Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow start-up...?


  • This topic is locked This topic is locked
2 replies to this topic

#1 blue_inversions

blue_inversions

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 31 December 2009 - 01:56 AM

After my younger brother used my computer, and downloaded some stuff (I still can't figure out exactly what, as he's vague about everything...argh), my start-up is way way slow.

I have Windows XP, and ran disk defrag, and disk cleanup.

I appreciate the help.

HJT:

DDS (Ver_09-12-01.01) - NTFSx86
Run by William Vieth at 1:05:01.40 on Thu 12/31/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.25 [GMT -5:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\William Vieth\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Comcast
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.5.2.11\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [NDSTray.exe] c:\program files\toshiba\configfree\NDSTray.exe
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [TFncKy] c:\program files\toshiba\toshiba controls\TFncKy.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192327758203
DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxp://abxterm.abxair.com/tsweb/msrdp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.5.2.11\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-3 64288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0305020.00b\SymEFA.sys [2009-9-19 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0305020.00b\BHDrvx86.sys [2009-9-19 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0305020.00b\cchpx86.sys [2009-9-19 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091217.002\IDSXpx86.sys [2009-12-18 329592]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-6-28 98816]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-27 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20091230.035\NAVENG.SYS [2009-12-30 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20091230.035\NAVEX15.SYS [2009-12-30 1323568]
S3 IO_Memory;IO_Memory;\??\c:\sysprep\drivers\ioport.sys --> c:\sysprep\drivers\ioport.sys [?]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\pedrv.sys --> c:\sysprep\PEDrv.sys [?]

=============== Created Last 30 ================

2009-12-27 23:23:06 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-27 22:29:48 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-12-27 22:29:48 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-12-27 22:28:04 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-12-27 22:28:04 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-12-27 22:27:51 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-12-27 22:27:51 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-12-27 22:27:48 16384 -c--a-w- c:\windows\system32\dllcache\ipsink.ax
2009-12-27 22:27:48 16384 ----a-w- c:\windows\system32\ipsink.ax
2009-12-27 22:26:50 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2009-12-27 22:26:50 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-12-27 22:26:17 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-12-27 22:26:17 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-12-27 22:25:59 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-12-27 22:25:59 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-12-27 22:25:37 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-12-27 22:25:37 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-12-27 22:24:44 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-12-27 22:24:44 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-12-27 22:22:29 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-12-27 22:22:29 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-12-27 22:22:28 91136 -c--a-w- c:\windows\system32\dllcache\kswdmcap.ax
2009-12-27 22:22:28 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2009-12-27 22:22:28 43008 -c--a-w- c:\windows\system32\dllcache\ksxbar.ax
2009-12-27 22:22:28 43008 ----a-w- c:\windows\system32\ksxbar.ax
2009-12-27 22:22:25 61952 -c--a-w- c:\windows\system32\dllcache\kstvtune.ax
2009-12-27 22:22:25 61952 ----a-w- c:\windows\system32\kstvtune.ax
2009-12-27 22:22:19 20992 -c--a-w- c:\windows\system32\dllcache\dshowext.ax
2009-12-27 22:22:19 20992 ----a-w- c:\windows\system32\dshowext.ax
2009-12-27 22:20:20 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-12-27 22:20:20 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-12-27 14:59:25 0 d-----w- c:\windows\Performance
2009-12-25 15:41:27 0 d-----w- c:\program files\MSECache
2009-12-13 03:16:32 0 d-----w- c:\windows\system32\N360_BACKUP
2009-12-09 22:14:03 0 d-----w- c:\program files\Comcast

==================== Find3M ====================

2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 12:45:39 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2008-09-02 14:28:15 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090220080903\index.dat

============= FINISH: 1:06:58.75 ===============


ROOT REPEAL:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/31 01:10
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA543000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8BC1000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8A0E000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xF84A7000 Size: 323584 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\william vieth\local settings\temp\~df2de1.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\william vieth\local settings\temp\~dfb77d.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\william vieth\local settings\temp\~dfd2c1.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x82d41660

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x82d41740

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x82df6320

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x82c007d8

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x82a191e0

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xaa8bf130

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x82c0d7e0

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x82ce9f80

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x82fd4198

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x82c008b8

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xaa8bf3b0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xaa8bf910

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x82bd0cd0

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x82df61c0

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x82c0d8d0

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x82c0d9b0

#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x82c03ba0

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x82c0ebd8

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x82a8b320

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x82bd0df0

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x82df63d0

#: 125 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x82a8b180

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x82bd0d60

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x82c006e8

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x82e1bd00

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x82c0e948

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x82c0ea28

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x82c00978

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xaa8bfb60

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x82a8b260

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x82d41820

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x82bd0ec8

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x82d41900

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x82c0eb18

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x82df6270

Shadow SSDT
-------------------
#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "<unknown>" at address 0x82df11e8

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0xff0e3050

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "<unknown>" at address 0x82ab19d0

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "<unknown>" at address 0x82be5210

#: 428 Function Name: NtUserGetRawInputData
Status: Hooked by "<unknown>" at address 0x82ca6a60

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "<unknown>" at address 0x82a660c8

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "<unknown>" at address 0x82a69c28

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "<unknown>" at address 0x82a69b98

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "<unknown>" at address 0x82bba2e8

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "<unknown>" at address 0xfeee45a0

==EOF==

BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:38 PM

Posted 09 January 2010 - 12:43 PM

Hello and welcome to Bleeping Computer! :(

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 chamber

chamber

    Bleepin' Geek


  • Members
  • 329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:~/
  • Local time:11:38 AM

Posted 14 January 2010 - 08:05 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users