Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm infected with hupigon.huap and I'd really love some help please!!


  • Please log in to reply
9 replies to this topic

#1 Jackie46

Jackie46

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 01 December 2009 - 05:23 AM

Hi

I seem to be infected with win32.hupigon.huap...

I'm running Windows XP, Mozilla Firefox and have been struggling for the last 3 days to try and fix this to no avail, could sure use a bit of help if possible :thumbsup:) before I lose all my hair.

I'm running PCGuard which finds this thing on my pc twice every time I start the pc up. It can't disinfect but deletes. I've downloaded, installed and run Malware Bytes which doesn't find anything after Virus Scan has run. Tried to do a scan with Kaspersky online scanner but it's unavailable at the moment.

Does anyone have any other ideas, in simple terms cos I'm a bit of a technophobe :flowers:)

Thanks for reading
Jackie

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:56 AM

Posted 01 December 2009 - 04:55 PM

Please run your PCGuard scan from safe mode. post that log,

Then run this ESET scan..
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Jackie46

Jackie46
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 02 December 2009 - 05:24 AM

OK here is the log from PC scan, off to do the other bits now - many thanks for you help

Master Boot Records and Fixed Disk Boot Sectors
Scanned 3 Master Boot Record(s) for viruses.

Your Master Boot Record(s)/Boot Sector(s) are not infected.

Files
Drive C:\
C:\Documents and Settings\Compaq_Owner.YOUR-83DAFB4529\My Documents\My Pictures\crafting\Boxes,things to fold,TEMPLATES\5x7Box.exe

Some parts of this file could not be scanned because they are password protected. The real-time protection will automatically scan these parts when they are accessed.
C:\Documents and Settings\Compaq_Owner.YOUR-83DAFB4529\My Documents\My Pictures\crafting\Boxes,things to fold,TEMPLATES\5x7Envelope.exe

Some parts of this file could not be scanned because they are password protected. The real-time protection will automatically scan these parts when they are accessed.
C:\Program Files\InstallShield Installation Information\{0B0F82AB-5B9A-4B9F-96EF-74E1FD85F01F}\RPS SafeConnect.msi

Some parts of this file could not be scanned because they are password protected. The real-time protection will automatically scan these parts when they are accessed.
C:\System Volume Information\_restore{37140189-68D5-4F78-8B0D-62A7FA0524E0}\RP2\A0000867.exe

Viruses detected: Backdoor.Win32.Hupigon.huap
Action taken: File could not be disinfected. File was deleted instead.
C:\System Volume Information\_restore{37140189-68D5-4F78-8B0D-62A7FA0524E0}\RP6\A0001099.exe

Viruses detected: Backdoor.Win32.Hupigon.huap
Action taken: File could not be disinfected. File was deleted instead.
Files scanned: 173843
Infected files: 2
Disinfected files: 0
Deleted files: 2
Files unable to scan: 3
Report Summary
Files scanned: 173843
Total infected files: 2
Total disinfected files: 0
Total deleted files: 2
Total files unable to scan: 3
Anti-Virus engine status
Last update: 01/12/2009 11:52:37
Virus definition file: 1259602740

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:56 AM

Posted 02 December 2009 - 11:18 AM

Ok this one removed it . Let's see if it shows in ESET.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Jackie46

Jackie46
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 03 December 2009 - 03:05 AM

Hi
Sorry for the delay, I had to be out most of the day yesterday. The ESET online scan came back clear but I have just run PC guard again this morning and it's back again!!

This is the log from this morning....


PCguard Anti-Virus
Fast Scan Report (03/12/2009 07:33:20)
Master Boot Records and Fixed Disk Boot Sectors
Scanned 3 Master Boot Record(s) for viruses.

Your Master Boot Record(s)/Boot Sector(s) are not infected.

Files
Drive C:\
C:\Documents and Settings\Compaq_Owner.YOUR-83DAFB4529\My Documents\My Pictures\crafting\Boxes,things to fold,TEMPLATES\5x7Box.exe

Some parts of this file could not be scanned because they are password protected. The real-time protection will automatically scan these parts when they are accessed.
C:\Documents and Settings\Compaq_Owner.YOUR-83DAFB4529\My Documents\My Pictures\crafting\Boxes,things to fold,TEMPLATES\5x7Envelope.exe

Some parts of this file could not be scanned because they are password protected. The real-time protection will automatically scan these parts when they are accessed.
C:\Program Files\InstallShield Installation Information\{0B0F82AB-5B9A-4B9F-96EF-74E1FD85F01F}\RPS SafeConnect.msi

Some parts of this file could not be scanned because they are password protected. The real-time protection will automatically scan these parts when they are accessed.
C:\System Volume Information\_restore{37140189-68D5-4F78-8B0D-62A7FA0524E0}\RP2\A0000867.exe

Viruses detected: Backdoor.Win32.Hupigon.huap
Action taken: File could not be disinfected. File was deleted instead.
C:\System Volume Information\_restore{37140189-68D5-4F78-8B0D-62A7FA0524E0}\RP6\A0001099.exe

Viruses detected: Backdoor.Win32.Hupigon.huap
Action taken: File could not be disinfected. File was deleted instead.
Files scanned: 178972
Infected files: 2
Disinfected files: 0
Deleted files: 2
Files unable to scan: 3
Report Summary
Files scanned: 178972
Total infected files: 2
Total disinfected files: 0
Total deleted files: 2
Total files unable to scan: 3
Anti-Virus engine status
Last update: 02/12/2009 21:05:10
Virus definition file: 1259760360
File generated by PCguard Anti-Virus


I'm thinking something must still be there which shouldn't be! Does anyone have any idea???

