Total Security Help Needed

Page 2 of 4 Previous  1, 2, 3, 4  Next

View previous topic View next topic Go down

Total Security Help Needed

Post by Jay Cee on Fri 25 Sep 2009, 12:10 pm

First topic message reminder :

I have Dell Latitude D620 for work. I noticed on Monday some pop ups so I ran malwarebytes and removed everything it found. I went on a business trip to Denver on Tuesday. Once I got to my hotel that evening and booted up my computer I noticed this fake scanner within minutes. It will not let me boot up in any safe mode nor will it let me run malwarebytes. I even tried downloading malwarebytes again as a different file name, installed it, made sure that check for updates and launch app were checked and hit finish but this virus will not allow it to run. I have no idea what to do now. I am on my personal laptop now trying to research this but everything I find says to run malwarebytes which I have tried to do already. I would much rather take care of this on my own than hand my laptop over to the IT department. Someone please help me out. I will come back here and check on this thread a few times an hour while I am awake. I thank everyone in advance for any help you may offer.

Jay Cee

Rookie Surfer
Rookie Surfer

Posts: 98
Joined: 2009-09-25
Operating System: XP

View user profile

Back to top Go down


Re: Total Security Help Needed

Post by DragonMaster Jay on Tue 29 Sep 2009, 3:07 am

Hi

Please download avast! ANTIROOTKIT from avast.com and save it to your Desktop.

Note: to prevent false positives, please quit all running programs before starting the scan!
  • Double-click on aswar.exe to start the program.
  • Click Show Scan Options.
  • Make sure the following checkboxes have checkmarks in them: hȋdden Files and Directories, hȋdden Services and Drivers, hȋdden Registry Keys and Values, hȋdden Processes, Log all scanned items.
  • Click the big Scan Now! button.
  • Click View scan log. Please post the contents of that log in your next reply. If the scan log will not launch, please tell me.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts: 13452
Joined: 2009-09-07
Operating System: Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Thu 01 Oct 2009, 9:31 am

For some reason i cant paste the log into my reply. But the message "No rootkits have been found" with a green check mark did appear after the scan was complete.

Jay Cee

Rookie Surfer
Rookie Surfer

Posts: 98
Joined: 2009-09-25
Operating System: XP

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by DragonMaster Jay on Thu 01 Oct 2009, 5:00 pm

Hi

Please download SpiderKill and save it to your Desktop.
  • Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  • Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  • Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts: 13452
Joined: 2009-09-07
Operating System: Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Fri 02 Oct 2009, 8:12 am

SpiderKill by DragonMaster Jay ( Oct 2009 )


Microsoft Windows XP [Version 5.1.2600]

