Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need help


  • This topic is locked This topic is locked
2 replies to this topic

#1 buddyscooby

buddyscooby

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 15 November 2009 - 01:06 PM

I tried to scan my computer but need to update my spyware but something stops the internet. Tried to download malware bytes but it cant update. please help.


dds=



DDS (Ver_09-10-26.01) - NTFSx86
Run by Darin at 11:44:48.07 on Sun 11/15/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.310 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Darin\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Darin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1033
mURLSearchHooks: SrchHook Class: {d3f669eb-57ce-4f45-8fbd-e245cbb46366} - c:\program files\stopzilla!\toolbar\SZIESearchHook.dll
{0ed6d2b5-e6d7-49bd-b344-a6ebdb70b0b2}
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\toolbar\SZSG.dll
{48bd3f45-aeab-4aca-a298-823333d279ba}
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {64C822F1-CE6A-432E-A0E0-B717B0BE0D4E} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\toolbar\SZSG.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} - hxxp://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.26/Hiwire.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\ievony\Skype4COM.dll
Notify: igfxcui - igfxsrvc.dll
Notify: WB - d:\world of warcraft\theme\stardock\mycolors\fastload.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs: qgjuzj.dll
SEH: {427B37EF-B6C5-4823-A97C-10B88977E398} - No File
LSA: Authentication Packages = msv1_0 c:\windows\system32\tuvTnMcB

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\darin\applic~1\mozilla\firefox\profiles\r41qkfxj.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - component: c:\program files\stopzilla!\toolbar\extension\components\SiteGuardFF.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: d:\plugins\npqtplugin.dll
FF - plugin: d:\plugins\npqtplugin2.dll
FF - plugin: d:\plugins\npqtplugin3.dll
FF - plugin: d:\plugins\npqtplugin4.dll
FF - plugin: d:\plugins\npqtplugin5.dll
FF - plugin: d:\plugins\npqtplugin6.dll
FF - plugin: d:\plugins\npqtplugin7.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-5-12 61328]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [2002-4-28 3584]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pmxscan;Memorex USB Kernel;c:\windows\system32\drivers\usbscan.sys [2003-2-25 15104]
S3 V90drv;v90drv;c:\windows\system32\drivers\v90drv.sys [2002-4-28 1432836]

=============== Created Last 30 ================

2009-12-19 17:12:11 2581 ----a-w- c:\windows\system32\6639ba5kdoor91z9.bin
2009-12-17 10:10:29 10936 ----a-w- c:\windows\5z2ath9ef2195.bin
2009-12-16 09:00:29 4119 ----a-w- c:\windows\system32\2545addware13z9.bin
2009-12-07 12:49:39 16580 ----a-w- c:\windows\16127v9ruz18d5.bin
2009-12-02 16:12:48 11336 ----a-w- c:\windows\system32\75z2vir5956.bin
2009-12-01 14:13:05 17045 ----a-w- c:\windows\z38a59r2465.bin
2009-11-23 12:21:35 8940 ----a-w- c:\windows\system32\z75ct5ief493.bin
2009-11-19 09:54:58 11160 ----a-w- c:\windows\system32\202dzpywa592873.bin
2009-11-15 17:19:13 0 d-----w- c:\documents and settings\darin\Tracing
2009-11-15 17:11:26 0 d-----w- c:\program files\Microsoft
2009-11-15 17:11:06 0 d-----w- c:\program files\Windows Live SkyDrive
2009-11-15 16:57:42 0 d-----w- c:\program files\common files\Windows Live
2009-11-15 16:09:18 2264 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-15 15:58:39 0 d-----w- c:\windows\system32\wbem\Repository
2009-11-15 15:31:15 0 d-----w- c:\docume~1\darin\applic~1\STOPzilla!
2009-11-15 15:27:37 402064 ----a-r- c:\windows\system32\SZBase5.dll
2009-11-15 15:27:37 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-11-15 15:27:36 729088 ----a-r- c:\windows\system32\IS3Base5.dll
2009-11-15 15:27:36 385024 ----a-r- c:\windows\system32\IS3UI5.dll
2009-11-15 15:27:36 225280 ----a-r- c:\windows\system32\IS3Win325.dll
2009-11-14 23:20:42 0 d-----w- C:\VundoFix Backups
2009-11-14 23:06:51 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2009-11-14 23:04:22 0 d-----w- c:\program files\STOPzilla!
2009-11-14 23:04:19 0 d-----w- c:\program files\common files\iS3
2009-11-14 23:04:18 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-11-06 01:11:20 268 ---ha-w- C:\sqmdata18.sqm
2009-11-06 01:11:20 244 ---ha-w- C:\sqmnoopt18.sqm
2009-11-06 00:26:12 268 ---ha-w- C:\sqmdata17.sqm
2009-11-06 00:26:12 244 ---ha-w- C:\sqmnoopt17.sqm
2009-11-03 07:57:32 4772 ----a-w- c:\windows\system32\4985s5zmbot337.bin
2009-11-03 02:00:13 11077 ----a-w- c:\windows\system32\2582spyzare9115.bin
2009-10-29 20:45:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Nexon
2009-10-27 16:08:16 545424 ----a-r- c:\windows\system32\SZComp5.dll
2009-10-27 15:59:38 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-10-25 06:28:26 16664 ----a-w- c:\windows\system32\4586sp5r9e1z78.bin
2009-10-22 08:26:12 9835 ----a-w- c:\windows\2f85zpyware9002.bin
2009-10-20 19:40:24 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-10-20 19:37:58 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-10-20 19:37:40 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-10-20 19:35:18 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-10-20 19:35:04 90112 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-10-20 04:15:18 244 ---ha-w- C:\sqmnoopt16.sqm
2009-10-20 04:15:18 232 ---ha-w- C:\sqmdata16.sqm
2009-10-20 01:44:13 268 ---ha-w- C:\sqmdata15.sqm
2009-10-20 01:44:13 244 ---ha-w- C:\sqmnoopt15.sqm
2009-10-17 23:46:14 0 d-----w- c:\program files\DVDFab 6
2009-10-17 23:00:13 0 d-----w- c:\docume~1\alluse~1\applic~1\Elaborate Bytes

==================== Find3M ====================

2009-10-26 21:42:06 38 ----a-w- c:\documents and settings\darin\jagex_runescape_preferences.dat
2009-10-26 21:18:07 63 ----a-w- c:\documents and settings\darin\jagex_runescape_preferences2.dat
2009-10-05 03:47:20 2750 ----a-w- c:\windows\system32\5z6b5pyware3974.bin
2009-09-26 02:13:20 24744 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-09-24 22:59:35 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-09-15 10:06:41 9956 ----a-w- c:\windows\system32\1f94downloadez30525.bin
2009-09-03 20:55:35 87608 ----a-w- c:\docume~1\darin\applic~1\inst.exe
2009-09-03 20:55:35 47360 ----a-w- c:\docume~1\darin\applic~1\pcouffin.sys
2009-09-03 19:04:30 14049 ----a-w- c:\windows\system32\7z9fsp9rse25605.bin
2009-08-26 06:50:41 12996 ----a-w- c:\windows\759bdownzoader2970.bin
2009-08-25 22:04:30 75264 ----a-w- c:\windows\system32\uc_holybeast_launching.dll
2009-08-24 08:04:01 17523 ----a-w- c:\windows\system32\17z139o5m269.bin
2009-08-24 08:04:00 4117 ----a-w- c:\windows\588349zt-a-virus26a.bin
2009-08-24 08:04:00 11698 ----a-w- c:\windows\system32\1376hack9ooz25.bin
2009-08-20 12:23:30 6473 ----a-w- c:\windows\76a8t9reatz2255.bin
2004-07-22 01:21:06 127324 ----a-w- c:\program files\term block for001-96567.jpg
2009-07-15 11:46:34 2365 --sha-w- c:\windows\system32\BcMnTvut.ini2
2009-08-09 19:43:30 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009080920090810\index.dat

============= FINISH: 11:45:46.10 ===============




ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/15 11:49
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEEE47000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7CCD000 Size: 8192 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Elissa\My Documents\My Pictures\New Folder\00007058.
Status: Locked to the Windows API!

SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x83f81488

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x83ce3ed8

#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0x83fa8430

#: 047 Function Name: NtCreateProcess
Status: Hooked by "<unknown>" at address 0x83f6b1f0

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "<unknown>" at address 0x83fdf218

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x83fdf638

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0x83fab468

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0x83fe5468

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "<unknown>" at address 0x83f70460

#: 186 Function Name: NtReadVirtualMemory
Status: Hooked by "<unknown>" at address 0x83faac48

#: 192 Function Name: NtRenameKey
Status: Hooked by "<unknown>" at address 0x83fadf50

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x83fe3020

#: 226 Function Name: NtSetInformationKey
Status: Hooked by "<unknown>" at address 0x83faaba0

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x83f6c448

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x83fa21f0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0x83fe26b0

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x83fc52b8

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x83f67458

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x83f89448

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x83faded8

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x83f91460

Stealth Objects
-------------------
Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE]
Process: System Address: 0x83cafb28 Size: 221

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x83ed8590 Size: 134

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLOSE]
Process: System Address: 0x83ed8518 Size: 254

Object: Hidden Code [Driver: Tcpip, IRP_MJ_READ]
Process: System Address: 0x83e37ad8 Size: 1320

Object: Hidden Code [Driver: Tcpip, IRP_MJ_WRITE]
Process: System Address: 0x83e37a60 Size: 1440

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x83dc3b58 Size: 1192

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x83dc3ae0 Size: 1312

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_EA]
Process: System Address: 0x83cded70 Size: 448

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_EA]
Process: System Address: 0x83cdecf8 Size: 568

Object: Hidden Code [Driver: Tcpip, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x83e51020 Size: 483

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x83e51128 Size: 219

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x83e510b0 Size: 339

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x83e56020 Size: 445

Object: Hidden Code [Driver: Tcpip, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x83e56148 Size: 149

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x83e560d0 Size: 269

Object: Hidden Code [Driver: Tcpip, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x83dc5b50 Size: 683

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SHUTDOWN]
Process: System Address: 0x83dc5ad8 Size: 803

Object: Hidden Code [Driver: Tcpip, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x83dc5a60 Size: 923

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLEANUP]
Process: System Address: 0x83e3cfa8 Size: 88

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x83e3cf30 Size: 208

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x83e3ceb8 Size: 328

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_SECURITY]
Process: System Address: 0x83caeb58 Size: 121

Object: Hidden Code [Driver: Tcpip, IRP_MJ_POWER]
Process: System Address: 0x83caeae0 Size: 241

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x83caea68 Size: 361

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x83ce4648 Size: 101

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x83ce45d0 Size: 221

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_QUOTA]
Process: System Address: 0x83ce4558 Size: 341

Object: Hidden Code [Driver: Tcpip, IRP_MJ_PNP]
Process: System Address: 0x83ce3fa8 Size: 89

Shadow SSDT
-------------------
#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "<unknown>" at address 0x82e84e88

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0x82ec78a8

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "<unknown>" at address 0x8312af30

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "<unknown>" at address 0x82ec7920

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "<unknown>" at address 0x82f1ae20

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "<unknown>" at address 0x8329fe10

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "<unknown>" at address 0x8312afa8

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "<unknown>" at address 0x830cb920

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "<unknown>" at address 0x82f1e350

==EOF==

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:21 PM

Posted 24 November 2009 - 04:29 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:21 PM

Posted 29 November 2009 - 03:30 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users