GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Total Security Help Needed

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: Total Security Help Needed

Post by Dr Jay on Wed Oct 14, 2009 10:07 pm

Please download A-Squared HiJackFree from [You must be registered and logged in to see this link.] and save it to your Desktop. Double-click to install. When you launch the program, please wait 1 minute to allow it to load all the Processes, Services, etc.
Then, click the following:
Save the log to the Desktop, or some other memorable place. Then, the log shall launch in Notepad. Please post the results of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Mon Oct 19, 2009 12:08 am

Logfile of HiJackFree v3.0
Scan saved at 8:10:43 PM, on 10/18/2009
Platform: Windows XP Service Pack 3 (Windows NT 5.1.2600)
MSIE: Internet Explorer v 6.0 Service Pack 3 (6.0.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LGEAD\ADAgentService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WWCNT\WWCSERVICE.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WWCNT\SYSTEM\PMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\a-squared HiJackFree\a2hijackfree.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O7 - Regedit - Enabled
O8 - Extra context menu item: Append to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFBAR.ICO
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aimres.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra "Tools" menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
O14 - IERESET.INF: SEARCH_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
O14 - IERESET.INF: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
O15 - Trusted Zone: *://*.lge.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {19A9C0F9-C5FB-46A0-8B6D-A9E2D2944FEF} (Findprog Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {245DF0F9-179F-4027-875A-0493B21C204F} (MaLiveUpdateCtrl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6A70986F-6565-4D86-849C-4713E1E41AA2} (AgentSSO Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {B102CB47-BE39-4572-BD36-EB978A5FF76C} (NamoWeCtl 6.0 for LGE_NOTES) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {DFA53E3E-E703-4B36-9EE7-82101A6A43CC} (DACWebFax Control) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LGE.NET
O17 - HKLM\Software\..\Telephony: DomainName = LGE.NET
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DomainName = LGE.NET
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DomainName = LGE.NET
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\System32\igfxdev.dll
O21 - ShellServiceObjectDelayLoad: PostBootReminder -
O21 - ShellServiceObjectDelayLoad: CDBurn -
O21 - ShellServiceObjectDelayLoad: WebCheck -
O21 - ShellServiceObjectDelayLoad: SysTray -
O22 - SharedTaskScheduler: Browseui preloader - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll
O23 - Service: ADAgent - C:\Program Files\LGEAD\ADAgentService.exe
O23 - Service: Alerter - C:\WINDOWS\system32\svchost.exe
O23 - Service: Application Layer Gateway Service - C:\WINDOWS\System32\alg.exe
O23 - Service: Apple Mobile Device - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Management - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Audio - C:\WINDOWS\System32\svchost.exe
O23 - Service: Background Intelligent Transfer Service - C:\WINDOWS\system32\svchost.exe
O23 - Service: Bonjour Service - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Computer Browser - C:\WINDOWS\system32\svchost.exe
O23 - Service: Bluetooth Support Service - C:\WINDOWS\system32\svchost.exe
O23 - Service: Symantec Event Manager - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: SMS Agent Host - C:\WINDOWS\system32\CCM\CcmExec.exe
O23 - Service: Symantec Settings Manager - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Indexing Service - C:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: COM+ System Application - C:\WINDOWS\system32\dllhost.exe
O23 - Service: CryptSvc - C:\WINDOWS\system32\svchost.exe
O23 - Service: DCOM Server Process Launcher - C:\WINDOWS\system32\svchost
O23 - Service: Symantec AntiVirus Definition Watcher - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DHCP Client - C:\WINDOWS\system32\svchost.exe
O23 - Service: Logical Disk Manager Administrative Service - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Logical Disk Manager - C:\WINDOWS\System32\svchost.exe
O23 - Service: DNS Client - C:\WINDOWS\system32\svchost.exe
O23 - Service: Wired AutoConfig - C:\WINDOWS\System32\svchost.exe
O23 - Service: Juniper Network Connect Service - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Extensible Authentication Protocol Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: Error Reporting Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: Event Log - C:\WINDOWS\system32\services.exe
O23 - Service: COM+ Event System - C:\WINDOWS\system32\svchost.exe
O23 - Service: Fast User Switching Compatibility - C:\WINDOWS\System32\svchost.exe
O23 - Service: FLEXnet Licensing Service - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Help and Support - C:\WINDOWS\System32\svchost.exe
O23 - Service: HID Input Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: Health Key and Certificate Management Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: HTTP SSL - C:\WINDOWS\System32\svchost.exe
O23 - Service: InstallDriver Table Manager - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Server - C:\WINDOWS\system32\svchost.exe
O23 - Service: Workstation - C:\WINDOWS\system32\svchost.exe
O23 - Service: LiveUpdate - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: TCP/IP NetBIOS Helper - C:\WINDOWS\system32\svchost.exe
O23 - Service: Machine Debug Manager - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
O23 - Service: Messenger - C:\WINDOWS\system32\svchost.exe
O23 - Service: NetMeeting Remote Desktop Sharing - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator - C:\WINDOWS\system32\msdtc.exe
O23 - Service: Windows Installer - C:\WINDOWS\system32\msiexec.exe
O23 - Service: Network Access Protection Agent - C:\WINDOWS\System32\svchost.exe
O23 - Service: Network DDE - C:\WINDOWS\system32\netdde.exe
O23 - Service: Network DDE DSDM - C:\WINDOWS\system32\netdde.exe
O23 - Service: Net Logon - C:\WINDOWS\system32\lsass.exe
O23 - Service: Network Connections - C:\WINDOWS\System32\svchost.exe
O23 - Service: NICCONFIGSVC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Network Location Awareness (NLA) - C:\WINDOWS\system32\svchost.exe
O23 - Service: NT LM Security Support Provider - C:\WINDOWS\system32\lsass.exe
O23 - Service: Removable Storage - C:\WINDOWS\system32\svchost.exe
O23 - Service: Office Source Engine - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service: Plug and Play - C:\WINDOWS\system32\services.exe
O23 - Service: IPSEC Services - C:\WINDOWS\system32\lsass.exe
O23 - Service: Protected Storage - C:\WINDOWS\system32\lsass.exe
O23 - Service: Remote Access Auto Connection Manager - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Access Connection Manager - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Desktop Help Session Manager - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Routing and Remote Access - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Registry - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Procedure Call (RPC) Locator - C:\WINDOWS\system32\locator.exe
O23 - Service: Remote Procedure Call (RPC) - C:\WINDOWS\system32\svchost
O23 - Service: QoS RSVP - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Security Accounts Manager - C:\WINDOWS\system32\lsass.exe
O23 - Service: SAVRoam - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Smart Card - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Task Scheduler - C:\WINDOWS\System32\svchost.exe
O23 - Service: Secondary Logon - C:\WINDOWS\System32\svchost.exe
O23 - Service: System Event Notification - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) - C:\WINDOWS\System32\svchost.exe
O23 - Service: Shell Hardware Detection - C:\WINDOWS\System32\svchost.exe
O23 - Service: SPBBCSvc - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Print Spooler - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: System Restore Service - C:\WINDOWS\system32\svchost.exe
O23 - Service: SSDP Discovery Service - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Image Acquisition (WIA) - C:\WINDOWS\system32\svchost.exe
O23 - Service: MS Software Shadow Copy Provider - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Symantec AntiVirus - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Performance Logs and Alerts - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telephony - C:\WINDOWS\System32\svchost.exe
O23 - Service: Terminal Services - C:\WINDOWS\System32\svchost
O23 - Service: Themes - C:\WINDOWS\System32\svchost.exe
O23 - Service: Telnet - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Distributed Link Tracking Client - C:\WINDOWS\system32\svchost.exe
O23 - Service: Universal Plug and Play Device Host - C:\WINDOWS\system32\svchost.exe
O23 - Service: Uninterruptible Power Supply - C:\WINDOWS\System32\ups.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service - C:\Program Files\Windows Live\Messenger\usnsvc.exe
O23 - Service: Volume Shadow Copy - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Time - C:\WINDOWS\System32\svchost.exe
O23 - Service: WebClient - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Management Instrumentation - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Live Setup Service - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Dell Wireless WLAN Tray Service - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Portable Media Serial Number Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: Windows Management Instrumentation Driver Extensions - C:\WINDOWS\System32\svchost.exe
O23 - Service: WMI Performance Adapter - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Security Center - C:\WINDOWS\System32\svchost.exe
O23 - Service: Automatic Updates - C:\WINDOWS\system32\svchost.exe
O23 - Service: SMS Remote Control Agent - C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
O23 - Service: Ww Client 3.2 Agent - C:\WWCNT\WWCSERVICE.EXE
O23 - Service: Wireless Zero Configuration - C:\WINDOWS\System32\svchost.exe
O23 - Service: Network Provisioning Service - C:\WINDOWS\System32\svchost.exe

Jay Cee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 98
Joined : 2009-09-25
OS : XP
Points : 27068
# Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Mon Oct 19, 2009 1:19 am

Please download RootRepeal from [You must be registered and logged in to see this link.].

  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.


  • Select ALL of the checkboxes and then click OK and it will start scanning your system.

  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.

Please remove any e-mail address in the RootRepeal report (if present).


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Mon Oct 19, 2009 2:05 am

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/18 21:53
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA971F000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B24000 Size: 8192 File Visible: No Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xF7CEA000 Size: 2560 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA7ECF000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: \\?\C:\WWNtuser\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\AUTHINFO.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CGROUP.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG
Status: Invisible to the Windows API!

