1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Virus Alerts Pop Ups

Discussion in 'Malware and Virus Removal Archive' started by deester, 2009/01/27.

Page 1 of 2
  1. 2009/01/27
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    [Inactive] Virus Alerts Pop Ups

    Just finished cleaning this computer of viruses. Today, receiving pop up from unsolicited antivirus software with virus alert. Unable to do any thing because of pop ups. Saved report and am including it. Thanks for your help.
    1/27/2009 6:49:30 PM

    Infections: 38
    1: "Trojan" "hidden autorun" "Trojan.Poison.J" "Trojan.Poison.J is a key-logging Trojan for the Windows platform. "
    2: "Trojan" "autorun" "Infostealer.Banker.E" "Steals sensitive information from the infected computer (e.g. logins and passwords from online banking sessions). "
    3: "Adware" "Registry" "Adware.eXact.BargainBuddy" "A browser helper object that monitors internet browsing sessions in an attempt to redirect search queries and distribute unsolicited advertisements. "
    4: "Backdoor" "C:/windows/system32/svchost.exe" "Win32.Rbot.fm" "An IRC controlled backdoor that can be used to gain unauthorized access to a victim's machine. "
    5: "Trojan" "autorun" "Trojan.Tooso" "Trojan.Tooso is a trojan which attempts to terminate and delete security related applications. "
    6: "Worm" "C:/windows/" "Win32.BlackMail.xx" " "This dangerous worm will destroy certain data files on an infected user's machine on February 3, 2008. "
    7: "Rogue" "C:/Program Files/TrustedAntivirus" "TrustedAntivirus" "A corrupt and misleading anti-virus program that may be usually installed with the help of malcous Trojans and other malware "
    8: "Spyware" "C:/windows/system32/" "Spyware.007SpySoftware" "Program designed to monitor user activity. May be used with or without consent. "
    9: "Trojan" "C:/windows/" "Trojan-Downloader.VBS.Small.dc" "This Trojan downloads other files via the FTP protocol and launches them for execution on the victim machine without the user’s knowledge. "
    10: "Rogue" "C:/Program Files/SecurePCCleaner" "SecurePCCleaner" "Rogue Security Software: fake Security software that uses deceptive means for installation and purpose. "
    11: "Worm" "autorun" "Win32.Peacomm.dam" "A Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats. "
    12: "Trojan" "C:/windows/" "Trojan-Dropper.Win32.Agent.bot" "This Trojan is designed to install and launch other malicious programs on the victim machine without the knowledge or consent of the user. "
    13: "Dialer" "C:/windows/system32/cmdial32.dll" "Dialer.Xpehbam.biz_dialer" "A Dialer that loads pornographic material. The url information shows Hardcore Pornographic pages. "
    14: "Worm" "C:/windows/system32/" "Win32.Delbot.AI" "Win32.Delbot.AI is a worm and IRC backdoor that exploits system and software vulnerabilities in order to provide remote access to the host PC. "
    15: "Dialer" "C:/windows/hidden/" "Dialer.Trafficjam.a" "Dialer.Trafficjam.a is a premium-rate phone dialer that automatically invokes paid access to various ****-related Web sites. "
    16: "Trojan" "autorun" "Win32.Outsbot.u" "A backdoor Trojan that is remotely controlled via Internet Relay Chat (IRC). It exploits Sony Digital Rights Management (DRM) software to hide its presence. "
    17: "Trojan" "hidden autorun" "Trojan.Win32.Agent.ado" "Trojan downloader that is spread as an attachment to a spam email and tries to download a password stealer. "
    18: "Spyware" "autorun" "Win32.PerFiler" "Win32.PerFiler is designed to retrieve and install files when executed. Win32.PerFiler is configured to download from either a designated web or FTP site. "
    19: "Spyware" "autorun" "Spyware.KnownBadSites" "Uses the Windows hosts file to redirect your browser to a malicious site when you try to access a valid site. "
    20: "Trojan" "C:/windows/" "Trojan-Downloader.VBS.Small.dc" "This Trojan downloads other files via the FTP protocol and launches them for execution on the victim machine without the user’s knowledge. "
    21: "Trojan" "C:/windows/system32/explorer.exe" "Trojan.MailGrabber.s" "Trojan horse that gets access to e-mail accounts on the infected computer. "
    22: "Trojan" "C:/windows/system32/" "Trojan.BAT.Adduser.t" "This Trojan has a malicious payload. It is a BAT file. It is 1129 bytes in size. "
    23: "Worm" "C:/windows/system/" "Worm.Bagle.CP" "This is a " "Bagle" " mass-mailer which demonstrates typical " "Bagle" " behavior. "
    24: "Spyware" "C:/windows/system32/iesetup.dll" "Spyware.IEMonster.d" " "Steals passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs. "
    25: "Worm" "hidden autorun" "Win32.Miewer.a" "A Trojan Downloader that masquerades as a legitimate system file. Associated processes connect to the Internet to download additional malicious files "
    26: "Trojan" "C:/windows/system/drivers/etc/" "Trojan.IRCBot.d" "a worm that opens an IRC back door on the infected host. It spreads by exploiting the Windows Remote Buffer Overflow Vulnerability. "
    27: "Worm" "hidden autorun" "Win32.Miewer.a" "A Trojan Downloader that masquerades as a legitimate system file. "
    28: "Worm" "C:/windows/temp/" "Win32.Rbot.CBX" "A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine. "
    29: "Trojan" "C:/windows/hidden/" "Trojan.Clicker.EC" "Trojan.Clicker.EC is an information stealing Trojan that masquerades as a legitimate system file so as to avoid detection and subsequent removal. "
    30: "Adware" "autorun" "Zlob.PornAdvertiser.ba" "Adware that displays pop-up/pop-under advertisements of pornographic or online gambling Web sites. "
    31: "Worm" "autorun" "Win32.Peacomm.dam" "A Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats. "
    32: "Trojan" "C:/windows/system/mui/" "Trojan.Dropper.MSWord.j" "A Microsoft Word macro virus that drops a trojan onto the infected host. "
    33: "Spyware" "autorun" "Win32.PerFiler" "Win32.PerFiler is designed to retrieve and install files when executed. Win32.PerFiler is configured to download from either a designated web or FTP site. "
    34: "Trojan" "C:/windows/system/drivers/" "Win32.Spamta.KG.worm" "A multi-component mass-mailing worm that downloads and executes files from the Internet. "
    35: "Spyware" "autorun" "Spyware.IMMonitor" "program that can be used to monitor and record conversations in popular instant messaging applications. "
    36: "Trojan" "C:/windows/system/mui/" "Win32.Clagger.C" "This is small Trojan downloader that downloads files and lowers security settings. It is spreading as an email attachment. "
    37: "Trojan" "C:/windows/system32/alg.exe" "Trojan.Alg.t" "Trojan program that can compromise your private information stored on the hard drive. "
    38: "Worm" "C:/windows/temp/" "Win32.Sdbot.ADN" "A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine. "
     
    deester,
    #1
  2. 2009/01/27
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi deester
    What a mess. :eek:

    Your computer has multiple infections, including backdoor Trojans and Key Loggers.
    Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, collect confidential data and information from the computer, log activity on the computer and more.

    This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

    I would suggest you disconnect this PC from the Internet immediately, change all passwords using a Non-infected computer (Not this one) and refrain from any credit card or financial dealings until clean. If you do any financial dealings with this computer Contact any credit card or banks for possible fraud on your account.


    Though the Trojans has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojans, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

    When Should I Format, How Should I Reinstall

    We can attempt to clean this machine but I can't guarantee that it will be 100% secure afterwards.

    Should you have any questions, please feel free to ask.

    Please let us know what you have decided to do in your next post.

    Geri
     
    Geri,
    #2


  3. to hide this advert.

  4. 2009/01/27
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    Thanks Geri for your quick response. I hope I have I disconnected from the internet, I uninstalled all the browsers and turned off the computer. As this is my husband's computer, I think I'm going to advise him to replace the hard drive. I have cleaned this one uo several times and I would feel better if we just start with a new one.
    Dee
     
    deester,
    #3
  5. 2009/01/28
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Dee
    OK, good luck with it.

    Geri
     
    Geri,
    #4
  6. 2009/01/29
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Dee
    Can you tell me what program gave you the report you posted in post 1.

    Thanks
     
    Geri,
    #5
  7. 2009/01/30
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    I think it was called Security Systems, it just popped up on the computer with with alert and I couldn't delete it. The computer is now gone for repair.
    Sorry I couldn't be more help.
    Dee
     
    deester,
    #6
  8. 2009/01/30
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK thanks.

    Geri
     
    Geri,
    #7
  9. 2009/01/31
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK we need to run Combofix on the machine.

    Download ComboFix from Here to your Desktop.

    It's best to disable realtime protection applications as they sometimes interfere with the tool.
    Check this link for any applicable programs you may have.
    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • Vista users right click Combofix.exe and select Run As Administrator.
    • When finished, it shall produce a log for you. Post the Combofix log
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    **NOTE - Allow ComboFix to update if prompted.

    Thanks
    Geri
     
    Geri,
    #8
  10. 2009/01/31
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    Here it is, hope it is not as bad as it looked. Thanks for your help.
    ComboFix 09-01-31.01 - ted 2009-01-31 23:54:49.18 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.87 [GMT -5:00]
    Running from: c:\documents and settings\ted\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\msxml71.dll

    .
    ((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 )))))))))))))))))))))))))))))))
    .

    2009-01-31 23:28 . 2009-01-31 23:29 <DIR> d-------- C:\32788R22FWJFW.0.tmp
    2009-01-27 19:06 . 2009-01-27 19:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogMeIn
    2009-01-27 19:05 . 2008-10-16 20:35 87,352 --a------ c:\windows\system32\LMIinit.dll
    2009-01-27 19:05 . 2008-10-16 20:35 83,288 --a------ c:\windows\system32\LMIRfsClientNP.dll
    2009-01-27 19:05 . 2008-07-24 18:46 47,640 --a------ c:\windows\system32\drivers\LMIRfsDriver.sys
    2009-01-27 19:05 . 2008-10-16 20:35 28,984 --a------ c:\windows\system32\LMIport.dll
    2009-01-27 19:05 . 2009-01-27 19:05 1,024 --a------ C:\.rnd
    2009-01-27 19:04 . 2009-01-31 23:07 <DIR> d-------- c:\program files\LogMeIn
    2009-01-18 00:38 . 2009-01-18 00:38 <DIR> d-------- c:\program files\ParetoLogic
    2009-01-16 17:38 . 2009-01-16 17:38 <DIR> d--hs---- C:\found.000
    2009-01-13 20:31 . 2009-01-13 20:31 <DIR> d-------- c:\windows\system32\LogFiles
    2009-01-13 13:11 . 2009-01-14 13:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
    2009-01-13 13:09 . 2009-01-13 13:09 <DIR> d-------- c:\program files\Common Files\iS3
    2009-01-13 13:09 . 2009-01-14 18:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
    2009-01-13 04:35 . 2009-01-13 04:35 <DIR> d-------- c:\program files\Common Files\Adobe AIR
    2009-01-13 04:24 . 2009-01-13 09:00 <DIR> d-------- c:\program files\NOS
    2009-01-13 04:24 . 2009-01-13 09:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
    2009-01-10 05:35 . 2009-01-10 05:34 410,984 --a------ c:\windows\system32\deploytk.dll
    2009-01-10 05:03 . 2009-01-10 05:03 244 --ah----- C:\sqmnoopt19.sqm
    2009-01-10 05:03 . 2009-01-10 05:03 232 --ah----- C:\sqmdata19.sqm
    2009-01-09 06:08 . 2009-01-09 06:08 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Yahoo!
    2009-01-08 19:25 . 2009-01-18 05:31 <DIR> d-------- C:\fixcombo
    2009-01-05 18:35 . 2009-01-18 05:35 <DIR> d-------- C:\rsit

