Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer running slow, some redirects, and explorer crashes


  • This topic is locked This topic is locked
16 replies to this topic

#1 JohnnyOrchard

JohnnyOrchard

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 05 May 2009 - 02:48 AM

So my computer is running really slow. I get some redirects to shopping websites when I use Google sometimes, and explorer crashes whenever I try to run the CMD. I have scanned my computer using McAfee, Ad-Aware, and Malwarebytes' Anti-Malware, but it keeps doing it.

I using Windows XP.

Any suggestions?

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:09:24 PM

Posted 05 May 2009 - 12:05 PM

Please post your your Malwarebytes log and let's start from there.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 JohnnyOrchard

JohnnyOrchard
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 06 May 2009 - 04:22 AM

I forgot to mention that whatever is going on with my computer is also making Firefox crash all the time. I scanned my computer with both Malwarebytes and Hijack This.

Here is the Malwarebytes' log...



Malwarebytes' Anti-Malware 1.34
Database version: 1753
Windows 5.1.2600 Service Pack 3

5/6/2009 2:12:07 AM
mbam-log-2009-05-06 (02-12-07).txt

Scan type: Full Scan (C:\|)
Objects scanned: 185870
Time elapsed: 2 hour(s), 13 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------------------------------------------------------------------------
Mod Edit ~ rigel
HJT log removed - We cannot work HJT logs in this forum.

Edited by rigel, 06 May 2009 - 06:23 AM.


#4 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:09:24 PM

Posted 06 May 2009 - 06:24 AM

Please print out and follow these instructions: "How to use SDFix". <- This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#5 JohnnyOrchard

JohnnyOrchard
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 10 May 2009 - 02:26 AM

So I downloaded and installed the SDFix program, but when I try to run the program as in the instructions, it shuts down Explorer. I also cannot access the McAfee website.

Any other recommendations?

#6 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:09:24 PM

Posted 10 May 2009 - 07:25 PM

Let's try this procedure. We will revisit sdfix shortly.

Install RootRepeal

Click here - Official Rootrepeal Site, and download RootRepeal.zip. I recommend downloading to your desktop.
Fatdcuk at Malwarebytes posted a comprehensive tutorial - Self Help guide can be found here if needed.: Malwarebytes Removal and Self Help Guides.
Click RootRepeal.exe to open the scanner.
Click the Report tab, now click on Scan. A Window will open asking what to include in the scan.
Check the following items:
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services

Click OK
Scan your C Drive (Or your current system drive) and click OK. The scan will begin. This my take a moment, so please be patient. When the scan completes, click Save Report.
Name the log RootRepeal.txt and save it to your Documents folder - (Default folder).
Paste the log into your next reply.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#7 JohnnyOrchard

JohnnyOrchard
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 11 May 2009 - 03:23 AM

I had to do a separate scan for each item because that window never opened up. Instead I got an error message that said "Error - invalid PE image found!". Here are the reports:

Drivers:

ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/05/11 01:15
Program Version: Version 1.2.3.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xF760D000 Size: 57344 File Visible: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF744E000 Size: 187776 File Visible: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: -
Status: -

Name: AegisP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Address: 0xF7955000 Size: 19232 File Visible: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xAA1CC000 Size: 138496 File Visible: -
Status: -

Name: APPDRV.SYS
Image Path: C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
Address: 0xF6F2E000 Size: 16128 File Visible: -
Status: -

Name: arp1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Address: 0xF764D000 Size: 60800 File Visible: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF73E0000 Size: 96512 File Visible: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7C85000 Size: 3072 File Visible: -
Status: -

Name: BATTC.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xF7995000 Size: 16384 File Visible: -
Status: -

Name: bcm4sbxp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
Address: 0xF773D000 Size: 45312 File Visible: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7AE7000 Size: 4224 File Visible: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF798D000 Size: 12288 File Visible: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF76BD000 Size: 63744 File Visible: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF777D000 Size: 62976 File Visible: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF75BD000 Size: 53248 File Visible: -
Status: -

Name: CmBatt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Address: 0xF7266000 Size: 13952 File Visible: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xF7991000 Size: 10240 File Visible: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF75AD000 Size: 36352 File Visible: -
Status: -

Name: DLABOIOM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLABOIOM.SYS
Address: 0xA9FF1000 Size: 25568 File Visible: -
Status: -

Name: DLACDBHM.SYS
Image Path: C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
Address: 0xF7ABB000 Size: 5568 File Visible: -
Status: -

Name: DLADResN.SYS
Image Path: C:\WINDOWS\System32\DLA\DLADResN.SYS
Address: 0xF7B7C000 Size: 2432 File Visible: -
Status: -

Name: DLAIFS_M.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
Address: 0xA9E2B000 Size: 86464 File Visible: -
Status: -

Name: DLAOPIOM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
Address: 0xA9EA9000 Size: 14624 File Visible: -
Status: -

Name: DLAPoolM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAPoolM.SYS
Address: 0xF7A8F000 Size: 6304 File Visible: -
Status: -

Name: DLARTL_N.SYS
Image Path: C:\WINDOWS\System32\Drivers\DLARTL_N.SYS
Address: 0xF7985000 Size: 22624 File Visible: -
Status: -

Name: DLAUDF_M.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
Address: 0xA9DFD000 Size: 86976 File Visible: -
Status: -

Name: DLAUDFAM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
Address: 0xA9E13000 Size: 94272 File Visible: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF73F8000 Size: 153344 File Visible: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF6DA9000 Size: 61440 File Visible: -
Status: -

Name: DRVMCDB.SYS
Image Path: DRVMCDB.SYS
Address: 0xF7398000 Size: 87104 File Visible: -
Status: -

Name: DRVNDDM.SYS
Image Path: C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
Address: 0xF76DD000 Size: 38304 File Visible: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9FA9000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B0B000 Size: 8192 File Visible: No
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xAA3D5000 Size: 12288 File Visible: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7C14000 Size: 4096 File Visible: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF6D29000 Size: 44544 File Visible: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF73C0000 Size: 129792 File Visible: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7AE5000 Size: 7936 File Visible: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF741E000 Size: 125056 File Visible: -
Status: -

Name: gearaspiwdm.sys
Image Path: C:\WINDOWS\system32\drivers\gearaspiwdm.sys
Address: 0xF7256000 Size: 9984 File Visible: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF6B9F000 Size: 163840 File Visible: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF6D79000 Size: 36864 File Visible: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF7975000 Size: 28672 File Visible: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xF7A79000 Size: 10368 File Visible: -
Status: -

Name: HSX_CNXT.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
Address: 0xAA411000 Size: 745472 File Visible: -
Status: -

Name: HSX_DPV.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
Address: 0xAA54A000 Size: 1011712 File Visible: -
Status: -

Name: HSXHWAZL.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
Address: 0xAA641000 Size: 237568 File Visible: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA983F000 Size: 264832 File Visible: -
Status: -

Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xF7A71000 Size: 8576 File Visible: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF775D000 Size: 52480 File Visible: -
Status: -

Name: ialmdd5.DLL
Image Path: C:\WINDOWS\System32\ialmdd5.DLL
Address: 0xBF077000 Size: 925696 File Visible: -
Status: -

Name: ialmdev5.DLL
Image Path: C:\WINDOWS\System32\ialmdev5.DLL
Address: 0xBF042000 Size: 217088 File Visible: -
Status: -

Name: ialmdnt5.dll
Image Path: C:\WINDOWS\System32\ialmdnt5.dll
Address: 0xBF020000 Size: 139264 File Visible: -
Status: -

Name: ialmnt5.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
Address: 0xF6BDB000 Size: 1364448 File Visible: -
Status: -

Name: ialmrnt5.dll
Image Path: C:\WINDOWS\System32\ialmrnt5.dll
Address: 0xBF012000 Size: 57344 File Visible: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF776D000 Size: 42112 File Visible: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF772D000 Size: 36352 File Visible: -
Status: -

Name: ipfltdrv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
Address: 0xF6D59000 Size: 32896 File Visible: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xAA2B6000 Size: 152832 File Visible: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xAA35C000 Size: 75264 File Visible: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF757D000 Size: 37248 File Visible: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF7925000 Size: 24576 File Visible: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7A7D000 Size: 8192 File Visible: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA82DC000 Size: 172416 File Visible: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF696C000 Size: 143360 File Visible: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7381000 Size: 92288 File Visible: -
Status: -

Name: Lbd.sys
Image Path: Lbd.sys
Address: 0xF75CD000 Size: 57472 File Visible: -
Status: -

Name: MCSTRM.SYS
Image Path: C:\WINDOWS\System32\Drivers\MCSTRM.SYS
Address: 0xF7B29000 Size: 7360 File Visible: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Address: 0xA96DD000 Size: 12544 File Visible: -
Status: -

Name: mfeavfk.sys
Image Path: C:\WINDOWS\system32\drivers\mfeavfk.sys
Address: 0xA88AB000 Size: 73152 File Visible: -
Status: -

Name: mfebopk.sys
Image Path: C:\WINDOWS\system32\drivers\mfebopk.sys
Address: 0xF7885000 Size: 28544 File Visible: -
Status: -

Name: mfehidk.sys
Image Path: C:\WINDOWS\system32\drivers\mfehidk.sys
Address: 0xAA0B1000 Size: 207296 File Visible: -
Status: -

Name: mfesmfk.sys
Image Path: C:\WINDOWS\system32\drivers\mfesmfk.sys
Address: 0xA8D48000 Size: 33824 File Visible: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7AE9000 Size: 4224 File Visible: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF794D000 Size: 30080 File Visible: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF791D000 Size: 23040 File Visible: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xF6908000 Size: 12160 File Visible: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF758D000 Size: 42368 File Visible: -
Status: -

Name: Mpfp.sys
Image Path: C:\WINDOWS\System32\Drivers\Mpfp.sys
Address: 0xAA2DC000 Size: 159744 File Visible: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA9970000 Size: 180608 File Visible: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xAA0E4000 Size: 455296 File Visible: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF7835000 Size: 19072 File Visible: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF77CD000 Size: 35072 File Visible: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF6F32000 Size: 15488 File Visible: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF729A000 Size: 105344 File Visible: -
Status: -

Name: MxlW2k.SYS
Image Path: C:\WINDOWS\System32\Drivers\MxlW2k.SYS
Address: 0xF792D000 Size: 25504 File Visible: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF72B4000 Size: 182656 File Visible: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF6F4E000 Size: 10112 File Visible: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA9DA1000 Size: 14592 File Visible: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF6955000 Size: 91520 File Visible: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF77ED000 Size: 40576 File Visible: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF6D49000 Size: 34688 File Visible: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xAA1EE000 Size: 162816 File Visible: -
Status: -

Name: nic1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Address: 0xF762D000 Size: 61824 File Visible: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF783D000 Size: 30848 File Visible: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF72E1000 Size: 574976 File Visible: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7BD3000 Size: 2944 File Visible: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF75FD000 Size: 61696 File Visible: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF7805000 Size: 19712 File Visible: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF743D000 Size: 68224 File Visible: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7B45000 Size: 3328 File Visible: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF77FD000 Size: 28672 File Visible: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xAA67B000 Size: 147456 File Visible: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF6944000 Size: 69120 File Visible: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF793D000 Size: 17792 File Visible: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF75DD000 Size: 35712 File Visible: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF7276000 Size: 8832 File Visible: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF779D000 Size: 51328 File Visible: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF77AD000 Size: 41472 File Visible: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF77BD000 Size: 48384 File Visible: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF7945000 Size: 16512 File Visible: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xAA17C000 Size: 175744 File Visible: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7AEB000 Size: 4224 File Visible: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF6914000 Size: 196224 File Visible: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF778D000 Size: 57600 File Visible: -
Status: -

Name: rimmptsk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
Address: 0xF7915000 Size: 28544 File Visible: -
Status: -

Name: rimsptsk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
Address: 0xF774D000 Size: 51328 File Visible: -
Status: -

Name: rixdptsk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
Address: 0xF69BE000 Size: 307968 File Visible: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA865B000 Size: 45056 File Visible: No
Status: -

Name: s24trans.sys
Image Path: C:\WINDOWS\system32\DRIVERS\s24trans.sys
Address: 0xA9DE5000 Size: 13568 File Visible: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xF7845000 Size: 24576 File Visible: -
Status: -

Name: SASKUTIL.sys
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Address: 0xAA1A7000 Size: 151552 File Visible: -
Status: -

Name: sbp2port.sys
Image Path: sbp2port.sys
Address: 0xF75ED000 Size: 43904 File Visible: -
Status: -

Name: sdbus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\sdbus.sys
Address: 0xF6A0A000 Size: 79232 File Visible: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF73AE000 Size: 73472 File Visible: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA96FD000 Size: 333952 File Visible: -
Status: -

Name: sthda.sys
Image Path: C:\WINDOWS\system32\drivers\sthda.sys
Address: 0xAA69F000 Size: 1111840 File Visible: -
Status: -

Name: StyleXPHelper.exe
Image Path: C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe
Address: 0xF6900000 Size: 10880 File Visible: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7ABD000 Size: 4352 File Visible: -
Status: -

Name: SynTP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\SynTP.sys
Address: 0xF698F000 Size: 191872 File Visible: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA96C5000 Size: 60800 File Visible: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xAA303000 Size: 361600 File Visible: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF7935000 Size: 20480 File Visible: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF77DD000 Size: 40704 File Visible: -
Status: -

Name: tmcomm.sys
Image Path: C:\WINDOWS\system32\drivers\tmcomm.sys
Address: 0xA8F20000 Size: 97280 File Visible: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF688E000 Size: 384768 File Visible: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7AB9000 Size: 8192 File Visible: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF790D000 Size: 30208 File Visible: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF6D89000 Size: 59520 File Visible: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF6A1E000 Size: 147456 File Visible: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF7905000 Size: 20608 File Visible: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF782D000 Size: 20992 File Visible: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF6BC7000 Size: 81920 File Visible: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF759D000 Size: 52352 File Visible: -
Status: -

Name: w39n51.sys
Image Path: C:\WINDOWS\system32\DRIVERS\w39n51.sys
Address: 0xF6A42000 Size: 1428096 File Visible: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF763D000 Size: 34560 File Visible: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xAA029000 Size: 20480 File Visible: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA95A8000 Size: 83072 File Visible: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7A7F000 Size: 8192 File Visible: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: -
Status: -

Name: ws2ifsl.sys
Image Path: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xF6904000 Size: 12032 File Visible: -
Status: -

Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xF736E000 Size: 77568 File Visible: -
Status: -

------------------------------------------------------------------------------------------------

Files:

ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/05/11 01:14
Program Version: Version 1.2.3.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\Temp\sqlite_0dl7tDUWMawM5KK
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\Temp\mcafee_UXgiNRz9EOWLzOL
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP69\change.log
Status: Size mismatch (API: 13358, Raw: 12124)

Path: C:\Documents and Settings\John John\Local Settings\Temp\etilqs_yI3q2biZKQBFl8TJb4cM
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\Common\mcagent\mcagent001.log
Status: Size mismatch (API: 15302, Raw: 15098)

Path: C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\MISP\mcagent\mcagent001.log
Status: Size mismatch (API: 138234, Raw: 137938)



-------------------------------------------------------------------------------------------------

Processes:

ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/05/11 01:16
Program Version: Version 1.2.3.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Processes
-------------------
Path: System
PID: 4 Status: -

Path: C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
PID: 144 Status: -

Path: C:\WINDOWS\system32\LEXPPS.EXE
PID: 208 Status: -

Path: C:\WINDOWS\system32\spoolsv.exe
PID: 216 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 480 Status: -

Path: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 528 Status: -

Path: C:\WINDOWS\ehome\ehrecvr.exe
PID: 544 Status: -

Path: C:\WINDOWS\ehome\ehSched.exe
PID: 592 Status: -

Path: C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
PID: 664 Status: -

Path: C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PID: 752 Status: -

Path: C:\WINDOWS\system32\smss.exe
PID: 816 Status: -

Path: C:\WINDOWS\system32\csrss.exe
PID: 868 Status: -

Path: C:\WINDOWS\system32\winlogon.exe
PID: 892 Status: -

Path: C:\WINDOWS\system32\services.exe
PID: 936 Status: -

Path: C:\WINDOWS\system32\lsass.exe
PID: 948 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1152 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1228 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1276 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1324 Status: -

Path: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PID: 1372 Status: -

Path: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PID: 1408 Status: -

Path: C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PID: 1436 Status: -

Path: C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
PID: 1484 Status: -

Path: C:\WINDOWS\system32\dllhost.exe
PID: 1576 Status: -

Path: C:\Program Files\McAfee\MSK\msksrver.exe
PID: 1592 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1616 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1720 Status: -

Path: C:\Program Files\McAfee\MPF\MpfSrv.exe
PID: 1784 Status: -

Path: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PID: 1844 Status: -

Path: C:\WINDOWS\system32\LEXBCES.EXE
PID: 2032 Status: -

Path: C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PID: 2088 Status: -

Path: C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PID: 2352 Status: -

Path: C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
PID: 2416 Status: -

Path: C:\WINDOWS\system32\IoctlSvc.exe
PID: 2428 Status: -

Path: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PID: 2464 Status: -

Path: C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
PID: 2504 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 2596 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 2632 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 2784 Status: -

Path: C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PID: 2856 Status: -

Path: C:\WINDOWS\ehome\mcrdsvc.exe
PID: 2872 Status: -

Path: C:\WINDOWS\system32\ctfmon.exe
PID: 2900 Status: -

Path: C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PID: 2960 Status: -

Path: C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PID: 3000 Status: -

Path: C:\Program Files\Creative\Mixer\CTSVolFE.exe
PID: 3080 Status: -

Path: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PID: 3120 Status: -

Path: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PID: 3188 Status: -

Path: C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
PID: 3272 Status: -

Path: C:\WINDOWS\system32\taskmgr.exe
PID: 3308 Status: -

Path: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
PID: 3328 Status: -

Path: C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
PID: 3348 Status: -

Path: C:\WINDOWS\system32\alg.exe
PID: 3452 Status: -

Path: C:\WINDOWS\system32\igfxpers.exe
PID: 3496 Status: -

Path: C:\WINDOWS\system32\igfxsrvc.exe
PID: 3552 Status: -

Path: C:\WINDOWS\system32\wbem\unsecapp.exe
PID: 3576 Status: -

Path: C:\WINDOWS\explorer.exe
PID: 3720 Status: -

Path: C:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 3912 Status: -

Path: C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
PID: 4036 Status: -

Path: C:\Documents and Settings\John John\Desktop\RootRepeal.exe
PID: 4776 Status: -

Path: C:\WINDOWS\system32\rundll32.exe
PID: 4924 Status: -

Path: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 5308 Status: -



-------------------------------------------------------------------------------------------------



SSDT:


ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/05/11 01:17
Program Version: Version 1.2.3.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

SSDT
-------------------
#: 000 Function Name: NtAcceptConnectPort
Status: Not hooked

#: 001 Function Name: NtAccessCheck
Status: Not hooked

#: 002 Function Name: NtAccessCheckAndAuditAlarm
Status: Not hooked

#: 003 Function Name: NtAccessCheckByType
Status: Not hooked

#: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm
Status: Not hooked

#: 005 Function Name: NtAccessCheckByTypeResultList
Status: Not hooked

#: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm
Status: Not hooked

#: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
Status: Not hooked

#: 008 Function Name: NtAddAtom
Status: Not hooked

#: 009 Function Name: NtAddBootEntry
Status: Not hooked

#: 010 Function Name: NtAdjustGroupsToken
Status: Not hooked

#: 011 Function Name: NtAdjustPrivilegesToken
Status: Not hooked

#: 012 Function Name: NtAlertResumeThread
Status: Not hooked

#: 013 Function Name: NtAlertThread
Status: Not hooked

#: 014 Function Name: NtAllocateLocallyUniqueId
Status: Not hooked

#: 015 Function Name: NtAllocateUserPhysicalPages
Status: Not hooked

#: 016 Function Name: NtAllocateUuids
Status: Not hooked

#: 017 Function Name: NtAllocateVirtualMemory
Status: Not hooked

#: 018 Function Name: NtAreMappedFilesTheSame
Status: Not hooked

#: 019 Function Name: NtAssignProcessToJobObject
Status: Not hooked

#: 020 Function Name: NtCallbackReturn
Status: Not hooked

#: 021 Function Name: NtCancelDeviceWakeupRequest
Status: Not hooked

#: 022 Function Name: NtCancelIoFile
Status: Not hooked

#: 023 Function Name: NtCancelTimer
Status: Not hooked

#: 024 Function Name: NtClearEvent
Status: Not hooked

#: 025 Function Name: NtClose
Status: Not hooked

#: 026 Function Name: NtCloseObjectAuditAlarm
Status: Not hooked

#: 027 Function Name: NtCompactKeys
Status: Not hooked

#: 028 Function Name: NtCompareTokens
Status: Not hooked

#: 029 Function Name: NtCompleteConnectPort
Status: Not hooked

#: 030 Function Name: NtCompressKey
Status: Not hooked

#: 031 Function Name: NtConnectPort
Status: Not hooked

#: 032 Function Name: NtContinue
Status: Not hooked

#: 033 Function Name: NtCreateDebugObject
Status: Not hooked

#: 034 Function Name: NtCreateDirectoryObject
Status: Not hooked

#: 035 Function Name: NtCreateEvent
Status: Not hooked

#: 036 Function Name: NtCreateEventPair
Status: Not hooked

#: 037 Function Name: NtCreateFile
Status: Not hooked

#: 038 Function Name: NtCreateIoCompletion
Status: Not hooked

#: 039 Function Name: NtCreateJobObject
Status: Not hooked

#: 040 Function Name: NtCreateJobSet
Status: Not hooked

#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xf75cd87e

#: 042 Function Name: NtCreateMailslotFile
Status: Not hooked

#: 043 Function Name: NtCreateMutant
Status: Not hooked

#: 044 Function Name: NtCreateNamedPipeFile
Status: Not hooked

#: 045 Function Name: NtCreatePagingFile
Status: Not hooked

#: 046 Function Name: NtCreatePort
Status: Not hooked

#: 047 Function Name: NtCreateProcess
Status: Not hooked

#: 048 Function Name: NtCreateProcessEx
Status: Not hooked

#: 049 Function Name: NtCreateProfile
Status: Not hooked

#: 050 Function Name: NtCreateSection
Status: Not hooked

#: 051 Function Name: NtCreateSemaphore
Status: Not hooked

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Not hooked

#: 053 Function Name: NtCreateThread
Status: Not hooked

#: 054 Function Name: NtCreateTimer
Status: Not hooked

#: 055 Function Name: NtCreateToken
Status: Not hooked

#: 056 Function Name: NtCreateWaitablePort
Status: Not hooked

#: 057 Function Name: NtDebugActiveProcess
Status: Not hooked

#: 058 Function Name: NtDebugContinue
Status: Not hooked

#: 059 Function Name: NtDelayExecution
Status: Not hooked

#: 060 Function Name: NtDeleteAtom
Status: Not hooked

#: 061 Function Name: NtDeleteBootEntry
Status: Not hooked

#: 062 Function Name: NtDeleteFile
Status: Not hooked

#: 063 Function Name: NtDeleteKey
Status: Not hooked

#: 064 Function Name: NtDeleteObjectAuditAlarm
Status: Not hooked

#: 065 Function Name: NtDeleteValueKey
Status: Not hooked

#: 066 Function Name: NtDeviceIoControlFile
Status: Not hooked

#: 067 Function Name: NtDisplayString
Status: Not hooked

#: 068 Function Name: NtDuplicateObject
Status: Not hooked

#: 069 Function Name: NtDuplicateToken
Status: Not hooked

#: 070 Function Name: NtEnumerateBootEntries
Status: Not hooked

#: 071 Function Name: NtEnumerateKey
Status: Not hooked

#: 072 Function Name: NtEnumerateSystemEnvironmentValuesEx
Status: Not hooked

#: 073 Function Name: NtEnumerateValueKey
Status: Not hooked

#: 074 Function Name: NtExtendSection
Status: Not hooked

#: 075 Function Name: NtFilterToken
Status: Not hooked

#: 076 Function Name: NtFindAtom
Status: Not hooked

#: 077 Function Name: NtFlushBuffersFile
Status: Not hooked

#: 078 Function Name: NtFlushInstructionCache
Status: Not hooked

#: 079 Function Name: NtFlushKey
Status: Not hooked

#: 080 Function Name: NtFlushVirtualMemory
Status: Not hooked

#: 081 Function Name: NtFlushWriteBuffer
Status: Not hooked

#: 082 Function Name: NtFreeUserPhysicalPages
Status: Not hooked

#: 083 Function Name: NtFreeVirtualMemory
Status: Not hooked

#: 084 Function Name: NtFsControlFile
Status: Not hooked

#: 085 Function Name: NtGetContextThread
Status: Not hooked

#: 086 Function Name: NtGetDevicePowerState
Status: Not hooked

#: 087 Function Name: NtGetPlugPlayEvent
Status: Not hooked

#: 088 Function Name: NtGetWriteWatch
Status: Not hooked

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Not hooked

#: 090 Function Name: NtImpersonateClientOfPort
Status: Not hooked

#: 091 Function Name: NtImpersonateThread
Status: Not hooked

#: 092 Function Name: NtInitializeRegistry
Status: Not hooked

#: 093 Function Name: NtInitiatePowerAction
Status: Not hooked

#: 094 Function Name: NtIsProcessInJob
Status: Not hooked

#: 095 Function Name: NtIsSystemResumeAutomatic
Status: Not hooked

#: 096 Function Name: NtListenPort
Status: Not hooked

#: 097 Function Name: NtLoadDriver
Status: Not hooked

#: 098 Function Name: NtLoadKey
Status: Not hooked

#: 099 Function Name: NtLoadKey2
Status: Not hooked

#: 100 Function Name: NtLockFile
Status: Not hooked

#: 101 Function Name: NtLockProductActivationKeys
Status: Not hooked

#: 102 Function Name: NtLockRegistryKey
Status: Not hooked

#: 103 Function Name: NtLockVirtualMemory
Status: Not hooked

#: 104 Function Name: NtMakePermanentObject
Status: Not hooked

#: 105 Function Name: NtMakeTemporaryObject
Status: Not hooked

#: 106 Function Name: NtMapUserPhysicalPages
Status: Not hooked

#: 107 Function Name: NtMapUserPhysicalPagesScatter
Status: Not hooked

#: 108 Function Name: NtMapViewOfSection
Status: Not hooked

#: 109 Function Name: NtModifyBootEntry
Status: Not hooked

#: 110 Function Name: NtNotifyChangeDirectoryFile
Status: Not hooked

#: 111 Function Name: NtNotifyChangeKey
Status: Not hooked

#: 112 Function Name: NtNotifyChangeMultipleKeys
Status: Not hooked

#: 113 Function Name: NtOpenDirectoryObject
Status: Not hooked

#: 114 Function Name: NtOpenEvent
Status: Not hooked

#: 115 Function Name: NtOpenEventPair
Status: Not hooked

#: 116 Function Name: NtOpenFile
Status: Not hooked

#: 117 Function Name: NtOpenIoCompletion
Status: Not hooked

#: 118 Function Name: NtOpenJobObject
Status: Not hooked

#: 119 Function Name: NtOpenKey
Status: Not hooked

#: 120 Function Name: NtOpenMutant
Status: Not hooked

#: 121 Function Name: NtOpenObjectAuditAlarm
Status: Not hooked

#: 122 Function Name: NtOpenProcess
Status: Not hooked

#: 123 Function Name: NtOpenProcessToken
Status: Not hooked

#: 124 Function Name: NtOpenProcessTokenEx
Status: Not hooked

#: 125 Function Name: NtOpenSection
Status: Not hooked

#: 126 Function Name: NtOpenSemaphore
Status: Not hooked

#: 127 Function Name: NtOpenSymbolicLinkObject
Status: Not hooked

#: 128 Function Name: NtOpenThread
Status: Not hooked

#: 129 Function Name: NtOpenThreadToken
Status: Not hooked

#: 130 Function Name: NtOpenThreadTokenEx
Status: Not hooked

#: 131 Function Name: NtOpenTimer
Status: Not hooked

#: 132 Function Name: NtPlugPlayControl
Status: Not hooked

#: 133 Function Name: NtPowerInformation
Status: Not hooked

#: 134 Function Name: NtPrivilegeCheck
Status: Not hooked

#: 135 Function Name: NtPrivilegeObjectAuditAlarm
Status: Not hooked

#: 136 Function Name: NtPrivilegedServiceAuditAlarm
Status: Not hooked

#: 137 Function Name: NtProtectVirtualMemory
Status: Not hooked

#: 138 Function Name: NtPulseEvent
Status: Not hooked

#: 139 Function Name: NtQueryAttributesFile
Status: Not hooked

#: 140 Function Name: NtQueryBootEntryOrder
Status: Not hooked

#: 141 Function Name: NtQueryBootOptions
Status: Not hooked

#: 142 Function Name: NtQueryDebugFilterState
Status: Not hooked

#: 143 Function Name: NtQueryDefaultLocale
Status: Not hooked

#: 144 Function Name: NtQueryDefaultUILanguage
Status: Not hooked

#: 145 Function Name: NtQueryDirectoryFile
Status: Not hooked

#: 146 Function Name: NtQueryDirectoryObject
Status: Not hooked

#: 147 Function Name: NtQueryEaFile
Status: Not hooked

#: 148 Function Name: NtQueryEvent
Status: Not hooked

#: 149 Function Name: NtQueryFullAttributesFile
Status: Not hooked

#: 150 Function Name: NtQueryInformationAtom
Status: Not hooked

#: 151 Function Name: NtQueryInformationFile
Status: Not hooked

#: 152 Function Name: NtQueryInformationJobObject
Status: Not hooked

#: 153 Function Name: NtQueryInformationPort
Status: Not hooked

#: 154 Function Name: NtQueryInformationProcess
Status: Not hooked

#: 155 Function Name: NtQueryInformationThread
Status: Not hooked

#: 156 Function Name: NtQueryInformationToken
Status: Not hooked

#: 157 Function Name: NtQueryInstallUILanguage
Status: Not hooked

#: 158 Function Name: NtQueryIntervalProfile
Status: Not hooked

#: 159 Function Name: NtQueryIoCompletion
Status: Not hooked

#: 160 Function Name: NtQueryKey
Status: Not hooked

#: 161 Function Name: NtQueryMultipleValueKey
Status: Not hooked

#: 162 Function Name: NtQueryMutant
Status: Not hooked

#: 163 Function Name: NtQueryObject
Status: Not hooked

#: 164 Function Name: NtQueryOpenSubKeys
Status: Not hooked

#: 165 Function Name: NtQueryPerformanceCounter
Status: Not hooked

#: 166 Function Name: NtQueryQuotaInformationFile
Status: Not hooked

#: 167 Function Name: NtQuerySection
Status: Not hooked

#: 168 Function Name: NtQuerySecurityObject
Status: Not hooked

#: 169 Function Name: NtQuerySemaphore
Status: Not hooked

#: 170 Function Name: NtQuerySymbolicLinkObject
Status: Not hooked

#: 171 Function Name: NtQuerySystemEnvironmentValue
Status: Not hooked

#: 172 Function Name: NtQuerySystemEnvironmentValueEx
Status: Not hooked

#: 173 Function Name: NtQuerySystemInformation
Status: Not hooked

#: 174 Function Name: NtQuerySystemTime
Status: Not hooked

#: 175 Function Name: NtQueryTimer
Status: Not hooked

#: 176 Function Name: NtQueryTimerResolution
Status: Not hooked

#: 177 Function Name: NtQueryValueKey
Status: Not hooked

#: 178 Function Name: NtQueryVirtualMemory
Status: Not hooked

#: 179 Function Name: NtQueryVolumeInformationFile
Status: Not hooked

#: 180 Function Name: NtQueueApcThread
Status: Not hooked

#: 181 Function Name: NtRaiseException
Status: Not hooked

#: 182 Function Name: NtRaiseHardError
Status: Not hooked

#: 183 Function Name: NtReadFile
Status: Not hooked

#: 184 Function Name: NtReadFileScatter
Status: Not hooked

#: 185 Function Name: NtReadRequestData
Status: Not hooked

#: 186 Function Name: NtReadVirtualMemory
Status: Not hooked

#: 187 Function Name: NtRegisterThreadTerminatePort
Status: Not hooked

#: 188 Function Name: NtReleaseMutant
Status: Not hooked

#: 189 Function Name: NtReleaseSemaphore
Status: Not hooked

#: 190 Function Name: NtRemoveIoCompletion
Status: Not hooked

#: 191 Function Name: NtRemoveProcessDebug
Status: Not hooked

#: 192 Function Name: NtRenameKey
Status: Not hooked

#: 193 Function Name: NtReplaceKey
Status: Not hooked

#: 194 Function Name: NtReplyPort
Status: Not hooked

#: 195 Function Name: NtReplyWaitReceivePort
Status: Not hooked

#: 196 Function Name: NtReplyWaitReceivePortEx
Status: Not hooked

#: 197 Function Name: NtReplyWaitReplyPort
Status: Not hooked

#: 198 Function Name: NtRequestDeviceWakeup
Status: Not hooked

#: 199 Function Name: NtRequestPort
Status: Not hooked

#: 200 Function Name: NtRequestWaitReplyPort
Status: Not hooked

#: 201 Function Name: NtRequestWakeupLatency
Status: Not hooked

#: 202 Function Name: NtResetEvent
Status: Not hooked

#: 203 Function Name: NtResetWriteWatch
Status: Not hooked

#: 204 Function Name: NtRestoreKey
Status: Not hooked

#: 205 Function Name: NtResumeProcess
Status: Not hooked

#: 206 Function Name: NtResumeThread
Status: Not hooked

#: 207 Function Name: NtSaveKey
Status: Not hooked

#: 208 Function Name: NtSaveKeyEx
Status: Not hooked

#: 209 Function Name: NtSaveMergedKeys
Status: Not hooked

#: 210 Function Name: NtSecureConnectPort
Status: Not hooked

#: 211 Function Name: NtSetBootEntryOrder
Status: Not hooked

#: 212 Function Name: NtSetBootOptions
Status: Not hooked

#: 213 Function Name: NtSetContextThread
Status: Not hooked

#: 214 Function Name: NtSetDebugFilterState
Status: Not hooked

#: 215 Function Name: NtSetDefaultHardErrorPort
Status: Not hooked

#: 216 Function Name: NtSetDefaultLocale
Status: Not hooked

#: 217 Function Name: NtSetDefaultUILanguage
Status: Not hooked

#: 218 Function Name: NtSetEaFile
Status: Not hooked

#: 219 Function Name: NtSetEvent
Status: Not hooked

#: 220 Function Name: NtSetEventBoostPriority
Status: Not hooked

#: 221 Function Name: NtSetHighEventPair
Status: Not hooked

#: 222 Function Name: NtSetHighWaitLowEventPair
Status: Not hooked

#: 223 Function Name: NtSetInformationDebugObject
Status: Not hooked

#: 224 Function Name: NtSetInformationFile
Status: Not hooked

#: 225 Function Name: NtSetInformationJobObject
Status: Not hooked

#: 226 Function Name: NtSetInformationKey
Status: Not hooked

#: 227 Function Name: NtSetInformationObject
Status: Not hooked

#: 228 Function Name: NtSetInformationProcess
Status: Not hooked

#: 229 Function Name: NtSetInformationThread
Status: Not hooked

#: 230 Function Name: NtSetInformationToken
Status: Not hooked

#: 231 Function Name: NtSetIntervalProfile
Status: Not hooked

#: 232 Function Name: NtSetIoCompletion
Status: Not hooked

#: 233 Function Name: NtSetLdtEntries
Status: Not hooked

#: 234 Function Name: NtSetLowEventPair
Status: Not hooked

#: 235 Function Name: NtSetLowWaitHighEventPair
Status: Not hooked

#: 236 Function Name: NtSetQuotaInformationFile
Status: Not hooked

#: 237 Function Name: NtSetSecurityObject
Status: Not hooked

#: 238 Function Name: NtSetSystemEnvironmentValue
Status: Not hooked

#: 239 Function Name: NtSetSystemEnvironmentValueEx
Status: Not hooked

#: 240 Function Name: NtSetSystemInformation
Status: Not hooked

#: 241 Function Name: NtSetSystemPowerState
Status: Not hooked

#: 242 Function Name: NtSetSystemTime
Status: Not hooked

#: 243 Function Name: NtSetThreadExecutionState
Status: Not hooked

#: 244 Function Name: NtSetTimer
Status: Not hooked

#: 245 Function Name: NtSetTimerResolution
Status: Not hooked

#: 246 Function Name: NtSetUuidSeed
Status: Not hooked

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xf75cdbfe

#: 248 Function Name: NtSetVolumeInformationFile
Status: Not hooked

#: 249 Function Name: NtShutdownSystem
Status: Not hooked

#: 250 Function Name: NtSignalAndWaitForSingleObject
Status: Not hooked

#: 251 Function Name: NtStartProfile
Status: Not hooked

#: 252 Function Name: NtStopProfile
Status: Not hooked

#: 253 Function Name: NtSuspendProcess
Status: Not hooked

#: 254 Function Name: NtSuspendThread
Status: Not hooked

#: 255 Function Name: NtSystemDebugControl
Status: Not hooked

#: 256 Function Name: NtTerminateJobObject
Status: Not hooked

#: 257 Function Name: NtTerminateProcess
Status: Not hooked

#: 258 Function Name: NtTerminateThread
Status: Not hooked

#: 259 Function Name: NtTestAlert
Status: Not hooked

#: 260 Function Name: NtTraceEvent
Status: Not hooked

#: 261 Function Name: NtTranslateFilePath
Status: Not hooked

#: 262 Function Name: NtUnloadDriver
Status: Not hooked

#: 263 Function Name: NtUnloadKey
Status: Not hooked

#: 264 Function Name: NtUnloadKeyEx
Status: Not hooked

#: 265 Function Name: NtUnlockFile
Status: Not hooked

#: 266 Function Name: NtUnlockVirtualMemory
Status: Not hooked

#: 267 Function Name: NtUnmapViewOfSection
Status: Not hooked

#: 268 Function Name: NtVdmControl
Status: Not hooked

#: 269 Function Name: NtWaitForDebugEvent
Status: Not hooked

#: 270 Function Name: NtWaitForMultipleObjects
Status: Not hooked

#: 271 Function Name: NtWaitForSingleObject
Status: Not hooked

#: 272 Function Name: NtWaitHighEventPair
Status: Not hooked

#: 273 Function Name: NtWaitLowEventPair
Status: Not hooked

#: 274 Function Name: NtWriteFile
Status: Not hooked

#: 275 Function Name: NtWriteFileGather
Status: Not hooked

#: 276 Function Name: NtWriteRequestData
Status: Not hooked

#: 277 Function Name: NtWriteVirtualMemory
Status: Not hooked

#: 278 Function Name: NtYieldExecution
Status: Not hooked

#: 279 Function Name: NtCreateKeyedEvent
Status: Not hooked

#: 280 Function Name: NtOpenKeyedEvent
Status: Not hooked

#: 281 Function Name: NtReleaseKeyedEvent
Status: Not hooked

#: 282 Function Name: NtWaitForKeyedEvent
Status: Not hooked

#: 283 Function Name: NtQueryPortInformationProcess
Status: Not hooked


-------------------------------------------------------------------------------------------------


Stealth Objects:


ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/05/11 01:17
Program Version: Version 1.2.3.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Stealth Objects
-------------------


-------------------------------------------------------------------------------------------------


Hidden Services:

ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/05/11 01:17
Program Version: Version 1.2.3.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Hidden Services
-------------------

#8 nitty

nitty

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 11 May 2009 - 05:13 AM

Make a ComboFix scan and post logfile <= Ignore this request

Edited by rigel, 11 May 2009 - 12:50 PM.
Please see my post below.


#9 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:09:24 PM

Posted 11 May 2009 - 12:48 PM

Make a ComboFix scan and post logfile

Please ignore that request.

@nitty Please refer to this link : How do I get help? Who is helping me? and also to the text in blue listed at the top of this forum. Asking for ComboFix logs is forbidden in this forum.

Thank you - sorry RootRepeal gave you trouble too.... Are you using Firefox as your browser?


Please download ATF Cleaner by Atribune & save it to your desktop.
alternate download link DO NOT use yet.

Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the
    definitions before scanning by selecting "Check for Updates". (If you encounter
    any problems while downloading the updates, manually download them from
    here and
    unzip into the program's folder.
    )
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under
    Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner
    Options
    , make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose:
    Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp"

ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#10 JohnnyOrchard

JohnnyOrchard
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 12 May 2009 - 08:45 PM

Here it is...


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/12/2009 at 02:48 PM

Application Version : 4.26.1002

Core Rules Database Version : 3886
Trace Rules Database Version: 1834

Scan type : Complete Scan
Total Scan Time : 04:14:09

Memory items scanned : 292
Memory threats detected : 0
Registry items scanned : 8844
Registry threats detected : 0
File items scanned : 98934
File threats detected : 9

Malware.Installer-Pkg/Gen
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE

#11 JohnnyOrchard

JohnnyOrchard
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 14 May 2009 - 08:46 PM

Is there anything else I can do to fix this problem? Even after these scans, it still continues to have the same problems.

#12 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:09:24 PM

Posted 15 May 2009 - 06:36 AM

Please print out and follow these instructions: "How to use SDFix". <- This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#13 JohnnyOrchard

JohnnyOrchard
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 16 May 2009 - 09:04 PM

Sorry it still won't work. I've tried it a couple of times and does the same thing. Explorer shuts down even in Safe Mode.

Any other suggestions?

#14 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:09:24 PM

Posted 17 May 2009 - 06:39 PM

I think our best path now is to post in the HJT forum: Please follow this guide from step (6). Post a HJT log to the HJT forum and a Team member will be along to help you as soon as possible. You may wish to post a link back to this topic to see what was discussed thus far.

If you need any help with the guide, please let me know. is to move to the HJT forum.

Edited by rigel, 17 May 2009 - 06:39 PM.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#15 JohnnyOrchard

JohnnyOrchard
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 20 May 2009 - 02:47 AM

Thanks for your help, rigel!

I just tried using the DDS tool, but it didn't go beyond the small black window. Do you think I should use the Hijack This tool at this point?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users