Thanks for your help this far

Jackie

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:56 AM

Posted 03 December 2009 - 01:19 PM

Ok then... We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Jackie46

Jackie46
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 04 December 2009 - 01:14 PM

Thanks for your continued guidance. I ran RootRepeal overnight last night, saved the log which I'll copy. I then ran PCGuard with System Restore turned off, it came back clear. I rebooted the pc and ran PCGuard again, still all clear! I turned System Restore back on and created a "clean restore" point. After restarting the pc and again running PCGuard and again getting the all clear, I ran SpyBot, MalwareBytes ans Super AntiSpyware..all showing clear. Does this mean I am now infection free? Can you recommend anything else I need to add to my list of programmes?

PCGuard
Spybot
MalwareBytes
Super AntiSpyware
Windows Defender
Firefox with Key Scrambler add-on

If I am now free of the "nasties", many many thanks for your help

Jackie

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/03 18:39
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEE393000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B0E000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEC02B000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\windows\system32\drivers\fidbox.dat
Status: Size mismatch (API: 142008864, Raw: 141990944)

Path: C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a
Status: Locked to the Windows API!

Path: c:\program files\virgin broadband\pcguard\safeconnect\profile\c__windows_system32_svchost.exe.ndb
Status: Size mismatch (API: 8716, Raw: 8500)

Path: c:\program files\virgin broadband\pcguard\safeconnect\profile\c__windows_system32_svchost.exe.ndb_ndb.bak
Status: Size mismatch (API: 8500, Raw: 8446)

Path: c:\program files\virgin broadband\pcguard\safeconnect\profile\c__program files_mozilla firefox_firefox.exe.ndb
Status: Size mismatch (API: 28804, Raw: 28696)

Path: c:\program files\virgin broadband\pcguard\safeconnect\profile\c__program files_mozilla firefox_firefox.exe.ndb_ndb.bak
Status: Size mismatch (API: 28696, Raw: 27724)

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\1.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\10.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\101.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\103.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\105.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\107.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\109.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\11.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\111.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\114.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\116.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\118.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\119.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\12.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\120.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\123.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\124.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\125.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\126.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\127.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\128.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\13.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\130.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\131.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\132.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\133.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\134.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\135.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\136.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\137.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\138.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\139.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\14.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\140.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\141.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\142.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\143.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\144.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\145.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\146.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\147.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\148.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\149.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\15.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\150.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\151.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\153.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\154.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\155.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\156.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\157.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\158.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\159.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\16.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\160.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\161.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\162.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\163.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\164.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\165.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\166.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\167.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\168.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\169.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\17.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\170.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\171.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\172.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\173.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\174.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\175.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\176.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\177.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\178.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\179.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\18.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\180.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\181.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\182.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\183.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\184.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\185.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\186.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\187.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\188.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\189.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\19.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\190.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\191.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\192.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\193.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\194.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\195.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\196.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\197.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\198.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\199.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\2.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\20.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\200.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\201.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\202.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\203.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\204.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\206.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\21.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\210.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\211.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\212.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\22.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\23.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\231.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\233.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\235.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\236.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\24.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\240.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\245.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\25.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\254.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\255.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\256.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\257.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\258.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\259.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\26.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\260.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\261.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\262.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\263.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\27.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\273.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\274.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\275.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\276.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\28.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\283.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\29.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\290.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\3.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\30.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\31.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\32.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\324.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\33.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\338.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\34.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\340.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\341.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\342.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\343.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\345.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\348.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\349.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\35.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\350.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\351.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\352.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\353.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\354.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\355.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\356.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\357.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\358.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\359.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\36.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\360.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\361.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\362.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\363.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\364.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\365.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\366.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\367.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\368.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\369.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\37.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\370.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\371.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\372.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\373.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\374.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\375.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\376.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\377.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\378.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\379.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\38.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\380.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\381.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\382.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\383.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Malwareprofile\temp\384.mpdb
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Virgin SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys" at address 0xf79318b0

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee439930

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee439aa0

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee43a540

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee43a190

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee43ae20

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee439d60

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee4382a0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys" at address 0xf79318e0

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee43a370

#: 173 Function Name: NtQuerySystemInformation
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee43aad0

#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee43add0

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee43b150

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee43b770

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee43f160

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee436ec0

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee43ad80

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee438600

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xee4f10b0

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys" at address 0xf7931a30

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys" at address 0xf7931ad0

Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee4384d0

#: 378 Function Name: NtUserFindWindowEx
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee437e70

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys" at address 0xf7931450

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys" at address 0xf79313c0

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys" at address 0xf7931400

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee437d70

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee43b550

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee437e20

#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee437300

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys" at address 0xf7931340

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee43b5a0

==EOF==

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:56 AM

Posted 04 December 2009 - 03:17 PM

Ok looks great, You have a new clean restore so goo to go. I may add Spywareblaster - prevents spyware from being installed on your PC.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Jackie46

Jackie46
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 05 December 2009 - 01:38 AM

Hi

I've just installed "SpywareBlaster"...again many thanks for your help...I guess this topic can now be closed

Jackie

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:56 AM

Posted 05 December 2009 - 11:55 AM

You're most welcome Jackie,as new malware is getting stronger and harder to remove, please take a moment to read quietman7's excellent prevention tips in post 6 here
Click >>>> Tips to protect yourself against malware:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users