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-01 04:51 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
    2009-02-01 04:16 --------- d-----w c:\documents and settings\ted\Application Data\MSN6
    2009-01-28 05:28 --------- d-----w c:\program files\Google
    2009-01-28 05:18 --------- d-----w c:\program files\Common Files\AOL
    2009-01-28 05:17 --------- d-----w c:\documents and settings\ted\Application Data\AOL
    2009-01-28 05:17 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
    2009-01-18 10:02 --------- d-----w c:\program files\VS Revo Group
    2009-01-18 05:38 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations
    2009-01-17 03:18 --------- d-----w c:\program files\Common Files\Symantec Shared
    2009-01-16 22:50 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
    2009-01-16 22:49 --------- d-----w c:\program files\Symantec
    2009-01-13 09:33 --------- d-----w c:\program files\Common Files\Adobe
    2009-01-10 10:34 --------- d-----w c:\program files\Java
    2009-01-09 16:11 --------- d-----w c:\program files\DX Enterprises CB. Antenna Guide
    2008-12-12 23:42 --------- d-----w c:\program files\Pure Networks
    2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
    1998-12-09 02:53 99,840 ----a-w c:\program files\Common Files\IRAABOUT.DLL
    1998-12-09 02:53 70,144 ----a-w c:\program files\Common Files\IRAMDMTR.DLL
    1998-12-09 02:53 48,640 ----a-w c:\program files\Common Files\IRALPTTR.DLL
    1998-12-09 02:53 31,744 ----a-w c:\program files\Common Files\IRAWEBTR.DLL
    1998-12-09 02:53 186,368 ----a-w c:\program files\Common Files\IRAREG.DLL
    1998-12-09 02:53 17,920 ----a-w c:\program files\Common Files\IRASRIAL.DLL
    2008-10-04 19:59 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100420081005\index.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "PhotoShow Deluxe Media Manager "= "c:\progra~1\Nero\data\Xtras\mssysmgr.exe" [2005-02-25 212992]
    "MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "IW_Drop_Icon "= "c:\program files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2004-04-20 1122816]
    "InstantTray "= "c:\program files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe" [2004-05-06 772096]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 842584]
    "HostManager "= "c:\program files\Common Files\AOL\1211853138\ee\AOLSoftware.exe" [2007-10-08 41824]
    "VX3000 "= "c:\windows\vVX3000.exe" [2006-12-05 707360]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2007-02-05 98304]
    "Lexmark X6100 Series "= "c:\program files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-05-16 57344]
    "SiSUSBRG "= "c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
    "SiS Windows KeyHook "= "c:\windows\system32\keyhook.exe" [2004-05-12 249856]
    "PinnacleDriverCheck "= "c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
    "NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
    "ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
    "AOLDialer "= "c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "LogMeIn GUI "= "c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
    "SoundMan "= "SOUNDMAN.EXE" [2004-02-26 c:\windows\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ALUAlert "= "c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 54936]
    "msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

    c:\documents and settings\ted\Start Menu\Programs\Startup\
    AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2007-04-12 42032]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
    Utility Tray.lnk - c:\windows\system32\sistray.exe [2007-02-05 335872]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0daila

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
    backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
    backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
    --a------ 2007-01-12 20:48 275800 c:\program files\Microsoft LifeCam\LifeExp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    --a------ 2007-02-05 18:09 26112 c:\program files\Real\RealPlayer\realplay.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe "=
    "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe "=
    "c:\\WINDOWS\\system32\\LEXPPS.EXE "=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe "=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe "=
    "c:\\Program Files\\Common Files\\AOL\\1211853138\\ee\\aolsoftware.exe "=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe "=
    "c:\\Program Files\\Common Files\\AOL\\1211853138\\ee\\AOLDesktop.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP "= 67:UDP:DHCP Discovery Service

    R0 VOBID;VOBID;c:\windows\system32\drivers\vobid.sys [2003-08-01 29239]
    R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [2004-07-06 188416]
    R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [2004-06-01 64000]
    R4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856]
    R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-01-27 47640]
    R4 Winferno Subscription Service;Winferno Subscription Service;c:\program files\Common Files\Winferno\WSS\WSS.exe [2008-02-25 126976]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - ATWPKT2
    *Deregistered* - ATWPKT2

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db5100c3-b5e5-11db-a6fb-00038a000015}]
    \Shell\AutoRun\command - G:\LaunchU3.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2009-02-01 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

    2009-02-01 c:\windows\Tasks\ParetoLogic Privacy Controls_{49D6332A-E522-11DD-A87D-00038A000015}.job
    - c:\program files\ParetoLogic\Privacy Controls\Pareto_PC.exe [2008-11-25 11:30]

    2009-01-31 c:\windows\Tasks\ParetoLogic Update Version2.job
    - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 12:25]

    2009-02-01 c:\windows\Tasks\Symantec NetDetect.job
    - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 08:04]

    2009-02-01 c:\windows\Tasks\WSSHelper.job
    - c:\program files\Common Files\Winferno\WSS\WSSHelper.exe [2007-07-26 12:49]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.mapquest.com
    uInternet Settings,ProxyOverride = localhost
    FF - ProfilePath - c:\documents and settings\ted\Application Data\Mozilla\Firefox\Profiles\ks0ev2j3.default\
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-31 23:57:52
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(504)
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\LMIRfsClientNP.dll
    .
    Completion time: 2009-02-01 0:00:05
    ComboFix-quarantined-files.txt 2009-02-01 04:59:41

    Pre-Run: 46,029,418,496 bytes free
    Post-Run: 46,137,819,136 bytes free

    186 --- E O F --- 2009-01-14 08:03:50
     
    deester,
    #9
  11. 2009/02/01
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Dee
    OK, Well, I'm glad noahdfear brought this to my attention.

    I'm not seeing anything in the CF log.

    Lets get a scan with rootrepeal.

    Download RootRepeal.zip to your Desktop.
    • Extract the compressed file to it's own folder.
    • Open the folder and doubleclick on RootRepeal.exe to run it.
    • Click on the Report tab, and then click on: Scan
    • A window opens asking what to include in the scan.
    • Check the following boxes then click OK:
      • Drivers
      • Files
      • Processes
      • SSDT
      • Stealth Objects
      • Hidden Services
    • You will then be asked which drive to scan.
    • Check C: (or the drive your operating system is installed on, if not C)
    • Click OK once again.
    The tool will begin scanning and may take a while to complete, so please be patient.

    When the scan finishes, click on: Save Report
    Name the log RootRepeal.txt and save it to your Documents folder (it should default there).

    Post the contents of the report in a reply here

    Thanks
    Geri
     
    Geri,
    #10
  12. 2009/02/01
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    I am having a problem with program.. When I down loaded it, for some reason Snapzip got involved and I can't it detached. I get as far extracting the file file but I never get to the report tab. What am I doing wrong?
    Dee
     
    deester,
    #11
  13. 2009/02/01
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Dee

    OK, Right click on your Desktop and select "new" then "Folder ", name it rootrepeal,
    now right click on the Rootrepeal.zip and select "Extract To" choose the rootrepeal folder on your Desktop from the list and click OK.
    Open the folder and run RootRepeal.exe

    Geri
     
    Geri,
    #12
  14. 2009/02/01
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    Geri,
    I cannot get the Snapzip unattached from the file and this is my problem, I deleted all the files and started all over and there it is again. I can get no farther than the download box. Any other suggestions. You could not pay me to work on this computer, it is a mess.
    Dee
     
    deester,
    #13
  15. 2009/02/01
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK I suggest you go into Add/remove programs and remove Snapzip, delete RootRepeal that you have and re-download it.
    There are better zip programs that can be downloaded.
    This one is popular.
    http://www.7-zip.org

    Geri
     
    Geri,
    #14
  16. 2009/02/02
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    Finallt got it done with Winrar.
    ROOTREPEAL (c) AD, 2007-2008
    ==================================================
    Scan Time: 2009/02/02 14:42
    Program Version: Version 1.2.3.0
    Windows Version: Windows XP SP3
    ==================================================

    Drivers
    -------------------
    Name: ACPI.sys
    Image Path: ACPI.sys
    Address: 0xF7808000 Size: 187776 File Visible: -
    Status: -

    Name: ACPI_HAL
    Image Path: \Driver\ACPI_HAL
    Address: 0x804D7000 Size: 2189184 File Visible: -
    Status: -

    Name: afd.sys
    Image Path: C:\WINDOWS\System32\drivers\afd.sys
    Address: 0xB7E60000 Size: 138496 File Visible: -
    Status: -

    Name: ALCXSENS.SYS
    Image Path: C:\WINDOWS\system32\drivers\ALCXSENS.SYS
    Address: 0xF6E1D000 Size: 400384 File Visible: -
    Status: -

    Name: ALCXWDM.SYS
    Image Path: C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    Address: 0xF6EA3000 Size: 603328 File Visible: -
    Status: -

    Name: amdk7.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\amdk7.sys
    Address: 0xF7987000 Size: 37760 File Visible: -
    Status: -

    Name: ASAPIW2K.sys
    Image Path: C:\WINDOWS\System32\Drivers\ASAPIW2K.sys
    Address: 0xF7BDF000 Size: 32768 File Visible: -
    Status: -

    Name: ASCTRM.SYS
    Image Path: C:\WINDOWS\System32\Drivers\ASCTRM.SYS
    Address: 0xF7DD5000 Size: 7488 File Visible: -
    Status: -

    Name: atapi.sys
    Image Path: atapi.sys
    Address: 0xF77C0000 Size: 96512 File Visible: -
    Status: -

    Name: audstub.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys
    Address: 0xF7F9C000 Size: 3072 File Visible: -
    Status: -

    Name: BATTC.SYS
    Image Path: C:\WINDOWS\System32\DRIVERS\BATTC.SYS
    Address: 0xF7C6F000 Size: 16384 File Visible: -
    Status: -

    Name: Beep.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
    Address: 0xF7D8D000 Size: 4224 File Visible: -
    Status: -

    Name: BOOTVID.dll
    Image Path: C:\WINDOWS\system32\BOOTVID.dll
    Address: 0xF7C67000 Size: 12288 File Visible: -
    Status: -

    Name: Cdfs.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
    Address: 0xF79B7000 Size: 63744 File Visible: -
    Status: -

    Name: Cdrdrv.sys
    Image Path: C:\WINDOWS\System32\Drivers\Cdrdrv.sys
    Address: 0xF6F6C000 Size: 81920 File Visible: -
    Status: -

    Name: cdrom.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
    Address: 0xF7997000 Size: 62976 File Visible: -
    Status: -

    Name: CLASSPNP.SYS
    Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    Address: 0xF7897000 Size: 53248 File Visible: -
    Status: -

    Name: compbatt.sys
    Image Path: compbatt.sys
    Address: 0xF7C6B000 Size: 10240 File Visible: -
    Status: -

    Name: DcCam.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\DcCam.sys
    Address: 0xF7A07000 Size: 36864 File Visible: -
    Status: -

    Name: dcfs2k.sys
    Image Path: C:\WINDOWS\system32\drivers\dcfs2k.sys
    Address: 0xF7947000 Size: 38688 File Visible: -
    Status: -