Path: C:\WWNtuser\continf.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\EKINFO.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\ENVIRONMENT.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\EXCPFILE.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\EXCPTCLS.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\GROUPWARELIST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\IPLIST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\jcampanioni
Status: Invisible to the Windows API!

Path: C:\WWNtuser\LOGONINFO.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\MACLIST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\MGROUP.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\MSNCONTROL.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\MsUsed
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PolicyStatus.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PORTCONFIG.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PORTFREE.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PORTLIST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PORTRANGE.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\Printrule.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PROATTC.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\Programctrl.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PublicKey
Status: Invisible to the Windows API!

Path: C:\WWNtuser\RuleMail.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\RULESET.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\SBLACK.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\SITELIST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\SMTPATTC.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\SMTPRULE.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\STRUST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\TIMECHECK.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\USER.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\WEBRULE.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\winsfJudah.dat
Status: Invisible to the Windows API!

Path: C:\WWNtuser\winsfLevi.tlb
Status: Invisible to the Windows API!

Path: C:\WWNtuser\winsfReuben.dat
Status: Invisible to the Windows API!

Path: C:\WWNtuser\winsfsimeon.bat
Status: Invisible to the Windows API!

Path: C:\WWNtuser\ww.log
Status: Invisible to the Windows API!

Path: C:\WWNtuser\wwcservice.log
Status: Invisible to the Windows API!

Path: C:\WWNtuser\wwmark.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\ww_reg.log
Status: Invisible to the Windows API!

Path: \\?\C:\WWCnt\System\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWCnt\System\RWIni.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\CDCtrl.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\CDPar.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\ChkCD.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\ComInfo.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\ContPar.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Crypt32Wrapper.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\DecMd.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\IECONT.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\IEDEC.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\MakeSDFA.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\MsnHk.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\PcLog.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\PMonitor.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\PrintHK.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Prtlog2.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\rbtcm.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\RDHooks.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\RDScrn.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\RDThread.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SafaWeb.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\ScrCap.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SFFolder.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SmtpDlg.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SmtpHook.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SmtpParse.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\smupt.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Sniper.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SysInfo.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\WaterwallCrypt1_0.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\WebUrl.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\WwcUninstaller.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Wwres_e.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Wwres_j.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Wwres_k.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Wwres_sc.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Wwres_tc.dll
Status: Invisible to the Windows API!

Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\CDRWFile
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\PrintFile
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\ScreenFile
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\SpoolFiles
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\TemporaryFiles
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\WEBHDDLOG
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\WriteLog
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\WRITELOG.TXT
Status: Invisible to the Windows API!

Path: \\?\C:\WWNtuser\jcampanioni\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\MsUsed\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\MsUsed\Msdate.dat
Status: Invisible to the Windows API!

Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\BaseLog\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\ContLog
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\MAPILOG
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\SDFALOG
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\SPLTMP
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\UrlLog
Status: Invisible to the Windows API!

Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\CDRWFile\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091014095224281_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006104913781_Copy of BID PRICING REQUEST FORM LG HOPE.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006104913781_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006105754671_LG Commercial Bid Pricing Request From..The Chicago Group.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006105754671_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006112831671_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006144141578_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006144312265_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006144704828_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091012103938546_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091014091529187_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091014092821281_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091014095104015_SMTPContent.eml
Status: Invisible to the Windows API!

Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\PrintFile\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\ScreenFile\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\SpoolFiles\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\TemporaryFiles\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\UrlFile\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007105125578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007110125484.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007111126171.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007112125593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007113125468.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007114125453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007115125281.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007120125640.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007121125265.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007122125500.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007123125968.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007124125234.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007125125921.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007130126656.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007131125937.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007133125546.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007134125593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007135125718.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007140126718.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007141125578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007142125578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007143125906.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007144125187.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007145125937.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007150126187.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007151125453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007152125578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007153125578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007154129703.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007155126328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007161127109.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007162125453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007163125687.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007164126171.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007165126359.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008104210703.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008105205781.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008110204750.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008111207390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008112204750.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008113205125.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008114204671.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008115204921.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008120204734.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008121204625.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007104125328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007132126453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007160125718.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008122204718.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008150205046.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009095526531.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009123526593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009151526609.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012144915703.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013131726296.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013155726453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091014104751343.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091014132756515.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091014160753062.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091015124159093.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091015152200625.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091016095920828.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091016124020609.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008123204453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008124204609.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008125204484.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008130204406.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008131204843.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008132204531.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008133204375.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008134204500.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008135204390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008140205250.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008141204937.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008142204734.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008143205375.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008144204859.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008145204781.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008151205328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008152204968.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008153204593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008154205937.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008155205843.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008160204890.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008161205656.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008162204953.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009084527109.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009085526250.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009090526343.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009091526578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009092526328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009093526437.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009094526390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009100526375.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009101526765.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009102528515.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009103526390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009104526281.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009105538515.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009110526156.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009111526531.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009112526921.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009113526546.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009114526562.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009115526328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009120527343.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009121526546.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009122527703.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009124526343.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009125526843.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009130526390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009131527046.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009132526546.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009133526281.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009134526687.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009135526796.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009140526250.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009141526468.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009142526531.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009143526453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009144527328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009145526437.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009150526578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009152526250.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009153526281.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009154527218.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009155526390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009160526828.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009161530140.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009162526703.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009163526953.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009164526875.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009165526953.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012091916015.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012092915343.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012093915953.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012104916562.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012142925875.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013095801781.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013105731078.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013110730546.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013111731203.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013112726656.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013113726593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013114731625.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013115726578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013120726390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013121726500.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013122726625.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013123728859.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013124726390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013125726906.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013130726734.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013132726515.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013133726921.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013134726843.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013135734953.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013140726453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013141726968.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013142727484.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013143728140.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013144726625.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013145726734.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013150726359.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013151727031.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013152726796.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013153726375.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013154726515.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013160726593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013161726531.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013162726281.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013163728921.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013164726390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091014090805453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtProcesses
-------------------
Path: C:\WWCnt\WwcNT.exe
PID: 1112 Status: Locked to the Windows API!

SSDT
-------------------
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\Program Files\Symantec\SYMEVENT.SYS" at address 0xaa406350

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\PROCHIDE.SYS" at address 0xf7b105b0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\Program Files\Symantec\SYMEVENT.SYS" at address 0xaa406580

==EOF==

Jay Cee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 98
Joined : 2009-09-25
OS : XP
Points : 27068
# Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Mon Oct 19, 2009 4:15 am

Jotti File Submission:
  • Please go to [You must be registered and logged in to see this link.]

  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\WINDOWS\System32\Drivers\PROCHIDE.SYS


  • Click on the submit button

  • Please post the results (URL) in your next reply.



Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Mon Oct 19, 2009 2:39 pm

The security software my company has put on their laptops does not allow me to upload/attach files on any site except via my work email. Any other suggestions?

Jay Cee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 98
Joined : 2009-09-25
OS : XP
Points : 27068
# Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Mon Oct 19, 2009 11:09 pm

Oh. OK.

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Tue Oct 20, 2009 12:14 am

Malwarebytes' Anti-Malware 1.41
Database version: 2991
Windows 5.1.2600 Service Pack 3

10/19/2009 8:17:21 PM
mbam-log-2009-10-19 (20-17-21).txt

Scan type: Quick Scan
Objects scanned: 131521
Time elapsed: 23 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\protect (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Jay Cee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 98
Joined : 2009-09-25
OS : XP
Points : 27068
# Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Tue Oct 20, 2009 1:30 am

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Registry::
    [-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\protect]

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


=-=
Then, do the same re-run for MBAM please.

Post the ComboFix and MBAM logs in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Fri Oct 23, 2009 12:20 am

ComboFix 09-10-21.02 - jcampanioni 10/22/2009 19:50.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.659 [GMT -4:00]
Running from: c:\documents and settings\lguser\My Documents\ComboFix.exe
Command switches used :: c:\documents and settings\lguser\My Documents\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PROTECT
-------\Service_Protect


((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 )))))))))))))))))))))))))))))))
.