********************Drivers list********************


Volume in drive C has no label.
Volume Serial Number is FC17-E078

Directory of C:\Windows\System32\Drivers

09/26/2009 12:39 PM .
09/26/2009 12:39 PM ..
04/14/2008 08:00 AM 187,776 acpi.sys
04/14/2008 08:00 AM 11,648 acpiec.sys
04/14/2008 08:00 AM 142,592 aec.sys
08/14/2008 06:04 AM 138,496 afd.sys
04/14/2008 08:00 AM 42,368 agp440.sys
04/14/2008 08:00 AM 44,928 agpcpq.sys
04/14/2008 08:00 AM 42,752 alim1541.sys
04/14/2008 08:00 AM 43,008 amdagp.sys
04/14/2008 08:00 AM 37,376 amdk6.sys
04/14/2008 08:00 AM 37,760 amdk7.sys
08/12/2005 04:50 PM 16,128 APPDRV.SYS
04/14/2008 08:00 AM 60,800 arp1394.sys
04/14/2008 08:00 AM 14,336 asyncmac.sys
04/14/2008 08:00 AM 96,512 atapi.sys
04/14/2008 08:00 AM 59,904 atmarpc.sys
04/14/2008 08:00 AM 31,360 atmepvc.sys
04/14/2008 08:00 AM 55,808 atmlane.sys
04/14/2008 08:00 AM 352,256 atmuni.sys
08/17/2001 09:59 AM 3,072 audstub.sys
10/26/2005 10:01 AM 142,720 b57xp32.sys
04/14/2008 08:00 AM 14,208 battc.sys
09/21/2004 07:18 PM 148,830 bcbthub.sys
03/16/2007 06:10 PM 604,928 BCMWL5.SYS
03/16/2007 06:10 PM 33,664 BCMWLNPF.SYS
04/14/2008 08:00 AM 4,224 beep.sys
10/19/2004 12:39 PM 20,096 blueletaudio.sys
04/14/2008 08:00 AM 71,552 bridge.sys
11/08/2004 11:22 AM 24,152 btcusb.sys
04/14/2008 08:00 AM 17,024 bthenum.sys
10/19/2004 02:40 PM 28,207 BTHidMgr.sys
04/14/2008 08:00 AM 273,024 bthport.sys
04/14/2008 08:00 AM 18,944 bthusb.sys
09/21/2004 07:15 PM 10,804 BtNetDrv.sys
04/14/2008 08:00 AM 13,952 cbidf2k.sys
04/14/2008 12:16 AM 17,024 ccdecode.sys
04/14/2008 08:00 AM 18,688 cdaudio.sys
04/14/2008 08:00 AM 63,744 cdfs.sys
04/14/2008 08:00 AM 62,976 cdrom.sys
12/21/2004 06:29 PM 39,904 cercsr6.sys
04/14/2008 08:00 AM 262,528 cinemst2.sys
04/14/2008 08:00 AM 49,536 classpnp.sys
04/14/2008 08:00 AM 13,952 cmbatt.sys
04/14/2008 08:00 AM 10,240 compbatt.sys
04/14/2008 08:00 AM 11,776 cpqdap01.sys
04/14/2008 08:00 AM 36,736 crusoe.sys
11/30/2005 11:39 PM 141,497 del1028.cty
08/21/2007 09:35 AM disdn
04/14/2008 08:00 AM 36,352 disk.sys
04/14/2008 08:00 AM 14,208 diskdump.sys
11/18/2005 12:02 PM 5,660 DLACDBHM.SYS
11/18/2005 12:02 PM 22,684 DLARTL_N.SYS
04/14/2008 08:00 AM 799,744 dmboot.sys
04/14/2008 08:00 AM 153,344 dmio.sys
04/14/2008 08:00 AM 5,888 dmload.sys
04/14/2008 12:15 AM 52,864 DMusic.sys
04/14/2008 08:00 AM 60,160 drmk.sys
04/14/2008 08:00 AM 2,944 drmkaud.sys
09/12/2005 03:30 AM 89,264 DRVMCDB.SYS
08/12/2005 05:20 AM 40,544 DRVNDDM.SYS
12/26/2007 12:38 AM 23,552 dsNcAdpt.sys
04/14/2008 08:00 AM 10,496 dxapi.sys
04/14/2008 08:00 AM 71,168 dxg.sys
04/14/2008 08:00 AM 3,328 dxgthk.sys
09/25/2009 01:59 AM etc
04/14/2008 08:00 AM 143,744 fastfat.sys
04/14/2008 08:00 AM 27,392 fdc.sys
07/18/2009 01:45 PM 32,384 FDDec.SYS
07/18/2009 01:45 PM 45,952 Filehook.sys
04/14/2008 08:00 AM 44,544 fips.sys
04/14/2008 08:00 AM 20,480 flpydisk.sys
04/14/2008 08:00 AM 129,792 fltMgr.sys
04/14/2008 08:00 AM 12,160 fsvga.sys
04/14/2008 08:00 AM 7,936 fs_rec.sys
04/14/2008 08:00 AM 125,056 ftdisk.sys
09/21/2004 07:18 PM 116,021 fw203x.sys
04/14/2008 08:00 AM 46,464 gagp30kx.sys
03/19/2009 04:32 PM 23,400 GEARAspiWDM.sys
04/14/2008 08:00 AM 3,440,660 gm.dls
04/14/2008 08:00 AM 646 gmreadme.txt
04/14/2008 08:00 AM 144,384 hdaudbus.sys
08/12/2004 05:45 PM 113,664 Hdaudio.sys
04/14/2008 08:00 AM 36,864 hidclass.sys
04/14/2008 08:00 AM 24,960 hidparse.sys
04/14/2008 08:00 AM 10,368 hidusb.sys
12/01/2005 01:40 AM 192,512 HSXHWAZL.sys
12/01/2005 01:40 AM 669,696 HSX_CNXT.sys
12/01/2005 01:40 AM 936,960 HSX_DPV.sys
04/14/2008 08:00 AM 264,832 http.sys
04/14/2008 08:00 AM 52,480 i8042prt.sys
05/31/2007 12:38 AM 8,992 idisw2km.sys
03/30/2007 09:34 PM 5,704,672 igxpmp32.sys
04/14/2008 08:00 AM 42,112 imapi.sys
04/14/2008 08:00 AM 36,352 intelppm.sys
04/14/2008 08:00 AM 36,608 ip6fw.sys
04/14/2008 08:00 AM 32,896 ipfltdrv.sys
04/14/2008 08:00 AM 20,864 ipinip.sys
04/14/2008 08:00 AM 152,832 ipnat.sys
04/14/2008 08:00 AM 75,264 ipsec.sys
04/14/2008 08:00 AM 11,264 irenum.sys
04/14/2008 08:00 AM 37,248 isapnp.sys
04/14/2008 08:00 AM 24,576 kbdclass.sys
05/31/2007 12:38 AM 11,744 kbstuff5.sys
04/14/2008 08:00 AM 172,416 kmixer.sys
04/14/2008 08:00 AM 141,056 ks.sys
06/24/2009 07:18 AM 92,928 ksecdd.sys
08/04/2004 01:56 AM 61,952 kstvtune.ax
08/04/2004 01:56 AM 90,624 kswdmcap.ax
08/04/2004 01:56 AM 43,008 ksxbar.ax
09/10/2009 02:53 PM 19,160 mbam.sys
09/10/2009 02:54 PM 38,224 mbamswissarmy.sys
04/14/2008 08:00 AM 7,680 mcd.sys
10/04/2005 11:57 PM 12,544 mdmxsdk.sys
04/14/2008 08:00 AM 63,744 mf.sys
04/14/2008 08:00 AM 4,224 mnmdd.sys
04/14/2008 08:00 AM 30,080 modem.sys
04/14/2008 08:00 AM 23,040 mouclass.sys
04/14/2008 08:00 AM 12,160 mouhid.sys
04/14/2008 08:00 AM 42,368 mountmgr.sys
04/14/2008 08:00 AM 92,544 mqac.sys
04/14/2008 08:00 AM 180,608 mrxdav.sys
10/24/2008 07:21 AM 455,296 mrxsmb.sys
04/14/2008 08:00 AM 19,072 msfs.sys
04/14/2008 08:00 AM 35,072 msgpc.sys
04/14/2008 08:00 AM 7,552 mskssrv.sys
04/14/2008 08:00 AM 5,376 mspclock.sys
04/14/2008 08:00 AM 4,992 mspqm.sys
04/14/2008 08:00 AM 15,488 mssmbios.sys
04/14/2008 12:09 AM 5,504 mstee.sys
04/14/2008 08:00 AM 105,344 mup.sys
04/14/2008 12:16 AM 85,248 nabtsfec.sys
04/14/2008 08:00 AM 182,656 ndis.sys
04/14/2008 08:00 AM 10,880 ndisip.sys
04/14/2008 08:00 AM 10,112 ndistapi.sys
04/14/2008 08:00 AM 14,592 ndisuio.sys