    Name: disk.sys
    Image Path: disk.sys
    Address: 0xF7887000 Size: 36352 File Visible: -
    Status: -

    Name: drmk.sys
    Image Path: C:\WINDOWS\system32\drivers\drmk.sys
    Address: 0xF79D7000 Size: 61440 File Visible: -
    Status: -

    Name: dump_atapi.sys
    Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
    Address: 0xB7CB5000 Size: 98304 File Visible: No
    Status: -

    Name: dump_WMILIB.SYS
    Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
    Address: 0xF7D97000 Size: 8192 File Visible: No
    Status: -

    Name: Dxapi.sys
    Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
    Address: 0xF6D34000 Size: 12288 File Visible: -
    Status: -

    Name: dxg.sys
    Image Path: C:\WINDOWS\System32\drivers\dxg.sys
    Address: 0xBF9C3000 Size: 73728 File Visible: -
    Status: -

    Name: dxgthk.sys
    Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
    Address: 0xF7E4B000 Size: 4096 File Visible: -
    Status: -

    Name: EXPORTIT.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\EXPORTIT.SYS
    Address: 0xB7FDB000 Size: 151552 File Visible: -
    Status: -

    Name: Fastfat.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
    Address: 0xF6F48000 Size: 143744 File Visible: -
    Status: -

    Name: fdc.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\fdc.sys
    Address: 0xF7BFF000 Size: 27392 File Visible: -
    Status: -

    Name: Fips.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
    Address: 0xF7A47000 Size: 44544 File Visible: -
    Status: -

    Name: fltmgr.sys
    Image Path: fltmgr.sys
    Address: 0xF776E000 Size: 129792 File Visible: -
    Status: -

    Name: Fs_Rec.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
    Address: 0xF7D8B000 Size: 7936 File Visible: -
    Status: -

    Name: ftdisk.sys
    Image Path: ftdisk.sys
    Address: 0xF77D8000 Size: 125056 File Visible: -
    Status: -

    Name: hal.dll
    Image Path: C:\WINDOWS\system32\hal.dll
    Address: 0x806EE000 Size: 131840 File Visible: -
    Status: -

    Name: HIDCLASS.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
    Address: 0xF7A57000 Size: 36864 File Visible: -
    Status: -

    Name: HIDPARSE.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
    Address: 0xF7AFF000 Size: 28672 File Visible: -
    Status: -

    Name: hidusb.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
    Address: 0xF7D1B000 Size: 10368 File Visible: -
    Status: -

    Name: HTTP.sys
    Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
    Address: 0xB7095000 Size: 264832 File Visible: -
    Status: -

    Name: i8042prt.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
    Address: 0xF79F7000 Size: 52480 File Visible: -
    Status: -

    Name: imapi.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\imapi.sys
    Address: 0xF79C7000 Size: 42112 File Visible: -
    Status: -

    Name: ipfltdrv.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
    Address: 0xF7A17000 Size: 32896 File Visible: -
    Status: -

    Name: ipnat.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys
    Address: 0xB7EAA000 Size: 152832 File Visible: -
    Status: -

    Name: ipsec.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys
    Address: 0xB7F75000 Size: 75264 File Visible: -
    Status: -

    Name: isapnp.sys
    Image Path: isapnp.sys
    Address: 0xF7857000 Size: 37248 File Visible: -
    Status: -

    Name: kbdclass.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
    Address: 0xF7C07000 Size: 24576 File Visible: -
    Status: -

    Name: KDCOM.DLL
    Image Path: C:\WINDOWS\system32\KDCOM.DLL
    Address: 0xF7D57000 Size: 8192 File Visible: -
    Status: -

    Name: kmixer.sys
    Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
    Address: 0xB62E1000 Size: 172416 File Visible: -
    Status: -

    Name: ks.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\ks.sys
    Address: 0xF6F80000 Size: 143360 File Visible: -
    Status: -

    Name: KSecDD.sys
    Image Path: KSecDD.sys
    Address: 0xF7745000 Size: 92288 File Visible: -
    Status: -

    Name: lmimirr.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\lmimirr.sys
    Address: 0xF7F9B000 Size: 3200 File Visible: -
    Status: -

    Name: LMIRfsDriver.sys
    Image Path: C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    Address: 0xB7995000 Size: 40960 File Visible: -
    Status: -

    Name: mfeavfk.sys
    Image Path: C:\WINDOWS\system32\drivers\mfeavfk.sys
    Address: 0xB7083000 Size: 72576 File Visible: -
    Status: -

    Name: mfebopk.sys
    Image Path: C:\WINDOWS\system32\drivers\mfebopk.sys
    Address: 0xF7BA7000 Size: 28512 File Visible: -
    Status: -

    Name: mfehidk.sys
    Image Path: C:\WINDOWS\system32\drivers\mfehidk.sys
    Address: 0xB7CF5000 Size: 194592 File Visible: -
    Status: -

    Name: mfesmfk.sys
    Image Path: C:\WINDOWS\system32\drivers\mfesmfk.sys
    Address: 0xB6EA3000 Size: 33760 File Visible: -
    Status: -

    Name: mnmdd.SYS
    Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
    Address: 0xF7D8F000 Size: 4224 File Visible: -
    Status: -

    Name: mouclass.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys
    Address: 0xF7C2F000 Size: 23040 File Visible: -
    Status: -

    Name: mouhid.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\mouhid.sys
    Address: 0xF7D23000 Size: 12160 File Visible: -
    Status: -

    Name: MountMgr.sys
    Image Path: MountMgr.sys
    Address: 0xF7867000 Size: 42368 File Visible: -
    Status: -

    Name: Mpfp.sys
    Image Path: C:\WINDOWS\System32\Drivers\Mpfp.sys
    Address: 0xB7EF8000 Size: 147456 File Visible: -
    Status: -

    Name: mrxdav.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
    Address: 0xB78F8000 Size: 180608 File Visible: -
    Status: -

    Name: mrxsmb.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
    Address: 0xB7D25000 Size: 455296 File Visible: -
    Status: -

    Name: Msfs.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
    Address: 0xF7C4F000 Size: 19072 File Visible: -
    Status: -

    Name: msgpc.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys
    Address: 0xF7050000 Size: 35072 File Visible: -
    Status: -

    Name: mssmbios.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
    Address: 0xF7649000 Size: 15488 File Visible: -
    Status: -

    Name: Mup.sys
    Image Path: Mup.sys
    Address: 0xF7671000 Size: 105344 File Visible: -
    Status: -

    Name: NDIS.sys
    Image Path: NDIS.sys
    Address: 0xF768B000 Size: 182656 File Visible: -
    Status: -

    Name: ndistapi.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
    Address: 0xF7D53000 Size: 10112 File Visible: -
    Status: -

    Name: ndisuio.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
    Address: 0xB7B99000 Size: 14592 File Visible: -
    Status: -

    Name: ndiswan.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
    Address: 0xF6DAB000 Size: 91520 File Visible: -
    Status: -

    Name: NDProxy.SYS
    Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
    Address: 0xF7030000 Size: 40576 File Visible: -
    Status: -

    Name: netbios.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys
    Address: 0xF7A37000 Size: 34688 File Visible: -
    Status: -

    Name: netbt.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys
    Address: 0xB7E82000 Size: 162816 File Visible: -
    Status: -

    Name: Npfs.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
    Address: 0xF7C57000 Size: 30848 File Visible: -
    Status: -

    Name: Ntfs.sys
    Image Path: Ntfs.sys
    Address: 0xF76B8000 Size: 574976 File Visible: -
    Status: -

    Name: ntoskrnl.exe
    Image Path: C:\WINDOWS\system32\ntoskrnl.exe
    Address: 0x804D7000 Size: 2189184 File Visible: -
    Status: -

    Name: Null.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
    Address: 0xF7F49000 Size: 2944 File Visible: -
    Status: -

    Name: parport.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\parport.sys
    Address: 0xF6DC2000 Size: 80128 File Visible: -
    Status: -

    Name: PartMgr.sys
    Image Path: PartMgr.sys
    Address: 0xF7ADF000 Size: 19712 File Visible: -
    Status: -

    Name: ParVdm.SYS
    Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
    Address: 0xF7DD3000 Size: 6784 File Visible: -
    Status: -

    Name: pci.sys
    Image Path: pci.sys
    Address: 0xF77F7000 Size: 68224 File Visible: -
    Status: -

    Name: pciide.sys
    Image Path: pciide.sys
    Address: 0xF7E1F000 Size: 3328 File Visible: -
    Status: -

    Name: PCIIDEX.SYS
    Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    Address: 0xF7AD7000 Size: 28672 File Visible: -
    Status: -

    Name: PnpManager
    Image Path: \Driver\PnpManager
    Address: 0x804D7000 Size: 2189184 File Visible: -
    Status: -

    Name: point32.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\point32.sys
    Address: 0xF7B0F000 Size: 21760 File Visible: -
    Status: -

    Name: portcls.sys
    Image Path: C:\WINDOWS\system32\drivers\portcls.sys
    Address: 0xF6E7F000 Size: 147456 File Visible: -
    Status: -

    Name: psched.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys
    Address: 0xF6D9A000 Size: 69120 File Visible: -
    Status: -

    Name: ptilink.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys
    Address: 0xF7C17000 Size: 17792 File Visible: -
    Status: -

    Name: RaInfo.sys
    Image Path: C:\Program Files\LogMeIn\x86\RaInfo.sys
    Address: 0xF7DD7000 Size: 6144 File Visible: -
    Status: -

    Name: rasacd.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys
    Address: 0xF7CF7000 Size: 8832 File Visible: -
    Status: -

    Name: rasl2tp.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
    Address: 0xF7080000 Size: 51328 File Visible: -
    Status: -

    Name: raspppoe.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
    Address: 0xF7070000 Size: 41472 File Visible: -
    Status: -

    Name: raspptp.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys
    Address: 0xF7060000 Size: 48384 File Visible: -
    Status: -

    Name: raspti.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys
    Address: 0xF7C1F000 Size: 16512 File Visible: -
    Status: -

    Name: RAW
    Image Path: \FileSystem\RAW
    Address: 0x804D7000 Size: 2189184 File Visible: -
    Status: -

    Name: rdbss.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys
    Address: 0xB7D95000 Size: 175744 File Visible: -
    Status: -

    Name: RDPCDD.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
    Address: 0xF7D91000 Size: 4224 File Visible: -
    Status: -

    Name: redbook.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys
    Address: 0xF79A7000 Size: 57600 File Visible: -
    Status: -

    Name: rootrepeal.sys
    Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
    Address: 0xB631C000 Size: 45056 File Visible: No
    Status: -

    Name: SCSIPORT.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    Address: 0xF778E000 Size: 98304 File Visible: -
    Status: -

    Name: serenum.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\serenum.sys
    Address: 0xF7D4F000 Size: 15744 File Visible: -
    Status: -

    Name: serial.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\serial.sys
    Address: 0xF79E7000 Size: 64512 File Visible: -
    Status: -

    Name: SISAGPX.sys
    Image Path: SISAGPX.sys
    Address: 0xF78B7000 Size: 36992 File Visible: -
    Status: -

    Name: sisgrp.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\sisgrp.sys
    Address: 0xF6FB7000 Size: 233472 File Visible: -
    Status: -

    Name: SiSGRV.dll
    Image Path: C:\WINDOWS\System32\SiSGRV.dll
    Address: 0xBF9D5000 Size: 1163264 File Visible: -
    Status: -

    Name: sisnic.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\sisnic.sys
    Address: 0xF7BF7000 Size: 32768 File Visible: -
    Status: -