2009-10-21 13:57 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-10-21 13:57 . 2009-09-04 21:03 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-10-21 12:36 . 2009-10-21 12:36 60744 ----a-w- c:\documents and settings\lguser\g2mdlhlpx.exe
2009-10-19 00:10 . 2009-10-19 00:10 -------- d-----w- c:\program files\a-squared HiJackFree
2009-10-05 19:28 . 2009-10-22 12:19 -------- d-----w- C:\WWNtuser
2009-10-05 19:28 . 2009-10-05 19:28 -------- d-----w- C:\WWCnt
2009-09-28 12:30 . 2009-09-28 12:30 -------- d-----w- c:\windows\ms
2009-09-28 12:23 . 2009-10-05 12:31 -------- d-----w- c:\windows\system32\NtmsData
2009-09-27 00:48 . 2009-09-27 13:53 -------- d-----w- c:\windows\BDOSCAN8
2009-09-26 22:58 . 2009-09-26 22:58 -------- d-----w- c:\documents and settings\lguser\Application Data\Notepad++
2009-09-26 22:58 . 2009-09-26 22:58 -------- d-----w- c:\program files\Notepad++
2009-09-25 01:56 . 2009-09-25 01:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 00:04 . 2009-03-09 19:57 -------- d-----w- c:\program files\Symantec AntiVirus
2009-10-22 12:21 . 2007-08-21 19:07 -------- d-----w- c:\program files\LGEAD
2009-10-21 12:36 . 2007-08-21 18:31 -------- d-----w- c:\program files\Citrix
2009-10-20 17:46 . 2007-08-21 18:31 -------- d-----w- c:\documents and settings\lguser\Application Data\ICAClient
2009-10-05 19:28 . 2007-08-21 18:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-29 15:31 . 2007-08-27 16:56 76304 ----a-w- c:\documents and settings\lguser\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-25 12:02 . 2009-09-17 18:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-25 05:37 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 18:54 . 2009-09-17 18:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-09-17 18:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 14:56 . 2009-07-31 19:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-02 16:05 . 2007-10-12 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-26 08:00 . 2008-04-14 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 23:24 . 2007-08-21 17:54 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2007-08-21 17:54 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2007-08-21 17:54 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2007-08-21 17:54 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2008-04-14 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2007-08-21 17:54 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2007-08-21 17:54 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 23:52 . 2009-08-04 23:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13 . 2008-04-14 12:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2008-04-14 00:01 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 19:47 . 2009-07-29 19:47 46080 ----a-w- c:\windows\system32\drivers\filehook.sys
2008-05-22 12:52 . 2008-05-22 12:52 1244493 -csha-w- c:\windows\system32\txvpkiry.tmp
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-23 00:05 . 2009-10-23 00:05 16384 c:\windows\temp\Perflib_Perfdata_d20.dat
+ 2007-08-21 18:50 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2009-09-28 12:28 . 2009-08-06 23:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-09-28 12:28 . 2009-08-06 23:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-08-04 10:00 . 2009-09-28 12:37 41814 c:\windows\system32\perfc009.dat
- 2004-08-04 10:00 . 2009-06-18 13:04 41814 c:\windows\system32\perfc009.dat
+ 2007-08-21 17:54 . 2009-08-06 23:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2007-08-21 17:54 . 2009-08-06 23:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2009-04-21 15:07 . 2009-09-25 05:37 81920 c:\windows\system32\dllcache\ieencode.dll
- 2009-04-21 15:07 . 2009-06-26 16:50 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2008-04-14 12:00 . 2009-08-06 23:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2009-09-28 12:26 . 2009-09-28 12:26 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-30 18:52 . 2009-09-28 12:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-30 18:52 . 2009-09-25 00:57 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-05-31 03:38 . 2007-05-31 03:38 11744 c:\windows\system32\CCM\clicomp\RemCtrl\KBSTUFF\Kbstuff5.sys
- 2007-05-31 04:38 . 2007-05-31 04:38 11744 c:\windows\system32\CCM\clicomp\RemCtrl\KBSTUFF\Kbstuff5.sys
- 2007-04-13 07:50 . 2007-04-13 07:50 21368 c:\windows\system32\CCM\ccmrepair.exe
+ 2007-04-13 06:50 . 2007-04-13 06:50 21368 c:\windows\system32\CCM\ccmrepair.exe
- 2009-06-16 16:40 . 2009-06-16 16:40 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-10-21 16:16 . 2009-10-21 16:16 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2007-08-21 18:49 . 2009-10-21 16:37 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-08-21 18:49 . 2009-09-15 17:17 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-08-21 18:49 . 2009-09-15 17:17 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-08-21 18:49 . 2009-10-21 16:37 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-08-21 18:49 . 2009-10-21 16:37 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-08-21 18:49 . 2009-09-15 17:17 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-08-21 18:49 . 2009-10-21 16:37 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-08-21 18:49 . 2009-09-15 17:17 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-08-21 18:49 . 2009-10-21 16:37 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-08-21 18:49 . 2009-09-15 17:17 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-08-21 18:49 . 2009-10-21 16:37 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-08-21 18:49 . 2009-09-15 17:17 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-10-05 19:28 . 2009-10-05 19:28 10134 c:\windows\Installer\{17014700-72E3-11D5-8FFC-004854824936}\ARPPRODUCTICON.exe
+ 2007-03-22 22:07 . 2007-03-22 22:07 78168 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-22 22:07 . 2007-03-22 22:07 41824 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-03-22 22:07 . 2007-03-22 22:07 91488 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2009-01-05 19:44 . 2009-01-05 19:44 53248 c:\windows\bdoscandel.exe
+ 2009-09-27 00:48 . 2009-09-27 00:48 86016 c:\windows\BDOSCAN8\librtvr.dll
+ 2009-09-27 00:48 . 2009-09-27 00:48 27136 c:\windows\BDOSCAN8\avxt.dll
+ 2009-09-27 00:48 . 2009-09-27 00:48 10240 c:\windows\BDOSCAN8\avxs.dll
+ 2009-09-27 00:48 . 2009-09-27 00:48 45056 c:\windows\BDOSCAN8\avxdisk.dll
- 2007-08-21 18:49 . 2009-09-15 17:17 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-08-21 18:49 . 2009-10-21 16:37 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-04-14 12:00 . 2009-04-03 16:15 485376 c:\windows\system32\wmspdmod.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 485376 c:\windows\system32\wmspdmod.dll
+ 2008-04-14 12:00 . 2009-09-25 05:37 627712 c:\windows\system32\urlmon.dll
+ 2004-08-04 10:00 . 2009-09-28 12:37 316798 c:\windows\system32\perfh009.dat
- 2004-08-04 10:00 . 2009-06-18 13:04 316798 c:\windows\system32\perfh009.dat
+ 2007-08-21 13:44 . 2009-09-28 12:21 269392 c:\windows\system32\FNTCACHE.DAT
- 2007-08-21 13:44 . 2009-06-18 13:02 269392 c:\windows\system32\FNTCACHE.DAT
+ 2007-08-21 17:54 . 2009-08-06 23:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2007-08-21 17:54 . 2009-08-06 23:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2007-08-21 17:54 . 2009-08-06 23:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2009-04-03 16:15 . 2009-04-03 16:15 485376 c:\windows\system32\dllcache\wmspdmod.dll
+ 2008-04-14 12:00 . 2009-09-25 05:37 667136 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-14 12:00 . 2009-09-25 05:37 627712 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 12:00 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
- 2008-04-14 12:00 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll
- 2009-08-18 14:08 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-08-18 14:08 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2007-04-13 06:50 . 2007-04-13 06:50 341368 c:\windows\system32\ccmcore.dll
- 2007-04-13 07:50 . 2007-04-13 07:50 341368 c:\windows\system32\ccmcore.dll
- 2007-08-21 18:49 . 2009-09-15 17:17 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-08-21 18:49 . 2009-10-21 16:37 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-08-21 18:49 . 2009-10-21 16:37 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-08-21 18:49 . 2009-09-15 17:17 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-08-21 18:49 . 2009-09-15 17:17 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-08-21 18:49 . 2009-10-21 16:37 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-08-21 18:49 . 2009-09-15 17:17 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-08-21 18:49 . 2009-10-21 16:37 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-08-21 18:49 . 2009-10-21 16:37 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-08-21 18:49 . 2009-09-15 17:17 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-08-21 18:49 . 2009-10-21 16:37 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-08-21 18:49 . 2009-09-15 17:17 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-03-22 22:22 . 2007-03-22 22:22 103264 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2007-04-19 17:53 . 2007-04-19 17:53 109408 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLCTL.DLL
+ 2009-01-05 19:44 . 2009-01-05 19:44 741376 c:\windows\Downloaded Program Files\ipsupd.dll
+ 2009-01-05 19:44 . 2009-09-27 00:48 142848 c:\windows\BDOSCAN8\libfn.dll
+ 2009-01-05 19:44 . 2009-01-05 19:44 741376 c:\windows\BDOSCAN8\ipsupd.dll
+ 2009-01-05 19:44 . 2009-09-27 00:48 107800 c:\windows\BDOSCAN8\bdcore.dll
+ 2009-10-21 13:58 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2008-04-14 12:00 . 2009-09-25 05:37 1509888 c:\windows\system32\shdocvw.dll
- 2008-04-14 12:00 . 2009-07-18 16:05 1509888 c:\windows\system32\shdocvw.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 1435648 c:\windows\system32\query.dll
+ 2008-04-14 12:00 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
+ 2008-04-14 12:00 . 2009-09-25 05:37 3070976 c:\windows\system32\mshtml.dll
+ 2007-08-21 17:54 . 2009-08-06 23:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
- 2009-03-30 21:41 . 2009-07-18 16:05 1509888 c:\windows\system32\dllcache\shdocvw.dll
+ 2009-03-30 21:41 . 2009-09-25 05:37 1509888 c:\windows\system32\dllcache\shdocvw.dll
+ 2009-03-30 21:41 . 2009-08-05 00:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-03-30 21:41 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-03-30 21:41 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-03-30 21:41 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-03-30 21:41 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-03-30 21:41 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-03-30 21:41 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-03-30 21:41 . 2009-09-25 05:37 3070976 c:\windows\system32\dllcache\mshtml.dll
+ 2009-10-05 19:28 . 2009-10-05 19:28 2998784 c:\windows\Installer\75f68.msi
+ 2009-08-21 14:14 . 2009-08-21 14:14 8363008 c:\windows\Installer\3f38d4d.msp
+ 2009-08-20 09:02 . 2009-08-20 09:02 5204992 c:\windows\Installer\3f38d31.msp
+ 2009-07-27 08:31 . 2009-07-27 08:31 3738624 c:\windows\Installer\3f38d1b.msp
+ 2009-09-29 13:08 . 2009-09-29 13:08 6747648 c:\windows\Installer\3f38d12.msp
+ 2009-09-21 20:53 . 2009-09-21 20:53 5518848 c:\windows\Installer\3f38cfc.msp
+ 2007-06-06 14:53 . 2007-06-06 14:53 1195888 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\FM20.DLL
+ 2009-03-30 21:41 . 2009-08-05 00:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-03-30 21:41 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-03-30 21:41 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-03-30 21:41 . 2009-02-07 23:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-03-30 21:41 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-03-30 21:41 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2009-03-30 21:41 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-10-21 16:21 . 2009-10-02 15:01 25198016 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-04-14 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6FC59230-01FC-49D4-978C-6875091F0B4E}"= "c:\program files\MarkAny\Document SAFER\madocmgr.dll" [2005-09-22 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logoff\0\0]
"Script"=offInsert.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\0\0]
"Script"=AgentUnInstall.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\1\0]
"Script"=DNSSearch.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\2\0]
"Script"=twLogOn_2.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\3\0]
"Script"=ie.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\4\0]
"Script"=logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\5\0]
"Script"=setdns.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logoff\0\0]
"Script"=offInsert.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\0\0]
"Script"=AgentUnInstall.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\1\0]
"Script"=DNSSearch.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\2\0]
"Script"=ipid.vbe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\3\0]
"Script"=ie.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\4\0]
"Script"=logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\5\0]
"Script"=setdns.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDDec.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filehook.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProcHide.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\safandrv.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SDFA.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SFCDEX.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SFfolder.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SFKbd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SFMouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SFRes.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WWC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WwHook.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WWCnt\\WwcNT.exe"=
"c:\\WWCnt\\System\\Rdscrn.exe"= c:\\WWCNT\\System\\Rdscrn.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7100:TCP"= 7100:TCP:WWC
"7200:TCP"= 7200:TCP:WWC
"2810:TCP"= 2810:TCP:WWC