04/14/2008 08:00 AM 91,520 ndiswan.sys
04/14/2008 08:00 AM 40,576 ndproxy.sys
04/14/2008 08:00 AM 34,688 netbios.sys
04/14/2008 08:00 AM 162,816 netbt.sys
04/14/2008 08:00 AM 61,824 nic1394.sys
04/14/2008 08:00 AM 12,032 nikedrv.sys
04/14/2008 08:00 AM 40,320 nmnt.sys
04/14/2008 08:00 AM 30,848 npfs.sys
04/14/2008 08:00 AM 574,976 ntfs.sys
04/14/2008 08:00 AM 2,944 null.sys
04/14/2008 08:00 AM 12,416 nwlnkflt.sys
04/14/2008 08:00 AM 32,512 nwlnkfwd.sys
04/14/2008 08:00 AM 88,320 nwlnkipx.sys
04/14/2008 08:00 AM 63,232 nwlnknb.sys
04/14/2008 08:00 AM 55,936 nwlnkspx.sys
04/14/2008 08:00 AM 163,584 nwrdr.sys
02/11/2005 05:02 AM 8,655 o2mwxp.cat
02/09/2005 02:33 PM 4,286 O2MWXP.INF
04/14/2008 08:00 AM 3,456 oprghdlr.sys
04/27/2003 10:31 PM 51,169 OXSER.SYS
11/18/2000 08:56 PM 14,380 OXSER.VXD
04/14/2008 08:00 AM 42,752 p3.sys
09/21/2004 07:18 PM 13,299 packet.sys
04/14/2008 08:00 AM 80,128 parport.sys
04/14/2008 08:00 AM 19,712 partmgr.sys
04/14/2008 08:00 AM 6,784 parvdm.sys
04/14/2008 08:00 AM 68,224 pci.sys
04/14/2008 08:00 AM 3,328 pciide.sys
04/14/2008 08:00 AM 24,960 pciidex.sys
04/14/2008 08:00 AM 120,192 pcmcia.sys
04/01/2004 05:30 PM 10,368 pfc.sys
04/14/2008 08:00 AM 146,048 portcls.sys
04/14/2008 08:00 AM 35,840 processr.sys
07/18/2009 01:45 PM 5,632 ProcHide.sys
04/14/2008 08:00 AM 69,120 psched.sys
04/14/2008 08:00 AM 17,792 ptilink.sys
04/14/2008 08:00 AM 8,832 rasacd.sys
04/14/2008 08:00 AM 51,328 rasl2tp.sys
04/14/2008 08:00 AM 41,472 raspppoe.sys
04/14/2008 08:00 AM 48,384 raspptp.sys
04/14/2008 08:00 AM 16,512 raspti.sys
04/14/2008 08:00 AM 34,432 rawwan.sys
04/14/2008 08:00 AM 175,744 rdbss.sys
04/14/2008 08:00 AM 4,224 rdpcdd.sys
04/14/2008 12:02 AM 196,224 rdpdr.sys
04/14/2008 08:00 AM 139,656 rdpwd.sys
04/14/2008 12:10 AM 57,600 redbook.sys
04/14/2008 08:00 AM 59,136 rfcomm.sys
04/14/2008 08:00 AM 12,032 rio8drv.sys
04/14/2008 08:00 AM 12,032 riodrv.sys
05/08/2008 10:02 AM 203,136 rmcast.sys
04/14/2008 08:00 AM 30,592 rndismp.sys
04/14/2008 08:00 AM 5,888 rootmdm.sys
07/18/2009 01:45 PM 16,191 safandrv.sys
08/03/2003 11:05 AM 73,728 SCBaud.cpl
12/12/2002 02:35 AM 86,016 SCBaud.w9x
04/14/2008 08:00 AM 96,384 scsiport.sys
07/11/2001 11:19 AM 5,787 SCTB.VXD
09/22/2002 04:30 AM 40,960 SCTray.exe
04/14/2008 08:00 AM 79,232 sdbus.sys
07/18/2009 01:45 PM 40,960 SDFA.SYS
04/14/2008 08:00 AM 20,480 secdrv.sys
04/14/2008 08:00 AM 15,744 serenum.sys
04/14/2008 08:00 AM 64,512 serial.sys
07/18/2009 01:45 PM 10,240 sfcdex.sys
04/14/2008 08:00 AM 11,904 sffdisk.sys
07/18/2009 01:45 PM 35,200 SFFOLDER.SYS
04/14/2008 08:00 AM 10,240 sffp_mmc.sys
04/14/2008 08:00 AM 11,008 sffp_sd.sys
07/18/2009 01:45 PM 4,992 SFKbd.sys
04/14/2008 08:00 AM 11,392 sfloppy.sys
07/18/2009 01:45 PM 5,632 SFMouse.sys
07/18/2009 01:45 PM 34,688 sfres.sys
02/10/2004 10:29 AM 48,076 Sio9502k.sys
09/17/2002 04:11 AM 77,824 SioUi2k.dll
04/14/2008 08:00 AM 40,960 sisagp.sys
03/22/2004 07:26 AM 48,556 SktBt2k.sys
03/02/2004 09:04 AM 16,486 sktsio9x.vxd
04/14/2008 08:00 AM 11,136 slip.sys
04/14/2008 08:00 AM 14,592 smclib.sys
04/14/2008 08:00 AM 25,344 sonydcam.sys
04/14/2008 12:15 AM 6,272 splitter.sys
04/14/2008 08:00 AM 73,472 sr.sys
12/11/2008 06:57 AM 333,952 srv.sys
03/24/2006 05:34 PM 1,156,648 sthda.sys
04/14/2008 08:00 AM 49,408 stream.sys
04/14/2008 08:00 AM 15,232 streamip.sys
04/14/2008 08:00 AM 4,352 swenum.sys
04/14/2008 08:00 AM 56,576 swmidi.sys
09/18/2006 05:55 PM 109,744 SYMEVENT.SYS
04/14/2008 08:00 AM 60,800 sysaudio.sys
04/14/2008 08:00 AM 14,976 tape.sys
06/20/2008 07:51 AM 361,600 tcpip.sys
06/20/2008 07:08 AM 225,856 tcpip6.sys
04/14/2008 08:00 AM 19,072 tdi.sys
04/14/2008 08:00 AM 12,040 tdpipe.sys
04/14/2008 08:00 AM 21,896 tdtcp.sys
04/14/2008 05:43 AM 40,840 termdd.sys
04/14/2008 08:00 AM 51,712 tosdvd.sys
04/14/2008 08:00 AM 21,376 tsbvcap.sys
04/14/2008 08:00 AM 12,288 tunmp.sys
04/14/2008 08:00 AM 44,672 uagp35.sys
04/14/2008 08:00 AM 66,048 udfs.sys
04/14/2008 08:00 AM 384,768 update.sys
04/14/2008 08:00 AM 12,800 usb8023.sys
06/05/2009 11:42 AM 39,424 usbaapl.sys
04/14/2008 08:00 AM 25,600 usbcamd.sys
04/14/2008 08:00 AM 25,728 usbcamd2.sys
05/18/2005 05:27 PM 7,764 usbccid.cat
05/17/2005 02:45 PM 1,872 usbccid.inf
05/13/2005 05:27 PM 28,672 usbccid.sys
04/14/2008 08:00 AM 4,736 usbd.sys
04/14/2008 08:00 AM 30,208 usbehci.sys
04/14/2008 08:00 AM 59,520 usbhub.sys
04/14/2008 08:00 AM 15,872 usbintel.sys
04/14/2008 08:00 AM 143,872 usbport.sys
04/14/2008 12:15 AM 15,104 usbscan.sys
04/14/2008 08:00 AM 26,368 usbstor.sys
04/14/2008 08:00 AM 20,608 usbuhci.sys
09/21/2004 07:18 PM 11,604 vbtenum.sys
10/19/2004 02:37 PM 61,312 VComm.sys
11/05/2004 12:39 PM 82,148 VcommMgr.sys
04/14/2008 08:00 AM 58,112 vdmindvd.sys
08/04/2004 01:56 AM 53,760 vfwwdm32.dll
04/14/2008 08:00 AM 20,992 vga.sys
09/22/2004 07:08 PM 12,504 VHIDMini.sys
04/14/2008 08:00 AM 42,240 viaagp.sys
08/04/2004 01:56 AM 28,672 vidcap.ax
04/14/2008 08:00 AM 81,664 videoprt.sys
04/14/2008 08:00 AM 52,352 volsnap.sys
04/14/2008 08:00 AM 34,560 wanarp.sys
04/14/2008 08:00 AM 83,072 wdmaud.sys
04/14/2008 08:00 AM 8,832 wmiacpi.sys
04/14/2008 08:00 AM 4,352 wmilib.sys
04/14/2008 08:00 AM 12,032 ws2ifsl.sys
07/02/2003 11:58 PM 63,488 wssbtr1f.sys
04/14/2008 12:16 AM 19,200 wstcodec.sys
07/18/2009 01:46 PM 7,867 WWHOOK.SYS
270 File(s) 28,520,997 bytes