    Name: sr.sys
    Image Path: sr.sys
    Address: 0xF775C000 Size: 73472 File Visible: -
    Status: -

    Name: srv.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys
    Address: 0xB77B6000 Size: 333952 File Visible: -
    Status: -

    Name: srvkp.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\srvkp.sys
    Address: 0xF7D0F000 Size: 12416 File Visible: -
    Status: -

    Name: swenum.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys
    Address: 0xF7D87000 Size: 4352 File Visible: -
    Status: -

    Name: sysaudio.sys
    Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
    Address: 0xB6EE3000 Size: 60800 File Visible: -
    Status: -

    Name: tcpip.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
    Address: 0xB7F1C000 Size: 361600 File Visible: -
    Status: -

    Name: TDI.SYS
    Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
    Address: 0xF7C0F000 Size: 20480 File Visible: -
    Status: -

    Name: termdd.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys
    Address: 0xF7040000 Size: 40704 File Visible: -
    Status: -

    Name: uagp35.sys
    Image Path: uagp35.sys
    Address: 0xF78A7000 Size: 44672 File Visible: -
    Status: -

    Name: Udfs.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Udfs.SYS
    Address: 0xF6F37000 Size: 66048 File Visible: -
    Status: -

    Name: update.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\update.sys
    Address: 0xF6D3C000 Size: 384768 File Visible: -
    Status: -

    Name: usbccgp.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    Address: 0xF7C5F000 Size: 32128 File Visible: -
    Status: -

    Name: USBD.SYS
    Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS
    Address: 0xF7D89000 Size: 8192 File Visible: -
    Status: -

    Name: usbehci.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\usbehci.sys
    Address: 0xF7BEF000 Size: 30208 File Visible: -
    Status: -

    Name: usbhub.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys
    Address: 0xF7000000 Size: 59520 File Visible: -
    Status: -

    Name: usbohci.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\usbohci.sys
    Address: 0xF7BE7000 Size: 17152 File Visible: -
    Status: -

    Name: USBPORT.SYS
    Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
    Address: 0xF6DF9000 Size: 147456 File Visible: -
    Status: -

    Name: usbprint.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
    Address: 0xF7B07000 Size: 25856 File Visible: -
    Status: -

    Name: usbscan.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\usbscan.sys
    Address: 0xF7D1F000 Size: 15104 File Visible: -
    Status: -

    Name: vga.sys
    Image Path: C:\WINDOWS\System32\drivers\vga.sys
    Address: 0xF7C47000 Size: 20992 File Visible: -
    Status: -

    Name: VIDEOPRT.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
    Address: 0xF6FA3000 Size: 81920 File Visible: -
    Status: -

    Name: vobid.sys
    Image Path: vobid.sys
    Address: 0xF77A6000 Size: 106496 File Visible: -
    Status: -

    Name: vobiw.SYS
    Image Path: C:\WINDOWS\System32\Drivers\vobiw.SYS
    Address: 0xB7F88000 Size: 208896 File Visible: -
    Status: -

    Name: VolSnap.sys
    Image Path: VolSnap.sys
    Address: 0xF7877000 Size: 52352 File Visible: -
    Status: -

    Name: wanarp.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys
    Address: 0xF7A27000 Size: 34560 File Visible: -
    Status: -

    Name: wanatw4.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\wanatw4.sys
    Address: 0xF7C27000 Size: 20512 File Visible: -
    Status: -

    Name: watchdog.sys
    Image Path: C:\WINDOWS\System32\watchdog.sys
    Address: 0xF7B17000 Size: 20480 File Visible: -
    Status: -

    Name: wdmaud.sys
    Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
    Address: 0xB6D36000 Size: 83072 File Visible: -
    Status: -

    Name: Win32k
    Image Path: \Driver\Win32k
    Address: 0xBF800000 Size: 1847296 File Visible: -
    Status: -

    Name: win32k.sys
    Image Path: C:\WINDOWS\System32\win32k.sys
    Address: 0xBF800000 Size: 1847296 File Visible: -
    Status: -

    Name: WMILIB.SYS
    Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
    Address: 0xF7D59000 Size: 8192 File Visible: -
    Status: -

    Name: WMIxWDM
    Image Path: \Driver\WMIxWDM
    Address: 0x804D7000 Size: 2189184 File Visible: -
    Status: -
     
    deester,
    #15
  17. 2009/02/02
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    ROOTREPEAL (c) AD, 2007-2008
    ==================================================
    Scan Time: 2009/02/02 15:06
    Program Version: Version 1.2.3.0
    Windows Version: Windows XP SP3
    ==================================================

    SSDT
    -------------------
    #: 000 Function Name: NtAcceptConnectPort
    Status: Not hooked

    #: 001 Function Name: NtAccessCheck
    Status: Not hooked

    #: 002 Function Name: NtAccessCheckAndAuditAlarm
    Status: Not hooked

    #: 003 Function Name: NtAccessCheckByType
    Status: Not hooked

    #: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm
    Status: Not hooked

    #: 005 Function Name: NtAccessCheckByTypeResultList
    Status: Not hooked

    #: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm
    Status: Not hooked

    #: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
    Status: Not hooked

    #: 008 Function Name: NtAddAtom
    Status: Not hooked

    #: 009 Function Name: NtAddBootEntry
    Status: Not hooked

    #: 010 Function Name: NtAdjustGroupsToken
    Status: Not hooked

    #: 011 Function Name: NtAdjustPrivilegesToken
    Status: Not hooked

    #: 012 Function Name: NtAlertResumeThread
    Status: Not hooked

    #: 013 Function Name: NtAlertThread
    Status: Not hooked

    #: 014 Function Name: NtAllocateLocallyUniqueId
    Status: Not hooked

    #: 015 Function Name: NtAllocateUserPhysicalPages
    Status: Not hooked

    #: 016 Function Name: NtAllocateUuids
    Status: Not hooked

    #: 017 Function Name: NtAllocateVirtualMemory
    Status: Not hooked

    #: 018 Function Name: NtAreMappedFilesTheSame
    Status: Not hooked

    #: 019 Function Name: NtAssignProcessToJobObject
    Status: Not hooked

    #: 020 Function Name: NtCallbackReturn
    Status: Not hooked

    #: 021 Function Name: NtCancelDeviceWakeupRequest
    Status: Not hooked

    #: 022 Function Name: NtCancelIoFile
    Status: Not hooked

    #: 023 Function Name: NtCancelTimer
    Status: Not hooked

    #: 024 Function Name: NtClearEvent
    Status: Not hooked

    #: 025 Function Name: NtClose
    Status: Not hooked

    #: 026 Function Name: NtCloseObjectAuditAlarm
    Status: Not hooked

    #: 027 Function Name: NtCompactKeys
    Status: Not hooked

    #: 028 Function Name: NtCompareTokens
    Status: Not hooked

    #: 029 Function Name: NtCompleteConnectPort
    Status: Not hooked

    #: 030 Function Name: NtCompressKey
    Status: Not hooked

    #: 031 Function Name: NtConnectPort
    Status: Not hooked

    #: 032 Function Name: NtContinue
    Status: Not hooked

    #: 033 Function Name: NtCreateDebugObject
    Status: Not hooked

    #: 034 Function Name: NtCreateDirectoryObject
    Status: Not hooked

    #: 035 Function Name: NtCreateEvent
    Status: Not hooked

    #: 036 Function Name: NtCreateEventPair
    Status: Not hooked

    #: 037 Function Name: NtCreateFile
    Status: Not hooked

    #: 038 Function Name: NtCreateIoCompletion
    Status: Not hooked

    #: 039 Function Name: NtCreateJobObject
    Status: Not hooked

    #: 040 Function Name: NtCreateJobSet
    Status: Not hooked

    #: 041 Function Name: NtCreateKey
    Status: Not hooked

    #: 042 Function Name: NtCreateMailslotFile
    Status: Not hooked

    #: 043 Function Name: NtCreateMutant
    Status: Not hooked

    #: 044 Function Name: NtCreateNamedPipeFile
    Status: Not hooked

    #: 045 Function Name: NtCreatePagingFile
    Status: Not hooked

    #: 046 Function Name: NtCreatePort
    Status: Not hooked

    #: 047 Function Name: NtCreateProcess
    Status: Not hooked

    #: 048 Function Name: NtCreateProcessEx
    Status: Not hooked

    #: 049 Function Name: NtCreateProfile
    Status: Not hooked

    #: 050 Function Name: NtCreateSection
    Status: Not hooked

    #: 051 Function Name: NtCreateSemaphore
    Status: Not hooked

    #: 052 Function Name: NtCreateSymbolicLinkObject
    Status: Not hooked

    #: 053 Function Name: NtCreateThread
    Status: Not hooked

    #: 054 Function Name: NtCreateTimer
    Status: Not hooked

    #: 055 Function Name: NtCreateToken
    Status: Not hooked

    #: 056 Function Name: NtCreateWaitablePort
    Status: Not hooked

    #: 057 Function Name: NtDebugActiveProcess
    Status: Not hooked

    #: 058 Function Name: NtDebugContinue
    Status: Not hooked

    #: 059 Function Name: NtDelayExecution
    Status: Not hooked

    #: 060 Function Name: NtDeleteAtom
    Status: Not hooked

    #: 061 Function Name: NtDeleteBootEntry
    Status: Not hooked

    #: 062 Function Name: NtDeleteFile
    Status: Not hooked

    #: 063 Function Name: NtDeleteKey
    Status: Not hooked

    #: 064 Function Name: NtDeleteObjectAuditAlarm
    Status: Not hooked

    #: 065 Function Name: NtDeleteValueKey
    Status: Not hooked

    #: 066 Function Name: NtDeviceIoControlFile
    Status: Not hooked

    #: 067 Function Name: NtDisplayString
    Status: Not hooked

    #: 068 Function Name: NtDuplicateObject
    Status: Not hooked

    #: 069 Function Name: NtDuplicateToken
    Status: Not hooked

    #: 070 Function Name: NtEnumerateBootEntries
    Status: Not hooked

    #: 071 Function Name: NtEnumerateKey
    Status: Not hooked

    #: 072 Function Name: NtEnumerateSystemEnvironmentValuesEx
    Status: Not hooked

    #: 073 Function Name: NtEnumerateValueKey
    Status: Not hooked

    #: 074 Function Name: NtExtendSection
    Status: Not hooked

    #: 075 Function Name: NtFilterToken
    Status: Not hooked

    #: 076 Function Name: NtFindAtom
    Status: Not hooked

    #: 077 Function Name: NtFlushBuffersFile
    Status: Not hooked

    #: 078 Function Name: NtFlushInstructionCache
    Status: Not hooked

    #: 079 Function Name: NtFlushKey
    Status: Not hooked

    #: 080 Function Name: NtFlushVirtualMemory
    Status: Not hooked

    #: 081 Function Name: NtFlushWriteBuffer
    Status: Not hooked

    #: 082 Function Name: NtFreeUserPhysicalPages
    Status: Not hooked

    #: 083 Function Name: NtFreeVirtualMemory
    Status: Not hooked

    #: 084 Function Name: NtFsControlFile
    Status: Not hooked

    #: 085 Function Name: NtGetContextThread
    Status: Not hooked

    #: 086 Function Name: NtGetDevicePowerState
    Status: Not hooked

    #: 087 Function Name: NtGetPlugPlayEvent
    Status: Not hooked

    #: 088 Function Name: NtGetWriteWatch
    Status: Not hooked

    #: 089 Function Name: NtImpersonateAnonymousToken
    Status: Not hooked

    #: 090 Function Name: NtImpersonateClientOfPort
    Status: Not hooked

    #: 091 Function Name: NtImpersonateThread
    Status: Not hooked

    #: 092 Function Name: NtInitializeRegistry
    Status: Not hooked

    #: 093 Function Name: NtInitiatePowerAction
    Status: Not hooked

    #: 094 Function Name: NtIsProcessInJob
    Status: Not hooked

    #: 095 Function Name: NtIsSystemResumeAutomatic
    Status: Not hooked

    #: 096 Function Name: NtListenPort
    Status: Not hooked

    #: 097 Function Name: NtLoadDriver
    Status: Not hooked

    #: 098 Function Name: NtLoadKey
    Status: Not hooked

    #: 099 Function Name: NtLoadKey2
    Status: Not hooked

    #: 100 Function Name: NtLockFile
    Status: Not hooked

    #: 101 Function Name: NtLockProductActivationKeys
    Status: Not hooked

    #: 102 Function Name: NtLockRegistryKey
    Status: Not hooked

    #: 103 Function Name: NtLockVirtualMemory
    Status: Not hooked

    #: 104 Function Name: NtMakePermanentObject
    Status: Not hooked

    #: 105 Function Name: NtMakeTemporaryObject
    Status: Not hooked

    #: 106 Function Name: NtMapUserPhysicalPages
    Status: Not hooked

    #: 107 Function Name: NtMapUserPhysicalPagesScatter
    Status: Not hooked

    #: 108 Function Name: NtMapViewOfSection
    Status: Not hooked

    #: 109 Function Name: NtModifyBootEntry
    Status: Not hooked

    #: 110 Function Name: NtNotifyChangeDirectoryFile
    Status: Not hooked

    #: 111 Function Name: NtNotifyChangeKey
    Status: Not hooked

    #: 112 Function Name: NtNotifyChangeMultipleKeys
    Status: Not hooked

    #: 113 Function Name: NtOpenDirectoryObject
    Status: Not hooked

    #: 114 Function Name: NtOpenEvent
    Status: Not hooked

    #: 115 Function Name: NtOpenEventPair
    Status: Not hooked

    #: 116 Function Name: NtOpenFile
    Status: Not hooked

    #: 117 Function Name: NtOpenIoCompletion
    Status: Not hooked

    #: 118 Function Name: NtOpenJobObject
    Status: Not hooked

    #: 119 Function Name: NtOpenKey
    Status: Not hooked

    #: 120 Function Name: NtOpenMutant
    Status: Not hooked

    #: 121 Function Name: NtOpenObjectAuditAlarm
    Status: Not hooked

    #: 122 Function Name: NtOpenProcess
    Status: Not hooked

    #: 123 Function Name: NtOpenProcessToken
    Status: Not hooked

    #: 124 Function Name: NtOpenProcessTokenEx
    Status: Not hooked

    #: 125 Function Name: NtOpenSection
    Status: Not hooked

    #: 126 Function Name: NtOpenSemaphore
    Status: Not hooked

    #: 127 Function Name: NtOpenSymbolicLinkObject
    Status: Not hooked

    #: 128 Function Name: NtOpenThread
    Status: Not hooked

    #: 129 Function Name: NtOpenThreadToken
    Status: Not hooked

    #: 130 Function Name: NtOpenThreadTokenEx
    Status: Not hooked

    #: 131 Function Name: NtOpenTimer
    Status: Not hooked

    #: 132 Function Name: NtPlugPlayControl
    Status: Not hooked

    #: 133 Function Name: NtPowerInformation
    Status: Not hooked

    #: 134 Function Name: NtPrivilegeCheck
    Status: Not hooked

    #: 135 Function Name: NtPrivilegeObjectAuditAlarm
    Status: Not hooked

    #: 136 Function Name: NtPrivilegedServiceAuditAlarm
    Status: Not hooked

    #: 137 Function Name: NtProtectVirtualMemory
    Status: Not hooked

    #: 138 Function Name: NtPulseEvent
    Status: Not hooked

    #: 139 Function Name: NtQueryAttributesFile
    Status: Not hooked

    #: 140 Function Name: NtQueryBootEntryOrder
    Status: Not hooked

    #: 141 Function Name: NtQueryBootOptions
    Status: Not hooked

    #: 142 Function Name: NtQueryDebugFilterState
    Status: Not hooked

    #: 143 Function Name: NtQueryDefaultLocale
    Status: Not hooked

    #: 144 Function Name: NtQueryDefaultUILanguage
    Status: Not hooked

    #: 145 Function Name: NtQueryDirectoryFile
    Status: Not hooked

    #: 146 Function Name: NtQueryDirectoryObject
    Status: Not hooked

    #: 147 Function Name: NtQueryEaFile
    Status: Not hooked

    #: 148 Function Name: NtQueryEvent
    Status: Not hooked

    #: 149 Function Name: NtQueryFullAttributesFile
    Status: Not hooked

    #: 150 Function Name: NtQueryInformationAtom
    Status: Not hooked

    #: 151 Function Name: NtQueryInformationFile
    Status: Not hooked

    #: 152 Function Name: NtQueryInformationJobObject
    Status: Not hooked

    #: 153 Function Name: NtQueryInformationPort
    Status: Not hooked

    #: 154 Function Name: NtQueryInformationProcess
    Status: Not hooked

    #: 155 Function Name: NtQueryInformationThread
    Status: Not hooked

    #: 156 Function Name: NtQueryInformationToken
    Status: Not hooked

    #: 157 Function Name: NtQueryInstallUILanguage
    Status: Not hooked

    #: 158 Function Name: NtQueryIntervalProfile
    Status: Not hooked

    #: 159 Function Name: NtQueryIoCompletion
    Status: Not hooked

    #: 160 Function Name: NtQueryKey
    Status: Not hooked

    #: 161 Function Name: NtQueryMultipleValueKey
    Status: Not hooked

    #: 162 Function Name: NtQueryMutant
    Status: Not hooked

    #: 163 Function Name: NtQueryObject
    Status: Not hooked

    #: 164 Function Name: NtQueryOpenSubKeys
    Status: Not hooked

    #: 165 Function Name: NtQueryPerformanceCounter
    Status: Not hooked

    #: 166 Function Name: NtQueryQuotaInformationFile
    Status: Not hooked

    #: 167 Function Name: NtQuerySection
    Status: Not hooked

    #: 168 Function Name: NtQuerySecurityObject
    Status: Not hooked

    #: 169 Function Name: NtQuerySemaphore
    Status: Not hooked

    #: 170 Function Name: NtQuerySymbolicLinkObject
    Status: Not hooked

    #: 171 Function Name: NtQuerySystemEnvironmentValue
    Status: Not hooked

    #: 172 Function Name: NtQuerySystemEnvironmentValueEx
    Status: Not hooked

    #: 173 Function Name: NtQuerySystemInformation
    Status: Not hooked

    #: 174 Function Name: NtQuerySystemTime
    Status: Not hooked

    #: 175 Function Name: NtQueryTimer
    Status: Not hooked

    #: 176 Function Name: NtQueryTimerResolution
    Status: Not hooked

    #: 177 Function Name: NtQueryValueKey
    Status: Not hooked

    #: 178 Function Name: NtQueryVirtualMemory
    Status: Not hooked

    #: 179 Function Name: NtQueryVolumeInformationFile
    Status: Not hooked

    #: 180 Function Name: NtQueueApcThread
    Status: Not hooked

    #: 181 Function Name: NtRaiseException
    Status: Not hooked

    #: 182 Function Name: NtRaiseHardError
    Status: Not hooked

    #: 183 Function Name: NtReadFile
    Status: Not hooked

    #: 184 Function Name: NtReadFileScatter
    Status: Not hooked

    #: 185 Function Name: NtReadRequestData
    Status: Not hooked

    #: 186 Function Name: NtReadVirtualMemory
    Status: Not hooked

    #: 187 Function Name: NtRegisterThreadTerminatePort
    Status: Not hooked

    #: 188 Function Name: NtReleaseMutant
    Status: Not hooked

    #: 189 Function Name: NtReleaseSemaphore
    Status: Not hooked

    #: 190 Function Name: NtRemoveIoCompletion
    Status: Not hooked

    #: 191 Function Name: NtRemoveProcessDebug
    Status: Not hooked

    #: 192 Function Name: NtRenameKey
    Status: Not hooked

    #: 193 Function Name: NtReplaceKey
    Status: Not hooked

    #: 194 Function Name: NtReplyPort
    Status: Not hooked

    #: 195 Function Name: NtReplyWaitReceivePort
    Status: Not hooked

    #: 196 Function Name: NtReplyWaitReceivePortEx
    Status: Not hooked

    #: 197 Function Name: NtReplyWaitReplyPort
    Status: Not hooked

    #: 198 Function Name: NtRequestDeviceWakeup
    Status: Not hooked

    #: 199 Function Name: NtRequestPort
    Status: Not hooked

    #: 200 Function Name: NtRequestWaitReplyPort
    Status: Not hooked

    #: 201 Function Name: NtRequestWakeupLatency
    Status: Not hooked

    #: 202 Function Name: NtResetEvent
    Status: Not hooked

    #: 203 Function Name: NtResetWriteWatch
    Status: Not hooked

    #: 204 Function Name: NtRestoreKey
    Status: Not hooked

    #: 205 Function Name: NtResumeProcess
    Status: Not hooked

    #: 206 Function Name: NtResumeThread
    Status: Not hooked

    #: 207 Function Name: NtSaveKey
    Status: Not hooked

    #: 208 Function Name: NtSaveKeyEx
    Status: Not hooked

    #: 209 Function Name: NtSaveMergedKeys
    Status: Not hooked

    #: 210 Function Name: NtSecureConnectPort
    Status: Not hooked

    #: 211 Function Name: NtSetBootEntryOrder
    Status: Not hooked

    #: 212 Function Name: NtSetBootOptions
    Status: Not hooked

    #: 213 Function Name: NtSetContextThread
    Status: Not hooked

    #: 214 Function Name: NtSetDebugFilterState
    Status: Not hooked

    #: 215 Function Name: NtSetDefaultHardErrorPort
    Status: Not hooked

    #: 216 Function Name: NtSetDefaultLocale
    Status: Not hooked

    #: 217 Function Name: NtSetDefaultUILanguage
    Status: Not hooked

    #: 218 Function Name: NtSetEaFile
    Status: Not hooked

    #: 219 Function Name: NtSetEvent
    Status: Not hooked

    #: 220 Function Name: NtSetEventBoostPriority
    Status: Not hooked

    #: 221 Function Name: NtSetHighEventPair
    Status: Not hooked

    #: 222 Function Name: NtSetHighWaitLowEventPair
    Status: Not hooked

    #: 223 Function Name: NtSetInformationDebugObject
    Status: Not hooked

    #: 224 Function Name: NtSetInformationFile
    Status: Not hooked

    #: 225 Function Name: NtSetInformationJobObject
    Status: Not hooked

    #: 226 Function Name: NtSetInformationKey
    Status: Not hooked

    #: 227 Function Name: NtSetInformationObject
    Status: Not hooked

    #: 228 Function Name: NtSetInformationProcess
    Status: Not hooked

    #: 229 Function Name: NtSetInformationThread
    Status: Not hooked

    #: 230 Function Name: NtSetInformationToken
    Status: Not hooked

    #: 231 Function Name: NtSetIntervalProfile
    Status: Not hooked

    #: 232 Function Name: NtSetIoCompletion
    Status: Not hooked

    #: 233 Function Name: NtSetLdtEntries
    Status: Not hooked

    #: 234 Function Name: NtSetLowEventPair
    Status: Not hooked

    #: 235 Function Name: NtSetLowWaitHighEventPair
    Status: Not hooked

    #: 236 Function Name: NtSetQuotaInformationFile
    Status: Not hooked

    #: 237 Function Name: NtSetSecurityObject
    Status: Not hooked

    #: 238 Function Name: NtSetSystemEnvironmentValue
    Status: Not hooked

    #: 239 Function Name: NtSetSystemEnvironmentValueEx
    Status: Not hooked

    #: 240 Function Name: NtSetSystemInformation
    Status: Not hooked

    #: 241 Function Name: NtSetSystemPowerState
    Status: Not hooked

    #: 242 Function Name: NtSetSystemTime
    Status: Not hooked

    #: 243 Function Name: NtSetThreadExecutionState
    Status: Not hooked

    #: 244 Function Name: NtSetTimer
    Status: Not hooked

    #: 245 Function Name: NtSetTimerResolution
    Status: Not hooked

    #: 246 Function Name: NtSetUuidSeed
    Status: Not hooked

    #: 247 Function Name: NtSetValueKey
    Status: Not hooked

    #: 248 Function Name: NtSetVolumeInformationFile
    Status: Not hooked

    #: 249 Function Name: NtShutdownSystem
    Status: Not hooked

    #: 250 Function Name: NtSignalAndWaitForSingleObject
    Status: Not hooked

    #: 251 Function Name: NtStartProfile
    Status: Not hooked

    #: 252 Function Name: NtStopProfile
    Status: Not hooked

    #: 253 Function Name: NtSuspendProcess
    Status: Not hooked

    #: 254 Function Name: NtSuspendThread
    Status: Not hooked

    #: 255 Function Name: NtSystemDebugControl
    Status: Not hooked

    #: 256 Function Name: NtTerminateJobObject
    Status: Not hooked

    #: 257 Function Name: NtTerminateProcess
    Status: Not hooked

    #: 258 Function Name: NtTerminateThread
    Status: Not hooked

    #: 259 Function Name: NtTestAlert
    Status: Not hooked

    #: 260 Function Name: NtTraceEvent
    Status: Not hooked

    #: 261 Function Name: NtTranslateFilePath
    Status: Not hooked

    #: 262 Function Name: NtUnloadDriver
    Status: Not hooked

    #: 263 Function Name: NtUnloadKey
    Status: Not hooked

    #: 264 Function Name: NtUnloadKeyEx
    Status: Not hooked

    #: 265 Function Name: NtUnlockFile
    Status: Not hooked

    #: 266 Function Name: NtUnlockVirtualMemory
    Status: Not hooked

    #: 267 Function Name: NtUnmapViewOfSection
    Status: Not hooked

    #: 268 Function Name: NtVdmControl
    Status: Not hooked

    #: 269 Function Name: NtWaitForDebugEvent
    Status: Not hooked

    #: 270 Function Name: NtWaitForMultipleObjects
    Status: Not hooked

    #: 271 Function Name: NtWaitForSingleObject
    Status: Not hooked

    #: 272 Function Name: NtWaitHighEventPair
    Status: Not hooked

    #: 273 Function Name: NtWaitLowEventPair
    Status: Not hooked

    #: 274 Function Name: NtWriteFile
    Status: Not hooked

    #: 275 Function Name: NtWriteFileGather
    Status: Not hooked

    #: 276 Function Name: NtWriteRequestData
    Status: Not hooked

    #: 277 Function Name: NtWriteVirtualMemory
    Status: Not hooked

    #: 278 Function Name: NtYieldExecution
    Status: Not hooked

    #: 279 Function Name: NtCreateKeyedEvent
    Status: Not hooked

    #: 280 Function Name: NtOpenKeyedEvent
    Status: Not hooked

    #: 281 Function Name: NtReleaseKeyedEvent
    Status: Not hooked

    #: 282 Function Name: NtWaitForKeyedEvent
    Status: Not hooked

    #: 283 Function Name: NtQueryPortInformationProcess
    Status: Not hooked
     
    deester,
    #16
  18. 2009/02/02
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    ROOTREPEAL (c) AD, 2007-2008
    ==================================================
    Scan Time: 2009/02/02 15:07
    Program Version: Version 1.2.3.0
    Windows Version: Windows XP SP3
    ==================================================

    Processes
    -------------------
    Path: System
    PID: 4 Status: -

    Path: C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
    PID: 176 Status: -

    Path: C:\WINDOWS\system32\svchost.exe
    PID: 180 Status: -

    Path: C:\Program Files\Common Files\Winferno\WSS\WSS.exe
    PID: 336 Status: -

    Path: C:\WINDOWS\system32\smss.exe
    PID: 432 Status: -

    Path: C:\Program Files\Mozilla Firefox\firefox.exe
    PID: 468 Status: -

    Path: C:\WINDOWS\system32\csrss.exe
    PID: 488 Status: -

    Path: C:\WINDOWS\system32\winlogon.exe
    PID: 512 Status: -

    Path: C:\WINDOWS\system32\services.exe
    PID: 556 Status: -

    Path: C:\WINDOWS\system32\lsass.exe
    PID: 568 Status: -

    Path: C:\Program Files\Common Files\AOL\1211853138\ee\aolsoftware.exe
    PID: 572 Status: -

    Path: C:\WINDOWS\system32\Keyhook.exe
    PID: 620 Status: -

    Path: C:\WINDOWS\system32\svchost.exe
    PID: 720 Status: -

    Path: C:\WINDOWS\system32\svchost.exe
    PID: 780 Status: -

    Path: C:\WINDOWS\system32\svchost.exe
    PID: 848 Status: -

    Path: C:\WINDOWS\system32\svchost.exe
    PID: 896 Status: -

    Path: C:\WINDOWS\vVX3000.exe
    PID: 928 Status: -

    Path: C:\WINDOWS\system32\svchost.exe
    PID: 964 Status: -

    Path: C:\Program Files\Common Files\AOL\1211853138\ee\AOLDesktop.exe
    PID: 992 Status: -

    Path: C:\WINDOWS\system32\LEXBCES.EXE
    PID: 1136 Status: -

    Path: C:\WINDOWS\system32\spoolsv.exe
    PID: 1152 Status: -

    Path: C:\WINDOWS\system32\LEXPPS.EXE
    PID: 1188 Status: -

    Path: C:\Program Files\AOL 9.1\shellmon.exe
    PID: 1196 Status: -

    Path: C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
    PID: 1348 Status: -

    Path: C:\Program Files\Java\jre6\bin\jqs.exe
    PID: 1384 Status: -

    Path: C:\WINDOWS\system32\drivers\KodakCCS.exe
    PID: 1408 Status: -

    Path: C:\Program Files\LogMeIn\x86\ramaint.exe
    PID: 1444 Status: -

    Path: C:\Program Files\LogMeIn\x86\LogMeIn.exe
    PID: 1508 Status: -

    Path: C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    PID: 1580 Status: -

    Path: C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBCPSWX.EXE
    PID: 1588 Status: -

    Path: C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
    PID: 1648 Status: -

    Path: C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    PID: 1664 Status: -

    Path: C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
    PID: 1692 Status: -

    Path: C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
    PID: 1784 Status: -

    Path: C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
    PID: 1816 Status: -

    Path: C:\Program Files\McAfee\MPF\MpfSrv.exe
    PID: 1868 Status: -

    Path: C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    PID: 1884 Status: -

    Path: C:\WINDOWS\system32\ScsiAccess.EXE
    PID: 1992 Status: -

    Path: C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    PID: 2172 Status: -

    Path: C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    PID: 2184 Status: -

    Path: C:\Program Files\WinRAR\WinRAR.exe
    PID: 2296 Status: -

    Path: C:\WINDOWS\system32\alg.exe
    PID: 2396 Status: -

    Path: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    PID: 2568 Status: -

    Path: C:\Program Files\QuickTime\qttask.exe
    PID: 2596 Status: -

    Path: C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    PID: 2640 Status: -

    Path: C:\WINDOWS\SOUNDMAN.EXE
    PID: 2704 Status: -

    Path: C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
    PID: 2772 Status: -

    Path: C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
    PID: 2840 Status: -

    Path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    PID: 2900 Status: -

    Path: C:\WINDOWS\explorer.exe
    PID: 2924 Status: -

    Path: C:\WINDOWS\system32\sistray.exe
    PID: 2964 Status: -

    Path: C:\Documents and Settings\ted\Desktop\RootRepeal(2)\RootRepeal.exe
    PID: 2996 Status: -

    Path: C:\WINDOWS\system32\ctfmon.exe
    PID: 3004 Status: -

    Path: C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    PID: 3312 Status: -

    Path: C:\Program Files\Zango\bin\10.3.75.0\Weather.exe
    PID: 3328 Status: -

    Path: C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    PID: 3368 Status: -

    Path: C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
    PID: 3548 Status: -

    Path: C:\Program Files\Common Files\AOL\1211853138\ee\anotify.exe
    PID: 3572 Status: -

    Path: C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe
    PID: 3648 Status: -

    Path: C:\Program Files\Java\jre6\bin\jusched.exe
    PID: 3652 Status: -

    Path: C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    PID: 3744 Status: -

    Path: C:\Program Files\AOL 9.1\waol.exe
    PID: 3996 Status: -
     
    deester,
    #17
  19. 2009/02/02
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    Stealth and Hidden Object were blank pages

    ROOTREPEAL (c) AD, 2007-2008
    ==================================================
    Scan Time: 2009/02/02 15:06
    Program Version: Version 1.2.3.0
    Windows Version: Windows XP SP3
    ==================================================

    SSDT
    -------------------
    #: 000 Function Name: NtAcceptConnectPort
    Status: Not hooked

    #: 001 Function Name: NtAccessCheck
    Status: Not hooked

    #: 002 Function Name: NtAccessCheckAndAuditAlarm
    Status: Not hooked

    #: 003 Function Name: NtAccessCheckByType
    Status: Not hooked

    #: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm
    Status: Not hooked

    #: 005 Function Name: NtAccessCheckByTypeResultList
    Status: Not hooked

    #: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm
    Status: Not hooked

    #: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
    Status: Not hooked

    #: 008 Function Name: NtAddAtom
    Status: Not hooked

    #: 009 Function Name: NtAddBootEntry
    Status: Not hooked

    #: 010 Function Name: NtAdjustGroupsToken
    Status: Not hooked

    #: 011 Function Name: NtAdjustPrivilegesToken
    Status: Not hooked

    #: 012 Function Name: NtAlertResumeThread
    Status: Not hooked

    #: 013 Function Name: NtAlertThread
    Status: Not hooked

    #: 014 Function Name: NtAllocateLocallyUniqueId
    Status: Not hooked

    #: 015 Function Name: NtAllocateUserPhysicalPages
    Status: Not hooked

    #: 016 Function Name: NtAllocateUuids
    Status: Not hooked

    #: 017 Function Name: NtAllocateVirtualMemory
    Status: Not hooked

    #: 018 Function Name: NtAreMappedFilesTheSame
    Status: Not hooked

    #: 019 Function Name: NtAssignProcessToJobObject
    Status: Not hooked

    #: 020 Function Name: NtCallbackReturn
    Status: Not hooked

    #: 021 Function Name: NtCancelDeviceWakeupRequest
    Status: Not hooked

    #: 022 Function Name: NtCancelIoFile
    Status: Not hooked

    #: 023 Function Name: NtCancelTimer
    Status: Not hooked

    #: 024 Function Name: NtClearEvent
    Status: Not hooked

    #: 025 Function Name: NtClose
    Status: Not hooked

    #: 026 Function Name: NtCloseObjectAuditAlarm
    Status: Not hooked

    #: 027 Function Name: NtCompactKeys
    Status: Not hooked

    #: 028 Function Name: NtCompareTokens
    Status: Not hooked

    #: 029 Function Name: NtCompleteConnectPort
    Status: Not hooked

    #: 030 Function Name: NtCompressKey
    Status: Not hooked

    #: 031 Function Name: NtConnectPort
    Status: Not hooked

    #: 032 Function Name: NtContinue
    Status: Not hooked

    #: 033 Function Name: NtCreateDebugObject
    Status: Not hooked

    #: 034 Function Name: NtCreateDirectoryObject
    Status: Not hooked

    #: 035 Function Name: NtCreateEvent
    Status: Not hooked

    #: 036 Function Name: NtCreateEventPair
    Status: Not hooked

    #: 037 Function Name: NtCreateFile
    Status: Not hooked

    #: 038 Function Name: NtCreateIoCompletion
    Status: Not hooked

    #: 039 Function Name: NtCreateJobObject
    Status: Not hooked

    #: 040 Function Name: NtCreateJobSet
    Status: Not hooked

    #: 041 Function Name: NtCreateKey
    Status: Not hooked

    #: 042 Function Name: NtCreateMailslotFile
    Status: Not hooked

    #: 043 Function Name: NtCreateMutant
    Status: Not hooked

    #: 044 Function Name: NtCreateNamedPipeFile
    Status: Not hooked

    #: 045 Function Name: NtCreatePagingFile
    Status: Not hooked

    #: 046 Function Name: NtCreatePort
    Status: Not hooked

    #: 047 Function Name: NtCreateProcess
    Status: Not hooked

    #: 048 Function Name: NtCreateProcessEx
    Status: Not hooked

    #: 049 Function Name: NtCreateProfile
    Status: Not hooked

    #: 050 Function Name: NtCreateSection
    Status: Not hooked

    #: 051 Function Name: NtCreateSemaphore
    Status: Not hooked

    #: 052 Function Name: NtCreateSymbolicLinkObject
    Status: Not hooked

    #: 053 Function Name: NtCreateThread
    Status: Not hooked

    #: 054 Function Name: NtCreateTimer
    Status: Not hooked

    #: 055 Function Name: NtCreateToken
    Status: Not hooked

    #: 056 Function Name: NtCreateWaitablePort
    Status: Not hooked

    #: 057 Function Name: NtDebugActiveProcess
    Status: Not hooked

    #: 058 Function Name: NtDebugContinue
    Status: Not hooked

    #: 059 Function Name: NtDelayExecution
    Status: Not hooked

    #: 060 Function Name: NtDeleteAtom
    Status: Not hooked

    #: 061 Function Name: NtDeleteBootEntry
    Status: Not hooked

    #: 062 Function Name: NtDeleteFile
    Status: Not hooked

    #: 063 Function Name: NtDeleteKey
    Status: Not hooked

    #: 064 Function Name: NtDeleteObjectAuditAlarm
    Status: Not hooked

    #: 065 Function Name: NtDeleteValueKey
    Status: Not hooked

    #: 066 Function Name: NtDeviceIoControlFile
    Status: Not hooked

    #: 067 Function Name: NtDisplayString
    Status: Not hooked

    #: 068 Function Name: NtDuplicateObject
    Status: Not hooked

    #: 069 Function Name: NtDuplicateToken
    Status: Not hooked

    #: 070 Function Name: NtEnumerateBootEntries
    Status: Not hooked

    #: 071 Function Name: NtEnumerateKey
    Status: Not hooked

    #: 072 Function Name: NtEnumerateSystemEnvironmentValuesEx
    Status: Not hooked

    #: 073 Function Name: NtEnumerateValueKey
    Status: Not hooked

    #: 074 Function Name: NtExtendSection
    Status: Not hooked

    #: 075 Function Name: NtFilterToken
    Status: Not hooked

    #: 076 Function Name: NtFindAtom
    Status: Not hooked

    #: 077 Function Name: NtFlushBuffersFile
    Status: Not hooked

    #: 078 Function Name: NtFlushInstructionCache
    Status: Not hooked

    #: 079 Function Name: NtFlushKey
    Status: Not hooked

    #: 080 Function Name: NtFlushVirtualMemory
    Status: Not hooked

    #: 081 Function Name: NtFlushWriteBuffer
    Status: Not hooked

    #: 082 Function Name: NtFreeUserPhysicalPages
    Status: Not hooked

    #: 083 Function Name: NtFreeVirtualMemory
    Status: Not hooked

    #: 084 Function Name: NtFsControlFile
    Status: Not hooked

    #: 085 Function Name: NtGetContextThread
    Status: Not hooked

    #: 086 Function Name: NtGetDevicePowerState
    Status: Not hooked

    #: 087 Function Name: NtGetPlugPlayEvent
    Status: Not hooked

    #: 088 Function Name: NtGetWriteWatch
    Status: Not hooked

    #: 089 Function Name: NtImpersonateAnonymousToken
    Status: Not hooked

    #: 090 Function Name: NtImpersonateClientOfPort
    Status: Not hooked

    #: 091 Function Name: NtImpersonateThread
    Status: Not hooked

    #: 092 Function Name: NtInitializeRegistry
    Status: Not hooked

    #: 093 Function Name: NtInitiatePowerAction
    Status: Not hooked

    #: 094 Function Name: NtIsProcessInJob
    Status: Not hooked

    #: 095 Function Name: NtIsSystemResumeAutomatic
    Status: Not hooked

    #: 096 Function Name: NtListenPort
    Status: Not hooked

    #: 097 Function Name: NtLoadDriver
    Status: Not hooked

    #: 098 Function Name: NtLoadKey
    Status: Not hooked

    #: 099 Function Name: NtLoadKey2
    Status: Not hooked

    #: 100 Function Name: NtLockFile
    Status: Not hooked

    #: 101 Function Name: NtLockProductActivationKeys
    Status: Not hooked

    #: 102 Function Name: NtLockRegistryKey
    Status: Not hooked

    #: 103 Function Name: NtLockVirtualMemory
    Status: Not hooked

    #: 104 Function Name: NtMakePermanentObject
    Status: Not hooked

    #: 105 Function Name: NtMakeTemporaryObject
    Status: Not hooked

    #: 106 Function Name: NtMapUserPhysicalPages
    Status: Not hooked

    #: 107 Function Name: NtMapUserPhysicalPagesScatter
    Status: Not hooked

    #: 108 Function Name: NtMapViewOfSection
    Status: Not hooked

    #: 109 Function Name: NtModifyBootEntry
    Status: Not hooked

    #: 110 Function Name: NtNotifyChangeDirectoryFile
    Status: Not hooked

    #: 111 Function Name: NtNotifyChangeKey
    Status: Not hooked

    #: 112 Function Name: NtNotifyChangeMultipleKeys
    Status: Not hooked

    #: 113 Function Name: NtOpenDirectoryObject
    Status: Not hooked

    #: 114 Function Name: NtOpenEvent
    Status: Not hooked

    #: 115 Function Name: NtOpenEventPair
    Status: Not hooked

    #: 116 Function Name: NtOpenFile
    Status: Not hooked

    #: 117 Function Name: NtOpenIoCompletion
    Status: Not hooked

    #: 118 Function Name: NtOpenJobObject
    Status: Not hooked

    #: 119 Function Name: NtOpenKey
    Status: Not hooked

    #: 120 Function Name: NtOpenMutant
    Status: Not hooked

    #: 121 Function Name: NtOpenObjectAuditAlarm
    Status: Not hooked

    #: 122 Function Name: NtOpenProcess
    Status: Not hooked

    #: 123 Function Name: NtOpenProcessToken
    Status: Not hooked

    #: 124 Function Name: NtOpenProcessTokenEx
    Status: Not hooked

    #: 125 Function Name: NtOpenSection
    Status: Not hooked

    #: 126 Function Name: NtOpenSemaphore
    Status: Not hooked

    #: 127 Function Name: NtOpenSymbolicLinkObject
    Status: Not hooked

    #: 128 Function Name: NtOpenThread
    Status: Not hooked

    #: 129 Function Name: NtOpenThreadToken
    Status: Not hooked

    #: 130 Function Name: NtOpenThreadTokenEx
    Status: Not hooked

    #: 131 Function Name: NtOpenTimer
    Status: Not hooked

    #: 132 Function Name: NtPlugPlayControl
    Status: Not hooked

    #: 133 Function Name: NtPowerInformation
    Status: Not hooked

    #: 134 Function Name: NtPrivilegeCheck
    Status: Not hooked

    #: 135 Function Name: NtPrivilegeObjectAuditAlarm
    Status: Not hooked

    #: 136 Function Name: NtPrivilegedServiceAuditAlarm
    Status: Not hooked

    #: 137 Function Name: NtProtectVirtualMemory
    Status: Not hooked

    #: 138 Function Name: NtPulseEvent
    Status: Not hooked

    #: 139 Function Name: NtQueryAttributesFile
    Status: Not hooked

    #: 140 Function Name: NtQueryBootEntryOrder
    Status: Not hooked

    #: 141 Function Name: NtQueryBootOptions
    Status: Not hooked

    #: 142 Function Name: NtQueryDebugFilterState
    Status: Not hooked

    #: 143 Function Name: NtQueryDefaultLocale
    Status: Not hooked

    #: 144 Function Name: NtQueryDefaultUILanguage
    Status: Not hooked

    #: 145 Function Name: NtQueryDirectoryFile
    Status: Not hooked

    #: 146 Function Name: NtQueryDirectoryObject
    Status: Not hooked

    #: 147 Function Name: NtQueryEaFile
    Status: Not hooked

    #: 148 Function Name: NtQueryEvent
    Status: Not hooked

    #: 149 Function Name: NtQueryFullAttributesFile
    Status: Not hooked

    #: 150 Function Name: NtQueryInformationAtom
    Status: Not hooked

    #: 151 Function Name: NtQueryInformationFile
    Status: Not hooked

    #: 152 Function Name: NtQueryInformationJobObject
    Status: Not hooked

    #: 153 Function Name: NtQueryInformationPort
    Status: Not hooked

    #: 154 Function Name: NtQueryInformationProcess
    Status: Not hooked

    #: 155 Function Name: NtQueryInformationThread
    Status: Not hooked

    #: 156 Function Name: NtQueryInformationToken
    Status: Not hooked

    #: 157 Function Name: NtQueryInstallUILanguage
    Status: Not hooked

    #: 158 Function Name: NtQueryIntervalProfile
    Status: Not hooked

    #: 159 Function Name: NtQueryIoCompletion
    Status: Not hooked

    #: 160 Function Name: NtQueryKey
    Status: Not hooked

    #: 161 Function Name: NtQueryMultipleValueKey
    Status: Not hooked

    #: 162 Function Name: NtQueryMutant
    Status: Not hooked

    #: 163 Function Name: NtQueryObject
    Status: Not hooked

    #: 164 Function Name: NtQueryOpenSubKeys
    Status: Not hooked

    #: 165 Function Name: NtQueryPerformanceCounter
    Status: Not hooked

    #: 166 Function Name: NtQueryQuotaInformationFile
    Status: Not hooked

    #: 167 Function Name: NtQuerySection
    Status: Not hooked

    #: 168 Function Name: NtQuerySecurityObject
    Status: Not hooked

    #: 169 Function Name: NtQuerySemaphore
    Status: Not hooked

    #: 170 Function Name: NtQuerySymbolicLinkObject
    Status: Not hooked

    #: 171 Function Name: NtQuerySystemEnvironmentValue
    Status: Not hooked

    #: 172 Function Name: NtQuerySystemEnvironmentValueEx
    Status: Not hooked

    #: 173 Function Name: NtQuerySystemInformation
    Status: Not hooked

    #: 174 Function Name: NtQuerySystemTime
    Status: Not hooked

    #: 175 Function Name: NtQueryTimer
    Status: Not hooked

    #: 176 Function Name: NtQueryTimerResolution
    Status: Not hooked

    #: 177 Function Name: NtQueryValueKey
    Status: Not hooked

    #: 178 Function Name: NtQueryVirtualMemory
    Status: Not hooked

    #: 179 Function Name: NtQueryVolumeInformationFile
    Status: Not hooked

    #: 180 Function Name: NtQueueApcThread
    Status: Not hooked

    #: 181 Function Name: NtRaiseException
    Status: Not hooked

    #: 182 Function Name: NtRaiseHardError
    Status: Not hooked

    #: 183 Function Name: NtReadFile
    Status: Not hooked

    #: 184 Function Name: NtReadFileScatter
    Status: Not hooked

    #: 185 Function Name: NtReadRequestData
    Status: Not hooked

    #: 186 Function Name: NtReadVirtualMemory
    Status: Not hooked

    #: 187 Function Name: NtRegisterThreadTerminatePort
    Status: Not hooked

    #: 188 Function Name: NtReleaseMutant
    Status: Not hooked

    #: 189 Function Name: NtReleaseSemaphore
    Status: Not hooked

    #: 190 Function Name: NtRemoveIoCompletion
    Status: Not hooked

    #: 191 Function Name: NtRemoveProcessDebug
    Status: Not hooked

    #: 192 Function Name: NtRenameKey
    Status: Not hooked

    #: 193 Function Name: NtReplaceKey
    Status: Not hooked

    #: 194 Function Name: NtReplyPort
    Status: Not hooked

    #: 195 Function Name: NtReplyWaitReceivePort
    Status: Not hooked

    #: 196 Function Name: NtReplyWaitReceivePortEx
    Status: Not hooked

    #: 197 Function Name: NtReplyWaitReplyPort
    Status: Not hooked

    #: 198 Function Name: NtRequestDeviceWakeup
    Status: Not hooked

    #: 199 Function Name: NtRequestPort
    Status: Not hooked

    #: 200 Function Name: NtRequestWaitReplyPort
    Status: Not hooked

    #: 201 Function Name: NtRequestWakeupLatency
    Status: Not hooked

    #: 202 Function Name: NtResetEvent
    Status: Not hooked

    #: 203 Function Name: NtResetWriteWatch
    Status: Not hooked

    #: 204 Function Name: NtRestoreKey
    Status: Not hooked

    #: 205 Function Name: NtResumeProcess
    Status: Not hooked

    #: 206 Function Name: NtResumeThread
    Status: Not hooked

    #: 207 Function Name: NtSaveKey
    Status: Not hooked

    #: 208 Function Name: NtSaveKeyEx
    Status: Not hooked

    #: 209 Function Name: NtSaveMergedKeys
    Status: Not hooked

    #: 210 Function Name: NtSecureConnectPort
    Status: Not hooked

    #: 211 Function Name: NtSetBootEntryOrder
    Status: Not hooked

    #: 212 Function Name: NtSetBootOptions
    Status: Not hooked

    #: 213 Function Name: NtSetContextThread
    Status: Not hooked

    #: 214 Function Name: NtSetDebugFilterState
    Status: Not hooked

    #: 215 Function Name: NtSetDefaultHardErrorPort
    Status: Not hooked

    #: 216 Function Name: NtSetDefaultLocale
    Status: Not hooked

    #: 217 Function Name: NtSetDefaultUILanguage
    Status: Not hooked

    #: 218 Function Name: NtSetEaFile
    Status: Not hooked

    #: 219 Function Name: NtSetEvent
    Status: Not hooked

    #: 220 Function Name: NtSetEventBoostPriority
    Status: Not hooked

    #: 221 Function Name: NtSetHighEventPair
    Status: Not hooked

    #: 222 Function Name: NtSetHighWaitLowEventPair
    Status: Not hooked

    #: 223 Function Name: NtSetInformationDebugObject
    Status: Not hooked

    #: 224 Function Name: NtSetInformationFile
    Status: Not hooked

    #: 225 Function Name: NtSetInformationJobObject
    Status: Not hooked

    #: 226 Function Name: NtSetInformationKey
    Status: Not hooked

    #: 227 Function Name: NtSetInformationObject
    Status: Not hooked

    #: 228 Function Name: NtSetInformationProcess
    Status: Not hooked

    #: 229 Function Name: NtSetInformationThread
    Status: Not hooked

    #: 230 Function Name: NtSetInformationToken
    Status: Not hooked

    #: 231 Function Name: NtSetIntervalProfile
    Status: Not hooked

    #: 232 Function Name: NtSetIoCompletion
    Status: Not hooked

    #: 233 Function Name: NtSetLdtEntries
    Status: Not hooked

    #: 234 Function Name: NtSetLowEventPair
    Status: Not hooked

    #: 235 Function Name: NtSetLowWaitHighEventPair
    Status: Not hooked

    #: 236 Function Name: NtSetQuotaInformationFile
    Status: Not hooked

    #: 237 Function Name: NtSetSecurityObject
    Status: Not hooked

    #: 238 Function Name: NtSetSystemEnvironmentValue
    Status: Not hooked

    #: 239 Function Name: NtSetSystemEnvironmentValueEx
    Status: Not hooked

    #: 240 Function Name: NtSetSystemInformation
    Status: Not hooked

    #: 241 Function Name: NtSetSystemPowerState
    Status: Not hooked

    #: 242 Function Name: NtSetSystemTime
    Status: Not hooked

    #: 243 Function Name: NtSetThreadExecutionState
    Status: Not hooked

    #: 244 Function Name: NtSetTimer
    Status: Not hooked

    #: 245 Function Name: NtSetTimerResolution
    Status: Not hooked

    #: 246 Function Name: NtSetUuidSeed
    Status: Not hooked

    #: 247 Function Name: NtSetValueKey
    Status: Not hooked

    #: 248 Function Name: NtSetVolumeInformationFile
    Status: Not hooked

    #: 249 Function Name: NtShutdownSystem
    Status: Not hooked

    #: 250 Function Name: NtSignalAndWaitForSingleObject
    Status: Not hooked

    #: 251 Function Name: NtStartProfile
    Status: Not hooked

    #: 252 Function Name: NtStopProfile
    Status: Not hooked

    #: 253 Function Name: NtSuspendProcess
    Status: Not hooked

    #: 254 Function Name: NtSuspendThread
    Status: Not hooked

    #: 255 Function Name: NtSystemDebugControl
    Status: Not hooked

    #: 256 Function Name: NtTerminateJobObject
    Status: Not hooked

    #: 257 Function Name: NtTerminateProcess
    Status: Not hooked

    #: 258 Function Name: NtTerminateThread
    Status: Not hooked

    #: 259 Function Name: NtTestAlert
    Status: Not hooked

    #: 260 Function Name: NtTraceEvent
    Status: Not hooked

    #: 261 Function Name: NtTranslateFilePath
    Status: Not hooked

    #: 262 Function Name: NtUnloadDriver
    Status: Not hooked

    #: 263 Function Name: NtUnloadKey
    Status: Not hooked

    #: 264 Function Name: NtUnloadKeyEx
    Status: Not hooked

    #: 265 Function Name: NtUnlockFile
    Status: Not hooked

    #: 266 Function Name: NtUnlockVirtualMemory
    Status: Not hooked

    #: 267 Function Name: NtUnmapViewOfSection
    Status: Not hooked

    #: 268 Function Name: NtVdmControl
    Status: Not hooked

    #: 269 Function Name: NtWaitForDebugEvent
    Status: Not hooked

    #: 270 Function Name: NtWaitForMultipleObjects
    Status: Not hooked

    #: 271 Function Name: NtWaitForSingleObject
    Status: Not hooked

    #: 272 Function Name: NtWaitHighEventPair
    Status: Not hooked

    #: 273 Function Name: NtWaitLowEventPair
    Status: Not hooked

    #: 274 Function Name: NtWriteFile
    Status: Not hooked

    #: 275 Function Name: NtWriteFileGather
    Status: Not hooked

    #: 276 Function Name: NtWriteRequestData
    Status: Not hooked

    #: 277 Function Name: NtWriteVirtualMemory
    Status: Not hooked

    #: 278 Function Name: NtYieldExecution
    Status: Not hooked

    #: 279 Function Name: NtCreateKeyedEvent
    Status: Not hooked

    #: 280 Function Name: NtOpenKeyedEvent
    Status: Not hooked

    #: 281 Function Name: NtReleaseKeyedEvent
    Status: Not hooked

    #: 282 Function Name: NtWaitForKeyedEvent
    Status: Not hooked

    #: 283 Function Name: NtQueryPortInformationProcess
    Status: Not hooked
     
    deester,
    #18
  20. 2009/02/02
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Dee
    OK I don't see anything jumping out at me from that rootKit log.

    Lets get a on line scan.

    Download ATF Cleaner by Atribune and save it to your Desktop.
    This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
    Double click ATF-Cleaner.exe to run the program.
    Check the boxes to the left of:

    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache
    Recycle bin

    The rest are optional - if you want it to remove everything check "Select All ".
    Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

    Now the scan.

    Please do an online scan with Kaspersky WebScanner

    It's best to disable real time protection applications as they sometimes interfere with the scan.
    Check this link for any applicable programs you may have.

    Click on “Accept” If your pop –up blocker blocks any windows from opening.

    Click Run on the window that opens.
    Windows Vista users you must open the web browser using the Run as Administrator command.
    • The program will launch and then begin downloading the latest definition files:
    • Under Scan on the left side.Click on My Computer
    • This will start the program and scan your system.
    • Click the “Scan Report” On the left side.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
    • Save the text file to your desktop.
    • Copy and paste that information in your next post.

    Please post the Kaspersky results.

    Thanks
    Geri
     
    Geri,
    #19
  21. 2009/02/03
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    Did ATF cleaner
    KASPERSKY ONLINE SCANNER 7 REPORT
    Tuesday, February 3, 2009
    Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Tuesday, February 03, 2009 13:36:50
    Records in database: 1739696
    Scan settings
    Scan using the following database extended
    Scan archives yes
    Scan mail databases yes
    Scan area My Computer
    C:\
    D:\
    E:\
    F:\
    Scan statistics
    Files scanned 49414
    Threat name 5
    Infected objects 6
    Suspicious objects 0
    Duration of the scan 01:46:44

    File name Threat name Threats count
    C:\Documents and Settings\ted\Desktop\Setup(2).exe Infected: not-a-virus:WebToolbar.Win32.Zango.bw 1
    C:\Documents and Settings\ted\Desktop\Setup.exe Infected: not-a-virus:WebToolbar.Win32.Zango.bw 1
    C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
    C:\Program Files\MyWebSearchWB\bar\1.bin\NPMYSRWB.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.i 1
    C:\Program Files\MyWebSearchWB\bar\1.bin\W6PLUGIN.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.l 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\msxml71.dll.vir Infected: Trojan.Win32.BHO.kzv 1
    The selected area was scanned.
     
    deester,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...