R0 FileHook;SAFASOFT File System Filter;c:\windows\system32\drivers\filehook.sys [7/29/2009 3:47 PM 46080]
R0 SFCDEX;WaterWall SFCDEX Filter;c:\windows\system32\drivers\sfcdex.sys [7/7/2009 9:04 AM 10240]
R1 PROCHIDE;ProcHide Driver;c:\windows\system32\drivers\ProcHide.sys [5/30/2008 8:20 AM 5632]
R1 Safandrv;Safandrv;c:\windows\system32\drivers\safandrv.sys [5/30/2008 8:20 AM 16191]
R1 SFkbd;SAFASOFT Keyboard Filter;c:\windows\system32\drivers\SFKbd.sys [5/30/2008 8:20 AM 4992]
R1 SFMouse;SAFASOFT Mouse Filter;c:\windows\system32\drivers\SFMouse.sys [5/30/2008 8:20 AM 5632]
R1 SFRes;SAFASOFT Resource Driver;c:\windows\system32\drivers\sfres.sys [5/30/2008 8:20 AM 34688]
R2 ADAgent;ADAgent;c:\program files\LGEAD\ADAgentService.exe [8/13/2008 5:36 PM 586752]
R2 SDFA;SDFA Driver;c:\windows\system32\drivers\SDFA.SYS [5/30/2008 8:20 AM 40960]
R2 SFfolder;SAFASOFT Encrpty Folder Driver;c:\windows\system32\drivers\SFFOLDER.SYS [5/30/2008 8:20 AM 35200]
R2 WWC;Ww Client 3.2 Agent;c:\wwcnt\WwcService.exe [6/2/2009 5:47 PM 233472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 12:44 PM 102448]
R3 WwHook;WwHook Port Driver;c:\windows\system32\drivers\WWHOOK.SYS [5/30/2008 8:20 AM 7867]
S0 cerc6;cerc6; [x]
S0 wfM18;wfM18;c:\windows\system32\Drivers\wfM18.sys --> c:\windows\system32\Drivers\wfM18.sys [?]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\lguser\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\lguser\LOCALS~1\Temp\aswArKrn.sys [?]
S3 FDDec;SAFASOFT Encrpty Mobile Driver;c:\windows\system32\drivers\FDDec.SYS [5/30/2008 8:20 AM 32384]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: lge.com
TCP: {A33C4699-B92C-407E-B4AC-344A394BCB77} = 136.166.10.50,136.166.10.51
DPF: {19A9C0F9-C5FB-46A0-8B6D-A9E2D2944FEF} - [You must be registered and logged in to see this link.]
DPF: {245DF0F9-179F-4027-875A-0493B21C204F} - [You must be registered and logged in to see this link.]
DPF: {6A70986F-6565-4D86-849C-4713E1E41AA2} - [You must be registered and logged in to see this link.]
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - [You must be registered and logged in to see this link.]
DPF: {B102CB47-BE39-4572-BD36-EB978A5FF76C} - [You must be registered and logged in to see this link.]
DPF: {DFA53E3E-E703-4B36-9EE7-82101A6A43CC} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\lguser\Application Data\Mozilla\Firefox\Profiles\ultj2jdw.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-PROTECT.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-22 20:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2948)
c:\wwcnt\SYSTEM\safaweb.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\msiexec.exe
c:\wwcnt\SYSTEM\PMonitor.exe
c:\combofix\CF11948.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-23 20:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-23 00:11
ComboFix2.txt 2009-10-05 14:47
ComboFix3.txt 2009-09-25 06:12

Pre-Run: 2,444,500,992 bytes free
Post-Run: 2,555,461,632 bytes free

- - End Of File - - 08C138B3D5440B1964484111BF5BAB8A

Jay Cee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 98
Joined : 2009-09-25
OS : XP
Points : 27068
# Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Fri Oct 23, 2009 1:28 am

Malwarebytes' Anti-Malware 1.41
Database version: 3014
Windows 5.1.2600 Service Pack 3

10/22/2009 9:30:53 PM
mbam-log-2009-10-22 (21-30-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 186648
Time elapsed: 1 hour(s), 5 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\protect (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Jay Cee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 98
Joined : 2009-09-25
OS : XP
Points : 27068
# Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Fri Oct 23, 2009 4:29 am

Please download RootRepeal from [You must be registered and logged in to see this link.].

  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.


  • Select ALL of the checkboxes and then click OK and it will start scanning your system.

  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.

Please remove any e-mail address in the RootRepeal report (if present).


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Fri Oct 23, 2009 9:37 pm

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/23 17:29
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9E7E000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B84000 Size: 8192 File Visible: No Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xF7BDD000 Size: 2560 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8A51000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: \\?\C:\WWNtuser\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\AUTHINFO.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CGROUP.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG
Status: Invisible to the Windows API!

Path: C:\WWNtuser\continf.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\EKINFO.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\ENVIRONMENT.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\EXCPFILE.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\EXCPTCLS.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\GROUPWARELIST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\IPLIST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\jcampanioni
Status: Invisible to the Windows API!

Path: C:\WWNtuser\LOGONINFO.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\MACLIST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\MGROUP.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\MSNCONTROL.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\MsUsed
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PolicyStatus.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PORTCONFIG.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PORTFREE.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PORTLIST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PORTRANGE.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\Printrule.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PROATTC.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\Programctrl.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\PublicKey
Status: Invisible to the Windows API!

Path: C:\WWNtuser\RuleMail.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\RULESET.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\SBLACK.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\SITELIST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\SMTPATTC.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\SMTPRULE.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\STRUST.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\TIMECHECK.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\USER.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\WEBRULE.INI
Status: Invisible to the Windows API!

Path: C:\WWNtuser\winsfJudah.dat
Status: Invisible to the Windows API!

Path: C:\WWNtuser\winsfLevi.tlb
Status: Invisible to the Windows API!

Path: C:\WWNtuser\winsfReuben.dat
Status: Invisible to the Windows API!

Path: C:\WWNtuser\winsfsimeon.bat
Status: Invisible to the Windows API!

Path: C:\WWNtuser\ww.log
Status: Invisible to the Windows API!

Path: C:\WWNtuser\wwcservice.log
Status: Invisible to the Windows API!

Path: C:\WWNtuser\wwmark.ini
Status: Invisible to the Windows API!

Path: C:\WWNtuser\ww_reg.log
Status: Invisible to the Windows API!

Path: \\?\C:\WWCnt\System\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWCnt\System\RWIni.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\CDCtrl.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\CDPar.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\ChkCD.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\ComInfo.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\ContPar.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Crypt32Wrapper.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\DecMd.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\IECONT.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\IEDEC.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\MakeSDFA.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\MsnHk.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\PcLog.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\PMonitor.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\PrintHK.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Prtlog2.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\rbtcm.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\RDHooks.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\RDScrn.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\RDThread.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SafaWeb.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\ScrCap.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SFFolder.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SmtpDlg.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SmtpHook.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SmtpParse.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\smupt.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Sniper.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\SysInfo.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\WaterwallCrypt1_0.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\WebUrl.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\WwcUninstaller.exe
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Wwres_e.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Wwres_j.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Wwres_k.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Wwres_sc.dll
Status: Invisible to the Windows API!

Path: C:\WWCnt\System\Wwres_tc.dll
Status: Invisible to the Windows API!

Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\CDRWFile
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\PrintFile
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\ScreenFile
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\SpoolFiles
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\TemporaryFiles
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\WEBHDDLOG
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\WriteLog
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\WRITELOG.TXT
Status: Invisible to the Windows API!

Path: \\?\C:\WWNtuser\jcampanioni\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\MsUsed\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\MsUsed\Msdate.dat
Status: Invisible to the Windows API!

Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\BaseLog\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\BeforeInfoBuf.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\ContLog
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\MAPILOG
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\SDFALOG
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\SPLTMP
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\tmpBuf.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\BaseLog\UrlLog
Status: Invisible to the Windows API!

Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\CDRWFile\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091014095224281_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006104913781_Copy of BID PRICING REQUEST FORM LG HOPE.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006104913781_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006105754671_LG Commercial Bid Pricing Request From..The Chicago Group.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006105754671_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006112831671_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006144141578_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006144312265_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091006144704828_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091012103938546_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091014091529187_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091014092821281_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091014095104015_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091019114131531_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091019141933609_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091019145616281_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091019145616328_insurance check.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091019155350171_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091019155835296_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091022115027234_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091023140242437_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091023142514437content.htm
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091023160413640_SMTPContent.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091023160413718_Pittsylvania Schools BBFB Bid 102309JC1.eml
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\DECRPTFILE\20091023160414171_SMTPContent.eml
Status: Invisible to the Windows API!

Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\PrintFile\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\ScreenFile\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\SpoolFiles\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\TemporaryFiles\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: \\?\C:\WWNtuser\CLIENTWWDATALOG\UrlFile\*
Status: Could not enumerate files with the Windows API (0x00000012)!


Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091014160753062.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007105125578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007110125484.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007111126171.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007112125593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007113125468.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007114125453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007115125281.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007120125640.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007121125265.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007122125500.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007123125968.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007124125234.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007125125921.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007130126656.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007131125937.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007133125546.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007134125593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007135125718.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007140126718.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007141125578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007142125578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007143125906.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007144125187.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007145125937.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007150126187.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007151125453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007152125578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007153125578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007154129703.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007155126328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007161127109.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007162125453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007163125687.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007164126171.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007165126359.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008104210703.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008105205781.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008110204750.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008111207390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008112204750.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008113205125.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008114204671.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008115204921.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008120204734.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008121204625.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007104125328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007132126453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091007160125718.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008122204718.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008150205046.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009095526531.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009123526593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009151526609.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012144915703.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013131726296.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013155726453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091014104751343.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091014132756515.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008123204453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008124204609.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008125204484.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008130204406.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008131204843.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008132204531.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008133204375.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008134204500.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008135204390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008140205250.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008141204937.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008142204734.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008143205375.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008144204859.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008145204781.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008151205328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008152204968.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008153204593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008154205937.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008155205843.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008160204890.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008161205656.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091008162204953.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009084527109.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009085526250.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009090526343.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009091526578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009092526328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009093526437.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009094526390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009100526375.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009101526765.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009102528515.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009103526390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009104526281.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009105538515.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009110526156.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009111526531.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009112526921.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009113526546.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009114526562.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009115526328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009120527343.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009121526546.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009122527703.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009124526343.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009125526843.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009130526390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009131527046.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009132526546.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009133526281.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009134526687.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009135526796.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009140526250.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009141526468.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009142526531.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009143526453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009144527328.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009145526437.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009150526578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009152526250.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009153526281.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009154527218.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009155526390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009160526828.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009161530140.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009162526703.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009163526953.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009164526875.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091009165526953.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012091916015.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012092915343.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012093915953.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012104916562.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091012142925875.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013095801781.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013105731078.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013110730546.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013111731203.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013112726656.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013113726593.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013114731625.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013115726578.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013120726390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013121726500.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013122726625.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013123728859.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013124726390.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013125726906.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013130726734.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013132726515.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013133726921.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013134726843.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013135734953.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013140726453.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013141726968.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013142727484.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013143728140.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOG\UrlFile\20091013144726625.txt
Status: Invisible to the Windows API!

Path: C:\WWNtuser\CLIENTWWDATALOGProcesses
-------------------
Path: C:\WWCnt\WwcNT.exe
PID: 3216 Status: Locked to the Windows API!

SSDT
-------------------
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\Program Files\Symantec\SYMEVENT.SYS" at address 0xaa3c4350

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\PROCHIDE.SYS" at address 0xf7b7e5b0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\Program Files\Symantec\SYMEVENT.SYS" at address 0xaa3c4580

==EOF==

Jay Cee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 98
Joined : 2009-09-25
OS : XP
Points : 27068
# Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Sat Oct 24, 2009 12:25 am

Let's get a final check, hopefully:

Please download the latest version of Kaspersky GetSystemInfo (GSI) from [You must be registered and logged in to see this link.] and save it to your Desktop.
[color:077c="red"]Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to [You must be registered and logged in to see this link.] and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Sat Oct 24, 2009 1:11 pm

The security software my company has put on their laptops does not allow me to upload/attach files on any site except via my work email.

Jay Cee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 98
Joined : 2009-09-25
OS : XP
Points : 27068
# Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Dr Jay on Sat Oct 24, 2009 8:56 pm

Please download DDS by sUBs from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.] and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click Yes to the Optional_Scan
  • Please follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your Desktop.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Mon Oct 26, 2009 9:51 pm

DDS (Ver_09-10-26.01) - NTFSx86
Run by jcampanioni at 17:42:49.87 on Mon 10/26/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.509 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\LGEAD\ADAgentService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WWCNT\WWCSERVICE.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.exe
C:\WWCNT\WWCNT.EXE
C:\WWCNT\SYSTEM\PMonitor.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\lguser\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mWinlogon: Shell=Explorer.exe logon.exe
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [sesemural] Rundll32.exe "c:\windows\system32\faguzeri.dll",a
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: lge.com
DPF: {00000055-9980-0010-8000-00AA00389B71} - [You must be registered and logged in to see this link.]
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - [You must be registered and logged in to see this link.]
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - [You must be registered and logged in to see this link.]
DPF: {19A9C0F9-C5FB-46A0-8B6D-A9E2D2944FEF} - [You must be registered and logged in to see this link.]
DPF: {245DF0F9-179F-4027-875A-0493B21C204F} - [You must be registered and logged in to see this link.]
DPF: {31435657-9980-0010-8000-00AA00389B71} - [You must be registered and logged in to see this link.]
DPF: {33564D57-0000-0010-8000-00AA00389B71} - [You must be registered and logged in to see this link.]
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {6A70986F-6565-4D86-849C-4713E1E41AA2} - [You must be registered and logged in to see this link.]
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - [You must be registered and logged in to see this link.]
DPF: {B102CB47-BE39-4572-BD36-EB978A5FF76C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {DFA53E3E-E703-4B36-9EE7-82101A6A43CC} - [You must be registered and logged in to see this link.]
TCP: {A33C4699-B92C-407E-B4AC-344A394BCB77} = 136.166.10.50,136.166.10.51
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\faguzeri.dll,wuyiyage.dll
SSODL: tudoramep - {1a96c885-c84b-43ae-9c99-cf9874dc1ecb} - c:\windows\system32\faguzeri.dll
STS: kupuhivus: {1a96c885-c84b-43ae-9c99-cf9874dc1ecb} - c:\windows\system32\faguzeri.dll
SEH: DocHook Class: {6fc59230-01fc-49d4-978c-6875091f0b4e} - c:\program files\markany\document safer\madocmgr.dll
LSA: Notification Packages = scecli limiduva.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lguser\applic~1\mozilla\firefox\profiles\ultj2jdw.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 FileHook;SAFASOFT File System Filter;c:\windows\system32\drivers\filehook.sys [2009-7-29 46080]
R0 SFCDEX;WaterWall SFCDEX Filter;c:\windows\system32\drivers\sfcdex.sys [2009-7-7 10240]
R1 PROCHIDE;ProcHide Driver;c:\windows\system32\drivers\ProcHide.sys [2008-5-30 5632]
R1 Safandrv;Safandrv;c:\windows\system32\drivers\safandrv.sys [2008-5-30 16191]
R1 SFkbd;SAFASOFT Keyboard Filter;c:\windows\system32\drivers\SFKbd.sys [2008-5-30 4992]
R1 SFMouse;SAFASOFT Mouse Filter;c:\windows\system32\drivers\SFMouse.sys [2008-5-30 5632]
R1 SFRes;SAFASOFT Resource Driver;c:\windows\system32\drivers\sfres.sys [2008-5-30 34688]
R2 ADAgent;ADAgent;c:\program files\lgead\ADAgentService.exe [2008-8-13 586752]
R2 SDFA;SDFA Driver;c:\windows\system32\drivers\SDFA.SYS [2008-5-30 40960]
R2 SFfolder;SAFASOFT Encrpty Folder Driver;c:\windows\system32\drivers\SFFOLDER.SYS [2008-5-30 35200]
R2 WWC;Ww Client 3.2 Agent;c:\wwcnt\WwcService.exe [2009-6-2 233472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-27 102448]
R3 WwHook;WwHook Port Driver;c:\windows\system32\drivers\WWHOOK.SYS [2008-5-30 7867]
S0 cerc6;cerc6; [x]
S0 wfM18;wfM18;c:\windows\system32\drivers\wfm18.sys --> c:\windows\system32\drivers\wfM18.sys [?]
S1 Protect;Protect;c:\windows\system32\drivers\protect.sys --> c:\windows\system32\drivers\Protect.sys [?]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\lguser\locals~1\temp\aswarkrn.sys --> c:\docume~1\lguser\locals~1\temp\aswArKrn.sys [?]
S3 FDDec;SAFASOFT Encrpty Mobile Driver;c:\windows\system32\drivers\FDDec.SYS [2008-5-30 32384]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]