Directory of C:\Windows\System32\Drivers\disdn

08/21/2007 09:35 AM .
08/21/2007 09:35 AM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\etc

09/25/2009 01:59 AM .
09/25/2009 01:59 AM ..
09/25/2009 01:59 AM 27 hosts
12/26/2007 06:13 PM 734 hosts.msn
03/02/2009 04:20 PM 734 hosts.sym
08/04/2004 06:00 AM 3,683 lmhosts.sam
08/04/2004 06:00 AM 407 networks
08/04/2004 06:00 AM 799 protocol
08/04/2004 06:00 AM 7,116 services
7 File(s) 13,500 bytes

Total Files Listed:
277 File(s) 28,534,497 bytes
8 Dir(s) 3,352,870,912 bytes free


***********************Hidden Drivers********************
Volume in drive C has no label.
Volume Serial Number is FC17-E078

Directory of C:\Windows\System32\Drivers



*********************Processes*******************


PROCESS PID PRIO PATH
smss.exe 632 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 680 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 704 High C:\WINDOWS\system32\winlogon.exe
services.exe 748 Normal C:\WINDOWS\system32\services.exe
lsass.exe 768 Normal C:\WINDOWS\system32\lsass.exe
svchost.exe 968 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1036 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1076 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1172 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1208 Normal C:\WINDOWS\system32\svchost.exe
spoolsv.exe 1508 Normal C:\WINDOWS\system32\spoolsv.exe
SCardSvr.exe 1544 Normal C:\WINDOWS\System32\SCardSvr.exe
svchost.exe 1956 Normal C:\WINDOWS\system32\svchost.exe
WWCSERVICE.EXE 2024 Real Time C:\WWCNT\WWCSERVICE.EXE
ADAgentService.exe 292 Normal C:\Program Files\LGEAD\ADAgentService.exe
AppleMobileDeviceService.exe 312 Normal C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
mDNSResponder.exe 328 Normal C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe 396 Normal C:\WINDOWS\system32\svchost.exe
ccSetMgr.exe 452 Normal C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
DefWatch.exe 544 Normal C:\Program Files\Symantec AntiVirus\DefWatch.exe
dsNcService.exe 576 Normal C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
MDM.EXE 684 Normal C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
NICCONFIGSVC.exe 1100 Normal C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
svchost.exe 1168 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1272 Normal C:\WINDOWS\system32\svchost.exe
Rtvscan.exe 1288 Normal C:\Program Files\Symantec AntiVirus\Rtvscan.exe
ViewpointService.exe 268 Normal C:\Program Files\Viewpoint\Common\ViewpointService.exe
WLTRYSVC.EXE 1636 Normal C:\WINDOWS\System32\WLTRYSVC.EXE
Wuser32.exe 1652 Normal C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
bcmwltry.exe 1664 Normal C:\WINDOWS\System32\bcmwltry.exe
ccEvtMgr.exe 1716 Normal C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
CcmExec.exe 1908 Normal C:\WINDOWS\system32\CCM\CcmExec.exe
wmiprvse.exe 1360 Normal C:\WINDOWS\system32\wbem\wmiprvse.exe
wmiprvse.exe 2068 Normal C:\WINDOWS\system32\wbem\wmiprvse.exe
wmiprvse.exe 2432 Normal C:\WINDOWS\system32\wbem\wmiprvse.exe
ViewMgr.exe 2936 Normal C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Explorer.EXE 3072 Normal C:\WINDOWS\Explorer.EXE
WLTRAY.exe 504 Normal C:\WINDOWS\system32\WLTRAY.exe
quickset.exe 1268 Normal C:\Program Files\Dell\QuickSet\quickset.exe
DLACTRLW.EXE 984 Normal C:\WINDOWS\System32\DLA\DLACTRLW.EXE
jusched.exe 1328 Normal C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
Acrotray.exe 1032 Normal C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
apdproxy.exe 2012 Normal C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
ccApp.exe 2792 Normal C:\Program Files\Common Files\Symantec Shared\ccApp.exe
VPTray.exe 2840 Normal C:\PROGRA~1\SYMANT~1\VPTray.exe
hkcmd.exe 2900 Normal C:\WINDOWS\system32\hkcmd.exe
igfxsrvc.exe 3008 Normal C:\WINDOWS\system32\igfxsrvc.exe
igfxpers.exe 3020 Normal C:\WINDOWS\system32\igfxpers.exe
stsystra.exe 3076 Normal C:\WINDOWS\stsystra.exe
MsnMsgr.Exe 3496 Normal C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
FNPLicensingService.exe 3944 Normal C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
ymsgr_tray.exe 3552 Normal C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
jucheck.exe 492 Normal C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
wmiprvse.exe 3660 Normal C:\WINDOWS\system32\wbem\wmiprvse.exe
cmd.exe 2384 Normal C:\WINDOWS\system32\cmd.exe
processes.exe 3176 Normal C:\Documents and Settings\lguser\Desktop\SpiderKill\SpiderKill\processes.exe


Module information for 'Explorer.EXE'(3072)
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1044480 C:\WINDOWS\Explorer.EXE 6.00.2900.5512 (xpsp.080413-2105) Windows Explorer
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5795 (xpsp_sp3_gdr.090415-1241) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
BROWSEUI.dll 75f80000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Light-weight Utility Library
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512 5.1.2600.5512
SHDOCVW.dll 7e290000 1519616 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.5848 (xpsp_sp3_gdr.090718-1251) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 610304 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.5512 (xpsp.080413-2113) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.5512 (xpsp.080413-0852) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust UI Provider
NETAPI32.dll 5b860000 348160 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) Net Win32 API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
WININET.dll 771b0000 696320 C:\WINDOWS\system32\WININET.dll 6.00.2900.5835 (xpsp_sp3_gdr.090626-1535) Internet Extensions for Win32
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.5512 (xpsp.080413-2105) Windows NT Image Helper
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) Windows Shell Common Dll
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
LPK.DLL 629c0000 36864 C:\WINDOWS\system32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
USP10.dll 74d90000 438272 C:\WINDOWS\system32\USP10.dll 1.0420.2600.5512 (xpsp.080413-2105) Uniscribe Unicode script processor
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
apphelp.dll 77b40000 139264 C:\WINDOWS\system32\apphelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
msctfime.ime 755c0000 188416 C:\WINDOWS\system32\msctfime.ime 5.1.2600.5512 (xpsp.080413-2105) Microsoft Text Frame Work Service IME
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.5512 (xpsp.080413-2105) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.5512 (xpsp.080413-2111) Offline Network Agent
themeui.dll 5ba60000 462848 C:\WINDOWS\system32\themeui.dll 6.00.2900.5512 (xpsp.080413-2105) Windows Theme API
MSIMG32.dll 76380000 20480 C:\WINDOWS\system32\MSIMG32.dll 5.1.2600.5512 (xpsp.080413-2105) GDIEXT Client DLL
xpsp2res.dll 1160000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
actxprxy.dll 71d40000 110592 C:\WINDOWS\system32\actxprxy.dll 6.00.2900.5512 (xpsp.080413-2113) ActiveX Interface Marshaling Library
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.5512 (xpsp.080413-2105) Windows Volume Tracking
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.5512 (xpsp.080413-2105) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
msi.dll 7d1e0000 2867200 C:\WINDOWS\system32\msi.dll 3.1.4001.5512 Windows Installer
NETSHELL.dll 76400000 1724416 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Shell
credui.dll 76c00000 188416 C:\WINDOWS\system32\credui.dll 5.1.2600.5512 (xpsp.080413-2113) Credential Manager User Interface
dot3api.dll 478c0000 40960 C:\WINDOWS\system32\dot3api.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 Autoconfiguration API
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.5512 (xpsp.080413-0852) Routing Utilities
dot3dlg.dll 736d0000 24576 C:\WINDOWS\system32\dot3dlg.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 UI Helper
OneX.DLL 5dca0000 163840 C:\WINDOWS\system32\OneX.DLL 5.1.2600.5512 (xpsp.080413-0852) IEEE 802.1X supplicant library
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Terminal Server SDK APIs
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.5512 (xpsp.080413-2111) Winstation Library
eappcfg.dll 745b0000 139264 C:\WINDOWS\system32\eappcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Eap Peer Config
eappprxy.dll 5dcd0000 57344 C:\WINDOWS\system32\eappprxy.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPHost Peer Client DLL
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
urlmon.dll 7e1e0000 663552 C:\WINDOWS\system32\urlmon.dll 6.00.2900.5835 (xpsp_sp3_gdr.090626-1535) OLE32 Extensions for Win32
webcheck.dll 74b30000 286720 C:\WINDOWS\system32\webcheck.dll 6.00.2900.5512 (xpsp.080413-2105) Web Site Monitor
WSOCK32.dll 71ad0000 36864 C:\WINDOWS\system32\WSOCK32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 32-Bit DLL
stobject.dll 76280000 135168 C:\WINDOWS\system32\stobject.dll 5.1.2600.5512 (xpsp.080413-2105) Systray shell service object
BatMeter.dll 74af0000 40960 C:\WINDOWS\system32\BatMeter.dll 6.00.2900.5512 (xpsp.080413-2105) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 32768 C:\WINDOWS\system32\POWRPROF.dll 6.00.2900.5512 (xpsp.080413-2105) Power Profile Helper DLL
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.5512 (xpsp.080413-2108) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft MIDI Mapper
WZCSAPI.DLL 73030000 65536 C:\WINDOWS\system32\WZCSAPI.DLL 5.1.2600.5512 (xpsp.080413-0852) reƖ Zero Configuration service API
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.5512 (xpsp.080413-0852) Multiple Provider Router DLL
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft® Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.5512 (xpsp.080413-2113) Net Remote Admin Protocol DLL
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
davclnt.dll 75f70000 40960 C:\WINDOWS\System32\davclnt.dll 5.1.2600.5512 (xpsp.080413-2111) Web DAV Client DLL
madocmgr.dll 10000000 77824 C:\Program Files\MarkAny\Document SAFER\madocmgr.dll 2, 5, 0, 41229 MarkAny Document Safer Manager
cipher.dll 18c0000 360448 C:\WINDOWS\system32\cipher.dll 2, 5, 0, 50222 cipher
libdb41.dll 13000000 585728 C:\WINDOWS\system32\libdb41.dll 4.1.25 Berkeley DB 3.0 DLL
ODBC32.dll 74320000 249856 C:\WINDOWS\system32\ODBC32.dll 3.525.1132.0 (xpsp.080413-0852) Microsoft Data Access - ODBC Driver Manager
comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.5512 (xpsp.080413-2105) Common Dialogs DLL
odbcint.dll b80000 94208 C:\WINDOWS\system32\odbcint.dll 3.525.1132.0 (xpsp.080413-0852) Microsoft Data Access - ODBC Resources
rsaenh.dll 68000000 221184 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
SXS.DLL 7e720000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.5512 (xpsp.080413-2111) Fusion 2.5
shdoclc.dll 71800000 557056 C:\WINDOWS\system32\shdoclc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Doc Object and Control Library
browselc.dll 71600000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
DUSER.dll 6c1b0000 315392 C:\WINDOWS\system32\DUSER.dll 5.1.2600.5512 (xpsp.080413-2105) Windows DirectUser Engine
msohev.dll 325c0000 73728 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 11.0.5510 Microsoft Office 2003 component
PDFShell.dll 2590000 372736 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 8.1.0.0 PDF Shell Extension
MSVCR80.dll 78130000 634880 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 8.00.50727.762 Microsoft® C Runtime Library
msadp32.acm 72cf0000 28672 C:\WINDOWS\system32\msadp32.acm 5.1.2600.5512 (xpsp.080413-0845) Microsoft ADPCM CODEC for MSACM
MSISIP.DLL 605f0000 28672 C:\WINDOWS\system32\MSISIP.DLL 3.1.4001.5512 MSI Signature SIP Provider
wshext.dll 7dfa0000 90112 C:\WINDOWS\system32\wshext.dll 5.7.0.18066 Microsoft (R) Shell Extension for Windows script Host
MCPS.DLL 36d30000 110592 C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL 11.0.8164 Media Catalog Proxy/Stub



******************************************
EOF

Jay Cee

Rookie Surfer
Rookie Surfer

Posts: 98
Joined: 2009-09-25
Operating System: XP

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by DragonMaster Jay on Fri 02 Oct 2009, 11:28 am

Hi

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.

  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar

Let me know if you decided to uninstall it.

==

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts: 13452
Joined: 2009-09-07
Operating System: Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Sat 03 Oct 2009, 3:21 am

Malwarebytes' Anti-Malware 1.41
Database version: 2894
Windows 5.1.2600 Service Pack 3

10/2/2009 1:22:35 PM
mbam-log-2009-10-02 (13-22-35).txt

Scan type: Quick Scan
Objects scanned: 124978
Time elapsed: 22 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Jay Cee

Rookie Surfer
Rookie Surfer

Posts: 98
Joined: 2009-09-25
Operating System: XP

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by DragonMaster Jay on Sat 03 Oct 2009, 10:53 am

Hi

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts: 13452
Joined: 2009-09-07
Operating System: Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Tue 06 Oct 2009, 12:46 am

ComboFix 09-10-04.01 - jcampanioni 10/05/2009 10:35.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.454 [GMT -4:00]
Running from: c:\documents and settings\lguser\My Documents\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
.
((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 )))))))))))))))))))))))))))))))
.

2009-09-25 01:56 . 2009-09-25 01:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-17 18:34 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-17 18:34 . 2009-09-25 12:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-17 18:34 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-15 15:04 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-05 13:06 . 2007-08-21 19:07 -------- d-----w- c:\program files\LGEAD
2009-10-05 12:48 . 2009-03-09 19:57 -------- d-----w- c:\program files\Symantec AntiVirus
2009-10-02 20:40 . 2007-08-21 18:31 -------- d-----w- c:\documents and settings\lguser\Application Data\ICAClient
2009-09-29 15:31 . 2007-08-27 16:56 76304 ----a-w- c:\documents and settings\lguser\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-26 22:58 . 2009-09-26 22:58 -------- d-----w- c:\documents and settings\lguser\Application Data\Notepad++
2009-09-26 22:58 . 2009-09-26 22:58 -------- d-----w- c:\program files\Notepad++
2009-09-03 14:56 . 2009-07-31 19:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-02 16:05 . 2007-10-12 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-06 23:24 . 2007-08-21 17:54 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2007-08-21 17:54 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2007-08-21 17:54 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2007-08-21 17:54 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2008-04-14 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2007-08-21 17:54 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2007-08-21 17:54 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-18 17:46 . 2008-05-30 12:20 7867 ----a-w- c:\windows\system32\drivers\WWHOOK.SYS
2009-07-18 17:45 . 2008-05-30 12:20 5632 ----a-w- c:\windows\system32\drivers\SFMouse.sys
2009-07-18 17:45 . 2008-05-30 12:20 4992 ----a-w- c:\windows\system32\drivers\SFKbd.sys
2009-07-18 17:45 . 2008-05-30 12:20 35200 ----a-w- c:\windows\system32\drivers\SFFOLDER.SYS
2009-07-18 17:45 . 2008-05-30 12:20 34688 ----a-w- c:\windows\system32\drivers\sfres.sys
2009-07-18 17:45 . 2009-07-07 13:04 10240 ----a-w- c:\windows\system32\drivers\sfcdex.sys
2009-07-18 17:45 . 2008-05-30 12:20 40960 ----a-w- c:\windows\system32\drivers\SDFA.SYS
2009-07-18 17:45 . 2008-05-30 12:20 16191 ----a-w- c:\windows\system32\drivers\safandrv.sys
2009-07-18 17:45 . 2008-05-30 12:20 5632 ----a-w- c:\windows\system32\drivers\ProcHide.sys
2009-07-18 17:45 . 2008-05-30 12:20 45952 ----a-w- c:\windows\system32\drivers\Filehook.sys
2009-07-18 17:45 . 2008-05-30 12:20 32384 ----a-w- c:\windows\system32\drivers\FDDec.SYS
2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 16:21 . 2008-04-14 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2008-05-22 12:52 . 2008-05-22 12:52 1244493 -csha-w- c:\windows\system32\txvpkiry.tmp
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-28 12:28 . 2009-08-06 23:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-09-28 12:28 . 2009-08-06 23:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-08-04 10:00 . 2009-09-28 12:37 41814 c:\windows\system32\perfc009.dat
- 2004-08-04 10:00 . 2009-06-18 13:04 41814 c:\windows\system32\perfc009.dat
+ 2007-08-21 17:54 . 2009-08-06 23:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2007-08-21 17:54 . 2009-08-06 23:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2008-04-14 12:00 . 2009-08-06 23:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2009-09-28 12:26 . 2009-09-28 12:26 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-30 18:52 . 2009-09-28 12:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-30 18:52 . 2009-09-25 00:57 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-09-28 12:26 . 2009-09-28 12:26 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-05-31 03:38 . 2007-05-31 03:38 11744 c:\windows\system32\CCM\clicomp\RemCtrl\KBSTUFF\Kbstuff5.sys
- 2007-05-31 04:38 . 2007-05-31 04:38 11744 c:\windows\system32\CCM\clicomp\RemCtrl\KBSTUFF\Kbstuff5.sys
- 2007-04-13 07:50 . 2007-04-13 07:50 21368 c:\windows\system32\CCM\ccmrepair.exe
+ 2007-04-13 06:50 . 2007-04-13 06:50 21368 c:\windows\system32\CCM\ccmrepair.exe
+ 2009-01-05 19:44 . 2009-01-05 19:44 53248 c:\windows\bdoscandel.exe
+ 2009-09-27 00:48 . 2009-09-27 00:48 86016 c:\windows\BDOSCAN8\librtvr.dll
+ 2009-09-27 00:48 . 2009-09-27 00:48 27136 c:\windows\BDOSCAN8\avxt.dll
+ 2009-09-27 00:48 . 2009-09-27 00:48 10240 c:\windows\BDOSCAN8\avxs.dll
+ 2009-09-27 00:48 . 2009-09-27 00:48 45056 c:\windows\BDOSCAN8\avxdisk.dll
- 2004-08-04 10:00 . 2009-06-18 13:04 316798 c:\windows\system32\perfh009.dat
+ 2004-08-04 10:00 . 2009-09-28 12:37 316798 c:\windows\system32\perfh009.dat
- 2007-08-21 13:44 . 2009-06-18 13:02 269392 c:\windows\system32\FNTCACHE.DAT
+ 2007-08-21 13:44 . 2009-09-28 12:21 269392 c:\windows\system32\FNTCACHE.DAT
+ 2007-08-21 17:54 . 2009-08-06 23:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2007-08-21 17:54 . 2009-08-06 23:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2007-08-21 17:54 . 2009-08-06 23:23 575704 c:\windows\system32\dllcache\wuapi.dll
- 2007-04-13 07:50 . 2007-04-13 07:50 341368 c:\windows\system32\ccmcore.dll
+ 2007-04-13 06:50 . 2007-04-13 06:50 341368 c:\windows\system32\ccmcore.dll
+ 2009-01-05 19:44 . 2009-01-05 19:44 741376 c:\windows\Downloaded Program Files\ipsupd.dll
+ 2009-01-05 19:44 . 2009-09-27 00:48 142848 c:\windows\BDOSCAN8\libfn.dll
+ 2009-01-05 19:44 . 2009-01-05 19:44 741376 c:\windows\BDOSCAN8\ipsupd.dll
+ 2009-01-05 19:44 . 2009-09-27 00:48 107800 c:\windows\BDOSCAN8\bdcore.dll
+ 2007-08-21 17:54 . 2009-08-06 23:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-04-14 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6FC59230-01FC-49D4-978C-6875091F0B4E}"= "c:\program files\MarkAny\Document SAFER\madocmgr.dll" [2005-09-22 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logoff\0\0]
"Script"=offInsert.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\0\0]
"Script"=AgentUnInstall.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\1\0]
"Script"=DNSSearch.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\2\0]
"Script"=twLogOn_2.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\3\0]
"Script"=ie.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\4\0]
"Script"=logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\5\0]
"Script"=setdns.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logoff\0\0]
"Script"=offInsert.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\0\0]
"Script"=AgentUnInstall.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\1\0]
"Script"=DNSSearch.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\2\0]
"Script"=ipid.vbe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\3\0]
"Script"=ie.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\4\0]
"Script"=logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\5\0]
"Script"=setdns.bat

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WWCnt\\WwcNT.exe"=

R0 FileHook;SAFASOFT File System Filter;c:\windows\system32\drivers\Filehook.sys [5/30/2008 8:20 AM 45952]
R0 SFCDEX;WaterWall SFCDEX Filter;c:\windows\system32\drivers\sfcdex.sys [7/7/2009 9:04 AM 10240]
R1 PROCHIDE;ProcHide Driver;c:\windows\system32\drivers\ProcHide.sys [5/30/2008 8:20 AM 5632]
R1 Safandrv;Safandrv;c:\windows\system32\drivers\safandrv.sys [5/30/2008 8:20 AM 16191]
R1 SFkbd;SAFASOFT Keyboard Filter;c:\windows\system32\drivers\SFKbd.sys [5/30/2008 8:20 AM 4992]
R1 SFMouse;SAFASOFT Mouse Filter;c:\windows\system32\drivers\SFMouse.sys [5/30/2008 8:20 AM 5632]
R1 SFRes;SAFASOFT Resource Driver;c:\windows\system32\drivers\sfres.sys [5/30/2008 8:20 AM 34688]
R2 ADAgent;ADAgent;c:\program files\LGEAD\ADAgentService.exe [8/13/2008 5:36 PM 586752]
R2 SDFA;SDFA Driver;c:\windows\system32\drivers\SDFA.SYS [5/30/2008 8:20 AM 40960]
R2 WWC;Ww Client 3.2 Agent;c:\wwcnt\WwcService.exe [7/7/2009 9:05 AM 233472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 12:44 PM 102448]
S0 cerc6;cerc6; [x]
S0 wfM18;wfM18;c:\windows\system32\Drivers\wfM18.sys --> c:\windows\system32\Drivers\wfM18.sys [?]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\lguser\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\lguser\LOCALS~1\Temp\aswArKrn.sys [?]
S3 FDDec;SAFASOFT Encrpty Mobile Driver;c:\windows\system32\drivers\FDDec.SYS [5/30/2008 8:20 AM 32384]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464]
S3 SFfolder;SAFASOFT Encrpty Folder Driver;c:\windows\system32\drivers\SFFOLDER.SYS [5/30/2008 8:20 AM 35200]
S3 WwHook;WwHook;c:\windows\system32\drivers\WWHOOK.SYS [5/30/2008 8:20 AM 7867]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ADAGENT

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: lge.com
TCP: {A33C4699-B92C-407E-B4AC-344A394BCB77} = 136.166.4.4,136.166.10.50
DPF: {19A9C0F9-C5FB-46A0-8B6D-A9E2D2944FEF} - [You must be registered and logged in to see this link.]
DPF: {245DF0F9-179F-4027-875A-0493B21C204F} - [You must be registered and logged in to see this link.]
DPF: {6A70986F-6565-4D86-849C-4713E1E41AA2} - [You must be registered and logged in to see this link.]
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - [You must be registered and logged in to see this link.]
DPF: {B102CB47-BE39-4572-BD36-EB978A5FF76C} - [You must be registered and logged in to see this link.]
DPF: {DFA53E3E-E703-4B36-9EE7-82101A6A43CC} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\lguser\Application Data\Mozilla\Firefox\Profiles\ultj2jdw.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-05 10:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(768)
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2009-10-05 10:47
ComboFix-quarantined-files.txt 2009-10-05 14:46
ComboFix2.txt 2009-09-25 06:12

Pre-Run: 3,252,432,896 bytes free
Post-Run: 3,369,275,392 bytes free

239 --- E O F --- 2009-03-28 16:01

Jay Cee

Rookie Surfer
Rookie Surfer

Posts: 98
Joined: 2009-09-25
Operating System: XP

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by DragonMaster Jay on Tue 06 Oct 2009, 8:43 am

Hi

One more time:

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts: 13452
Joined: 2009-09-07
Operating System: Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Thu 15 Oct 2009, 6:31 am

Malwarebytes' Anti-Malware 1.41
Database version: 2962
Windows 5.1.2600 Service Pack 3

10/14/2009 4:33:14 PM
mbam-log-2009-10-14 (16-33-13).txt

Scan type: Quick Scan
Objects scanned: 134013
Time elapsed: 27 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\protect (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\protect (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\protect (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\Protect.sys (Rootkit.Agent) -> Delete on reboot.

Jay Cee

Rookie Surfer
Rookie Surfer

Posts: 98
Joined: 2009-09-25
Operating System: XP

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by DragonMaster Jay on Thu 15 Oct 2009, 8:07 am

Please download A-Squared HiJackFree from here and save it to your Desktop. Double-click to install. When you launch the program, please wait 1 minute to allow it to load all the Processes, Services, etc.
Then, click the following:
Save the log to the Desktop, or some other memorable place. Then, the log shall launch in Notepad. Please post the results of that log in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts: 13452
Joined: 2009-09-07
Operating System: Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Mon 19 Oct 2009, 10:08 am

Logfile of HiJackFree v3.0
Scan saved at 8:10:43 PM, on 10/18/2009
Platform: Windows XP Service Pack 3 (Windows NT 5.1.2600)
MSIE: Internet Explorer v 6.0 Service Pack 3 (6.0.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LGEAD\ADAgentService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WWCNT\WWCSERVICE.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WWCNT\SYSTEM\PMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\a-squared HiJackFree\a2hijackfree.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O7 - Regedit - Enabled
O8 - Extra context menu item: Append to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFBAR.ICO
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aimres.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra "Tools" menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
O14 - IERESET.INF: SEARCH_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
O14 - IERESET.INF: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
O15 - Trusted Zone: *://*.lge.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {19A9C0F9-C5FB-46A0-8B6D-A9E2D2944FEF} (Findprog Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {245DF0F9-179F-4027-875A-0493B21C204F} (MaLiveUpdateCtrl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6A70986F-6565-4D86-849C-4713E1E41AA2} (AgentSSO Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {B102CB47-BE39-4572-BD36-EB978A5FF76C} (NamoWeCtl 6.0 for LGE_NOTES) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {DFA53E3E-E703-4B36-9EE7-82101A6A43CC} (DACWebFax Control) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LGE.NET
O17 - HKLM\Software\..\Telephony: DomainName = LGE.NET
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DomainName = LGE.NET
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DomainName = LGE.NET
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\System32\igfxdev.dll
O21 - ShellServiceObjectDelayLoad: PostBootReminder -
O21 - ShellServiceObjectDelayLoad: CDBurn -
O21 - ShellServiceObjectDelayLoad: WebCheck -
O21 - ShellServiceObjectDelayLoad: SysTray -
O22 - SharedTaskScheduler: Browseui preloader - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll
O23 - Service: ADAgent - C:\Program Files\LGEAD\ADAgentService.exe
O23 - Service: Alerter - C:\WINDOWS\system32\svchost.exe
O23 - Service: Application Layer Gateway Service - C:\WINDOWS\System32\alg.exe
O23 - Service: Apple Mobile Device - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Management - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Audio - C:\WINDOWS\System32\svchost.exe
O23 - Service: Background Intelligent Transfer Service - C:\WINDOWS\system32\svchost.exe
O23 - Service: Bonjour Service - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Computer Browser - C:\WINDOWS\system32\svchost.exe
O23 - Service: Bluetooth Support Service - C:\WINDOWS\system32\svchost.exe
O23 - Service: Symantec Event Manager - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: SMS Agent Host - C:\WINDOWS\system32\CCM\CcmExec.exe
O23 - Service: Symantec Settings Manager - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Indexing Service - C:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: COM+ System Application - C:\WINDOWS\system32\dllhost.exe
O23 - Service: CryptSvc - C:\WINDOWS\system32\svchost.exe
O23 - Service: DCOM Server Process Launcher - C:\WINDOWS\system32\svchost
O23 - Service: Symantec AntiVirus Definition Watcher - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DHCP Client - C:\WINDOWS\system32\svchost.exe
O23 - Service: Logical Disk Manager Administrative Service - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Logical Disk Manager - C:\WINDOWS\System32\svchost.exe
O23 - Service: DNS Client - C:\WINDOWS\system32\svchost.exe
O23 - Service: Wired AutoConfig - C:\WINDOWS\System32\svchost.exe
O23 - Service: Juniper Network Connect Service - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Extensible Authentication Protocol Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: Error Reporting Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: Event Log - C:\WINDOWS\system32\services.exe
O23 - Service: COM+ Event System - C:\WINDOWS\system32\svchost.exe
O23 - Service: Fast User Switching Compatibility - C:\WINDOWS\System32\svchost.exe
O23 - Service: FLEXnet Licensing Service - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Help and Support - C:\WINDOWS\System32\svchost.exe
O23 - Service: HID Input Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: Health Key and Certificate Management Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: HTTP SSL - C:\WINDOWS\System32\svchost.exe
O23 - Service: InstallDriver Table Manager - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Server - C:\WINDOWS\system32\svchost.exe
O23 - Service: Workstation - C:\WINDOWS\system32\svchost.exe
O23 - Service: LiveUpdate - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: TCP/IP NetBIOS Helper - C:\WINDOWS\system32\svchost.exe
O23 - Service: Machine Debug Manager - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
O23 - Service: Messenger - C:\WINDOWS\system32\svchost.exe
O23 - Service: NetMeeting Remote Desktop Sharing - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator - C:\WINDOWS\system32\msdtc.exe
O23 - Service: Windows Installer - C:\WINDOWS\system32\msiexec.exe
O23 - Service: Network Access Protection Agent - C:\WINDOWS\System32\svchost.exe
O23 - Service: Network DDE - C:\WINDOWS\system32\netdde.exe
O23 - Service: Network DDE DSDM - C:\WINDOWS\system32\netdde.exe
O23 - Service: Net Logon - C:\WINDOWS\system32\lsass.exe
O23 - Service: Network Connections - C:\WINDOWS\System32\svchost.exe
O23 - Service: NICCONFIGSVC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Network Location Awareness (NLA) - C:\WINDOWS\system32\svchost.exe
O23 - Service: NT LM Security Support Provider - C:\WINDOWS\system32\lsass.exe
O23 - Service: Removable Storage - C:\WINDOWS\system32\svchost.exe
O23 - Service: Office Source Engine - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service: Plug and Play - C:\WINDOWS\system32\services.exe
O23 - Service: IPSEC Services - C:\WINDOWS\system32\lsass.exe
O23 - Service: Protected Storage - C:\WINDOWS\system32\lsass.exe
O23 - Service: Remote Access Auto Connection Manager - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Access Connection Manager - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Desktop Help Session Manager - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Routing and Remote Access - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Registry - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Procedure Call (RPC) Locator - C:\WINDOWS\system32\locator.exe
O23 - Service: Remote Procedure Call (RPC) - C:\WINDOWS\system32\svchost
O23 - Service: QoS RSVP - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Security Accounts Manager - C:\WINDOWS\system32\lsass.exe
O23 - Service: SAVRoam - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Smart Card - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Task Scheduler - C:\WINDOWS\System32\svchost.exe
O23 - Service: Secondary Logon - C:\WINDOWS\System32\svchost.exe
O23 - Service: System Event Notification - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) - C:\WINDOWS\System32\svchost.exe
O23 - Service: Shell Hardware Detection - C:\WINDOWS\System32\svchost.exe
O23 - Service: SPBBCSvc - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Print Spooler - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: System Restore Service - C:\WINDOWS\system32\svchost.exe
O23 - Service: SSDP Discovery Service - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Image Acquisition (WIA) - C:\WINDOWS\system32\svchost.exe
O23 - Service: MS Software Shadow Copy Provider - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Symantec AntiVirus - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Performance Logs and Alerts - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telephony - C:\WINDOWS\System32\svchost.exe
O23 - Service: Terminal Services - C:\WINDOWS\System32\svchost
O23 - Service: Themes - C:\WINDOWS\System32\svchost.exe
O23 - Service: Telnet - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Distributed Link Tracking Client - C:\WINDOWS\system32\svchost.exe
O23 - Service: Universal Plug and Play Device Host - C:\WINDOWS\system32\svchost.exe
O23 - Service: Uninterruptible Power Supply - C:\WINDOWS\System32\ups.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service - C:\Program Files\Windows Live\Messenger\usnsvc.exe
O23 - Service: Volume Shadow Copy - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Time - C:\WINDOWS\System32\svchost.exe
O23 - Service: WebClient - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Management Instrumentation - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Live Setup Service - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Dell Wireless WLAN Tray Service - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Portable Media Serial Number Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: Windows Management Instrumentation Driver Extensions - C:\WINDOWS\System32\svchost.exe
O23 - Service: WMI Performance Adapter - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Security Center - C:\WINDOWS\System32\svchost.exe
O23 - Service: Automatic Updates - C:\WINDOWS\system32\svchost.exe
O23 - Service: SMS Remote Control Agent - C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
O23 - Service: Ww Client 3.2 Agent - C:\WWCNT\WWCSERVICE.EXE
O23 - Service: Wireless Zero Configuration - C:\WINDOWS\System32\svchost.exe
O23 - Service: Network Provisioning Service - C:\WINDOWS\System32\svchost.exe

Jay Cee

Rookie Surfer
Rookie Surfer

Posts: 98
Joined: 2009-09-25
Operating System: XP

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by DragonMaster Jay on Mon 19 Oct 2009, 11:19 am

Please download RootRepeal from GooglePages.com.

  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.


  • Select ALL of the checkboxes and then click OK and it will start scanning your system.

  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.

Please remove any e-mail address in the RootRepeal report (if present).


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts: 13452
Joined: 2009-09-07
Operating System: Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Mon 19 Oct 2009, 12:05 pm

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/18 21:53
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA971F000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B24000 Size: 8192 File Visible: No Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xF7CEA000 Size: 2560 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA7ECF000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: \\?\C:\WWNtuser\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\AUTHINFO.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CGROUP.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG
Status: Invisible to the Windows API!

Path: C:\WWNtuser\continf.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\EKINFO.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\ENVIRONMENT.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\EXCPFILE.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\EXCPTCLS.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\GROUPWARELIST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\IPLIST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\jcampanioni
Status: Invisible to the Windows API!

Path: C:\WWNtuser\LOGONINFO.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\MACLIST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\MGROUP.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\MSNCONTROL.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\MsUsed
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PolicyStatus.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PORTCONFIG.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PORTFREE.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PORTLIST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PORTRANGE.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\Printrule.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PROATTC.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\Programctrl.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PublicKey
Status: Invisible to the Windows API!

Path: C:\WWNtuser\RuleMail.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\RULESET.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\SBLACK.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\SITELIST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\SMTPATTC.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\SMTPRULE.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\STRUST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\TIMECHECK.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\USER.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\WEBRULE.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\winsfJudah.dat
Status: Invisible to the Windows API!

Path: C:\WWNtuser\winsfLevi.tlb
Status: Invisible to the Windows API!

Path: C:\WWNtuser\winsfReuben.dat
Status: Invisible to the Windows API!

Path: C:\WWNtuser\winsfsimeon.bat
Status: Invisible to the Windows API!

Path: C:\WWNtuser\ww.log
Status: Invisible to the Windows API!

Path: C:\WWNtuser\wwcservice.log
Status: Invisible to the Windows API!

Path: C:\WWNtuser\wwmark.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\ww_reg.log
Status: Invisible to the Windows API!

Path: \\?\C:\WWCnt\System\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWCnt\System\RWIni.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\CDCtrl.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\CDPar.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\ChkCD.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\ComInfo.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\ContPar.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Crypt32Wrapper.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\DecMd.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\IECONT.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\IEDEC.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\MakeSDFA.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\MsnHk.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\PcLog.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\PMonitor.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\PrintHK.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Prtlog2.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\rbtcm.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\RDHooks.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\RDScrn.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\RDThread.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SafaWeb.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\ScrCap.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SFFolder.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SmtpDlg.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SmtpHook.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SmtpParse.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\smupt.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Sniper.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SysInfo.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\WaterwallCrypt1_0.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\WebUrl.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\WwcUninstaller.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Wwres_e.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Wwres_j.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Wwres_k.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Wwres_sc.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Wwres_tc.dll
Status: Invisible to the Windows API!

Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\CDRWFile
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\PrintFile
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\ScreenFile
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\SpoolFiles
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\TemporaryFiles
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\WEBHDDLOG
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\WriteLog
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\WRITELOG.TXT
Status: Invisible to the Windows API!

Path: \\?\C:\WWNtuser\jcampanioni\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\MsUsed\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\MsUsed\Msdate.dat
Status: Invisible to the Windows API!

Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\BaseLog\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\ContLog
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\MAPILOG
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\SDFALOG
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\SPLTMP
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\UrlLog
Status: Invisible to the Windows API!

Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\CDRWFile\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091014095224281_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006104913781_Copy of BID PRICING REQUEST FORM LG HOPE.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006104913781_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006105754671_LG Commercial Bid Pricing Request From..The Chicago Group.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006105754671_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006112831671_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006144141578_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006144312265_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006144704828_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091012103938546_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091014091529187_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091014092821281_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091014095104015_SMTPContent.eml
Status: Invisible to the Windows API!

Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\PrintFile\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\ScreenFile\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\SpoolFiles\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\TemporaryFiles\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\UrlFile\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007105125578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007110125484.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007111126171.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007112125593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007113125468.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007114125453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007115125281.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007120125640.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007121125265.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007122125500.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007123125968.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007124125234.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007125125921.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007130126656.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007131125937.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007133125546.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007134125593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007135125718.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007140126718.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007141125578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007142125578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007143125906.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007144125187.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007145125937.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007150126187.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007151125453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007152125578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007153125578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007154129703.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007155126328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007161127109.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007162125453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007163125687.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007164126171.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007165126359.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008104210703.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008105205781.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008110204750.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008111207390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008112204750.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008113205125.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008114204671.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008115204921.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008120204734.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008121204625.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007104125328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007132126453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007160125718.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008122204718.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008150205046.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009095526531.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009123526593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009151526609.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012144915703.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013131726296.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013155726453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091014104751343.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091014132756515.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091014160753062.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091015124159093.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091015152200625.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091016095920828.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091016124020609.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008123204453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008124204609.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008125204484.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008130204406.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008131204843.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008132204531.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008133204375.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008134204500.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008135204390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008140205250.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008141204937.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008142204734.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008143205375.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008144204859.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008145204781.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008151205328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008152204968.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008153204593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008154205937.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008155205843.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008160204890.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008161205656.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008162204953.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009084527109.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009085526250.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009090526343.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009091526578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009092526328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009093526437.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009094526390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009100526375.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009101526765.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009102528515.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009103526390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009104526281.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009105538515.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009110526156.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009111526531.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009112526921.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009113526546.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009114526562.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009115526328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009120527343.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009121526546.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009122527703.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009124526343.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009125526843.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009130526390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009131527046.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009132526546.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009133526281.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009134526687.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009135526796.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009140526250.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009141526468.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009142526531.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009143526453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009144527328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009145526437.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009150526578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009152526250.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009153526281.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009154527218.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009155526390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009160526828.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009161530140.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009162526703.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009163526953.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009164526875.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009165526953.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012091916015.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012092915343.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012093915953.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012104916562.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012142925875.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013095801781.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013105731078.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013110730546.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013111731203.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013112726656.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013113726593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013114731625.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013115726578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013120726390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013121726500.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013122726625.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013123728859.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013124726390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013125726906.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013130726734.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013132726515.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013133726921.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013134726843.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013135734953.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013140726453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013141726968.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013142727484.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013143728140.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013144726625.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013145726734.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013150726359.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013151727031.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013152726796.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013153726375.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013154726515.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013160726593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013161726531.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013162726281.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013163728921.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013164726390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091014090805453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtProcesses
-------------------
Path: C:\WWCnt\WwcNT.exe
PID: 1112 Status: Locked to the Windows API!

SSDT
-------------------
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\Program Files\Symantec\SYMEVENT.SYS" at address 0xaa406350

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\PROCHIDE.SYS" at address 0xf7b105b0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\Program Files\Symantec\SYMEVENT.SYS" at address 0xaa406580

==EOF==

Jay Cee

Rookie Surfer
Rookie Surfer

Posts: 98
Joined: 2009-09-25
Operating System: XP

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by DragonMaster Jay on Mon 19 Oct 2009, 2:15 pm

Jotti File Submission:
  • Please go to Jotti's malware scan

  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\WINDOWS\System32\Drivers\PROCHIDE.SYS


  • Click on the submit button

  • Please post the results (URL) in your next reply.



Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts: 13452
Joined: 2009-09-07
Operating System: Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Page 2 of 4 Previous  1, 2, 3, 4  Next

View previous topic View next topic Back to top


Permissions in this forum:
You cannot reply to topics in this forum