Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help me remove Antivirus System Pro


  • Please log in to reply
2 replies to this topic

#1 surfcolo

surfcolo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 04 November 2009 - 02:33 PM

Antivirus system Pro keeps popping up. Here is the Malwarebytes log.
Please help me get my computer back.

Malwarebytes' Anti-Malware 1.41
Database version: 3099
Windows 5.1.2600 Service Pack 3

11/4/2009 12:05:48 PM
mbam-log-2009-11-04 (12-05-48).txt

Scan type: Quick Scan
Objects scanned: 113044
Time elapsed: 9 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINNT\system32\iehelper.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b6d223f6-c185-49a2-ba7e-a03e84744702} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b6d223f6-c185-49a2-ba7e-a03e84744702} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b6d223f6-c185-49a2-ba7e-a03e84744702} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINNT\system32\iehelper.dll (Trojan.Vundo.H) -> Delete on reboot.

BC AdBot (Login to Remove)

 


#2 surfcolo

surfcolo
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 04 November 2009 - 03:36 PM

Here is the Rootrepeal log

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/04 13:07
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINNT\System32\Drivers\dump_atapi.sys
Address: 0xB16D0000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINNT\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79F1000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal[1].sys
Image Path: C:\WINNT\system32\drivers\rootrepeal[1].sys
Address: 0xB0686000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\policy.mtx
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\-80592870_1257364332,114e4459ba87fa6,ce_software_antivirus,;;kw=;dcopt=ist;tile=1;ord1=395860;sz=728x90;contx=ce_software_antivirus;btg=;ord=%206170756004649353[1]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\01[1]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\0BPU1CANNNDLQCALT5BL4CA3MVLJJCAYYDK4ACA1EJ9JDCA7EM70UCAGXSYZWCAVROHB3CAEW1SM0CASGK1ASCAE67AZHCA64S081CADMVICNCAGN1KD2CAD700OHCAM0HHA1CACJIS93CAOCR7F1CARCTBQ9.htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\1472_magglass[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\1stBank_logo_180x150[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\5XC61CABD6BATCAV3OQXRCAH9M6W6CA1FK4ODCAM1XSXOCAPEIPIBCA7KNP7ICALCS2KUCAQL0RI0CAG9F8ETCA9C5B66CAHM3PEFCA535W3OCA9YCJHLCAFU6F1ECAA6IMH4CAAVVBDPCAWW98Z0CAXNKEN1.htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\image32[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\image[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\imgad[1].jpg
Status: Invisible to the Windows API!

Path: c:\documents and settings\owner\local settings\temporary internet files\content.ie5\5ezwq9hs\index[1].htm
Status: Size mismatch (API: 24435, Raw: 37478)

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\index[1].php%253Fshowtopic%253D171335%2526hl%253Dantivirus+system+pro
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\index[2].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\index[2].php%253Fshowtopic%253D171335%2526hl%253Dantivirus+system+pro
Status: Invisible to the Windows API!

Path: c:\documents and settings\owner\local settings\temporary internet files\content.ie5\5ezwq9hs\index[3].htm
Status: Size mismatch (API: 40061, Raw: 15563)

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\bg_girl_names[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\bg_topslot[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\bkg_gls_lt[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\blank[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\bleepingcomputer.com[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\bottom_topics[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\btnScan[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\btn_search_purp[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\but_visurl[2].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\CA1T28VA
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\CA1XCDH6
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\CA7ZT1BC
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\CAGTRW2K
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\calen[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\callout1over[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\CAVJ3WES
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\spyware-navbar[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\srad-6a[2].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\stat_sql[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\step3[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\style[1].css
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\tiffany-summers-150x150[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\tile_back[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\tile_sub[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\tile_sub[2].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\forum103-120[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\forum103-30[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\forum103-60[2].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\freedom_ip_video_160x600[1].swf
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\func_9783[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\FVYTECA82X5V6CA9IZCYDCAL9UIZACAHTOESYCAMWX313CAXSOJSMCAXI9RK1CAA1KQRVCAU7V5GDCAR420ZVCACAR6VBCAJ7JSDZCAZGW48DCAWKIH0GCA5XZ8RXCAAJHOAICA1ZU1H0CAB54TSMCA3ET76Y.htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\fx_9771[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\f_norm[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\f_norm_no[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\gadget_suggest_window[1]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\GANZTCAGFY37PCAW5XT5BCAC1FXT5CAKC1584CATXG62YCA5O742MCA6IV9TPCAE33FUVCA55E091CAOXLHE7CAUWBOE3CA4QW2Y6CAXXR644CA9WQ6JBCAGC4OQMCA40L6ROCACQIRT4CADRS0CKCA0Q3H79.htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\gender_mystery[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\pip[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\pixel[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\pixel[2].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\portrait[1]
Status: Invisible to the Windows API!

Path: c:\documents and settings\owner\local settings\temporary internet files\content.ie5\5ezwq9hs\p[1].txt
Status: Size mismatch (API: 1631, Raw: 3508)

Path: c:\documents and settings\owner\local settings\temporary internet files\content.ie5\5ezwq9hs\p[2].txt
Status: Size mismatch (API: 330, Raw: 1476)

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\p[3].txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\Q78YYCA5IL53CCA1JB919CA60UNVTCACI7XNZCACFIRG4CAZWA3L1CATFNY7YCAKL1D1RCAQKRW1PCA79NX0NCA645OJDCANQ5QU9CAD9IH8QCA1PQ06GCAKIJFCVCAY1GJSKCAUX4RU7CA4Y7F4ECA3HAY3E.htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\QHZ6YCA1NB16XCAMPXSHPCA8A9JP7CA3D587KCAFDRCZ1CA80O2UJCAA0S2C8CA024KQ9CAYWDLB6CA3L9I7HCAX3MOLYCAAGAA7KCAX2Y7JYCA2AF7DMCA59LX3WCAKCYM2JCAHM6HS3CAYALC0BCA1VCIT0.htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\reflections_hp[1].swf
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\reflections_hp_pt1[1].flv
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\remove-antivirus-pro-2010[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\7-small[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\CAXEAC05
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\general;net=ns;u=ns-4627453_1257360335,114e4459ba87fa6,Miscellaneous,;;kw=;tile=1;ord1=47871;sz=300x250,300x600;contx=Miscellaneous;btg=;ord=9942412211861906[1]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\rte-underlined[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\topic41987[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\universal[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\unlimited-adult-videos[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\user-offline[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\user[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\utility_nav_corner[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\viagra_com[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\wbk2D.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\wbk2F.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\wbk3B.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\wbkD.tmp
Status: Invisible to the Windows API!

Path: c:\documents and settings\owner\local settings\temporary internet files\content.ie5\5ezwq9hs\what-is-ctfmonexe-and-why-is-it-running[2]
Status: Size mismatch (API: 6666, Raw: 6667)

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\whistling[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\xp-small[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\ya_fp_youquot_x1_300x250_q409_v1[1].swf
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\Z5LUKCAGAWPPPCAJHNSWMCAGMGHQNCAF3OYF0CAAC61MXCA4WU9IRCAJO8ZAQCAZXZL7MCAUDDD8NCAKCNY8XCAVE4JZ4CAP9UGARCARUDDXECAQCWCGNCA4A0BH6CAAO51JDCANYN8HDCAGE23LSCA5ZJ0YA.htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\zoomwidth[1]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\logo[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\Logo_25wht[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\logo_va[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\look[1].jsp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\mag-glass_10x10[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\menubg[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\mindflex-game[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\mswn_com[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\nav[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\nav_logo7[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\pagenavi-css[1].css
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\pha_banner[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\alert-icon[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\al[5].asp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\arrow_down[2].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\av-26513[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\av-3[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\background_gradient[1]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\CAXFBZBL
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\CAYJ21H3
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\chat-live-girls[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\comment-reply[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\crazy[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\cs_page[1].gif
Status: Invisible to the Windows API!

Path: c:\documents and settings\owner\local settings\temporary internet files\content.ie5\5ezwq9hs\door[1].jsp
Status: Size mismatch (API: 12840, Raw: 21794)

Path: c:\documents and settings\owner\local settings\temporary internet files\content.ie5\5ezwq9hs\door[2].jsp
Status: Size mismatch (API: 14326, Raw: 22940)

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\dots_footer[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\email-48[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\favcenter[2]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\feed-icon[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\feed[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\flags[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\ips_text_editor_lite[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\i[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\jackie-ashe-150x150[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\jasmine-150x150[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\jquery[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\keyboard_ninja2[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\KQK1WCAITKC0JCAR111NKCASVJEO2CAW9SPO9CA3HECVWCAIYRNYRCAFVCMIICA1M1EK2CAMXOB7ECAQNUUCYCAIMR0F9CAORJ5Y1CAR3NS9FCAP31IWKCA7T1G6ECAGSN93MCAM9U6DACAUM1O9WCAHG5CF0.htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\leftmost[1]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\leftmost_disabled[1]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\LFDUGCAG8X5E8CAXCZP2PCAJQH91ECALZ4UPJCAVQ209XCABH6YKTCA2J5IWKCAJ7VEKVCA0XDJADCA1GG8FSCAA2AGNCCAXXL86YCARG1GWWCAZ1L6VJCAPA3WDACADI3H3ECAOL8CIMCA2QYMH5CACKTJTL.htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\livesearch_script[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\live[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\loading_anim[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\login-button[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\adultdotcom[1].htm
Status: Invisible to the Windows API!

Path: c:\documents and settings\owner\local settings\temporary internet files\content.ie5\5ezwq9hs\ad[1]
Status: Size mismatch (API: 1727, Raw: 2312)

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\ad[2]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\ad[3]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\ad[4]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\ad[5]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\toolbar_logo[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\tools[1]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\topic182397[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\topic265344[1].htm
Status: Invisible to the Windows API!

Path: c:\documents and settings\owner\local settings\temporary internet files\content.ie5\5ezwq9hs\topic268623[1].html
Status: Size mismatch (API: 6690, Raw: 6695)

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\topic268715[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\topic268762[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\topic269113[1].html
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\topic269136[1].htm
Status: Invisible to the Windows API!

Path: c:\documents and settings\owner\local settings\temporary internet files\content.ie5\5ezwq9hs\topic269136[1].html
Status: Size mismatch (API: 6690, Raw: 6689)

Path: c:\documents and settings\owner\local settings\temporary internet files\content.ie5\5ezwq9hs\topic269136[2].html
Status: Size mismatch (API: 6697, Raw: 6696)

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\topic41975[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\H1FY4CA1ZSOWCCA1I6OOHCA0BRIMQCAX0QMLICA91FIJVCAZI206VCAYHPZ1ACAKW5P5TCA4CI1A8CAQI1CHACAM84U4GCAPXN7RPCAMFXVUKCA5XKA3ICA5Q0BN0CAG4ERNWCA7UJHGACA2BR1K4CA161308.htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\harms357[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\I18N_9432[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\icon-secondary-espanol[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\icon5[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\icon6[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\icon7[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\image28[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\resize_vertical[1]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\results-page[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\rte-bbcode-help-sm[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\rte-code-button[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\rte-italic[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\rte-list[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\rte-quote-button[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\rte-toggle-html[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\rte-toggle-options[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\rte_dots[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\s-18973203_1257364331,114e4459ba87fa6,ce_software_antivirus,;;kw=;dcopt=ist;tile=1;ord1=53103;sz=728x90;contx=ce_software_antivirus;btg=;ord=%206170756004649353[1]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\sa1070[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\scanning[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5EZWQ9HS\scriptaculous[1].js
Status: Invisible to the Windows API!

Path: c:\documents and settings\owner\local settings\temporary internet files\contentSSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINNT\system32\drivers\pwipf6.sys" at address 0xb1d65820

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a1bafa8

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINNT\system32\drivers\pwipf6.sys" at address 0xb1d65d10

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINNT\system32\drivers\pwipf6.sys" at address 0xb1d644b0

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINNT\system32\drivers\pwipf6.sys" at address 0xb1d65480

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINNT\system32\drivers\pwipf6.sys" at address 0xb1d660c0

#: 047 Function Name: NtCreateProcess
Status: Hooked by "<unknown>" at address 0x8a1d3458

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINNT\system32\drivers\pwipf6.sys" at address 0xb1d66a50

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINNT\system32\drivers\pwipf6.sys" at address 0xb1d66320

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINNT\system32\drivers\pwipf6.sys" at address 0xb1d66620

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINNT\system32\drivers\pwipf6.sys" at address 0xb1d64f60

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINNT\system32\drivers\pwipf6.sys" at address 0xb1d62dd0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINNT\system32\drivers\pwipf6.sys" at address 0xb1d62f60

#: 066 Function Name: NtDeviceIoControlFile
Status: Hooked by "C:\WINNT\system32\drivers\pwipf6.sys" at address 0xb1d65090

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINNT\system32\drivers\pwipf6.sys" at address 0xb1d647c0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINNT\system32\drivers\pwipf6.sys" at address 0xb1d63140

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINNT\system32\drivers\pwipf6.sys" at address 0xb1d64a70

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINNT\system32\drivers\pwipf6.sys" at address 0xb1d656b0

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "<unknown>" at address 0x8a1b4190

#: 186 Function Name: NtReadVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a1baeb8

#: 192 Function Name: NtRenameKey
Status: Hooked by "<unknown>" at address 0x8a1d2080

#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINNT\system32\drivers\pwipf6.sys" at address 0xb1d63400

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINNT\system32\drivers\pwipf6.sys" at address 0xb1d65ee0

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8a1b4280

#: 226 Function Name: NtSetInformationKey
Status: Hooked by "<unknown>" at address 0x8a1be080

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8a18f140

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x8a1b42f8

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINNT\system32\drivers\pwipf6.sys" at address 0xb1d62c00

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8a1aab30

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8a1b4208

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINNT\system32\drivers\pwipf6.sys" at address 0xb1d62ab0

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINNT\system32\drivers\pwipf6.sys" at address 0xb1d632c0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a1baf30

Stealth Objects
-------------------
Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE]
Process: System Address: 0x89dc9718 Size: 1655

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x89dc96a0 Size: 1775

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLOSE]
Process: System Address: 0x89dc9628 Size: 1895

Object: Hidden Code [Driver: Tcpip, IRP_MJ_READ]
Process: System Address: 0x89dc95b0 Size: 2015

Object: Hidden Code [Driver: Tcpip, IRP_MJ_WRITE]
Process: System Address: 0x89dc9538 Size: 2135

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89dc94c0 Size: 2255

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89dc9448 Size: 2375

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_EA]
Process: System Address: 0x89dc93d0 Size: 2495

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_EA]
Process: System Address: 0x89dc9358 Size: 2615

Object: Hidden Code [Driver: Tcpip, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89dc92e0 Size: 2735

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89dc9268 Size: 2855

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89dc0020 Size: 722

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89dc0fa8 Size: 89

Object: Hidden Code [Driver: Tcpip, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89dc0f30 Size: 209

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89dc0eb8 Size: 329

Object: Hidden Code [Driver: Tcpip, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89dc0e40 Size: 449

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89dc0dc8 Size: 569

Object: Hidden Code [Driver: Tcpip, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89dc0d50 Size: 689

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLEANUP]
Process: System Address: 0x89dc0cd8 Size: 809

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x89dc0c60 Size: 929

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89dc0be8 Size: 1049

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89dc0b70 Size: 1169

Object: Hidden Code [Driver: Tcpip, IRP_MJ_POWER]
Process: System Address: 0x89dc0af8 Size: 1289

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89dc0a80 Size: 1409

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x89dc0a08 Size: 1529

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89dc0990 Size: 1649

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89dc0918 Size: 1769

Object: Hidden Code [Driver: Tcpip, IRP_MJ_PNP]
Process: System Address: 0x89dc08a0 Size: 1889

Shadow SSDT
-------------------
#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "<unknown>" at address 0x89c73568

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0x89c73400

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "<unknown>" at address 0x89c734f0

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "<unknown>" at address 0x89c73478

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "<unknown>" at address 0x89c836f8

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "<unknown>" at address 0x89c83680

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "<unknown>" at address 0x89c83608

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINNT\system32\drivers\pwipf6.sys" at address 0xb1d63fd0

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "<unknown>" at address 0x89c69388

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "<unknown>" at address 0x89c83770

==EOF==

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:35 AM

Posted 04 November 2009 - 04:12 PM

Hello, please do these now...

Next run ATF and SAS:
Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Please ask any needed questions,post 2 logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users