=============== Created Last 30 ================

2009-10-26 18:19:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-26 18:19:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-26 14:27:49 26628 ----a-w- c:\windows\system32\logon.exe
2009-10-21 13:57:57 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-10-21 13:57:48 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-10-21 12:36:36 60744 ----a-w- c:\documents and settings\lguser\g2mdlhlpx.exe
2009-10-19 00:10:06 0 d-----w- c:\program files\a-squared HiJackFree
2009-10-05 19:28:05 0 d-----w- C:\WWNtuser
2009-10-05 19:28:05 0 d-----w- C:\WWCnt
2009-10-05 14:33:01 98816 ----a-w- c:\windows\sed.exe
2009-10-05 14:33:01 236544 ----a-w- c:\windows\PEV.exe
2009-10-05 14:33:01 161792 ----a-w- c:\windows\SWREG.exe
2009-09-28 12:30:57 0 d-----w- c:\windows\ms
2009-09-28 12:28:59 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2009-09-28 12:28:59 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2009-09-28 12:28:58 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2009-09-28 12:28:58 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2009-09-28 12:23:10 0 d-----w- c:\windows\system32\NtmsData

==================== Find3M ====================

2009-09-25 05:37:11 667136 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:37:09 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 23:52:22 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13:08 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-26 14:27:41 168448 --sha-w- c:\windows\system32\faguzeri.dll
2009-07-26 14:27:40 89600 --sha-w- c:\windows\system32\hedufalo.dll
2009-07-26 14:27:40 51712 --sha-w- c:\windows\system32\lemuvene.dll
2009-07-26 14:28:16 51712 --sha-w- c:\windows\system32\letitisi.dll
2009-07-26 14:28:16 51712 --sha-w- c:\windows\system32\limiduva.dll
2009-07-26 14:28:16 51712 --sha-w- c:\windows\system32\wuyiyage.dll

============= FINISH: 17:44:56.32 ===============

Jay Cee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 98
Joined : 2009-09-25
OS : XP
Points : 27068
# Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Mon Oct 26, 2009 9:51 pm

I couldnt attach this so I am posting it.




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/30/2009 1:49:55 PM
System Uptime: 10/26/2009 1:35:07 PM (4 hours ago)

Motherboard: Dell Inc. | | 0FT292
Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | Microprocessor | 1312/166mhz

==== Disk Partitions =========================

C: is fȋxed (NTFS) - 27 GiB total, 1.727 GiB free.
D: is fȋxed (NTFS) - 29 GiB total, 17.519 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01C21028&REV_01\3&61AAA01&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01C21028&REV_01\3&61AAA01&0&FB
Service:

==== System Restore Points ===================

RP103: 9/28/2009 8:26:31 AM - Installed Microsoft Fix it 50198
RP104: 9/29/2009 12:18:33 PM - System Checkpoint
RP105: 9/30/2009 6:09:35 PM - System Checkpoint
RP106: 10/1/2009 6:31:03 PM - System Checkpoint
RP107: 10/5/2009 10:33:17 AM - ComboFix created restore point
RP108: 10/5/2009 11:04:53 AM - Installed WWC
RP109: 10/5/2009 11:08:32 AM - Installed WWC
RP110: 10/5/2009 3:26:14 PM - Installed WWC
RP111: 10/8/2009 12:35:21 PM - System Checkpoint
RP112: 10/13/2009 11:47:31 AM - System Checkpoint
RP113: 10/15/2009 1:02:08 PM - System Checkpoint
RP114: 10/16/2009 1:16:30 PM - System Checkpoint
RP115: 10/18/2009 10:43:46 PM - System Checkpoint
RP116: 10/19/2009 11:29:21 PM - System Checkpoint
RP117: 10/20/2009 11:45:00 PM - System Checkpoint
RP118: 10/21/2009 12:02:21 PM - Software Distribution Service 3.0
RP119: 10/22/2009 9:50:07 PM - System Checkpoint
RP120: 10/24/2009 9:30:43 AM - System Checkpoint
RP121: 10/26/2009 6:45:10 AM - System Checkpoint
RP122: 10/26/2009 1:00:42 PM - Removed Bonjour

==== Installed Programs ======================

a-squared HiJackFree 3.1
Adobe Acrobat 8 Standard
Adobe Acrobat 8.1.2 Security Update 1 (KB403742)
Adobe Acrobat 8.1.2 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe® Photoshop® Album Starter Edition 3.2
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
Broadcom Gigabit Integrated Controller
Citrix Program Neighborhood
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Crystal Report ActiveX Viewer
Dell Wireless WLAN Card
Digital Line Detect
Document SAFER
Google Toolbar for Internet Explorer
GoToMeeting 4.0.0.320
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
IrfanView (remove only)
iTunes
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Juniper Networks Network Connect 5.2.0
Juniper Networks Network Connect 5.5.0
LG ActiveDirectory Service
LiveUpdate 3.1 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
Mozilla Firefox (3.0.14)
MSN
Next Generation Visualisations
Notepad++
Octoshape add-in for Adobe Flash Player
OZ776 SCR CardBus Windows Driver
Pride LG
QuickSet
QuickTime
Roxio DLA
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SEIWinFax
SigmaTel Audio
SMS Advanced Client
Something Fishy: 3D Desktop Aquarium Screen Saver v1.1DX Trial Version
Symantec AntiVirus
Update for Windows XP (KB951978)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Waterwall Client for Vista
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
WinRAR archiver
WWC
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

10/26/2009 12:52:55 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/26/2009 1:10:52 PM, error: Dhcp [1002] - The IP address lease 10.192.105.118 for the Network Card with network address 001C23084DCC has been denied by the DHCP server 136.166.10.50 (The DHCP Server sent a DHCPNACK message).
10/23/2009 10:07:22 AM, error: Service Control Manager [7024] - The Messenger service terminated with service-specific error 2270 (0x8DE).
10/22/2009 8:04:17 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The class is configured to run as a security id different from the caller
10/22/2009 7:49:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
10/22/2009 7:49:36 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
10/22/2009 7:48:04 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
10/22/2009 7:07:03 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
10/21/2009 1:33:00 PM, error: Dhcp [1002] - The IP address lease 10.192.107.84 for the Network Card with network address 001C23084DCC has been denied by the DHCP server 136.166.10.51 (The DHCP Server sent a DHCPNACK message).
10/20/2009 7:04:51 AM, error: NETLOGON [5719] - No Domain Controller is available for domain LGE due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
10/20/2009 5:41:02 PM, error: Dhcp [1002] - The IP address lease 10.192.100.140 for the Network Card with network address 001C2603524E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/20/2009 4:09:59 PM, error: NetBT [4321] - The name "LGE :1d" could not be registered on the Interface with IP address 10.192.100.140. The machine with the IP address 10.192.100.94 did not allow the name to be claimed by this machine.
10/19/2009 8:28:20 AM, error: Schannel [36882] - The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, nȯne of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.
10/19/2009 8:27:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Protect
10/19/2009 8:27:08 PM, error: Service Control Manager [7022] - The Ww Client 3.2 Agent service hung on starting.

==== End Of File ===========================

Jay Cee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 98
Joined : 2009-09-25
OS : XP
Points : 27068
# Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Mon Oct 26, 2009 9:52 pm

I also just got a popup from Mozilla for "Best Virus Protection - Best Spyware Protection - Shield Deluxe 2010" which I closed.

Jay Cee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 98
Joined : 2009-09-25
OS : XP
Points : 27068
# Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Belahzur on Tue Oct 27, 2009 12:07 am

Can you re-run Combofix now, DDS shows a new vundo infection.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Tue Oct 27, 2009 1:01 am

ComboFix 09-10-26.01 - jcampanioni 10/26/2009 20:29.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.546 [GMT -5:00]
Running from: c:\documents and settings\lguser\My Documents\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\gefaduni.dll.tmp
c:\windows\system32\hedufalo.dll
c:\windows\system32\limiduva.dll
c:\windows\system32\logon.exe
c:\windows\system32\mowanitu.dll.tmp
c:\windows\system32\yadarodu.dll.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Protect


((((((((((((((((((((((((( Files Created from 2009-09-27 to 2009-10-27 )))))))))))))))))))))))))))))))
.

2009-10-26 18:19 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-26 18:19 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 13:57 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-10-21 13:57 . 2009-09-04 21:03 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-10-21 12:36 . 2009-10-21 12:36 60744 ----a-w- c:\documents and settings\lguser\g2mdlhlpx.exe
2009-10-19 00:10 . 2009-10-19 00:10 -------- d-----w- c:\program files\a-squared HiJackFree
2009-10-05 19:28 . 2009-10-26 18:14 -------- d-----w- C:\WWNtuser
2009-10-05 19:28 . 2009-10-05 19:28 -------- d-----w- C:\WWCnt
2009-09-28 12:30 . 2009-09-28 12:30 -------- d-----w- c:\windows\ms
2009-09-28 12:23 . 2009-10-05 12:31 -------- d-----w- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-27 01:45 . 2009-03-09 19:57 -------- d-----w- c:\program files\Symantec AntiVirus
2009-10-26 18:19 . 2009-09-17 18:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-22 12:21 . 2007-08-21 19:07 -------- d-----w- c:\program files\LGEAD
2009-10-21 12:36 . 2007-08-21 18:31 -------- d-----w- c:\program files\Citrix
2009-10-20 17:46 . 2007-08-21 18:31 -------- d-----w- c:\documents and settings\lguser\Application Data\ICAClient
2009-10-05 19:28 . 2007-08-21 18:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-29 15:31 . 2007-08-27 16:56 76304 ----a-w- c:\documents and settings\lguser\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-26 22:58 . 2009-09-26 22:58 -------- d-----w- c:\documents and settings\lguser\Application Data\Notepad++
2009-09-26 22:58 . 2009-09-26 22:58 -------- d-----w- c:\program files\Notepad++
2009-09-25 05:37 . 2008-04-14 12:00 667136 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-25 01:56 . 2009-09-25 01:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-11 14:18 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 14:56 . 2009-07-31 19:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-02 16:05 . 2007-10-12 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-26 08:00 . 2008-04-14 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 23:24 . 2007-08-21 17:54 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2007-08-21 17:54 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2007-08-21 17:54 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2007-08-21 17:54 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2008-04-14 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2007-08-21 17:54 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2007-08-21 17:54 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 23:52 . 2009-08-04 23:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13 . 2008-04-14 12:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2008-04-14 00:01 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 19:47 . 2009-07-29 19:47 46080 ----a-w- c:\windows\system32\drivers\filehook.sys
2009-07-26 14:27 . 2009-07-26 14:27 51712 --sha-w- c:\windows\system32\lemuvene.dll
2009-07-26 14:28 . 2009-07-26 14:28 51712 --sha-w- c:\windows\system32\letitisi.dll
2008-05-22 12:52 . 2008-05-22 12:52 1244493 -csha-w- c:\windows\system32\txvpkiry.tmp
.

((((((((((((((((((((((((((((( SnapShot_2009-10-23_00.05.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-27 01:47 . 2009-10-27 01:47 16384 c:\windows\temp\Perflib_Perfdata_8c4.dat
- 2004-08-04 10:00 . 2009-09-28 12:37 41814 c:\windows\system32\perfc009.dat
+ 2004-08-04 10:00 . 2009-10-27 01:49 41814 c:\windows\system32\perfc009.dat
+ 2009-09-28 12:26 . 2009-10-27 01:49 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-28 12:26 . 2009-09-28 12:26 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-30 18:52 . 2009-10-27 01:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-30 18:52 . 2009-09-28 12:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-26 14:27 . 2009-10-27 01:49 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2004-08-04 10:00 . 2009-09-28 12:37 316798 c:\windows\system32\perfh009.dat
+ 2004-08-04 10:00 . 2009-10-27 01:49 316798 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-04-14 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"sesemural"="c:\windows\system32\faguzeri.dll" [BU]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6FC59230-01FC-49D4-978C-6875091F0B4E}"= "c:\program files\MarkAny\Document SAFER\madocmgr.dll" [2005-09-22 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logoff\0\0]
"Script"=offInsert.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\0\0]
"Script"=AgentUnInstall.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\1\0]
"Script"=DNSSearch.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\2\0]
"Script"=twLogOn_2.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\3\0]
"Script"=ie.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\4\0]
"Script"=logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\5\0]
"Script"=setdns.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logoff\0\0]
"Script"=offInsert.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\0\0]
"Script"=AgentUnInstall.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\1\0]
"Script"=DNSSearch.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\2\0]
"Script"=ipid.vbe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\3\0]
"Script"=ie.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\4\0]
"Script"=logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\5\0]
"Script"=setdns.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDDec.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filehook.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProcHide.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\safandrv.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SDFA.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SFCDEX.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SFfolder.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SFKbd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SFMouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SFRes.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wfM18.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WWC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WwHook.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WWCnt\\WwcNT.exe"=
"c:\\WWCnt\\System\\Rdscrn.exe"= c:\\WWCNT\\System\\Rdscrn.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7100:TCP"= 7100:TCP:WWC
"7200:TCP"= 7200:TCP:WWC
"2810:TCP"= 2810:TCP:WWC

R0 FileHook;SAFASOFT File System Filter;c:\windows\system32\drivers\filehook.sys [7/29/2009 2:47 PM 46080]
R0 SFCDEX;WaterWall SFCDEX Filter;c:\windows\system32\drivers\sfcdex.sys [7/7/2009 8:04 AM 10240]
R1 PROCHIDE;ProcHide Driver;c:\windows\system32\drivers\ProcHide.sys [5/30/2008 7:20 AM 5632]
R1 Safandrv;Safandrv;c:\windows\system32\drivers\safandrv.sys [5/30/2008 7:20 AM 16191]
R1 SFkbd;SAFASOFT Keyboard Filter;c:\windows\system32\drivers\SFKbd.sys [5/30/2008 7:20 AM 4992]
R1 SFMouse;SAFASOFT Mouse Filter;c:\windows\system32\drivers\SFMouse.sys [5/30/2008 7:20 AM 5632]
R1 SFRes;SAFASOFT Resource Driver;c:\windows\system32\drivers\sfres.sys [5/30/2008 7:20 AM 34688]
R2 ADAgent;ADAgent;c:\program files\LGEAD\ADAgentService.exe [8/13/2008 4:36 PM 586752]
R2 SDFA;SDFA Driver;c:\windows\system32\drivers\SDFA.SYS [5/30/2008 7:20 AM 40960]
R2 SFfolder;SAFASOFT Encrpty Folder Driver;c:\windows\system32\drivers\SFFOLDER.SYS [5/30/2008 7:20 AM 35200]
R2 WWC;Ww Client 3.2 Agent;c:\wwcnt\WwcService.exe [6/2/2009 4:47 PM 233472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 11:44 AM 102448]
R3 WwHook;WwHook Port Driver;c:\windows\system32\drivers\WWHOOK.SYS [5/30/2008 7:20 AM 7867]
S0 cerc6;cerc6; [x]
S0 wfM18;wfM18;c:\windows\system32\Drivers\wfM18.sys --> c:\windows\system32\Drivers\wfM18.sys [?]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\lguser\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\lguser\LOCALS~1\Temp\aswArKrn.sys [?]
S3 FDDec;SAFASOFT Encrpty Mobile Driver;c:\windows\system32\drivers\FDDec.SYS [5/30/2008 7:20 AM 32384]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 7:33 PM 116464]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: lge.com
TCP: {A33C4699-B92C-407E-B4AC-344A394BCB77} = 136.166.10.50,136.166.10.51
DPF: {19A9C0F9-C5FB-46A0-8B6D-A9E2D2944FEF} - [You must be registered and logged in to see this link.]
DPF: {245DF0F9-179F-4027-875A-0493B21C204F} - [You must be registered and logged in to see this link.]
DPF: {6A70986F-6565-4D86-849C-4713E1E41AA2} - [You must be registered and logged in to see this link.]
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - [You must be registered and logged in to see this link.]
DPF: {B102CB47-BE39-4572-BD36-EB978A5FF76C} - [You must be registered and logged in to see this link.]
DPF: {DFA53E3E-E703-4B36-9EE7-82101A6A43CC} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\lguser\Application Data\Mozilla\Firefox\Profiles\ultj2jdw.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
SharedTaskScheduler-{1a96c885-c84b-43ae-9c99-cf9874dc1ecb} - c:\windows\system32\faguzeri.dll
SSODL-tudoramep-{1a96c885-c84b-43ae-9c99-cf9874dc1ecb} - c:\windows\system32\faguzeri.dll
SafeBoot-qxF53.sys
SafeBoot-qyG86.sys
SafeBoot-scK10.sys
SafeBoot-SFReg.sys
SafeBoot-tdL10.sys
SafeBoot-wfN32.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-26 20:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...


c:\windows\system32\wbem\Performance\WmiApRpl_new.ini 924 bytes

scan completed successfully
hȋdden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2424)
c:\wwcnt\SYSTEM\safaweb.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\CCM\CcmExec.exe
c:\wwcnt\SYSTEM\PMonitor.exe
c:\combofix\CF649.exe
c:\combofix\hidec.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
c:\combofix\mbr.cfxxe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-27 21:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-27 01:59
ComboFix2.txt 2009-10-23 00:12
ComboFix3.txt 2009-10-05 14:47
ComboFix4.txt 2009-09-25 06:12

Pre-Run: 2,356,129,792 bytes free
Post-Run: 2,330,292,224 bytes free

- - End Of File - - FDC112E66D91F9189FB069557FB96537

Jay Cee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 98
Joined : 2009-09-25
OS : XP
Points : 27068
# Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Belahzur on Tue Oct 27, 2009 7:49 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\windows\system32\lemuvene.dll
    c:\windows\system32\letitisi.dll
    c:\windows\system32\txvpkiry.tmp

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "sesemural"=-


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Wed Oct 28, 2009 1:30 am

========== FILES ==========
DllUnregisterServer procedure not found in c:\windows\system32\lemuvene.dll
c:\windows\system32\lemuvene.dll NOT unregistered.
c:\windows\system32\lemuvene.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\letitisi.dll
c:\windows\system32\letitisi.dll NOT unregistered.
c:\windows\system32\letitisi.dll moved successfully.
c:\windows\system32\txvpkiry.tmp moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sesemural not found.

OTM by OldTimer - Version 3.0.0.6 log created on 10272009_213308

Jay Cee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 98
Joined : 2009-09-25
OS : XP
Points : 27068
# Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Belahzur on Wed Oct 28, 2009 1:40 am

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Wed Oct 28, 2009 1:51 am

still acting up. Random popups every so often, nȯne that are for fake virus software tho. Also when I ran that command that you told me combofix had a popup that said a file was trying to attach itself to it. c:\WINDOWS\system32\gayuhiyu.dll

Jay Cee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 98
Joined : 2009-09-25
OS : XP
Points : 27068
# Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Belahzur on Thu Oct 29, 2009 12:08 am

Please re-download Combofix and run it again, something must be hiding.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Thu Oct 29, 2009 1:33 pm

ComboFix 09-10-28.06 - jcampanioni 10/29/2009 9:10.5.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.405 [GMT -4:00]
Running from: c:\documents and settings\lguser\Desktop\commy.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bawutitu.dll
c:\windows\system32\gejuloha.dll
c:\windows\system32\jayukara.dll
c:\windows\system32\miyebelu.dll
c:\windows\system32\vamoyilo.dll
c:\windows\system32\wagitiru.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Protect


((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-29 )))))))))))))))))))))))))))))))
.

2009-10-28 01:33 . 2009-10-28 01:33 -------- d-----w- C:\_OTM
2009-10-26 18:19 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-26 18:19 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 13:57 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-10-21 13:57 . 2009-09-04 21:03 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-10-21 12:36 . 2009-10-21 12:36 60744 ----a-w- c:\documents and settings\lguser\g2mdlhlpx.exe
2009-10-19 00:10 . 2009-10-19 00:10 -------- d-----w- c:\program files\a-squared HiJackFree
2009-10-05 19:28 . 2009-10-29 12:39 -------- d-----w- C:\WWNtuser
2009-10-05 19:28 . 2009-10-05 19:28 -------- d-----w- C:\WWCnt

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 13:21 . 2009-03-09 19:57 -------- d-----w- c:\program files\Symantec AntiVirus
2009-10-28 01:33 . 2009-09-17 18:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-22 12:21 . 2007-08-21 19:07 -------- d-----w- c:\program files\LGEAD
2009-10-21 12:36 . 2007-08-21 18:31 -------- d-----w- c:\program files\Citrix
2009-10-20 17:46 . 2007-08-21 18:31 -------- d-----w- c:\documents and settings\lguser\Application Data\ICAClient
2009-10-05 19:28 . 2007-08-21 18:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-29 15:31 . 2007-08-27 16:56 76304 ----a-w- c:\documents and settings\lguser\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-26 22:58 . 2009-09-26 22:58 -------- d-----w- c:\documents and settings\lguser\Application Data\Notepad++
2009-09-26 22:58 . 2009-09-26 22:58 -------- d-----w- c:\program files\Notepad++
2009-09-25 05:37 . 2008-04-14 12:00 667136 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-25 01:56 . 2009-09-25 01:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-11 14:18 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 14:56 . 2009-07-31 19:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-02 16:05 . 2007-10-12 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-26 08:00 . 2008-04-14 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 23:24 . 2007-08-21 17:54 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2007-08-21 17:54 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2007-08-21 17:54 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2007-08-21 17:54 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2008-04-14 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2007-08-21 17:54 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2007-08-21 17:54 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 23:52 . 2009-08-04 23:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13 . 2008-04-14 12:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2008-04-14 00:01 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-04-14 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6FC59230-01FC-49D4-978C-6875091F0B4E}"= "c:\program files\MarkAny\Document SAFER\madocmgr.dll" [2005-09-22 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logoff\0\0]
"Script"=offInsert.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\0\0]
"Script"=AgentUnInstall.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\1\0]
"Script"=DNSSearch.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\2\0]
"Script"=twLogOn_2.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\3\0]
"Script"=ie.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\4\0]
"Script"=logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-453973\Scripts\Logon\5\0]
"Script"=setdns.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logoff\0\0]
"Script"=offInsert.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\0\0]
"Script"=AgentUnInstall.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\1\0]
"Script"=DNSSearch.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\2\0]
"Script"=ipid.vbe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\3\0]
"Script"=ie.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\4\0]
"Script"=logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543426832-1914326140-3112152631-498307\Scripts\Logon\5\0]
"Script"=setdns.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDDec.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filehook.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProcHide.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\safandrv.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SDFA.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SFCDEX.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SFfolder.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SFKbd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SFMouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SFRes.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wfM18.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WWC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WwHook.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WWCnt\\WwcNT.exe"=
"c:\\WWCnt\\System\\Rdscrn.exe"= c:\\WWCNT\\System\\Rdscrn.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7100:TCP"= 7100:TCP:WWC
"7200:TCP"= 7200:TCP:WWC
"2810:TCP"= 2810:TCP:WWC

R0 FileHook;SAFASOFT File System Filter;c:\windows\system32\drivers\filehook.sys [7/29/2009 3:47 PM 46080]
R0 SFCDEX;WaterWall SFCDEX Filter;c:\windows\system32\drivers\sfcdex.sys [7/7/2009 9:04 AM 10240]
R1 PROCHIDE;ProcHide Driver;c:\windows\system32\drivers\ProcHide.sys [5/30/2008 8:20 AM 5632]
R1 Safandrv;Safandrv;c:\windows\system32\drivers\safandrv.sys [5/30/2008 8:20 AM 16191]
R1 SFkbd;SAFASOFT Keyboard Filter;c:\windows\system32\drivers\SFKbd.sys [5/30/2008 8:20 AM 4992]
R1 SFMouse;SAFASOFT Mouse Filter;c:\windows\system32\drivers\SFMouse.sys [5/30/2008 8:20 AM 5632]
R1 SFRes;SAFASOFT Resource Driver;c:\windows\system32\drivers\sfres.sys [5/30/2008 8:20 AM 34688]
R2 ADAgent;ADAgent;c:\program files\LGEAD\ADAgentService.exe [8/13/2008 5:36 PM 586752]
R2 SDFA;SDFA Driver;c:\windows\system32\drivers\SDFA.SYS [5/30/2008 8:20 AM 40960]
R2 SFfolder;SAFASOFT Encrpty Folder Driver;c:\windows\system32\drivers\SFFOLDER.SYS [5/30/2008 8:20 AM 35200]
R2 WWC;Ww Client 3.2 Agent;c:\wwcnt\WwcService.exe [6/2/2009 5:47 PM 233472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 12:44 PM 102448]
R3 WwHook;WwHook Port Driver;c:\windows\system32\drivers\WWHOOK.SYS [5/30/2008 8:20 AM 7867]
S0 cerc6;cerc6; [x]
S0 wfM18;wfM18;c:\windows\system32\Drivers\wfM18.sys --> c:\windows\system32\Drivers\wfM18.sys [?]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\lguser\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\lguser\LOCALS~1\Temp\aswArKrn.sys [?]
S3 FDDec;SAFASOFT Encrpty Mobile Driver;c:\windows\system32\drivers\FDDec.SYS [5/30/2008 8:20 AM 32384]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - SFCDEX_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - mchInjDrv
*Deregistered* - SFCDEX_2

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: lge.com
TCP: {A33C4699-B92C-407E-B4AC-344A394BCB77} = 136.166.10.50,136.166.10.51
DPF: {19A9C0F9-C5FB-46A0-8B6D-A9E2D2944FEF} - [You must be registered and logged in to see this link.]
DPF: {245DF0F9-179F-4027-875A-0493B21C204F} - [You must be registered and logged in to see this link.]
DPF: {6A70986F-6565-4D86-849C-4713E1E41AA2} - [You must be registered and logged in to see this link.]
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - [You must be registered and logged in to see this link.]
DPF: {B102CB47-BE39-4572-BD36-EB978A5FF76C} - [You must be registered and logged in to see this link.]
DPF: {DFA53E3E-E703-4B36-9EE7-82101A6A43CC} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\lguser\Application Data\Mozilla\Firefox\Profiles\ultj2jdw.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

BHO-{2828f345-8474-4701-b14b-277a5e112263} - miyebelu.dll
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-sesemural - c:\windows\system32\bawutitu.dll
HKLM-Run-kuvulunubu - jayukara.dll
SharedTaskScheduler-{46fb5f9e-e0af-4096-bda2-9947404ccd71} - c:\windows\system32\damozibu.dll
SharedTaskScheduler-{ae3a61fe-0ef3-49e4-bda7-bf5d9ff5e7c3} - c:\windows\system32\bawutitu.dll
SSODL-jiwiwetej-{46fb5f9e-e0af-4096-bda2-9947404ccd71} - c:\windows\system32\damozibu.dll
SSODL-kaheluhud-{ae3a61fe-0ef3-49e4-bda7-bf5d9ff5e7c3} - c:\windows\system32\bawutitu.dll
SafeBoot-PROTECT.sys
AddRemove-{1AA8D54D-73C3-4706-A8F5-B3ADDBCA0FA8}_is1 - c:\program files\LGEAD\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-29 09:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...


**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SFCDEX.sys atapi.sys pciide.sys
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

atapi.sys @ 0xF7429000 0x17900 bytes

\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0xF742F852 != 0xA8ED9D5E SFCDEX_2.sys
\Driver\atapi IRP hooks detected !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4020)
c:\wwcnt\SYSTEM\safaweb.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\CCM\CcmExec.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\msiexec.exe
c:\wwcnt\SYSTEM\PMonitor.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-10-29 9:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-29 13:33
ComboFix2.txt 2009-10-27 02:00

Pre-Run: 2,863,534,080 bytes free
Post-Run: 2,948,947,968 bytes free

- - End Of File - - 941DDD21B199021CFE1192045F10869D

Jay Cee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 98
Joined : 2009-09-25
OS : XP
Points : 27068
# Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Belahzur on Thu Oct 29, 2009 5:42 pm

Bad news.

Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Jay Cee on Thu Oct 29, 2009 6:34 pm

This is a work computer so I rarely do any personal stuff on it besides emails, facebook, etc. I can easily change those passwords. Should I just tell my IT department that malwarebytes found this virus and have them reformat it? They get pretty anal about stuff so I don't want to mention I went thru this site and downloaded numerous other programs in an effort to combat it myself.

Jay Cee
Intermediate
Intermediate

Status :
Online
Offline

Posts : 98
Joined : 2009-09-25
OS : XP
Points : 27068
# Likes : 0

View user profile

Back to top Go down

Re: Total Security Help Needed

Post by Belahzur on Thu Oct 29, 2009 8:49 pm

It's more than just a virus and reformat, this one has made a lot of damage that we can't repair.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum