll 71d40000 110592 C:\WINDOWS\system32\actxprxy.dll 6.00.2900.5512 (xpsp.080413-2113) ActiveX Interface Marshaling Library
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.5512 (xpsp.080413-2105) Windows Volume Tracking
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.5512 (xpsp.080413-2105) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
msi.dll 7d1e0000 2867200 C:\WINDOWS\system32\msi.dll 3.1.4001.5512 Windows Installer
NETSHELL.dll 76400000 1724416 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Shell
credui.dll 76c00000 188416 C:\WINDOWS\system32\credui.dll 5.1.2600.5512 (xpsp.080413-2113) Credential Manager User Interface
dot3api.dll 478c0000 40960 C:\WINDOWS\system32\dot3api.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 Autoconfiguration API
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.5512 (xpsp.080413-0852) Routing Utilities
dot3dlg.dll 736d0000 24576 C:\WINDOWS\system32\dot3dlg.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 UI Helper
OneX.DLL 5dca0000 163840 C:\WINDOWS\system32\OneX.DLL 5.1.2600.5512 (xpsp.080413-0852) IEEE 802.1X supplicant library
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Terminal Server SDK APIs
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.5512 (xpsp.080413-2111) Winstation Library
eappcfg.dll 745b0000 139264 C:\WINDOWS\system32\eappcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Eap Peer Config
eappprxy.dll 5dcd0000 57344 C:\WINDOWS\system32\eappprxy.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPHost Peer Client DLL
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
urlmon.dll 7e1e0000 663552 C:\WINDOWS\system32\urlmon.dll 6.00.2900.5835 (xpsp_sp3_gdr.090626-1535) OLE32 Extensions for Win32
webcheck.dll 74b30000 286720 C:\WINDOWS\system32\webcheck.dll 6.00.2900.5512 (xpsp.080413-2105) Web Site Monitor
WSOCK32.dll 71ad0000 36864 C:\WINDOWS\system32\WSOCK32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 32-Bit DLL
stobject.dll 76280000 135168 C:\WINDOWS\system32\stobject.dll 5.1.2600.5512 (xpsp.080413-2105) Systray shell service object
BatMeter.dll 74af0000 40960 C:\WINDOWS\system32\BatMeter.dll 6.00.2900.5512 (xpsp.080413-2105) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 32768 C:\WINDOWS\system32\POWRPROF.dll 6.00.2900.5512 (xpsp.080413-2105) Power Profile Helper DLL
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.5512 (xpsp.080413-2108) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft MIDI Mapper
WZCSAPI.DLL 73030000 65536 C:\WINDOWS\system32\WZCSAPI.DLL 5.1.2600.5512 (xpsp.080413-0852) reƖ Zero Configuration service API
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.5512 (xpsp.080413-0852) Multiple Provider Router DLL
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft® Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.5512 (xpsp.080413-2113) Net Remote Admin Protocol DLL
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
davclnt.dll 75f70000 40960 C:\WINDOWS\System32\davclnt.dll 5.1.2600.5512 (xpsp.080413-2111) Web DAV Client DLL
madocmgr.dll 10000000 77824 C:\Program Files\MarkAny\Document SAFER\madocmgr.dll 2, 5, 0, 41229 MarkAny Document Safer Manager
cipher.dll 18c0000 360448 C:\WINDOWS\system32\cipher.dll 2, 5, 0, 50222 cipher
libdb41.dll 13000000 585728 C:\WINDOWS\system32\libdb41.dll 4.1.25 Berkeley DB 3.0 DLL
ODBC32.dll 74320000 249856 C:\WINDOWS\system32\ODBC32.dll 3.525.1132.0 (xpsp.080413-0852) Microsoft Data Access - ODBC Driver Manager
comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.5512 (xpsp.080413-2105) Common Dialogs DLL
odbcint.dll b80000 94208 C:\WINDOWS\system32\odbcint.dll 3.525.1132.0 (xpsp.080413-0852) Microsoft Data Access - ODBC Resources
rsaenh.dll 68000000 221184 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
SXS.DLL 7e720000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.5512 (xpsp.080413-2111) Fusion 2.5
shdoclc.dll 71800000 557056 C:\WINDOWS\system32\shdoclc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Doc Object and Control Library
browselc.dll 71600000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
DUSER.dll 6c1b0000 315392 C:\WINDOWS\system32\DUSER.dll 5.1.2600.5512 (xpsp.080413-2105) Windows DirectUser Engine
msohev.dll 325c0000 73728 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 11.0.5510 Microsoft Office 2003 component
PDFShell.dll 2590000 372736 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 8.1.0.0 PDF Shell Extension
MSVCR80.dll 78130000 634880 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 8.00.50727.762 Microsoft® C Runtime Library
msadp32.acm 72cf0000 28672 C:\WINDOWS\system32\msadp32.acm 5.1.2600.5512 (xpsp.080413-0845) Microsoft ADPCM CODEC for MSACM
MSISIP.DLL 605f0000 28672 C:\WINDOWS\system32\MSISIP.DLL 3.1.4001.5512 MSI Signature SIP Provider
wshext.dll 7dfa0000 90112 C:\WINDOWS\system32\wshext.dll 5.7.0.18066 Microsoft (R) Shell Extension for Windows script Host
MCPS.DLL 36d30000 110592 C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL 11.0.8164 Media Catalog Proxy/Stub



******************************************
EOF

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Fri Oct 02, 2009 1:28 am

Hi

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.

  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar

Let me know if you decided to uninstall it.

==

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Fri Oct 02, 2009 5:21 pm

Malwarebytes' Anti-Malware 1.41
Database version: 2894
Windows 5.1.2600 Service Pack 3

10/2/2009 1:22:35 PM
mbam-log-2009-10-02 (13-22-35).txt

Scan type: Quick Scan
Objects scanned: 124978
Time elapsed: 22 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Sat Oct 03, 2009 12:53 am

Hi

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Mon Oct 05, 2009 2:46 pm

ComboFix 09-10-04.01 - jcampanioni 10/05/2009 10:35.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.454 [GMT -4:00]
Running from: c:\documents and settings\lguser\My Documents\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
.
((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 )))))))))))))))))))))))))))))))
.

2009-09-25 01:56 . 2009-09-25 01:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-17 18:34 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-17 18:34 . 2009-09-25 12:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-17 18:34 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-15 15:04 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-05 13:06 . 2007-08-21 19:07 -------- d-----w- c:\program files\LGEAD
2009-10-05 12:48 . 2009-03-09 19:57 -------- d-----w- c:\program files\Symantec AntiVirus
2009-10-02 20:40 . 2007-08-21 18:31 -------- d-----w- c:\documents and settings\lguser\Application Data\ICAClient
2009-09-29 15:31 . 2007-08-27 16:56 76304 ----a-w- c:\documents and settings\lguser\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-26 22:58 . 2009-09-26 22:58 -------- d-----w- c:\documents and settings\lguser\Application Data\Notepad++
2009-09-26 22:58 . 2009-09-26 22:58 -------- d-----w- c:\program files\Notepad++
2009-09-03 14:56 . 2009-07-31 19:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-02 16:05 . 2007-10-12 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-06 23:24 . 2007-08-21 17:54 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2007-08-21 17:54 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2007-08-21 17:54 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2007-08-21 17:54 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2008-04-14 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2007-08-21 17:54 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2007-08-21 17:54 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-18 17:46 . 2008-05-30 12:20 7867 ----a-w- c:\windows\system32\drivers\WWHOOK.SYS
2009-07-18 17:45 . 2008-05-30 12:20 5632 ----a-w- c:\windows\system32\drivers\SFMouse.sys
2009-07-18 17:45 . 2008-05-30 12:20 4992 ----a-w- c:\windows\system32\drivers\SFKbd.sys
2009-07-18 17:45 . 2008-05-30 12:20 35200 ----a-w- c:\windows\system32\drivers\SFFOLDER.SYS
2009-07-18 17:45 . 2008-05-30 12:20 34688 ----a-w- c:\windows\system32\drivers\sfres.sys
2009-07-18 17:45 . 2009-07-07 13:04 10240 ----a-w- c:\windows\system32\drivers\sfcdex.sys
2009-07-18 17:45 . 2008-05-30 12:20 40960 ----a-w- c:\windows\system32\drivers\SDFA.SYS
2009-07-18 17:45 . 2008-05-30 12:20 16191 ----a-w- c:\windows\system32\drivers\safandrv.sys
2009-07-18 17:45 . 2008-05-30 12:20 5632 ----a-w- c:\windows\system32\drivers\ProcHide.sys
2009-07-18 17:45 . 2008-05-30 12:20 45952 ----a-w- c:\windows\system32\drivers\Filehook.sys
2009-07-18 17:45 . 2008-05-30 12:20 32384 ----a-w- c:\windows\system32\drivers\FDDec.SYS
2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 16:21 . 2008-04-14 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2008-05-22 12:52 . 2008-05-22 12:52 1244493 -csha-w- c:\windows\system32\txvpkiry.tmp
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-28 12:28 . 2009-08-06 23:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-09-28 12:28 . 2009-08-06 23:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-08-04 10:00 . 2009-09-28 12:37 41814 c:\windows\system32\perfc009.dat
- 2004-08-04 10:00 . 2009-06-18 13:04 41814 c:\windows\system32\perfc009.dat
+ 2007-08-21 17:54 . 2009-08-06 23:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2007-08-21 17:54 . 2009-08-06 23:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2008-04-14 12:00 . 2009-08-06 23:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2009-09-28 12:26 . 2009-09-28 12:26 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-30 18:52 . 2009-09-28 12:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-30 18:52 . 2009-09-25 00:57 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-09-28 12:26 . 2009-09-28 12:26 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-05-31 03:38 . 2007-05-31 03:38 11744 c:\windows\system32\CCM\clicomp\RemCtrl\KBSTUFF\Kbstuff5.sys
- 2007-05-31 04:38 . 2007-05-31 04:38 11744 c:\windows\system32\CCM\clicomp\RemCtrl\KBSTUFF\Kbstuff5.sys
- 2007-04-13 07:50 . 2007-04-13 07:50 21368 c:\windows\system32\CCM\ccmrepair.exe
+ 2007-04-13 06:50 . 2007-04-13 06:50 21368 c:\windows\system32\CCM\ccmrepair.exe
+ 2009-01-05 19:44 . 2009-01-05 19:44 53248 c:\windows\bdoscandel.exe
+ 2009-09-27 00:48 . 2009-09-27 00:48 86016 c:\windows\BDOSCAN8\librtvr.dll
+ 2009-09-27 00:48 . 2009-09-27 00:48 27136 c:\windows\BDOSCAN8\avxt.dll
+ 2009-09-27 00:48 . 2009-09-27 00:48 10240 c:\windows\BDOSCAN8\avxs.dll
+ 2009-09-27 00:48 . 2009-09-27 00:48 45056 c:\windows\BDOSCAN8\avxdisk.dll
- 2004-08-04 10:00 . 2009-06-18 13:04 316798 c:\windows\system32\perfh009.dat
+ 2004-08-04 10:00 . 2009-09-28 12:37 316798 c:\windows\system32\perfh009.dat
- 2007-08-21 13:44 . 2009-06-18 13:02 269392 c:\windows\system32\FNTCACHE.DAT
+ 2007-08-21 13:44 . 2009-09-28 12:21 269392 c:\windows\system32\FNTCACHE.DAT
+ 2007-08-21 17:54 . 2009-08-06 23:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2007-08-21 17:54 . 2009-08-06 23:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2007-08-21 17:54 . 2009-08-06 23:23 575704 c:\windows\system32\dllcache\wuapi.dll
- 2007-04-13 07:50 . 2007-04-13 07:50 341368 c:\windows\system32\ccmcore.dll
+ 2007-04-13 06:50 . 2007-04-13 06:50 341368 c:\windows\system32\ccmcore.dll
+ 2009-01-05 19:44 . 2009-01-05 19:44 741376 c:\windows\Downloaded Program Files\ipsupd.dll
+ 2009-01-05 19:44 . 2009-09-27 00:48 142848 c:\windows\BDOSCAN8\libfn.dll
+ 2009-01-05 19:44 . 2009-01-05 19:44 741376 c:\windows\BDOSCAN8\ipsupd.dll
+ 2009-01-05 19:44 . 2009-09-27 00:48 107800 c:\windows\BDOSCAN8\bdcore.dll
+ 2007-08-21 17:54 . 2009-08-06 23:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-04-14 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6FC59230-01FC-49D4-978C-6875091F0B4E}"= "c:\program files\MarkAny\Document SAFER\madocmgr.dll" [2005-09-22 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logoff\0\0]
"Script"=offInsert.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\0\0]
"Script"=AgentUnInstall.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\1\0]
"Script"=DNSSearch.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\2\0]
"Script"=twLogOn_2.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\3\0]
"Script"=ie.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\4\0]
"Script"=logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\5\0]
"Script"=setdns.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logoff\0\0]
"Script"=offInsert.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\0\0]
"Script"=AgentUnInstall.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\1\0]
"Script"=DNSSearch.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\2\0]
"Script"=ipid.vbe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\3\0]
"Script"=ie.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\4\0]
"Script"=logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\5\0]
"Script"=setdns.bat

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WWCnt\\WwcNT.exe"=

R0 FileHook;SAFASOFT File System Filter;c:\windows\system32\drivers\Filehook.sys [5/30/2008 8:20 AM 45952]
R0 SFCDEX;WaterWall SFCDEX Filter;c:\windows\system32\drivers\sfcdex.sys [7/7/2009 9:04 AM 10240]
R1 PROCHIDE;ProcHide Driver;c:\windows\system32\drivers\ProcHide.sys [5/30/2008 8:20 AM 5632]
R1 Safandrv;Safandrv;c:\windows\system32\drivers\safandrv.sys [5/30/2008 8:20 AM 16191]
R1 SFkbd;SAFASOFT Keyboard Filter;c:\windows\system32\drivers\SFKbd.sys [5/30/2008 8:20 AM 4992]
R1 SFMouse;SAFASOFT Mouse Filter;c:\windows\system32\drivers\SFMouse.sys [5/30/2008 8:20 AM 5632]
R1 SFRes;SAFASOFT Resource Driver;c:\windows\system32\drivers\sfres.sys [5/30/2008 8:20 AM 34688]
R2 ADAgent;ADAgent;c:\program files\LGEAD\ADAgentService.exe [8/13/2008 5:36 PM 586752]
R2 SDFA;SDFA Driver;c:\windows\system32\drivers\SDFA.SYS [5/30/2008 8:20 AM 40960]
R2 WWC;Ww Client 3.2 Agent;c:\wwcnt\WwcService.exe [7/7/2009 9:05 AM 233472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 12:44 PM 102448]
S0 cerc6;cerc6; [x]
S0 wfM18;wfM18;c:\windows\system32\Drivers\wfM18.sys --> c:\windows\system32\Drivers\wfM18.sys [?]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\lguser\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\lguser\LOCALS~1\Temp\aswArKrn.sys [?]
S3 FDDec;SAFASOFT Encrpty Mobile Driver;c:\windows\system32\drivers\FDDec.SYS [5/30/2008 8:20 AM 32384]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464]
S3 SFfolder;SAFASOFT Encrpty Folder Driver;c:\windows\system32\drivers\SFFOLDER.SYS [5/30/2008 8:20 AM 35200]
S3 WwHook;WwHook;c:\windows\system32\drivers\WWHOOK.SYS [5/30/2008 8:20 AM 7867]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ADAGENT

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: lge.com
TCP: {A33C4699-B92C-407E-B4AC-344A394BCB77} = 136.166.4.4,136.166.10.50
DPF: {19A9C0F9-C5FB-46A0-8B6D-A9E2D2944FEF} - [You must be registered and logged in to see this link.]
DPF: {245DF0F9-179F-4027-875A-0493B21C204F} - [You must be registered and logged in to see this link.]
DPF: {6A70986F-6565-4D86-849C-4713E1E41AA2} - [You must be registered and logged in to see this link.]
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - [You must be registered and logged in to see this link.]
DPF: {B102CB47-BE39-4572-BD36-EB978A5FF76C} - [You must be registered and logged in to see this link.]
DPF: {DFA53E3E-E703-4B36-9EE7-82101A6A43CC} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\lguser\Application Data\Mozilla\Firefox\Profiles\ultj2jdw.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-05 10:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(768)
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2009-10-05 10:47
ComboFix-quarantined-files.txt 2009-10-05 14:46
ComboFix2.txt 2009-09-25 06:12

Pre-Run: 3,252,432,896 bytes free
Post-Run: 3,369,275,392 bytes free

239 --- E O F --- 2009-03-28 16:01

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Mon Oct 05, 2009 10:43 pm

Hi

One more time:

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Wed Oct 14, 2009 8:31 pm

Malwarebytes' Anti-Malware 1.41
Database version: 2962
Windows 5.1.2600 Service Pack 3

10/14/2009 4:33:14 PM
mbam-log-2009-10-14 (16-33-13).txt

Scan type: Quick Scan
Objects scanned: 134013
Time elapsed: 27 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\protect (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\protect (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\protect (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\Protect.sys (Rootkit.Agent) -> Delete on reboot.

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Wed Oct 14, 2009 10:07 pm

Please download A-Squared HiJackFree from [You must be registered and logged in to see this link.] and save it to your Desktop. Double-click to install. When you launch the program, please wait 1 minute to allow it to load all the Processes, Services, etc.
Then, click the following:
Save the log to the Desktop, or some other memorable place. Then, the log shall launch in Notepad. Please post the results of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Mon Oct 19, 2009 12:08 am

Logfile of HiJackFree v3.0
Scan saved at 8:10:43 PM, on 10/18/2009
Platform: Windows XP Service Pack 3 (Windows NT 5.1.2600)
MSIE: Internet Explorer v 6.0 Service Pack 3 (6.0.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LGEAD\ADAgentService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WWCNT\WWCSERVICE.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WWCNT\SYSTEM\PMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\a-squared HiJackFree\a2hijackfree.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O7 - Regedit - Enabled
O8 - Extra context menu item: Append to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFBAR.ICO
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aimres.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra "Tools" menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
O14 - IERESET.INF: SEARCH_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
O14 - IERESET.INF: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
O15 - Trusted Zone: *://*.lge.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {19A9C0F9-C5FB-46A0-8B6D-A9E2D2944FEF} (Findprog Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {245DF0F9-179F-4027-875A-0493B21C204F} (MaLiveUpdateCtrl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6A70986F-6565-4D86-849C-4713E1E41AA2} (AgentSSO Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {B102CB47-BE39-4572-BD36-EB978A5FF76C} (NamoWeCtl 6.0 for LGE_NOTES) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {DFA53E3E-E703-4B36-9EE7-82101A6A43CC} (DACWebFax Control) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LGE.NET
O17 - HKLM\Software\..\Telephony: DomainName = LGE.NET
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DomainName = LGE.NET
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DomainName = LGE.NET
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\System32\igfxdev.dll
O21 - ShellServiceObjectDelayLoad: PostBootReminder -
O21 - ShellServiceObjectDelayLoad: CDBurn -
O21 - ShellServiceObjectDelayLoad: WebCheck -
O21 - ShellServiceObjectDelayLoad: SysTray -
O22 - SharedTaskScheduler: Browseui preloader - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll
O23 - Service: ADAgent - C:\Program Files\LGEAD\ADAgentService.exe
O23 - Service: Alerter - C:\WINDOWS\system32\svchost.exe
O23 - Service: Application Layer Gateway Service - C:\WINDOWS\System32\alg.exe
O23 - Service: Apple Mobile Device - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Management - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Audio - C:\WINDOWS\System32\svchost.exe
O23 - Service: Background Intelligent Transfer Service - C:\WINDOWS\system32\svchost.exe
O23 - Service: Bonjour Service - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Computer Browser - C:\WINDOWS\system32\svchost.exe
O23 - Service: Bluetooth Support Service - C:\WINDOWS\system32\svchost.exe
O23 - Service: Symantec Event Manager - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: SMS Agent Host - C:\WINDOWS\system32\CCM\CcmExec.exe
O23 - Service: Symantec Settings Manager - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Indexing Service - C:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: COM+ System Application - C:\WINDOWS\system32\dllhost.exe
O23 - Service: CryptSvc - C:\WINDOWS\system32\svchost.exe
O23 - Service: DCOM Server Process Launcher - C:\WINDOWS\system32\svchost
O23 - Service: Symantec AntiVirus Definition Watcher - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DHCP Client - C:\WINDOWS\system32\svchost.exe
O23 - Service: Logical Disk Manager Administrative Service - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Logical Disk Manager - C:\WINDOWS\System32\svchost.exe
O23 - Service: DNS Client - C:\WINDOWS\system32\svchost.exe
O23 - Service: Wired AutoConfig - C:\WINDOWS\System32\svchost.exe
O23 - Service: Juniper Network Connect Service - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Extensible Authentication Protocol Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: Error Reporting Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: Event Log - C:\WINDOWS\system32\services.exe
O23 - Service: COM+ Event System - C:\WINDOWS\system32\svchost.exe
O23 - Service: Fast User Switching Compatibility - C:\WINDOWS\System32\svchost.exe
O23 - Service: FLEXnet Licensing Service - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Help and Support - C:\WINDOWS\System32\svchost.exe
O23 - Service: HID Input Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: Health Key and Certificate Management Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: HTTP SSL - C:\WINDOWS\System32\svchost.exe
O23 - Service: InstallDriver Table Manager - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Server - C:\WINDOWS\system32\svchost.exe
O23 - Service: Workstation - C:\WINDOWS\system32\svchost.exe
O23 - Service: LiveUpdate - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: TCP/IP NetBIOS Helper - C:\WINDOWS\system32\svchost.exe
O23 - Service: Machine Debug Manager - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
O23 - Service: Messenger - C:\WINDOWS\system32\svchost.exe
O23 - Service: NetMeeting Remote Desktop Sharing - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator - C:\WINDOWS\system32\msdtc.exe
O23 - Service: Windows Installer - C:\WINDOWS\system32\msiexec.exe
O23 - Service: Network Access Protection Agent - C:\WINDOWS\System32\svchost.exe
O23 - Service: Network DDE - C:\WINDOWS\system32\netdde.exe
O23 - Service: Network DDE DSDM - C:\WINDOWS\system32\netdde.exe
O23 - Service: Net Logon - C:\WINDOWS\system32\lsass.exe
O23 - Service: Network Connections - C:\WINDOWS\System32\svchost.exe
O23 - Service: NICCONFIGSVC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Network Location Awareness (NLA) - C:\WINDOWS\system32\svchost.exe
O23 - Service: NT LM Security Support Provider - C:\WINDOWS\system32\lsass.exe
O23 - Service: Removable Storage - C:\WINDOWS\system32\svchost.exe
O23 - Service: Office Source Engine - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service: Plug and Play - C:\WINDOWS\system32\services.exe
O23 - Service: IPSEC Services - C:\WINDOWS\system32\lsass.exe
O23 - Service: Protected Storage - C:\WINDOWS\system32\lsass.exe
O23 - Service: Remote Access Auto Connection Manager - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Access Connection Manager - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Desktop Help Session Manager - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Routing and Remote Access - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Registry - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Procedure Call (RPC) Locator - C:\WINDOWS\system32\locator.exe
O23 - Service: Remote Procedure Call (RPC) - C:\WINDOWS\system32\svchost
O23 - Service: QoS RSVP - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Security Accounts Manager - C:\WINDOWS\system32\lsass.exe
O23 - Service: SAVRoam - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Smart Card - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Task Scheduler - C:\WINDOWS\System32\svchost.exe
O23 - Service: Secondary Logon - C:\WINDOWS\System32\svchost.exe
O23 - Service: System Event Notification - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) - C:\WINDOWS\System32\svchost.exe
O23 - Service: Shell Hardware Detection - C:\WINDOWS\System32\svchost.exe
O23 - Service: SPBBCSvc - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Print Spooler - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: System Restore Service - C:\WINDOWS\system32\svchost.exe
O23 - Service: SSDP Discovery Service - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Image Acquisition (WIA) - C:\WINDOWS\system32\svchost.exe
O23 - Service: MS Software Shadow Copy Provider - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Symantec AntiVirus - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Performance Logs and Alerts - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telephony - C:\WINDOWS\System32\svchost.exe
O23 - Service: Terminal Services - C:\WINDOWS\System32\svchost
O23 - Service: Themes - C:\WINDOWS\System32\svchost.exe
O23 - Service: Telnet - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Distributed Link Tracking Client - C:\WINDOWS\system32\svchost.exe
O23 - Service: Universal Plug and Play Device Host - C:\WINDOWS\system32\svchost.exe
O23 - Service: Uninterruptible Power Supply - C:\WINDOWS\System32\ups.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service - C:\Program Files\Windows Live\Messenger\usnsvc.exe
O23 - Service: Volume Shadow Copy - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Time - C:\WINDOWS\System32\svchost.exe
O23 - Service: WebClient - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Management Instrumentation - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Live Setup Service - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Dell Wireless WLAN Tray Service - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Portable Media Serial Number Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: Windows Management Instrumentation Driver Extensions - C:\WINDOWS\System32\svchost.exe
O23 - Service: WMI Performance Adapter - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Security Center - C:\WINDOWS\System32\svchost.exe
O23 - Service: Automatic Updates - C:\WINDOWS\system32\svchost.exe
O23 - Service: SMS Remote Control Agent - C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
O23 - Service: Ww Client 3.2 Agent - C:\WWCNT\WWCSERVICE.EXE
O23 - Service: Wireless Zero Configuration - C:\WINDOWS\System32\svchost.exe
O23 - Service: Network Provisioning Service - C:\WINDOWS\System32\svchost.exe

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Mon Oct 19, 2009 1:19 am

Please download RootRepeal from [You must be registered and logged in to see this link.].

  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.


  • Select ALL of the checkboxes and then click OK and it will start scanning your system.

  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.

Please remove any e-mail address in the RootRepeal report (if present).


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Mon Oct 19, 2009 2:05 am

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/18 21:53
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA971F000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B24000 Size: 8192 File Visible: No Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xF7CEA000 Size: 2560 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA7ECF000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: \\?\C:\WWNtuser\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\AUTHINFO.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CGROUP.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG
Status: Invisible to the Windows API!

Path: C:\WWNtuser\continf.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\EKINFO.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\ENVIRONMENT.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\EXCPFILE.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\EXCPTCLS.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\GROUPWARELIST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\IPLIST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\jcampanioni
Status: Invisible to the Windows API!

Path: C:\WWNtuser\LOGONINFO.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\MACLIST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\MGROUP.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\MSNCONTROL.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\MsUsed
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PolicyStatus.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PORTCONFIG.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PORTFREE.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PORTLIST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PORTRANGE.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\Printrule.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PROATTC.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\Programctrl.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PublicKey
Status: Invisible to the Windows API!

Path: C:\WWNtuser\RuleMail.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\RULESET.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\SBLACK.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\SITELIST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\SMTPATTC.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\SMTPRULE.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\STRUST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\TIMECHECK.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\USER.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\WEBRULE.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\winsfJudah.dat
Status: Invisible to the Windows API!

Path: C:\WWNtuser\winsfLevi.tlb
Status: Invisible to the Windows API!

Path: C:\WWNtuser\winsfReuben.dat
Status: Invisible to the Windows API!

Path: C:\WWNtuser\winsfsimeon.bat
Status: Invisible to the Windows API!

Path: C:\WWNtuser\ww.log
Status: Invisible to the Windows API!

Path: C:\WWNtuser\wwcservice.log
Status: Invisible to the Windows API!

Path: C:\WWNtuser\wwmark.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\ww_reg.log
Status: Invisible to the Windows API!

Path: \\?\C:\WWCnt\System\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWCnt\System\RWIni.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\CDCtrl.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\CDPar.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\ChkCD.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\ComInfo.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\ContPar.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Crypt32Wrapper.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\DecMd.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\IECONT.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\IEDEC.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\MakeSDFA.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\MsnHk.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\PcLog.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\PMonitor.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\PrintHK.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Prtlog2.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\rbtcm.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\RDHooks.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\RDScrn.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\RDThread.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SafaWeb.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\ScrCap.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SFFolder.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SmtpDlg.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SmtpHook.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SmtpParse.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\smupt.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Sniper.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SysInfo.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\WaterwallCrypt1_0.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\WebUrl.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\WwcUninstaller.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Wwres_e.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Wwres_j.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Wwres_k.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Wwres_sc.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Wwres_tc.dll
Status: Invisible to the Windows API!

Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\CDRWFile
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\PrintFile
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\ScreenFile
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\SpoolFiles
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\TemporaryFiles
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\WEBHDDLOG
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\WriteLog
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\WRITELOG.TXT
Status: Invisible to the Windows API!

Path: \\?\C:\WWNtuser\jcampanioni\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\MsUsed\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\MsUsed\Msdate.dat
Status: Invisible to the Windows API!

Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\BaseLog\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\ContLog
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\MAPILOG
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\SDFALOG
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\SPLTMP
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\UrlLog
Status: Invisible to the Windows API!

Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\CDRWFile\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091014095224281_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006104913781_Copy of BID PRICING REQUEST FORM LG HOPE.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006104913781_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006105754671_LG Commercial Bid Pricing Request From..The Chicago Group.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006105754671_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006112831671_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006144141578_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006144312265_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006144704828_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091012103938546_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091014091529187_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091014092821281_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091014095104015_SMTPContent.eml
Status: Invisible to the Windows API!

Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\PrintFile\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\ScreenFile\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\SpoolFiles\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\TemporaryFiles\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\UrlFile\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007105125578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007110125484.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007111126171.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007112125593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007113125468.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007114125453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007115125281.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007120125640.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007121125265.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007122125500.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007123125968.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007124125234.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007125125921.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007130126656.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007131125937.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007133125546.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007134125593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007135125718.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007140126718.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007141125578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007142125578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007143125906.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007144125187.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007145125937.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007150126187.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007151125453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007152125578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007153125578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007154129703.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007155126328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007161127109.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007162125453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007163125687.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007164126171.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007165126359.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008104210703.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008105205781.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008110204750.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008111207390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008112204750.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008113205125.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008114204671.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008115204921.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008120204734.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008121204625.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007104125328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007132126453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007160125718.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008122204718.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008150205046.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009095526531.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009123526593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009151526609.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012144915703.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013131726296.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013155726453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091014104751343.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091014132756515.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091014160753062.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091015124159093.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091015152200625.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091016095920828.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091016124020609.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008123204453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008124204609.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008125204484.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008130204406.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008131204843.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008132204531.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008133204375.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008134204500.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008135204390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008140205250.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008141204937.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008142204734.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008143205375.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008144204859.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008145204781.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008151205328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008152204968.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008153204593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008154205937.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008155205843.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008160204890.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008161205656.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008162204953.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009084527109.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009085526250.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009090526343.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009091526578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009092526328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009093526437.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009094526390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009100526375.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009101526765.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009102528515.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009103526390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009104526281.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009105538515.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009110526156.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009111526531.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009112526921.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009113526546.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009114526562.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009115526328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009120527343.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009121526546.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009122527703.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009124526343.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009125526843.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009130526390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009131527046.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009132526546.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009133526281.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009134526687.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009135526796.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009140526250.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009141526468.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009142526531.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009143526453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009144527328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009145526437.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009150526578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009152526250.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009153526281.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009154527218.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009155526390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009160526828.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009161530140.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009162526703.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009163526953.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009164526875.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009165526953.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012091916015.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012092915343.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012093915953.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012104916562.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012142925875.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013095801781.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013105731078.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013110730546.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013111731203.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013112726656.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013113726593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013114731625.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013115726578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013120726390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013121726500.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013122726625.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013123728859.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013124726390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013125726906.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013130726734.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013132726515.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013133726921.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013134726843.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013135734953.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013140726453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013141726968.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013142727484.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013143728140.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013144726625.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013145726734.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013150726359.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013151727031.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013152726796.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013153726375.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013154726515.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013160726593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013161726531.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013162726281.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013163728921.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013164726390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091014090805453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtProcesses
-------------------
Path: C:\WWCnt\WwcNT.exe
PID: 1112 Status: Locked to the Windows API!

SSDT
-------------------
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\Program Files\Symantec\SYMEVENT.SYS" at address 0xaa406350

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\PROCHIDE.SYS" at address 0xf7b105b0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\Program Files\Symantec\SYMEVENT.SYS" at address 0xaa406580

==EOF==

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Mon Oct 19, 2009 4:15 am

Jotti File Submission:
  • Please go to [You must be registered and logged in to see this link.]

  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\WINDOWS\System32\Drivers\PROCHIDE.SYS


  • Click on the submit button

  • Please post the results (URL) in your next reply.



Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Mon Oct 19, 2009 2:39 pm

The security software my company has put on their laptops does not allow me to upload/attach files on any site except via my work email. Any other suggestions?

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Mon Oct 19, 2009 11:09 pm

Oh. OK.

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Tue Oct 20, 2009 12:14 am

Malwarebytes' Anti-Malware 1.41
Database version: 2991
Windows 5.1.2600 Service Pack 3

10/19/2009 8:17:21 PM
mbam-log-2009-10-19 (20-17-21).txt

Scan type: Quick Scan
Objects scanned: 131521
Time elapsed: 23 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\protect (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Tue Oct 20, 2009 1:30 am

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Registry::
    [-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\protect]

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


=-=
Then, do the same re-run for MBAM please.

Post the ComboFix and MBAM logs in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Fri Oct 23, 2009 12:20 am

ComboFix 09-10-21.02 - jcampanioni 10/22/2009 19:50.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.659 [GMT -4:00]
Running from: c:\documents and settings\lguser\My Documents\ComboFix.exe
Command switches used :: c:\documents and settings\lguser\My Documents\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PROTECT
-------\Service_Protect


((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 )))))))))))))))))))))))))))))))
.

2009-10-21 13:57 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-10-21 13:57 . 2009-09-04 21:03 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-10-21 12:36 . 2009-10-21 12:36 60744 ----a-w- c:\documents and settings\lguser\g2mdlhlpx.exe
2009-10-19 00:10 . 2009-10-19 00:10 -------- d-----w- c:\program files\a-squared HiJackFree
2009-10-05 19:28 . 2009-10-22 12:19 -------- d-----w- C:\WWNtuser
2009-10-05 19:28 . 2009-10-05 19:28 -------- d-----w- C:\WWCnt
2009-09-28 12:30 . 2009-09-28 12:30 -------- d-----w- c:\windows\ms
2009-09-28 12:23 . 2009-10-05 12:31 -------- d-----w- c:\windows\system32\NtmsData
2009-09-27 00:48 . 2009-09-27 13:53 -------- d-----w- c:\windows\BDOSCAN8
2009-09-26 22:58 . 2009-09-26 22:58 -------- d-----w- c:\documents and settings\lguser\Application Data\Notepad++
2009-09-26 22:58 . 2009-09-26 22:58 -------- d-----w- c:\program files\Notepad++
2009-09-25 01:56 . 2009-09-25 01:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 00:04 . 2009-03-09 19:57 -------- d-----w- c:\program files\Symantec AntiVirus
2009-10-22 12:21 . 2007-08-21 19:07 -------- d-----w- c:\program files\LGEAD
2009-10-21 12:36 . 2007-08-21 18:31 -------- d-----w- c:\program files\Citrix
2009-10-20 17:46 . 2007-08-21 18:31 -------- d-----w- c:\documents and settings\lguser\Application Data\ICAClient
2009-10-05 19:28 . 2007-08-21 18:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-29 15:31 . 2007-08-27 16:56 76304 ----a-w- c:\documents and settings\lguser\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-25 12:02 . 2009-09-17 18:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-25 05:37 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 18:54 . 2009-09-17 18:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-09-17 18:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 14:56 . 2009-07-31 19:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-02 16:05 . 2007-10-12 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-26 08:00 . 2008-04-14 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 23:24 . 2007-08-21 17:54 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2007-08-21 17:54 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2007-08-21 17:54 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2007-08-21 17:54 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2008-04-14 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2007-08-21 17:54 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2007-08-21 17:54 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 23:52 . 2009-08-04 23:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13 . 2008-04-14 12:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2008-04-14 00:01 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 19:47 . 2009-07-29 19:47 46080 ----a-w- c:\windows\system32\drivers\filehook.sys
2008-05-22 12:52 . 2008-05-22 12:52 1244493 -csha-w- c:\windows\system32\txvpkiry.tmp
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-23 00:05 . 2009-10-23 00:05 16384 c:\windows\temp\Perflib_Perfdata_d20.dat
+ 2007-08-21 18:50 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2009-09-28 12:28 . 2009-08-06 23:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-09-28 12:28 . 2009-08-06 23:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-08-04 10:00 . 2009-09-28 12:37 41814 c:\windows\system32\perfc009.dat
- 2004-08-04 10:00 . 2009-06-18 13:04 41814 c:\windows\system32\perfc009.dat
+ 2007-08-21 17:54 . 2009-08-06 23:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2007-08-21 17:54 . 2009-08-06 23:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2009-04-21 15:07 . 2009-09-25 05:37 81920 c:\windows\system32\dllcache\ieencode.dll
- 2009-04-21 15:07 . 2009-06-26 16:50 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2008-04-14 12:00 . 2009-08-06 23:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2009-09-28 12:26 . 2009-09-28 12:26 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-30 18:52 . 2009-09-28 12:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-30 18:52 . 2009-09-25 00:57 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-05-31 03:38 . 2007-05-31 03:38 11744 c:\windows\system32\CCM\clicomp\RemCtrl\KBSTUFF\Kbstuff5.sys
- 2007-05-31 04:38 . 2007-05-31 04:38 11744 c:\windows\system32\CCM\clicomp\RemCtrl\KBSTUFF\Kbstuff5.sys
- 2007-04-13 07:50 . 2007-04-13 07:50 21368 c:\windows\system32\CCM\ccmrepair.exe
+ 2007-04-13 06:50 . 2007-04-13 06:50 21368 c:\windows\system32\CCM\ccmrepair.exe
- 2009-06-16 16:40 . 2009-06-16 16:40 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-10-21 16:16 . 2009-10-21 16:16 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2007-08-21 18:49 . 2009-10-21 16:37 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-08-21 18:49 . 2009-09-15 17:17 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-08-21 18:49 . 2009-09-15 17:17 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-08-21 18:49 . 2009-10-21 16:37 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-08-21 18:49 . 2009-10-21 16:37 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-08-21 18:49 . 2009-09-15 17:17 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-08-21 18:49 . 2009-10-21 16:37 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-08-21 18:49 . 2009-09-15 17:17 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-08-21 18:49 . 2009-10-21 16:37 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-08-21 18:49 . 2009-09-15 17:17 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-08-21 18:49 . 2009-10-21 16:37 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-08-21 18:49 . 2009-09-15 17:17 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-10-05 19:28 . 2009-10-05 19:28 10134 c:\windows\Installer\{17014700-72E3-11D5-8FFC-004854824936}\ARPPRODUCTICON.exe
+ 2007-03-22 22:07 . 2007-03-22 22:07 78168 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-22 22:07 . 2007-03-22 22:07 41824 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-03-22 22:07 . 2007-03-22 22:07 91488 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2009-01-05 19:44 . 2009-01-05 19:44 53248 c:\windows\bdoscandel.exe
+ 2009-09-27 00:48 . 2009-09-27 00:48 86016 c:\windows\BDOSCAN8\librtvr.dll
+ 2009-09-27 00:48 . 2009-09-27 00:48 27136 c:\windows\BDOSCAN8\avxt.dll
+ 2009-09-27 00:48 . 2009-09-27 00:48 10240 c:\windows\BDOSCAN8\avxs.dll
+ 2009-09-27 00:48 . 2009-09-27 00:48 45056 c:\windows\BDOSCAN8\avxdisk.dll
- 2007-08-21 18:49 . 2009-09-15 17:17 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-08-21 18:49 . 2009-10-21 16:37 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-04-14 12:00 . 2009-04-03 16:15 485376 c:\windows\system32\wmspdmod.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 485376 c:\windows\system32\wmspdmod.dll
+ 2008-04-14 12:00 . 2009-09-25 05:37 627712 c:\windows\system32\urlmon.dll
+ 2004-08-04 10:00 . 2009-09-28 12:37 316798 c:\windows\system32\perfh009.dat
- 2004-08-04 10:00 . 2009-06-18 13:04 316798 c:\windows\system32\perfh009.dat
+ 2007-08-21 13:44 . 2009-09-28 12:21 269392 c:\windows\system32\FNTCACHE.DAT
- 2007-08-21 13:44 . 2009-06-18 13:02 269392 c:\windows\system32\FNTCACHE.DAT
+ 2007-08-21 17:54 . 2009-08-06 23:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2007-08-21 17:54 . 2009-08-06 23:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2007-08-21 17:54 . 2009-08-06 23:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2009-04-03 16:15 . 2009-04-03 16:15 485376 c:\windows\system32\dllcache\wmspdmod.dll
+ 2008-04-14 12:00 . 2009-09-25 05:37 667136 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-14 12:00 . 2009-09-25 05:37 627712 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 12:00 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
- 2008-04-14 12:00 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll
- 2009-08-18 14:08 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-08-18 14:08 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2007-04-13 06:50 . 2007-04-13 06:50 341368 c:\windows\system32\ccmcore.dll
- 2007-04-13 07:50 . 2007-04-13 07:50 341368 c:\windows\system32\ccmcore.dll
- 2007-08-21 18:49 . 2009-09-15 17:17 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-08-21 18:49 . 2009-10-21 16:37 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-08-21 18:49 . 2009-10-21 16:37 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-08-21 18:49 . 2009-09-15 17:17 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-08-21 18:49 . 2009-09-15 17:17 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-08-21 18:49 . 2009-10-21 16:37 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-08-21 18:49 . 2009-09-15 17:17 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-08-21 18:49 . 2009-10-21 16:37 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-08-21 18:49 . 2009-10-21 16:37 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-08-21 18:49 . 2009-09-15 17:17 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-08-21 18:49 . 2009-10-21 16:37 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-08-21 18:49 . 2009-09-15 17:17 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-03-22 22:22 . 2007-03-22 22:22 103264 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2007-04-19 17:53 . 2007-04-19 17:53 109408 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLCTL.DLL
+ 2009-01-05 19:44 . 2009-01-05 19:44 741376 c:\windows\Downloaded Program Files\ipsupd.dll
+ 2009-01-05 19:44 . 2009-09-27 00:48 142848 c:\windows\BDOSCAN8\libfn.dll
+ 2009-01-05 19:44 . 2009-01-05 19:44 741376 c:\windows\BDOSCAN8\ipsupd.dll
+ 2009-01-05 19:44 . 2009-09-27 00:48 107800 c:\windows\BDOSCAN8\bdcore.dll
+ 2009-10-21 13:58 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2008-04-14 12:00 . 2009-09-25 05:37 1509888 c:\windows\system32\shdocvw.dll
- 2008-04-14 12:00 . 2009-07-18 16:05 1509888 c:\windows\system32\shdocvw.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 1435648 c:\windows\system32\query.dll
+ 2008-04-14 12:00 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
+ 2008-04-14 12:00 . 2009-09-25 05:37 3070976 c:\windows\system32\mshtml.dll
+ 2007-08-21 17:54 . 2009-08-06 23:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
- 2009-03-30 21:41 . 2009-07-18 16:05 1509888 c:\windows\system32\dllcache\shdocvw.dll
+ 2009-03-30 21:41 . 2009-09-25 05:37 1509888 c:\windows\system32\dllcache\shdocvw.dll
+ 2009-03-30 21:41 . 2009-08-05 00:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-03-30 21:41 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-03-30 21:41 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-03-30 21:41 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-03-30 21:41 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-03-30 21:41 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-03-30 21:41 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-03-30 21:41 . 2009-09-25 05:37 3070976 c:\windows\system32\dllcache\mshtml.dll
+ 2009-10-05 19:28 . 2009-10-05 19:28 2998784 c:\windows\Installer\75f68.msi
+ 2009-08-21 14:14 . 2009-08-21 14:14 8363008 c:\windows\Installer\3f38d4d.msp
+ 2009-08-20 09:02 . 2009-08-20 09:02 5204992 c:\windows\Installer\3f38d31.msp
+ 2009-07-27 08:31 . 2009-07-27 08:31 3738624 c:\windows\Installer\3f38d1b.msp
+ 2009-09-29 13:08 . 2009-09-29 13:08 6747648 c:\windows\Installer\3f38d12.msp
+ 2009-09-21 20:53 . 2009-09-21 20:53 5518848 c:\windows\Installer\3f38cfc.msp
+ 2007-06-06 14:53 . 2007-06-06 14:53 1195888 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\FM20.DLL
+ 2009-03-30 21:41 . 2009-08-05 00:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-03-30 21:41 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-03-30 21:41 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-03-30 21:41 . 2009-02-07 23:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-03-30 21:41 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-03-30 21:41 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2009-03-30 21:41 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-10-21 16:21 . 2009-10-02 15:01 25198016 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-04-14 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6FC59230-01FC-49D4-978C-6875091F0B4E}"= "c:\program files\MarkAny\Document SAFER\madocmgr.dll" [2005-09-22 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logoff\0\0]
"Script"=offInsert.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\0\0]
"Script"=AgentUnInstall.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\1\0]
"Script"=DNSSearch.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\2\0]
"Script"=twLogOn_2.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\3\0]
"Script"=ie.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\4\0]
"Script"=logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\5\0]
"Script"=setdns.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logoff\0\0]
"Script"=offInsert.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\0\0]
"Script"=AgentUnInstall.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\1\0]
"Script"=DNSSearch.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\2\0]
"Script"=ipid.vbe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\3\0]
"Script"=ie.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\4\0]
"Script"=logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\5\0]
"Script"=setdns.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDDec.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filehook.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProcHide.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\safandrv.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SDFA.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SFCDEX.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SFfolder.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SFKbd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SFMouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SFRes.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WWC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WwHook.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WWCnt\\WwcNT.exe"=
"c:\\WWCnt\\System\\Rdscrn.exe"= c:\\WWCNT\\System\\Rdscrn.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7100:TCP"= 7100:TCP:WWC
"7200:TCP"= 7200:TCP:WWC
"2810:TCP"= 2810:TCP:WWC

R0 FileHook;SAFASOFT File System Filter;c:\windows\system32\drivers\filehook.sys [7/29/2009 3:47 PM 46080]
R0 SFCDEX;WaterWall SFCDEX Filter;c:\windows\system32\drivers\sfcdex.sys [7/7/2009 9:04 AM 10240]
R1 PROCHIDE;ProcHide Driver;c:\windows\system32\drivers\ProcHide.sys [5/30/2008 8:20 AM 5632]
R1 Safandrv;Safandrv;c:\windows\system32\drivers\safandrv.sys [5/30/2008 8:20 AM 16191]
R1 SFkbd;SAFASOFT Keyboard Filter;c:\windows\system32\drivers\SFKbd.sys [5/30/2008 8:20 AM 4992]
R1 SFMouse;SAFASOFT Mouse Filter;c:\windows\system32\drivers\SFMouse.sys [5/30/2008 8:20 AM 5632]
R1 SFRes;SAFASOFT Resource Driver;c:\windows\system32\drivers\sfres.sys [5/30/2008 8:20 AM 34688]
R2 ADAgent;ADAgent;c:\program files\LGEAD\ADAgentService.exe [8/13/2008 5:36 PM 586752]
R2 SDFA;SDFA Driver;c:\windows\system32\drivers\SDFA.SYS [5/30/2008 8:20 AM 40960]
R2 SFfolder;SAFASOFT Encrpty Folder Driver;c:\windows\system32\drivers\SFFOLDER.SYS [5/30/2008 8:20 AM 35200]
R2 WWC;Ww Client 3.2 Agent;c:\wwcnt\WwcService.exe [6/2/2009 5:47 PM 233472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 12:44 PM 102448]
R3 WwHook;WwHook Port Driver;c:\windows\system32\drivers\WWHOOK.SYS [5/30/2008 8:20 AM 7867]
S0 cerc6;cerc6; [x]
S0 wfM18;wfM18;c:\windows\system32\Drivers\wfM18.sys --> c:\windows\system32\Drivers\wfM18.sys [?]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\lguser\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\lguser\LOCALS~1\Temp\aswArKrn.sys [?]
S3 FDDec;SAFASOFT Encrpty Mobile Driver;c:\windows\system32\drivers\FDDec.SYS [5/30/2008 8:20 AM 32384]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: lge.com
TCP: {A33C4699-B92C-407E-B4AC-344A394BCB77} = 136.166.10.50,136.166.10.51
DPF: {19A9C0F9-C5FB-46A0-8B6D-A9E2D2944FEF} - [You must be registered and logged in to see this link.]
DPF: {245DF0F9-179F-4027-875A-0493B21C204F} - [You must be registered and logged in to see this link.]
DPF: {6A70986F-6565-4D86-849C-4713E1E41AA2} - [You must be registered and logged in to see this link.]
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - [You must be registered and logged in to see this link.]
DPF: {B102CB47-BE39-4572-BD36-EB978A5FF76C} - [You must be registered and logged in to see this link.]
DPF: {DFA53E3E-E703-4B36-9EE7-82101A6A43CC} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\lguser\Application Data\Mozilla\Firefox\Profiles\ultj2jdw.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-PROTECT.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-22 20:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2948)
c:\wwcnt\SYSTEM\safaweb.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\msiexec.exe
c:\wwcnt\SYSTEM\PMonitor.exe
c:\combofix\CF11948.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-23 20:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-23 00:11
ComboFix2.txt 2009-10-05 14:47
ComboFix3.txt 2009-09-25 06:12

Pre-Run: 2,444,500,992 bytes free
Post-Run: 2,555,461,632 bytes free

- - End Of File - - 08C138B3D5440B1964484111BF5BAB8A

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Fri Oct 23, 2009 1:28 am

Malwarebytes' Anti-Malware 1.41
Database version: 3014
Windows 5.1.2600 Service Pack 3

10/22/2009 9:30:53 PM
mbam-log-2009-10-22 (21-30-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 186648
Time elapsed: 1 hour(s), 5 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\protect (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Fri Oct 23, 2009 4:29 am

Please download RootRepeal from [You must be registered and logged in to see this link.].

  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.


  • Select ALL of the checkboxes and then click OK and it will start scanning your system.

  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.

Please remove any e-mail address in the RootRepeal report (if present).


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Fri Oct 23, 2009 9:37 pm

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/23 17:29
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9E7E000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B84000 Size: 8192 File Visible: No Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xF7BDD000 Size: 2560 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8A51000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: \\?\C:\WWNtuser\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\AUTHINFO.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CGROUP.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG
Status: Invisible to the Windows API!

Path: C:\WWNtuser\continf.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\EKINFO.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\ENVIRONMENT.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\EXCPFILE.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\EXCPTCLS.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\GROUPWARELIST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\IPLIST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\jcampanioni
Status: Invisible to the Windows API!

Path: C:\WWNtuser\LOGONINFO.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\MACLIST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\MGROUP.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\MSNCONTROL.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\MsUsed
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PolicyStatus.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PORTCONFIG.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PORTFREE.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PORTLIST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PORTRANGE.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\Printrule.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PROATTC.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\Programctrl.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PublicKey
Status: Invisible to the Windows API!

Path: C:\WWNtuser\RuleMail.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\RULESET.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\SBLACK.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\SITELIST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\SMTPATTC.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\SMTPRULE.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\STRUST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\TIMECHECK.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\USER.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\WEBRULE.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\winsfJudah.dat
Status: Invisible to the Windows API!

Path: C:\WWNtuser\winsfLevi.tlb
Status: Invisible to the Windows API!

Path: C:\WWNtuser\winsfReuben.dat
Status: Invisible to the Windows API!

Path: C:\WWNtuser\winsfsimeon.bat
Status: Invisible to the Windows API!

Path: C:\WWNtuser\ww.log
Status: Invisible to the Windows API!

Path: C:\WWNtuser\wwcservice.log
Status: Invisible to the Windows API!

Path: C:\WWNtuser\wwmark.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\ww_reg.log
Status: Invisible to the Windows API!

Path: \\?\C:\WWCnt\System\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWCnt\System\RWIni.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\CDCtrl.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\CDPar.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\ChkCD.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\ComInfo.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\ContPar.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Crypt32Wrapper.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\DecMd.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\IECONT.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\IEDEC.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\MakeSDFA.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\MsnHk.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\PcLog.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\PMonitor.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\PrintHK.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Prtlog2.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\rbtcm.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\RDHooks.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\RDScrn.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\RDThread.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SafaWeb.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\ScrCap.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SFFolder.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SmtpDlg.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SmtpHook.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SmtpParse.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\smupt.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Sniper.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SysInfo.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\WaterwallCrypt1_0.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\WebUrl.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\WwcUninstaller.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Wwres_e.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Wwres_j.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Wwres_k.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Wwres_sc.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Wwres_tc.dll
Status: Invisible to the Windows API!

Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\CDRWFile
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\PrintFile
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\ScreenFile
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\SpoolFiles
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\TemporaryFiles
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\WEBHDDLOG
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\WriteLog
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\WRITELOG.TXT
Status: Invisible to the Windows API!

Path: \\?\C:\WWNtuser\jcampanioni\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\MsUsed\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\MsUsed\Msdate.dat
Status: Invisible to the Windows API!

Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\BaseLog\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\BeforeInfoBuf.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\ContLog
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\MAPILOG
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\SDFALOG
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\SPLTMP
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\tmpBuf.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\UrlLog
Status: Invisible to the Windows API!

Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\CDRWFile\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091014095224281_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006104913781_Copy of BID PRICING REQUEST FORM LG HOPE.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006104913781_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006105754671_LG Commercial Bid Pricing Request From..The Chicago Group.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006105754671_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006112831671_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006144141578_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006144312265_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006144704828_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091012103938546_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091014091529187_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091014092821281_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091014095104015_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091019114131531_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091019141933609_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091019145616281_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091019145616328_insurance check.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091019155350171_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091019155835296_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091022115027234_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091023140242437_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091023142514437content.htm
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091023160413640_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091023160413718_Pittsylvania Schools BBFB Bid 102309JC1.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091023160414171_SMTPContent.eml
Status: Invisible to the Windows API!

Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\PrintFile\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\ScreenFile\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\SpoolFiles\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\TemporaryFiles\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\UrlFile\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091014160753062.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007105125578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007110125484.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007111126171.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007112125593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007113125468.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007114125453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007115125281.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007120125640.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007121125265.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007122125500.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007123125968.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007124125234.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007125125921.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007130126656.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007131125937.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007133125546.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007134125593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007135125718.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007140126718.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007141125578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007142125578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007143125906.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007144125187.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007145125937.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007150126187.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007151125453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007152125578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007153125578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007154129703.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007155126328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007161127109.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007162125453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007163125687.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007164126171.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007165126359.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008104210703.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008105205781.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008110204750.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008111207390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008112204750.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008113205125.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008114204671.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008115204921.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008120204734.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008121204625.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007104125328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007132126453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007160125718.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008122204718.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008150205046.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009095526531.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009123526593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009151526609.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012144915703.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013131726296.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013155726453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091014104751343.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091014132756515.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008123204453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008124204609.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008125204484.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008130204406.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008131204843.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008132204531.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008133204375.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008134204500.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008135204390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008140205250.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008141204937.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008142204734.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008143205375.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008144204859.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008145204781.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008151205328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008152204968.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008153204593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008154205937.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008155205843.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008160204890.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008161205656.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008162204953.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009084527109.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009085526250.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009090526343.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009091526578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009092526328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009093526437.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009094526390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009100526375.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009101526765.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009102528515.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009103526390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009104526281.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009105538515.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009110526156.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009111526531.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009112526921.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009113526546.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009114526562.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009115526328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009120527343.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009121526546.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009122527703.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009124526343.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009125526843.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009130526390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009131527046.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009132526546.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009133526281.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009134526687.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009135526796.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009140526250.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009141526468.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009142526531.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009143526453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009144527328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009145526437.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009150526578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009152526250.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009153526281.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009154527218.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009155526390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009160526828.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009161530140.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009162526703.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009163526953.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009164526875.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009165526953.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012091916015.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012092915343.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012093915953.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012104916562.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012142925875.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013095801781.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013105731078.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013110730546.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013111731203.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013112726656.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013113726593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013114731625.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013115726578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013120726390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013121726500.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013122726625.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013123728859.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013124726390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013125726906.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013130726734.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013132726515.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013133726921.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013134726843.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013135734953.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013140726453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013141726968.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013142727484.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013143728140.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013144726625.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOGProcesses
-------------------
Path: C:\WWCnt\WwcNT.exe
PID: 3216 Status: Locked to the Windows API!

SSDT
-------------------
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\Program Files\Symantec\SYMEVENT.SYS" at address 0xaa3c4350

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\PROCHIDE.SYS" at address 0xf7b7e5b0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\Program Files\Symantec\SYMEVENT.SYS" at address 0xaa3c4580

==EOF==

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Sat Oct 24, 2009 12:25 am

Let's get a final check, hopefully:

Please download the latest version of Kaspersky GetSystemInfo (GSI) from [You must be registered and logged in to see this link.] and save it to your Desktop.
[color:077c="red"]Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to [You must be registered and logged in to see this link.] and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Sat Oct 24, 2009 1:11 pm

The security software my company has put on their laptops does not allow me to upload/attach files on any site except via my work email.

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Sat Oct 24, 2009 8:56 pm

Please download DDS by sUBs from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.] and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click Yes to the Optional_Scan
  • Please follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your Desktop.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Mon Oct 26, 2009 9:51 pm

DDS (Ver_09-10-26.01) - NTFSx86
Run by jcampanioni at 17:42:49.87 on Mon 10/26/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.509 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\LGEAD\ADAgentService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WWCNT\WWCSERVICE.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.exe
C:\WWCNT\WWCNT.EXE
C:\WWCNT\SYSTEM\PMonitor.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\lguser\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mWinlogon: Shell=Explorer.exe logon.exe
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [sesemural] Rundll32.exe "c:\windows\system32\faguzeri.dll",a
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: lge.com
DPF: {00000055-9980-0010-8000-00AA00389B71} - [You must be registered and logged in to see this link.]
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - [You must be registered and logged in to see this link.]
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - [You must be registered and logged in to see this link.]
DPF: {19A9C0F9-C5FB-46A0-8B6D-A9E2D2944FEF} - [You must be registered and logged in to see this link.]
DPF: {245DF0F9-179F-4027-875A-0493B21C204F} - [You must be registered and logged in to see this link.]
DPF: {31435657-9980-0010-8000-00AA00389B71} - [You must be registered and logged in to see this link.]
DPF: {33564D57-0000-0010-8000-00AA00389B71} - [You must be registered and logged in to see this link.]
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {6A70986F-6565-4D86-849C-4713E1E41AA2} - [You must be registered and logged in to see this link.]
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - [You must be registered and logged in to see this link.]
DPF: {B102CB47-BE39-4572-BD36-EB978A5FF76C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {DFA53E3E-E703-4B36-9EE7-82101A6A43CC} - [You must be registered and logged in to see this link.]
TCP: {A33C4699-B92C-407E-B4AC-344A394BCB77} = 136.166.10.50,136.166.10.51
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\faguzeri.dll,wuyiyage.dll
SSODL: tudoramep - {1a96c885-c84b-43ae-9c99-cf9874dc1ecb} - c:\windows\system32\faguzeri.dll
STS: kupuhivus: {1a96c885-c84b-43ae-9c99-cf9874dc1ecb} - c:\windows\system32\faguzeri.dll
SEH: DocHook Class: {6fc59230-01fc-49d4-978c-6875091f0b4e} - c:\program files\markany\document safer\madocmgr.dll
LSA: Notification Packages = scecli limiduva.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lguser\applic~1\mozilla\firefox\profiles\ultj2jdw.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 FileHook;SAFASOFT File System Filter;c:\windows\system32\drivers\filehook.sys [2009-7-29 46080]
R0 SFCDEX;WaterWall SFCDEX Filter;c:\windows\system32\drivers\sfcdex.sys [2009-7-7 10240]
R1 PROCHIDE;ProcHide Driver;c:\windows\system32\drivers\ProcHide.sys [2008-5-30 5632]
R1 Safandrv;Safandrv;c:\windows\system32\drivers\safandrv.sys [2008-5-30 16191]
R1 SFkbd;SAFASOFT Keyboard Filter;c:\windows\system32\drivers\SFKbd.sys [2008-5-30 4992]
R1 SFMouse;SAFASOFT Mouse Filter;c:\windows\system32\drivers\SFMouse.sys [2008-5-30 5632]
R1 SFRes;SAFASOFT Resource Driver;c:\windows\system32\drivers\sfres.sys [2008-5-30 34688]
R2 ADAgent;ADAgent;c:\program files\lgead\ADAgentService.exe [2008-8-13 586752]
R2 SDFA;SDFA Driver;c:\windows\system32\drivers\SDFA.SYS [2008-5-30 40960]
R2 SFfolder;SAFASOFT Encrpty Folder Driver;c:\windows\system32\drivers\SFFOLDER.SYS [2008-5-30 35200]
R2 WWC;Ww Client 3.2 Agent;c:\wwcnt\WwcService.exe [2009-6-2 233472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-27 102448]
R3 WwHook;WwHook Port Driver;c:\windows\system32\drivers\WWHOOK.SYS [2008-5-30 7867]
S0 cerc6;cerc6; [x]
S0 wfM18;wfM18;c:\windows\system32\drivers\wfm18.sys --> c:\windows\system32\drivers\wfM18.sys [?]
S1 Protect;Protect;c:\windows\system32\drivers\protect.sys --> c:\windows\system32\drivers\Protect.sys [?]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\lguser\locals~1\temp\aswarkrn.sys --> c:\docume~1\lguser\locals~1\temp\aswArKrn.sys [?]
S3 FDDec;SAFASOFT Encrpty Mobile Driver;c:\windows\system32\drivers\FDDec.SYS [2008-5-30 32384]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]

=============== Created Last 30 ================

2009-10-26 18:19:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-26 18:19:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-26 14:27:49 26628 ----a-w- c:\windows\system32\logon.exe
2009-10-21 13:57:57 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-10-21 13:57:48 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-10-21 12:36:36 60744 ----a-w- c:\documents and settings\lguser\g2mdlhlpx.exe
2009-10-19 00:10:06 0 d-----w- c:\program files\a-squared HiJackFree
2009-10-05 19:28:05 0 d-----w- C:\WWNtuser
2009-10-05 19:28:05 0 d-----w- C:\WWCnt
2009-10-05 14:33:01 98816 ----a-w- c:\windows\sed.exe
2009-10-05 14:33:01 236544 ----a-w- c:\windows\PEV.exe
2009-10-05 14:33:01 161792 ----a-w- c:\windows\SWREG.exe
2009-09-28 12:30:57 0 d-----w- c:\windows\ms
2009-09-28 12:28:59 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2009-09-28 12:28:59 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2009-09-28 12:28:58 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2009-09-28 12:28:58 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2009-09-28 12:23:10 0 d-----w- c:\windows\system32\NtmsData

==================== Find3M ====================

2009-09-25 05:37:11 667136 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:37:09 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 23:52:22 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13:08 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-26 14:27:41 168448 --sha-w- c:\windows\system32\faguzeri.dll
2009-07-26 14:27:40 89600 --sha-w- c:\windows\system32\hedufalo.dll
2009-07-26 14:27:40 51712 --sha-w- c:\windows\system32\lemuvene.dll
2009-07-26 14:28:16 51712 --sha-w- c:\windows\system32\letitisi.dll
2009-07-26 14:28:16 51712 --sha-w- c:\windows\system32\limiduva.dll
2009-07-26 14:28:16 51712 --sha-w- c:\windows\system32\wuyiyage.dll

============= FINISH: 17:44:56.32 ===============

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Mon Oct 26, 2009 9:51 pm

I couldnt attach this so I am posting it.




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/30/2009 1:49:55 PM
System Uptime: 10/26/2009 1:35:07 PM (4 hours ago)

Motherboard: Dell Inc. | | 0FT292
Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | Microprocessor | 1312/166mhz

==== Disk Partitions =========================

C: is fȋxed (NTFS) - 27 GiB total, 1.727 GiB free.
D: is fȋxed (NTFS) - 29 GiB total, 17.519 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01C21028&REV_01\3&61AAA01&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01C21028&REV_01\3&61AAA01&0&FB
Service:

==== System Restore Points ===================

RP103: 9/28/2009 8:26:31 AM - Installed Microsoft Fix it 50198
RP104: 9/29/2009 12:18:33 PM - System Checkpoint
RP105: 9/30/2009 6:09:35 PM - System Checkpoint
RP106: 10/1/2009 6:31:03 PM - System Checkpoint
RP107: 10/5/2009 10:33:17 AM - ComboFix created restore point
RP108: 10/5/2009 11:04:53 AM - Installed WWC
RP109: 10/5/2009 11:08:32 AM - Installed WWC
RP110: 10/5/2009 3:26:14 PM - Installed WWC
RP111: 10/8/2009 12:35:21 PM - System Checkpoint
RP112: 10/13/2009 11:47:31 AM - System Checkpoint
RP113: 10/15/2009 1:02:08 PM - System Checkpoint
RP114: 10/16/2009 1:16:30 PM - System Checkpoint
RP115: 10/18/2009 10:43:46 PM - System Checkpoint
RP116: 10/19/2009 11:29:21 PM - System Checkpoint
RP117: 10/20/2009 11:45:00 PM - System Checkpoint
RP118: 10/21/2009 12:02:21 PM - Software Distribution Service 3.0
RP119: 10/22/2009 9:50:07 PM - System Checkpoint
RP120: 10/24/2009 9:30:43 AM - System Checkpoint
RP121: 10/26/2009 6:45:10 AM - System Checkpoint
RP122: 10/26/2009 1:00:42 PM - Removed Bonjour

==== Installed Programs ======================

a-squared HiJackFree 3.1
Adobe Acrobat 8 Standard
Adobe Acrobat 8.1.2 Security Update 1 (KB403742)
Adobe Acrobat 8.1.2 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe® Photoshop® Album Starter Edition 3.2
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
Broadcom Gigabit Integrated Controller
Citrix Program Neighborhood
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Crystal Report ActiveX Viewer
Dell Wireless WLAN Card
Digital Line Detect
Document SAFER
Google Toolbar for Internet Explorer
GoToMeeting 4.0.0.320
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
IrfanView (remove only)
iTunes
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Juniper Networks Network Connect 5.2.0
Juniper Networks Network Connect 5.5.0
LG ActiveDirectory Service
LiveUpdate 3.1 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
Mozilla Firefox (3.0.14)
MSN
Next Generation Visualisations
Notepad++
Octoshape add-in for Adobe Flash Player
OZ776 SCR CardBus Windows Driver
Pride LG
QuickSet
QuickTime
Roxio DLA
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SEIWinFax
SigmaTel Audio
SMS Advanced Client
Something Fishy: 3D Desktop Aquarium Screen Saver v1.1DX Trial Version
Symantec AntiVirus
Update for Windows XP (KB951978)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Waterwall Client for Vista
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
WinRAR archiver
WWC
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

10/26/2009 12:52:55 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/26/2009 1:10:52 PM, error: Dhcp [1002] - The IP address lease 10.192.105.118 for the Network Card with network address 001C23084DCC has been denied by the DHCP server 136.166.10.50 (The DHCP Server sent a DHCPNACK message).
10/23/2009 10:07:22 AM, error: Service Control Manager [7024] - The Messenger service terminated with service-specific error 2270 (0x8DE).
10/22/2009 8:04:17 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The class is configured to run as a security id different from the caller
10/22/2009 7:49:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
10/22/2009 7:49:36 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
10/22/2009 7:48:04 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
10/22/2009 7:07:03 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
10/21/2009 1:33:00 PM, error: Dhcp [1002] - The IP address lease 10.192.107.84 for the Network Card with network address 001C23084DCC has been denied by the DHCP server 136.166.10.51 (The DHCP Server sent a DHCPNACK message).
10/20/2009 7:04:51 AM, error: NETLOGON [5719] - No Domain Controller is available for domain LGE due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
10/20/2009 5:41:02 PM, error: Dhcp [1002] - The IP address lease 10.192.100.140 for the Network Card with network address 001C2603524E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/20/2009 4:09:59 PM, error: NetBT [4321] - The name "LGE :1d" could not be registered on the Interface with IP address 10.192.100.140. The machine with the IP address 10.192.100.94 did not allow the name to be claimed by this machine.
10/19/2009 8:28:20 AM, error: Schannel [36882] - The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, nȯne of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.
10/19/2009 8:27:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Protect
10/19/2009 8:27:08 PM, error: Service Control Manager [7022] - The Ww Client 3.2 Agent service hung on starting.

==== End Of File ===========================

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Mon Oct 26, 2009 9:52 pm

I also just got a popup from Mozilla for "Best Virus Protection - Best Spyware Protection - Shield Deluxe 2010" which I closed.

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Belahzur on Tue Oct 27, 2009 12:07 am

Can you re-run Combofix now, DDS shows a new vundo infection.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Tue Oct 27, 2009 1:01 am

ComboFix 09-10-26.01 - jcampanioni 10/26/2009 20:29.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.546 [GMT -5:00]
Running from: c:\documents and settings\lguser\My Documents\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\gefaduni.dll.tmp
c:\windows\system32\hedufalo.dll
c:\windows\system32\limiduva.dll
c:\windows\system32\logon.exe
c:\windows\system32\mowanitu.dll.tmp
c:\windows\system32\yadarodu.dll.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Protect


((((((((((((((((((((((((( Files Created from 2009-09-27 to 2009-10-27 )))))))))))))))))))))))))))))))
.

2009-10-26 18:19 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-26 18:19 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 13:57 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-10-21 13:57 . 2009-09-04 21:03 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-10-21 12:36 . 2009-10-21 12:36 60744 ----a-w- c:\documents and settings\lguser\g2mdlhlpx.exe
2009-10-19 00:10 . 2009-10-19 00:10 -------- d-----w- c:\program files\a-squared HiJackFree
2009-10-05 19:28 . 2009-10-26 18:14 -------- d-----w- C:\WWNtuser
2009-10-05 19:28 . 2009-10-05 19:28 -------- d-----w- C:\WWCnt
2009-09-28 12:30 . 2009-09-28 12:30 -------- d-----w- c:\windows\ms
2009-09-28 12:23 . 2009-10-05 12:31 -------- d-----w- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-27 01:45 . 2009-03-09 19:57 -------- d-----w- c:\program files\Symantec AntiVirus
2009-10-26 18:19 . 2009-09-17 18:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-22 12:21 . 2007-08-21 19:07 -------- d-----w- c:\program files\LGEAD
2009-10-21 12:36 . 2007-08-21 18:31 -------- d-----w- c:\program files\Citrix
2009-10-20 17:46 . 2007-08-21 18:31 -------- d-----w- c:\documents and settings\lguser\Application Data\ICAClient
2009-10-05 19:28 . 2007-08-21 18:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-29 15:31 . 2007-08-27 16:56 76304 ----a-w- c:\documents and settings\lguser\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-26 22:58 . 2009-09-26 22:58 -------- d-----w- c:\documents and settings\lguser\Application Data\Notepad++
2009-09-26 22:58 . 2009-09-26 22:58 -------- d-----w- c:\program files\Notepad++
2009-09-25 05:37 . 2008-04-14 12:00 667136 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-25 01:56 . 2009-09-25 01:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-11 14:18 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 14:56 . 2009-07-31 19:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-02 16:05 . 2007-10-12 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-26 08:00 . 2008-04-14 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 23:24 . 2007-08-21 17:54 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2007-08-21 17:54 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2007-08-21 17:54 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2007-08-21 17:54 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2008-04-14 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2007-08-21 17:54 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2007-08-21 17:54 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 23:52 . 2009-08-04 23:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13 . 2008-04-14 12:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2008-04-14 00:01 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 19:47 . 2009-07-29 19:47 46080 ----a-w- c:\windows\system32\drivers\filehook.sys
2009-07-26 14:27 . 2009-07-26 14:27 51712 --sha-w- c:\windows\system32\lemuvene.dll
2009-07-26 14:28 . 2009-07-26 14:28 51712 --sha-w- c:\windows\system32\letitisi.dll
2008-05-22 12:52 . 2008-05-22 12:52 1244493 -csha-w- c:\windows\system32\txvpkiry.tmp
.

((((((((((((((((((((((((((((( SnapShot_2009-10-23_00.05.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-27 01:47 . 2009-10-27 01:47 16384 c:\windows\temp\Perflib_Perfdata_8c4.dat
- 2004-08-04 10:00 . 2009-09-28 12:37 41814 c:\windows\system32\perfc009.dat
+ 2004-08-04 10:00 . 2009-10-27 01:49 41814 c:\windows\system32\perfc009.dat
+ 2009-09-28 12:26 . 2009-10-27 01:49 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-28 12:26 . 2009-09-28 12:26 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-30 18:52 . 2009-10-27 01:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-30 18:52 . 2009-09-28 12:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-26 14:27 . 2009-10-27 01:49 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2004-08-04 10:00 . 2009-09-28 12:37 316798 c:\windows\system32\perfh009.dat
+ 2004-08-04 10:00 . 2009-10-27 01:49 316798 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-04-14 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"sesemural"="c:\windows\system32\faguzeri.dll" [BU]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6FC59230-01FC-49D4-978C-6875091F0B4E}"= "c:\program files\MarkAny\Document SAFER\madocmgr.dll" [2005-09-22 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logoff\0\0]
"Script"=offInsert.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\0\0]
"Script"=AgentUnInstall.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\1\0]
"Script"=DNSSearch.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\2\0]
"Script"=twLogOn_2.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\3\0]
"Script"=ie.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\4\0]
"Script"=logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\5\0]
"Script"=setdns.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logoff\0\0]
"Script"=offInsert.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\0\0]
"Script"=AgentUnInstall.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\1\0]
"Script"=DNSSearch.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\2\0]
"Script"=ipid.vbe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\3\0]
"Script"=ie.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\4\0]
"Script"=logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\5\0]
"Script"=setdns.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDDec.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filehook.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProcHide.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\safandrv.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SDFA.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SFCDEX.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SFfolder.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SFKbd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SFMouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SFRes.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wfM18.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WWC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WwHook.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WWCnt\\WwcNT.exe"=
"c:\\WWCnt\\System\\Rdscrn.exe"= c:\\WWCNT\\System\\Rdscrn.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7100:TCP"= 7100:TCP:WWC
"7200:TCP"= 7200:TCP:WWC
"2810:TCP"= 2810:TCP:WWC

R0 FileHook;SAFASOFT File System Filter;c:\windows\system32\drivers\filehook.sys [7/29/2009 2:47 PM 46080]
R0 SFCDEX;WaterWall SFCDEX Filter;c:\windows\system32\drivers\sfcdex.sys [7/7/2009 8:04 AM 10240]
R1 PROCHIDE;ProcHide Driver;c:\windows\system32\drivers\ProcHide.sys [5/30/2008 7:20 AM 5632]
R1 Safandrv;Safandrv;c:\windows\system32\drivers\safandrv.sys [5/30/2008 7:20 AM 16191]
R1 SFkbd;SAFASOFT Keyboard Filter;c:\windows\system32\drivers\SFKbd.sys [5/30/2008 7:20 AM 4992]
R1 SFMouse;SAFASOFT Mouse Filter;c:\windows\system32\drivers\SFMouse.sys [5/30/2008 7:20 AM 5632]
R1 SFRes;SAFASOFT Resource Driver;c:\windows\system32\drivers\sfres.sys [5/30/2008 7:20 AM 34688]
R2 ADAgent;ADAgent;c:\program files\LGEAD\ADAgentService.exe [8/13/2008 4:36 PM 586752]
R2 SDFA;SDFA Driver;c:\windows\system32\drivers\SDFA.SYS [5/30/2008 7:20 AM 40960]
R2 SFfolder;SAFASOFT Encrpty Folder Driver;c:\windows\system32\drivers\SFFOLDER.SYS [5/30/2008 7:20 AM 35200]
R2 WWC;Ww Client 3.2 Agent;c:\wwcnt\WwcService.exe [6/2/2009 4:47 PM 233472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 11:44 AM 102448]
R3 WwHook;WwHook Port Driver;c:\windows\system32\drivers\WWHOOK.SYS [5/30/2008 7:20 AM 7867]
S0 cerc6;cerc6; [x]
S0 wfM18;wfM18;c:\windows\system32\Drivers\wfM18.sys --> c:\windows\system32\Drivers\wfM18.sys [?]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\lguser\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\lguser\LOCALS~1\Temp\aswArKrn.sys [?]
S3 FDDec;SAFASOFT Encrpty Mobile Driver;c:\windows\system32\drivers\FDDec.SYS [5/30/2008 7:20 AM 32384]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 7:33 PM 116464]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: lge.com
TCP: {A33C4699-B92C-407E-B4AC-344A394BCB77} = 136.166.10.50,136.166.10.51
DPF: {19A9C0F9-C5FB-46A0-8B6D-A9E2D2944FEF} - [You must be registered and logged in to see this link.]
DPF: {245DF0F9-179F-4027-875A-0493B21C204F} - [You must be registered and logged in to see this link.]
DPF: {6A70986F-6565-4D86-849C-4713E1E41AA2} - [You must be registered and logged in to see this link.]
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - [You must be registered and logged in to see this link.]
DPF: {B102CB47-BE39-4572-BD36-EB978A5FF76C} - [You must be registered and logged in to see this link.]
DPF: {DFA53E3E-E703-4B36-9EE7-82101A6A43CC} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\lguser\Application Data\Mozilla\Firefox\Profiles\ultj2jdw.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
SharedTaskScheduler-{1a96c885-c84b-43ae-9c99-cf9874dc1ecb} - c:\windows\system32\faguzeri.dll
SSODL-tudoramep-{1a96c885-c84b-43ae-9c99-cf9874dc1ecb} - c:\windows\system32\faguzeri.dll
SafeBoot-qxF53.sys
SafeBoot-qyG86.sys
SafeBoot-scK10.sys
SafeBoot-SFReg.sys
SafeBoot-tdL10.sys
SafeBoot-wfN32.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-26 20:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...


c:\windows\system32\wbem\Performance\WmiApRpl_new.ini 924 bytes

scan completed successfully
hȋdden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2424)
c:\wwcnt\SYSTEM\safaweb.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\CCM\CcmExec.exe
c:\wwcnt\SYSTEM\PMonitor.exe
c:\combofix\CF649.exe
c:\combofix\hidec.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
c:\combofix\mbr.cfxxe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-27 21:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-27 01:59
ComboFix2.txt 2009-10-23 00:12
ComboFix3.txt 2009-10-05 14:47
ComboFix4.txt 2009-09-25 06:12

Pre-Run: 2,356,129,792 bytes free
Post-Run: 2,330,292,224 bytes free

- - End Of File - - FDC112E66D91F9189FB069557FB96537

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Belahzur on Tue Oct 27, 2009 7:49 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\windows\system32\lemuvene.dll
    c:\windows\system32\letitisi.dll
    c:\windows\system32\txvpkiry.tmp

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "sesemural"=-


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Wed Oct 28, 2009 1:30 am

========== FILES ==========
DllUnregisterServer procedure not found in c:\windows\system32\lemuvene.dll
c:\windows\system32\lemuvene.dll NOT unregistered.
c:\windows\system32\lemuvene.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\letitisi.dll
c:\windows\system32\letitisi.dll NOT unregistered.
c:\windows\system32\letitisi.dll moved successfully.
c:\windows\system32\txvpkiry.tmp moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sesemural not found.

OTM by OldTimer - Version 3.0.0.6 log created on 10272009_213308

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Belahzur on Wed Oct 28, 2009 1:40 am

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Wed Oct 28, 2009 1:51 am

still acting up. Random popups every so often, nȯne that are for fake virus software tho. Also when I ran that command that you told me combofix had a popup that said a file was trying to attach itself to it. c:\WINDOWS\system32\gayuhiyu.dll

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27108
# Likes # Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum