Attached Files
-
Hijack_Analysis_Report.txt 7.6KB
387 downloads
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
[Closed] Hijack logfile
Started by
freedomjames
, Oct 16 2009 10:27 AM
-
This topic is locked
10 replies to this topic
#1
freedomjames
-
- New Member
-
- 4 posts
New Member
Posted 16 October 2009 - 10:27 AM
Register to Remove
#2
extremeboy
-
- Authentic Member
-
- 1,433 posts
Retired WTT Malware Disintegrator Teacher
Posted 17 October 2009 - 03:09 PM
Hello and welcome to WhatTheTech.
If you still require help, please follow the instructions mentioned here: http://forums.whatth...rs_t106388.html so I can see the current condition of your machine.
Post the logs once done and please provide an update of the condition of your system for me.
With Regards,
Extremeboy
If you still require help, please follow the instructions mentioned here: http://forums.whatth...rs_t106388.html so I can see the current condition of your machine.
Post the logs once done and please provide an update of the condition of your system for me.
With Regards,
Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
The help you receive here is free. If you wish to show your appreciation, you may wish to
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
The help you receive here is free. If you wish to show your appreciation, you may wish to
#3
extremeboy
-
- Authentic Member
-
- 1,433 posts
Retired WTT Malware Disintegrator Teacher
Posted 20 October 2009 - 02:22 PM
Hello.
Are you still there?
If you are please follow the instructions in my previous post.
If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.
Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.
Thanks for understanding.
With Regards,
Extremeboy
Are you still there?
If you are please follow the instructions in my previous post.
If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.
Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.
Thanks for understanding.
With Regards,
Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
The help you receive here is free. If you wish to show your appreciation, you may wish to
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
The help you receive here is free. If you wish to show your appreciation, you may wish to
#4
freedomjames
-
- New Member
-
- 4 posts
New Member
Posted 20 October 2009 - 10:46 PM
Extremeboy, thanks for your help, i haven't had time to do all the things in your reply i will try to get all info up tomorrrow, thanks FreedomJames
#5
extremeboy
-
- Authentic Member
-
- 1,433 posts
Retired WTT Malware Disintegrator Teacher
Posted 21 October 2009 - 02:31 PM
Okay. Thanks for letting me know.
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
The help you receive here is free. If you wish to show your appreciation, you may wish to
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
The help you receive here is free. If you wish to show your appreciation, you may wish to
#6
freedomjames
-
- New Member
-
- 4 posts
New Member
Posted 22 October 2009 - 09:27 PM
extremeboy, here are the attatchments. I hope i did it all right
.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-06-26.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/4/2007 7:02:34 PM
System Uptime: 10/22/2009 5:40:42 PM (4 hours ago)
Motherboard: Intel Corporation | | D845GRG
Processor: Intel® Pentium® 4 CPU 2.00GHz | J2E1 | 1999/100mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 38 GiB total, 28.429 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_4000107B&REV_82\4&29817089&0&40F0
Manufacturer: Intel
Name: Intel® PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_4000107B&REV_82\4&29817089&0&40F0
Service: E100B
==== System Restore Points ===================
==== Installed Programs ======================
2Wire Wireless Client
4300
4300_Help
4300Trb
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player
Advanced SystemCare 3
AiO_Scan_CDA
AiOSoftwareNPI
AVG Free 8.5
Avira AntiVir Personal - Free Antivirus
BitTorrent
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
Do More 6.0
DocProc
DocumentViewer
DocumentViewerQFolder
ERUNT 1.1j
eSupportQFolder
Fax_CDA
Form Fill (Windows Live Toolbar)
Full Tilt Poker
Gateway Desktop Manager
Gateway Drivers and Applications Recovery
Gateway IE Customizations
Gateway Power Management
Google Toolbar for Internet Explorer
GTW V.92 Voicemodem
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Document Viewer 6.1
HP Extended Capabilities 6.1
HP Imaging Device Functions 6.1
HP PSC & OfficeJet 6.1.A
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
HPProductAssistant
Intel® 845G Chipset Graphics Driver Software
Intel® PRO Ethernet Adapter and Software
Interlok driver setup x32
IObit Security 360 Beta 2.2
Java™ SE Runtime Environment 6 Update 1
kSolo Recorder
Logitech® Camera Driver
Map Button (Windows Live Toolbar)
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Search Enhancement Pack
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
NewCopy_CDA
OneCare Advisor (Windows Live Toolbar)
PanoStandAlone
Popup Blocker (Windows Live Toolbar)
ProductContextNPI
QuickTime
Readme
Scan
ScannerCopy
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Smart Menus (Windows Live Toolbar)
SolutionCenter
Status
Tabbed Browsing (Windows Live Toolbar)
Toolbox
TrayApp
Uninstall Startup Inspector
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
==== End Of File ===========================
Run by Owner at 21:46:42.89 on Thu 10/22/2009
Internet Explorer: 8.0.6001.18702
============== Pseudo HJT Report ===============
uStart Page = hxxp://my.yahoo.com/
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Yahoo! Bingo - hxxp://download2.games.yahoo.com/games/clients/y/xt0_x.cab
DPF: Yahoo! Pool 2 - hxxp://origin.games.yahoo.net/games/clients/y/poti_x.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170659879437
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170699973109
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2009-10-15 13:46 <DIR> --d----- c:\docume~1\owner\applic~1\BitTorrent
2009-10-15 13:46 <DIR> --d----- c:\program files\BitTorrent
2009-10-12 13:09 <DIR> --dsh--- c:\documents and settings\owner\PrivacIE
2009-10-12 13:08 <DIR> --dsh--- c:\documents and settings\owner\IECompatCache
2009-10-12 12:54 <DIR> --dsh--- c:\documents and settings\owner\IETldCache
2009-10-12 12:45 100,352 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-10-12 12:43 <DIR> --d----- c:\windows\ie8updates
2009-10-12 12:40 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-10-12 12:40 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-10-12 12:40 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-12 12:40 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-10-12 12:40 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-10-12 12:40 11,069,440 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-10-12 12:33 <DIR> -cd-h--- c:\windows\ie8
2009-10-12 12:19 <DIR> --d----- c:\docume~1\owner\applic~1\Windows Desktop Search
2009-10-12 12:17 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-10-12 12:17 <DIR> --d----- c:\program files\Windows Desktop Search
==================== Find3M ====================
2009-09-11 09:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-04 16:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 03:08 916,480 a------- c:\windows\system32\wininet.dll
2009-08-26 03:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-22 08:23 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 20:44 2,189,184 a------- c:\windows\system32\ntoskrnl.exe
2009-08-04 09:20 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2008-07-06 14:29 53,248 ac------ c:\documents and settings\owner\lametritonus_en.dll
2008-07-06 14:29 162,304 ac------ c:\documents and settings\owner\lame_enc_en.dll
============= FINISH: 21:52:32.07 ===============
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/22 22:04
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: 2WirePCP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\2WirePCP.sys
Address: 0xF9516000 Size: 62848 File Visible: - Signed: -
Status: -
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF9277000 Size: 187776 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xF09F9000 Size: 138496 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0xF922F000 Size: 96512 File Visible: - Signed: -
Status: -
Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -
Name: audstub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xF98F4000 Size: 3072 File Visible: - Signed: -
Status: -
Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xF04E6000 Size: 328576 File Visible: - Signed: -
Status: -
Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xF9656000 Size: 21120 File Visible: - Signed: -
Status: -
Name: avgtdix.sys
Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys
Address: 0xF0A43000 Size: 101888 File Visible: - Signed: -
Status: -
Name: avipbb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Address: 0xF0565000 Size: 69632 File Visible: - Signed: -
Status: -
Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF980C000 Size: 4224 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF96D6000 Size: 12288 File Visible: - Signed: -
Status: -
Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF0890000 Size: 63744 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xF94B6000 Size: 62976 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF9306000 Size: 53248 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: disk.sys
Address: 0xF92F6000 Size: 36352 File Visible: - Signed: -
Status: -
Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF94E6000 Size: 61440 File Visible: - Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF0928000 Size: 12288 File Visible: - Signed: -
Status: -
Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -
Status: -
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/22 22:04
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Processes
-------------------
Path: System
PID: 4 Status: -
Path: C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
PID: 160 Status: -
Path: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PID: 220 Status: -
Path: C:\WINDOWS\system32\alg.exe
PID: 264 Status: -
Path: C:\WINDOWS\system32\svchost.exe
PID: 396 Status: -
Path: C:\WINDOWS\system32\smss.exe
PID: 584 Status: -
Path: C:\WINDOWS\system32\notepad.exe
PID: 632 Status: -
Path: C:\WINDOWS\system32\searchindexer.exe
PID: 644 Status: -
Path: C:\WINDOWS\system32\csrss.exe
PID: 656 Status: -
Path: C:\WINDOWS\system32\winlogon.exe
PID: 680 Status: -
Path: C:\WINDOWS\system32\services.exe
PID: 724 Status: -
Path: C:\WINDOWS\system32\lsass.exe
PID: 736 Status: -
Path: C:\WINDOWS\system32\svchost.exe
PID: 880 Status: -
Path: C:\WINDOWS\system32\svchost.exe
PID: 956 Status: -
Path: C:\Program Files\Internet Explorer\iexplore.exe
PID: 992 Status: -
Path: C:\WINDOWS\system32\svchost.exe
PID: 1052 Status: -
Path: C:\WINDOWS\system32\svchost.exe
PID: 1140 Status: -
Path: C:\WINDOWS\system32\svchost.exe
PID: 1308 Status: -
Path: C:\WINDOWS\system32\spoolsv.exe
PID: 1496 Status: -
Path: C:\Program Files\Windows Live\Messenger\wlcsdk.exe
PID: 1848 Status: -
Path: C:\Program Files\Windows Live\Contacts\wlcomm.exe
PID: 1852 Status: -
Path: C:\WINDOWS\system32\svchost.exe
PID: 1984 Status: -
Path: C:\WINDOWS\explorer.exe
PID: 2188 Status: -
Path: C:\Program Files\Windows Live\Toolbar\wltuser.exe
PID: 2696 Status: -
Path: C:\WINDOWS\system32\notepad.exe
PID: 2720 Status: -
Path: C:\Program Files\AVG\AVG8\avgcsrvx.exe
PID: 2748 Status: -
Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\AL96VY9K\RootRepeal[1].exe
PID: 2952 Status: -
Path: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
PID: 3096 Status: -
Path: C:\Program Files\AVG\AVG8\avgrsx.exe
PID: 3216 Status: -
Path: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
PID: 3224 Status: -
Path: C:\PROGRA~1\AVG\AVG8\avgemc.exe
PID: 3276 Status: -
Path: C:\PROGRA~1\AVG\AVG8\avgtray.exe
PID: 3704 Status: -
Path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PID: 3716 Status: -
Path: C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PID: 3764 Status: -
Path: C:\WINDOWS\system32\ctfmon.exe
PID: 3772 Status: -
Path: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PID: 3820 Status: -
Path: C:\Program Files\Internet Explorer\iexplore.exe
PID: 3884 Status: -
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/22 22:05
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
SSDT
-------------------
#: 000 Function Name: NtAcceptConnectPort
Status: Not hooked
#: 001 Function Name: NtAccessCheck
Status: Not hooked
#: 002 Function Name: NtAccessCheckAndAuditAlarm
Status: Not hooked
#: 003 Function Name: NtAccessCheckByType
Status: Not hooked
#: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm
Status: Not hooked
#: 005 Function Name: NtAccessCheckByTypeResultList
Status: Not hooked
#: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm
Status: Not hooked
#: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
Status: Not hooked
#: 008 Function Name: NtAddAtom
Status: Not hooked
#: 009 Function Name: NtAddBootEntry
Status: Not hooked
#: 010 Function Name: NtAdjustGroupsToken
Status: Not hooked
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Not hooked
#: 012 Function Name: NtAlertResumeThread
Status: Not hooked
#: 013 Function Name: NtAlertThread
Status: Not hooked
#: 014 Function Name: NtAllocateLocallyUniqueId
Status: Not hooked
#: 015 Function Name: NtAllocateUserPhysicalPages
Status: Not hooked
#: 016 Function Name: NtAllocateUuids
Status: Not hooked
#: 017 Function Name: NtAllocateVirtualMemory
Status: Not hooked
#: 018 Function Name: NtAreMappedFilesTheSame
Status: Not hooked
#: 019 Function Name: NtAssignProcessToJobObject
Status: Not hooked
#: 020 Function Name: NtCallbackReturn
Status: Not hooked
#: 021 Function Name: NtCancelDeviceWakeupRequest
Status: Not hooked
#: 022 Function Name: NtCancelIoFile
Status: Not hooked
#: 023 Function Name: NtCancelTimer
Status: Not hooked
#: 024 Function Name: NtClearEvent
Status: Not hooked
#: 025 Function Name: NtClose
Status: Not hooked
#: 026 Function Name: NtCloseObjectAuditAlarm
Status: Not hooked
#: 027 Function Name: NtCompactKeys
Status: Not hooked
#: 028 Function Name: NtCompareTokens
Status: Not hooked
#: 029 Function Name: NtCompleteConnectPort
Status: Not hooked
#: 030 Function Name: NtCompressKey
Status: Not hooked
#: 031 Function Name: NtConnectPort
Status: Not hooked
#: 032 Function Name: NtContinue
Status: Not hooked
#: 033 Function Name: NtCreateDebugObject
Status: Not hooked
#: 034 Function Name: NtCreateDirectoryObject
Status: Not hooked
#: 035 Function Name: NtCreateEvent
Status: Not hooked
#: 036 Function Name: NtCreateEventPair
Status: Not hooked
#: 037 Function Name: NtCreateFile
Status: Not hooked
#: 038 Function Name: NtCreateIoCompletion
Status: Not hooked
#: 039 Function Name: NtCreateJobObject
Status: Not hooked
#: 040 Function Name: NtCreateJobSet
Status: Not hooked
#: 041 Function Name: NtCreateKey
Status: Not hooked
#: 042 Function Name: NtCreateMailslotFile
Status: Not hooked
#: 043 Function Name: NtCreateMutant
Status: Not hooked
#: 044 Function Name: NtCreateNamedPipeFile
Status: Not hooked
#: 045 Function Name: NtCreatePagingFile
Status: Not hooked
#: 046 Function Name: NtCreatePort
Status: Not hooked
#: 047 Function Name: NtCreateProcess
Status: Not hooked
#: 048 Function Name: NtCreateProcessEx
Status: Not hooked
#: 049 Function Name: NtCreateProfile
Status: Not hooked
#: 050 Function Name: NtCreateSection
Status: Not hooked
#: 051 Function Name: NtCreateSemaphore
Status: Not hooked
#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Not hooked
#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf9a0ebb4
#: 054 Function Name: NtCreateTimer
Status: Not hooked
#: 055 Function Name: NtCreateToken
Status: Not hooked
#: 056 Function Name: NtCreateWaitablePort
Status: Not hooked
#: 057 Function Name: NtDebugActiveProcess
Status: Not hooked
#: 058 Function Name: NtDebugContinue
Status: Not hooked
#: 059 Function Name: NtDelayExecution
Status: Not hooked
#: 060 Function Name: NtDeleteAtom
Status: Not hooked
#: 061 Function Name: NtDeleteBootEntry
Status: Not hooked
#: 062 Function Name: NtDeleteFile
Status: Not hooked
#: 063 Function Name: NtDeleteKey
Status: Not hooked
#: 064 Function Name: NtDeleteObjectAuditAlarm
Status: Not hooked
#: 065 Function Name: NtDeleteValueKey
Status: Not hooked
#: 066 Function Name: NtDeviceIoControlFile
Status: Not hooked
#: 067 Function Name: NtDisplayString
Status: Not hooked
#: 068 Function Name: NtDuplicateObject
Status: Not hooked
#: 069 Function Name: NtDuplicateToken
Status: Not hooked
#: 070 Function Name: NtEnumerateBootEntries
Status: Not hooked
#: 071 Function Name: NtEnumerateKey
Status: Not hooked
#: 072 Function Name: NtEnumerateSystemEnvironmentValuesEx
Status: Not hooked
#: 073 Function Name: NtEnumerateValueKey
Status: Not hooked
#: 074 Function Name: NtExtendSection
Status: Not hooked
#: 075 Function Name: NtFilterToken
Status: Not hooked
#: 076 Function Name: NtFindAtom
Status: Not hooked
#: 077 Function Name: NtFlushBuffersFile
Status: Not hooked
#: 078 Function Name: NtFlushInstructionCache
Status: Not hooked
#: 079 Function Name: NtFlushKey
Status: Not hooked
#: 080 Function Name: NtFlushVirtualMemory
Status: Not hooked
#: 081 Function Name: NtFlushWriteBuffer
Status: Not hooked
#: 082 Function Name: NtFreeUserPhysicalPages
Status: Not hooked
#: 083 Function Name: NtFreeVirtualMemory
Status: Not hooked
#: 084 Function Name: NtFsControlFile
Status: Not hooked
#: 085 Function Name: NtGetContextThread
Status: Not hooked
#: 086 Function Name: NtGetDevicePowerState
Status: Not hooked
#: 087 Function Name: NtGetPlugPlayEvent
Status: Not hooked
#: 088 Function Name: NtGetWriteWatch
Status: Not hooked
#: 089 Function Name: NtImpersonateAnonymousToken
Status: Not hooked
#: 090 Function Name: NtImpersonateClientOfPort
Status: Not hooked
#: 091 Function Name: NtImpersonateThread
Status: Not hooked
#: 092 Function Name: NtInitializeRegistry
Status: Not hooked
#: 093 Function Name: NtInitiatePowerAction
Status: Not hooked
#: 094 Function Name: NtIsProcessInJob
Status: Not hooked
#: 095 Function Name: NtIsSystemResumeAutomatic
Status: Not hooked
#: 096 Function Name: NtListenPort
Status: Not hooked
#: 097 Function Name: NtLoadDriver
Status: Not hooked
#: 098 Function Name: NtLoadKey
Status: Not hooked
#: 099 Function Name: NtLoadKey2
Status: Not hooked
#: 100 Function Name: NtLockFile
Status: Not hooked
#: 101 Function Name: NtLockProductActivationKeys
Status: Not hooked
#: 102 Function Name: NtLockRegistryKey
Status: Not hooked
#: 103 Function Name: NtLockVirtualMemory
Status: Not hooked
#: 104 Function Name: NtMakePermanentObject
Status: Not hooked
#: 105 Function Name: NtMakeTemporaryObject
Status: Not hooked
#: 106 Function Name: NtMapUserPhysicalPages
Status: Not hooked
#: 107 Function Name: NtMapUserPhysicalPagesScatter
Status: Not hooked
#: 108 Function Name: NtMapViewOfSection
Status: Not hooked
#: 109 Function Name: NtModifyBootEntry
Status: Not hooked
#: 110 Function Name: NtNotifyChangeDirectoryFile
Status: Not hooked
#: 111 Function Name: NtNotifyChangeKey
Status: Not hooked
#: 112 Function Name: NtNotifyChangeMultipleKeys
Status: Not hooked
#: 113 Function Name: NtOpenDirectoryObject
Status: Not hooked
#: 114 Function Name: NtOpenEvent
Status: Not hooked
#: 115 Function Name: NtOpenEventPair
Status: Not hooked
#: 116 Function Name: NtOpenFile
Status: Not hooked
#: 117 Function Name: NtOpenIoCompletion
Status: Not hooked
#: 118 Function Name: NtOpenJobObject
Status: Not hooked
#: 119 Function Name: NtOpenKey
Status: Not hooked
#: 120 Function Name: NtOpenMutant
Status: Not hooked
#: 121 Function Name: NtOpenObjectAuditAlarm
Status: Not hooked
#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf9a0eba0
#: 123 Function Name: NtOpenProcessToken
Status: Not hooked
#: 124 Function Name: NtOpenProcessTokenEx
Status: Not hooked
#: 125 Function Name: NtOpenSection
Status: Not hooked
#: 126 Function Name: NtOpenSemaphore
Status: Not hooked
#: 127 Function Name: NtOpenSymbolicLinkObject
Status: Not hooked
#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf9a0eba5
#: 129 Function Name: NtOpenThreadToken
Status: Not hooked
#: 130 Function Name: NtOpenThreadTokenEx
Status: Not hooked
#: 131 Function Name: NtOpenTimer
Status: Not hooked
#: 132 Function Name: NtPlugPlayControl
Status: Not hooked
#: 133 Function Name: NtPowerInformation
Status: Not hooked
#: 134 Function Name: NtPrivilegeCheck
Status: Not hooked
#: 135 Function Name: NtPrivilegeObjectAuditAlarm
Status: Not hooked
#: 136 Function Name: NtPrivilegedServiceAuditAlarm
Status: Not hooked
#: 137 Function Name: NtProtectVirtualMemory
Status: Not hooked
#: 138 Function Name: NtPulseEvent
Status: Not hooked
#: 139 Function Name: NtQueryAttributesFile
Status: Not hooked
#: 140 Function Name: NtQueryBootEntryOrder
Status: Not hooked
#: 141 Function Name: NtQueryBootOptions
Status: Not hooked
#: 142 Function Name: NtQueryDebugFilterState
Status: Not hooked
#: 143 Function Name: NtQueryDefaultLocale
Status: Not hooked
#: 144 Function Name: NtQueryDefaultUILanguage
Status: Not hooked
#: 145 Function Name: NtQueryDirectoryFile
Status: Not hooked
#: 146 Function Name: NtQueryDirectoryObject
Status: Not hooked
#: 147 Function Name: NtQueryEaFile
Status: Not hooked
#: 148 Function Name: NtQueryEvent
Status: Not hooked
#: 149 Function Name: NtQueryFullAttributesFile
Status: Not hooked
#: 150 Function Name: NtQueryInformationAtom
Status: Not hooked
#: 151 Function Name: NtQueryInformationFile
Status: Not hooked
#: 152 Function Name: NtQueryInformationJobObject
Status: Not hooked
#: 153 Function Name: NtQueryInformationPort
Status: Not hooked
#: 154 Function Name: NtQueryInformationProcess
Status: Not hooked
#: 155 Function Name: NtQueryInformationThread
Status: Not hooked
#: 156 Function Name: NtQueryInformationToken
Status: Not hooked
#: 157 Function Name: NtQueryInstallUILanguage
Status: Not hooked
#: 158 Function Name: NtQueryIntervalProfile
Status: Not hooked
#: 159 Function Name: NtQueryIoCompletion
Status: Not hooked
#: 160 Function Name: NtQueryKey
Status: Not hooked
#: 161 Function Name: NtQueryMultipleValueKey
Status: Not hooked
#: 162 Function Name: NtQueryMutant
Status: Not hooked
#: 163 Function Name: NtQueryObject
Status: Not hooked
#: 164 Function Name: NtQueryOpenSubKeys
Status: Not hooked
#: 165 Function Name: NtQueryPerformanceCounter
Status: Not hooked
#: 166 Function Name: NtQueryQuotaInformationFile
Status: Not hooked
#: 167 Function Name: NtQuerySection
Status: Not hooked
#: 168 Function Name: NtQuerySecurityObject
Status: Not hooked
#: 169 Function Name: NtQuerySemaphore
Status: Not hooked
#: 170 Function Name: NtQuerySymbolicLinkObject
Status: Not hooked
#: 171 Function Name: NtQuerySystemEnvironmentValue
Status: Not hooked
#: 172 Function Name: NtQuerySystemEnvironmentValueEx
Status: Not hooked
#: 173 Function Name: NtQuerySystemInformation
Status: Not hooked
#: 174 Function Name: NtQuerySystemTime
Status: Not hooked
#: 175 Function Name: NtQueryTimer
Status: Not hooked
#: 176 Function Name: NtQueryTimerResolution
Status: Not hooked
#: 177 Function Name: NtQueryValueKey
Status: Not hooked
#: 178 Function Name: NtQueryVirtualMemory
Status: Not hooked
#: 179 Function Name: NtQueryVolumeInformationFile
Status: Not hooked
#: 180 Function Name: NtQueueApcThread
Status: Not hooked
#: 181 Function Name: NtRaiseException
Status: Not hooked
#: 182 Function Name: NtRaiseHardError
Status: Not hooked
#: 183 Function Name: NtReadFile
Status: Not hooked
#: 184 Function Name: NtReadFileScatter
Status: Not hooked
#: 185 Function Name: NtReadRequestData
Status: Not hooked
#: 186 Function Name: NtReadVirtualMemory
Status: Not hooked
#: 187 Function Name: NtRegisterThreadTerminatePort
Status: Not hooked
#: 188 Function Name: NtReleaseMutant
Status: Not hooked
#: 189 Function Name: NtReleaseSemaphore
Status: Not hooked
#: 190 Function Name: NtRemoveIoCompletion
Status: Not hooked
#: 191 Function Name: NtRemoveProcessDebug
Status: Not hooked
#: 192 Function Name: NtRenameKey
Status: Not hooked
#: 193 Function Name: NtReplaceKey
Status: Not hooked
#: 194 Function Name: NtReplyPort
Status: Not hooked
#: 195 Function Name: NtReplyWaitReceivePort
Status: Not hooked
#: 196 Function Name: NtReplyWaitReceivePortEx
Status: Not hooked
#: 197 Function Name: NtReplyWaitReplyPort
Status: Not hooked
#: 198 Function Name: NtRequestDeviceWakeup
Status: Not hooked
#: 199 Function Name: NtRequestPort
Status: Not hooked
#: 200 Function Name: NtRequestWaitReplyPort
Status: Not hooked
#: 201 Function Name: NtRequestWakeupLatency
Status: Not hooked
#: 202 Function Name: NtResetEvent
Status: Not hooked
#: 203 Function Name: NtResetWriteWatch
Status: Not hooked
#: 204 Function Name: NtRestoreKey
Status: Not hooked
#: 205 Function Name: NtResumeProcess
Status: Not hooked
#: 206 Function Name: NtResumeThread
Status: Not hooked
#: 207 Function Name: NtSaveKey
Status: Not hooked
#: 208 Function Name: NtSaveKeyEx
Status: Not hooked
#: 209 Function Name: NtSaveMergedKeys
Status: Not hooked
#: 210 Function Name: NtSecureConnectPort
Status: Not hooked
#: 211 Function Name: NtSetBootEntryOrder
Status: Not hooked
#: 212 Function Name: NtSetBootOptions
Status: Not hooked
#: 213 Function Name: NtSetContextThread
Status: Not hooked
#: 214 Function Name: NtSetDebugFilterState
Status: Not hooked
#: 215 Function Name: NtSetDefaultHardErrorPort
Status: Not hooked
#: 216 Function Name: NtSetDefaultLocale
Status: Not hooked
#: 217 Function Name: NtSetDefaultUILanguage
Status: Not hooked
#: 218 Function Name: NtSetEaFile
Status: Not hooked
#: 219 Function Name: NtSetEvent
Status: Not hooked
#: 220 Function Name: NtSetEventBoostPriority
Status: Not hooked
#: 221 Function Name: NtSetHighEventPair
Status: Not hooked
#: 222 Function Name: NtSetHighWaitLowEventPair
Status: Not hooked
#: 223 Function Name: NtSetInformationDebugObject
Status: Not hooked
#: 224 Function Name: NtSetInformationFile
Status: Not hooked
#: 225 Function Name: NtSetInformationJobObject
Status: Not hooked
#: 226 Function Name: NtSetInformationKey
Status: Not hooked
#: 227 Function Name: NtSetInformationObject
Status: Not hooked
#: 228 Function Name: NtSetInformationProcess
Status: Not hooked
#: 229 Function Name: NtSetInformationThread
Status: Not hooked
#: 230 Function Name: NtSetInformationToken
Status: Not hooked
#: 231 Function Name: NtSetIntervalProfile
Status: Not hooked
#: 232 Function Name: NtSetIoCompletion
Status: Not hooked
#: 233 Function Name: NtSetLdtEntries
Status: Not hooked
#: 234 Function Name: NtSetLowEventPair
Status: Not hooked
#: 235 Function Name: NtSetLowWaitHighEventPair
Status: Not hooked
#: 236 Function Name: NtSetQuotaInformationFile
Status: Not hooked
#: 237 Function Name: NtSetSecurityObject
Status: Not hooked
#: 238 Function Name: NtSetSystemEnvironmentValue
Status: Not hooked
#: 239 Function Name: NtSetSystemEnvironmentValueEx
Status: Not hooked
#: 240 Function Name: NtSetSystemInformation
Status: Not hooked
#: 241 Function Name: NtSetSystemPowerState
Status: Not hooked
#: 242 Function Name: NtSetSystemTime
Status: Not hooked
#: 243 Function Name: NtSetThreadExecutionState
Status: Not hooked
#: 244 Function Name: NtSetTimer
Status: Not hooked
#: 245 Function Name: NtSetTimerResolution
Status: Not hooked
#: 246 Function Name: NtSetUuidSeed
Status: Not hooked
#: 247 Function Name: NtSetValueKey
Status: Not hooked
#: 248 Function Name: NtSetVolumeInformationFile
Status: Not hooked
#: 249 Function Name: NtShutdownSystem
Status: Not hooked
#: 250 Function Name: NtSignalAndWaitForSingleObject
Status: Not hooked
#: 251 Function Name: NtStartProfile
Status: Not hooked
#: 252 Function Name: NtStopProfile
Status: Not hooked
#: 253 Function Name: NtSuspendProcess
Status: Not hooked
#: 254 Function Name: NtSuspendThread
Status: Not hooked
#: 255 Function Name: NtSystemDebugControl
Status: Not hooked
#: 256 Function Name: NtTerminateJobObject
Status: Not hooked
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xf9a0ebaf
#: 258 Function Name: NtTerminateThread
Status: Not hooked
#: 259 Function Name: NtTestAlert
Status: Not hooked
#: 260 Function Name: NtTraceEvent
Status: Not hooked
#: 261 Function Name: NtTranslateFilePath
Status: Not hooked
#: 262 Function Name: NtUnloadDriver
Status: Not hooked
#: 263 Function Name: NtUnloadKey
Status: Not hooked
#: 264 Function Name: NtUnloadKeyEx
Status: Not hooked
#: 265 Function Name: NtUnlockFile
Status: Not hooked
#: 266 Function Name: NtUnlockVirtualMemory
Status: Not hooked
#: 267 Function Name: NtUnmapViewOfSection
Status: Not hooked
#: 268 Function Name: NtVdmControl
Status: Not hooked
#: 269 Function Name: NtWaitForDebugEvent
Status: Not hooked
#: 270 Function Name: NtWaitForMultipleObjects
Status: Not hooked
#: 271 Function Name: NtWaitForSingleObject
Status: Not hooked
#: 272 Function Name: NtWaitHighEventPair
Status: Not hooked
#: 273 Function Name: NtWaitLowEventPair
Status: Not hooked
#: 274 Function Name: NtWriteFile
Status: Not hooked
#: 275 Function Name: NtWriteFileGather
Status: Not hooked
#: 276 Function Name: NtWriteRequestData
Status: Not hooked
#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0xf9a0ebaa
#: 278 Function Name: NtYieldExecution
Status: Not hooked
#: 279 Function Name: NtCreateKeyedEvent
Status: Not hooked
#: 280 Function Name: NtOpenKeyedEvent
Status: Not hooked
#: 281 Function Name: NtReleaseKeyedEvent
Status: Not hooked
#: 282 Function Name: NtWaitForKeyedEvent
Status: Not hooked
#: 283 Function Name: NtQueryPortInformationProcess
Status: Not hooked
#7
extremeboy
-
- Authentic Member
-
- 1,433 posts
Retired WTT Malware Disintegrator Teacher
Posted 23 October 2009 - 02:21 PM
Hello.
Can you give me an update of the condition of your machine? How is it running? What problems do you still have?
Then followed by running OTL and MBAM...
Download and run OTL
Download and run MalwareBytes Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link
~EB
Can you give me an update of the condition of your machine? How is it running? What problems do you still have?
Then followed by running OTL and MBAM...
Download and run OTL
- Download OTL by OldTimer and save it to your desktop.
- Double click on the
icon on your desktop. If you are using Vista, please right-click and select run as administrator - Click the "Scan All Users" checkbox.
- Push the
button. - It will now begin to scan, please be paitent while it scans.
- Two reports will open once it's done.
- Please copy and paste them in your next reply:
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized
Download and run MalwareBytes Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
- Make sure you are connected to the Internet.
- Double-click on Download_mbam-setup.exe to install the application.
- When the installation begins, follow the prompts and do not make any changes to default settings.
- When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
- Then click Finish.
- MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
- On the Scanner tab:
- Make sure the "Perform Quick Scan" option is selected.
- Then click on the Scan button.
- If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
- The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
- When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
- Click OK to close the message box and continue with the removal process.
- Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
- Make sure that everything is checked, and click Remove Selected.
- When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
- The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the contents of that report in your next reply and exit MBAM.
For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link
~EB
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
The help you receive here is free. If you wish to show your appreciation, you may wish to
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
The help you receive here is free. If you wish to show your appreciation, you may wish to
#8
extremeboy
-
- Authentic Member
-
- 1,433 posts
Retired WTT Malware Disintegrator Teacher
Posted 25 October 2009 - 09:12 AM
Hello.
Are you still there?
If you are please follow the instructions in my previous post.
If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.
Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.
Thanks for understanding.
With Regards,
Extremeboy
Are you still there?
If you are please follow the instructions in my previous post.
If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.
Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.
Thanks for understanding.
With Regards,
Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
The help you receive here is free. If you wish to show your appreciation, you may wish to
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
The help you receive here is free. If you wish to show your appreciation, you may wish to
#9
freedomjames
-
- New Member
-
- 4 posts
New Member
Posted 25 October 2009 - 12:28 PM
EB, The problem I have is my pc is running really slow. It takes ten minutes to open IE. Then when it does finally open it freezes. I tried to download the first link in your reply and it said it was an unsafe site. I did however run the malwarebytes scan and nothing showed up. I've been using the advanced systemcare free scanner and when i run the diagnostic tool it shows me a list of things that are problematic however some of the things are essential to running my machine. I'm at a total loss of what to do.
#10
extremeboy
-
- Authentic Member
-
- 1,433 posts
Retired WTT Malware Disintegrator Teacher
Posted 25 October 2009 - 02:54 PM
10 minutes to open IE!? Are you exaggerating that a bit?EB, The problem I have is my pc is running really slow. It takes ten minutes to open IE.
I personally don't recommend some of those tweaking tools/softwares out there.I've been using the advanced systemcare free scanner and when i run the diagnostic tool it shows me a list of things that are problematic however some of the things are essential to running my machine. I'm at a total loss of what to do.
Do you have another computer where you can download the tools and transfer it to this computer?
Try running Combofix and we'll see what is still on your computer, that may be causing this lack of system performance.
Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingc...to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.
Please include the C:\ComboFix.txt in your next reply for further review.
~Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
The help you receive here is free. If you wish to show your appreciation, you may wish to
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
The help you receive here is free. If you wish to show your appreciation, you may wish to
#11
extremeboy
-
- Authentic Member
-
- 1,433 posts
Retired WTT Malware Disintegrator Teacher
Posted 30 October 2009 - 02:09 PM
Due to inactivity this topic will be closed.
If you need help please start a new thread.
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
The help you receive here is free. If you wish to show your appreciation, you may wish to
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
The help you receive here is free. If you wish to show your appreciation, you may wish to
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
