Page 1 of 2 12 LastLast
Results 1 to 20 of 24

Thread: PC Acting Weird

  1. #1
    Advanced Member Lurch's Avatar
    Join Date
    Apr 2006
    Location
    TN
    Posts
    578

    PC Acting Weird

    Hi. Please advise if possible. I can't seem to get any spamware with SuperAntiSpyware any more. I think something may be wrong with my PC. I went to Kaspersky Free Online Scanner and it found nothing. I ran Windows Defender and found nothing. I can't update Adaware for some reason.

    also, when I try to right click my Recycle Bin, It often will not and I get a hourglass for eternity until I shut off my PC.

    I found a Trojan with Malwarebytes a week or so ago, and I think it moved it to another folder. Didn't find anything with MWBytes today.

    Here's a copy of my recent Hijack This test :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:32:28 PM, on 5/9/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\PC Tools Firewall Plus\FWService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\ThreatFire\TFService.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\ThreatFire\TFTray.exe
    C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

    C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

    Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

    C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
    O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif

    2.3\IExifCom.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program

    Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program

    Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program

    Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir

    Desktop\avguard.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google

    Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

    Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools

    Firewall Plus\FWService.exe
    O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
    O24 - Desktop Component 0: (no name) - (no file)
    O24 - Desktop Component 1: (no name) -

    file:///C:/Program%20Files/Adobe/Photoshop%20Elements%205.0/shared_assets/locales/en_us/launche

    r/images/quickly_fix_ov.gif

    --
    End of file - 5153 bytes

  2. #2
    Elite Member TonyT's Avatar
    Join Date
    Jan 2000
    Location
    Fairfax, VA
    Posts
    10,335
    Remove these items using HjT:

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O24 - Desktop Component 0: (no name) - (no file)
    O24 - Desktop Component 1: (no name) -

    The 024s will like appear again on next scan.

    Nect:
    rt clcik Desktop > select properties > Desktop Tab > Customize button > Web Tab > remove any Active Desktop items in the list (it there are any), but if Current Home Page is listed, keep it but uncheck it.

    Next:
    Download this program and post the logs:
    http://rootrepeal.googlepages.com/
    DO NOT USE IT TO REMOVE ANYTHING YET, YOU CAN HOSE THE SYSTEM IF REMOVE THE WRONG THING.
    No one has any right to force data on you
    and command you to believe it or else.
    If it is not true for you, it isn't true.

    LRH

  3. #3
    Advanced Member Lurch's Avatar
    Join Date
    Apr 2006
    Location
    TN
    Posts
    578
    Hi. thanks. I did that, and will hopefully post the results you're looking for. 1st one is for drivers :

    ROOTREPEAL (c) AD, 2007-2008
    ==================================================
    Scan Time: 2009/05/09 22:18
    Program Version: Version 1.2.3.0
    Windows Version: Windows XP SP3
    ==================================================

    Drivers
    -------------------
    Name: ACPI.sys
    Image Path: ACPI.sys
    Address: 0xF7447000 Size: 187776 File Visible: -
    Status: -

    Name: ACPI_HAL
    Image Path: \Driver\ACPI_HAL
    Address: 0x804D7000 Size: 2189056 File Visible: -
    Status: -

    Name: afd.sys
    Image Path: C:\WINDOWS\System32\drivers\afd.sys
    Address: 0xEDAF0000 Size: 138496 File Visible: -
    Status: -

    Name: atapi.sys
    Image Path: atapi.sys
    Address: 0xF73FF000 Size: 96512 File Visible: -
    Status: -

    Name: ATMFD.DLL
    Image Path: C:\WINDOWS\System32\ATMFD.DLL
    Address: 0xBFFA0000 Size: 286720 File Visible: -
    Status: -

    Name: audstub.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
    Address: 0xF7BC0000 Size: 3072 File Visible: -
    Status: -

    Name: avgio.sys
    Image Path: C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    Address: 0xF79EE000 Size: 6144 File Visible: -
    Status: -

    Name: avgntflt.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    Address: 0xECD9C000 Size: 81920 File Visible: -
    Status: -

    Name: avipbb.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\avipbb.sys
    Address: 0xEDA9B000 Size: 114688 File Visible: -
    Status: -

    Name: Beep.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
    Address: 0xF79E6000 Size: 4224 File Visible: -
    Status: -

    Name: BOOTVID.dll
    Image Path: C:\WINDOWS\system32\BOOTVID.dll
    Address: 0xF78A6000 Size: 12288 File Visible: -
    Status: -

    Name: Cdfs.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
    Address: 0xECEE9000 Size: 63744 File Visible: -
    Status: -

    Name: cdrom.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
    Address: 0xF6D31000 Size: 62976 File Visible: -
    Status: -

    Name: cercsr6.sys
    Image Path: cercsr6.sys
    Address: 0xF7726000 Size: 29120 File Visible: -
    Status: -

    Name: CLASSPNP.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    Address: 0xF74D6000 Size: 53248 File Visible: -
    Status: -

    Name: disk.sys
    Image Path: disk.sys
    Address: 0xF74C6000 Size: 36352 File Visible: -
    Status: -

    Name: drmk.sys
    Image Path: C:\WINDOWS\system32\drivers\drmk.sys
    Address: 0xF6D01000 Size: 61440 File Visible: -
    Status: -

    Name: dump_atapi.sys
    Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
    Address: 0xECE00000 Size: 98304 File Visible: No
    Status: -

    Name: dump_WMILIB.SYS
    Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
    Address: 0xF7A10000 Size: 8192 File Visible: No
    Status: -

    Name: Dxapi.sys
    Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
    Address: 0xEDB78000 Size: 12288 File Visible: -
    Status: -

    Name: dxg.sys
    Image Path: C:\WINDOWS\System32\drivers\dxg.sys
    Address: 0xBF9C3000 Size: 73728 File Visible: -
    Status: -

    Name: dxgthk.sys
    Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
    Address: 0xF7ABD000 Size: 4096 File Visible: -
    Status: -

    Name: e100b325.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\e100b325.sys
    Address: 0xF6B04000 Size: 158720 File Visible: -
    Status: -

    Name: Fastfat.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
    Address: 0xEC001000 Size: 143744 File Visible: -
    Status: -

    Name: Fips.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
    Address: 0xF75A6000 Size: 44544 File Visible: -
    Status: -

    Name: fltmgr.sys
    Image Path: fltmgr.sys
    Address: 0xF73C7000 Size: 129792 File Visible: -
    Status: -

    Name: Fs_Rec.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
    Address: 0xF79E4000 Size: 7936 File Visible: -
    Status: -

    Name: ftdisk.sys
    Image Path: ftdisk.sys
    Address: 0xF7417000 Size: 125056 File Visible: -
    Status: -

    Name: hal.dll
    Image Path: C:\WINDOWS\system32\hal.dll
    Address: 0x806EE000 Size: 131840 File Visible: -
    Status: -

    Name: HIDCLASS.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
    Address: 0xF75C6000 Size: 36864 File Visible: -
    Status: -

    Name: HIDPARSE.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
    Address: 0xF783E000 Size: 28672 File Visible: -
    Status: -

    Name: hidusb.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
    Address: 0xF7976000 Size: 10368 File Visible: -
    Status: -

    Name: HTTP.sys
    Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
    Address: 0xEC2CD000 Size: 264832 File Visible: -
    Status: -

    Name: i8042prt.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    Address: 0xF7676000 Size: 52480 File Visible: -
    Status: -

    Name: ialmdd5.DLL
    Image Path: C:\WINDOWS\System32\ialmdd5.DLL
    Address: 0xBFA3A000 Size: 925696 File Visible: -
    Status: -

    Name: ialmdev5.DLL
    Image Path: C:\WINDOWS\System32\ialmdev5.DLL
    Address: 0xBFA05000 Size: 217088 File Visible: -
    Status: -

    Name: ialmdnt5.dll
    Image Path: C:\WINDOWS\System32\ialmdnt5.dll
    Address: 0xBF9E3000 Size: 139264 File Visible: -
    Status: -

    Name: ialmnt5.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    Address: 0xF6B63000 Size: 1302208 File Visible: -
    Status: -

    Name: ialmrnt5.dll
    Image Path: C:\WINDOWS\System32\ialmrnt5.dll
    Address: 0xBF9D5000 Size: 57344 File Visible: -
    Status: -

    Name: imapi.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
    Address: 0xF6D11000 Size: 42112 File Visible: -
    Status: -

    Name: intelide.sys
    Image Path: intelide.sys
    Address: 0xF799A000 Size: 5504 File Visible: -
    Status: -

    Name: intelppm.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
    Address: 0xF7666000 Size: 36352 File Visible: -
    Status: -

    Name: ipnat.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
    Address: 0xEDB3A000 Size: 152832 File Visible: -
    Status: -

    Name: ipsec.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
    Address: 0xEDC07000 Size: 75264 File Visible: -
    Status: -

    Name: isapnp.sys
    Image Path: isapnp.sys
    Address: 0xF7496000 Size: 37248 File Visible: -
    Status: -

    Name: kbdclass.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    Address: 0xF789E000 Size: 24576 File Visible: -
    Status: -

    Name: KDCOM.DLL
    Image Path: C:\WINDOWS\system32\KDCOM.DLL
    Address: 0xF7996000 Size: 8192 File Visible: -
    Status: -

    Name: ks.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
    Address: 0xF6ACD000 Size: 143360 File Visible: -
    Status: -

    Name: KSecDD.sys
    Image Path: KSecDD.sys
    Address: 0xF739F000 Size: 92288 File Visible: -
    Status: -

    Name: mchInjDrv.sys
    Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
    Address: 0xF7B1F000 Size: 2560 File Visible: No
    Status: -

    Name: MCSTRM.SYS
    Image Path: C:\WINDOWS\System32\Drivers\MCSTRM.SYS
    Address: 0xF7A42000 Size: 7360 File Visible: -
    Status: -

    Name: mnmdd.SYS
    Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
    Address: 0xF79E8000 Size: 4224 File Visible: -
    Status: -

    Name: mouclass.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
    Address: 0xF7756000 Size: 23040 File Visible: -
    Status: -

    Name: mouhid.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
    Address: 0xF6901000 Size: 12160 File Visible: -
    Status: -

    Name: MountMgr.sys
    Image Path: MountMgr.sys
    Address: 0xF74A6000 Size: 42368 File Visible: -
    Status: -

    Name: mrxdav.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    Address: 0xECADC000 Size: 180608 File Visible: -
    Status: -

    Name: Msfs.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
    Address: 0xF7806000 Size: 19072 File Visible: -
    Status: -

    Name: msgpc.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
    Address: 0xF7586000 Size: 35072 File Visible: -
    Status: -

    Name: mssmbios.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    Address: 0xF70DB000 Size: 15488 File Visible: -
    Status: -

    Name: Mup.sys
    Image Path: Mup.sys
    Address: 0xF72CB000 Size: 105344 File Visible: -
    Status: -

    Name: NDIS.sys
    Image Path: NDIS.sys
    Address: 0xF72E5000 Size: 182656 File Visible: -
    Status: -

    Name: ndistapi.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    Address: 0xF798E000 Size: 10112 File Visible: -
    Status: -

    Name: ndisuio.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    Address: 0xECDB0000 Size: 14592 File Visible: -
    Status: -

    Name: ndiswan.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    Address: 0xF699F000 Size: 91520 File Visible: -
    Status: -

    Name: NDProxy.SYS
    Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
    Address: 0xF7516000 Size: 40576 File Visible: -
    Status: -

    Name: netbt.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
    Address: 0xEDB12000 Size: 162816 File Visible: -
    Status: -

    Name: Npfs.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
    Address: 0xF780E000 Size: 30848 File Visible: -
    Status: -

    Name: Ntfs.sys
    Image Path: Ntfs.sys
    Address: 0xF7312000 Size: 574976 File Visible: -
    Status: -

    Name: ntoskrnl.exe
    Image Path: C:\WINDOWS\system32\ntoskrnl.exe
    Address: 0x804D7000 Size: 2189056 File Visible: -
    Status: -

    Name: Null.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
    Address: 0xF7AEB000 Size: 2944 File Visible: -
    Status: -

    Name: parport.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
    Address: 0xF6AF0000 Size: 80128 File Visible: -
    Status: -

    Name: PartMgr.sys
    Image Path: PartMgr.sys
    Address: 0xF771E000 Size: 19712 File Visible: -
    Status: -

    Name: ParVdm.SYS
    Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
    Address: 0xF7A40000 Size: 6784 File Visible: -
    Status: -

    Name: pci.sys
    Image Path: pci.sys
    Address: 0xF7436000 Size: 68224 File Visible: -
    Status: -

    Name: PCIIde.sys
    Image Path: PCIIde.sys
    Address: 0xF7A5E000 Size: 3328 File Visible: -
    Status: -

    Name: PCIIDEX.SYS
    Image Path: C:\WINDOWS\System32\Drivers\PCIIDEX.SYS
    Address: 0xF7716000 Size: 28672 File Visible: -
    Status: -

    Name: PCTAppEvent.sys
    Image Path: C:\WINDOWS\system32\drivers\PCTAppEvent.sys
    Address: 0xEC9DB000 Size: 67840 File Visible: -
    Status: -

    Name: pctfw.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\pctfw.sys
    Address: 0xF6987000 Size: 97408 File Visible: -
    Status: -

    Name: pctgntdi.sys
    Image Path: C:\WINDOWS\system32\drivers\pctgntdi.sys
    Address: 0xEDB88000 Size: 153600 File Visible: -
    Status: -

    Name: pctplfw.sys
    Image Path: C:\WINDOWS\system32\drivers\pctplfw.sys
    Address: 0xEC6CD000 Size: 89600 File Visible: -
    Status: -

    Name: PnpManager
    Image Path: \Driver\PnpManager
    Address: 0x804D7000 Size: 2189056 File Visible: -
    Status: -

    Name: portcls.sys
    Image Path: C:\WINDOWS\system32\drivers\portcls.sys
    Address: 0xF6A69000 Size: 147456 File Visible: -
    Status: -

    Name: ptilink.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
    Address: 0xF7746000 Size: 17792 File Visible: -
    Status: -

    Name: PxHelp20.sys
    Image Path: PxHelp20.sys
    Address: 0xF74F6000 Size: 36320 File Visible: -
    Status: -

    Name: rasacd.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
    Address: 0xF7952000 Size: 8832 File Visible: -
    Status: -

    Name: rasl2tp.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    Address: 0xF6CF1000 Size: 51328 File Visible: -
    Status: -

    Name: raspppoe.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    Address: 0xF6CE1000 Size: 41472 File Visible: -
    Status: -

    Name: raspptp.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
    Address: 0xF6CD1000 Size: 48384 File Visible: -
    Status: -

    Name: raspti.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
    Address: 0xF774E000 Size: 16512 File Visible: -
    Status: -

    Name: RAW
    Image Path: \FileSystem\RAW
    Address: 0x804D7000 Size: 2189056 File Visible: -
    Status: -

    Name: RDPCDD.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
    Address: 0xF79EA000 Size: 4224 File Visible: -
    Status: -

    Name: redbook.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
    Address: 0xF6D21000 Size: 57600 File Visible: -
    Status: -

    Name: rootrepeal.sys
    Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
    Address: 0xF76A6000 Size: 45056 File Visible: No
    Status: -

    Name: SASDIFSV.SYS
    Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    Address: 0xF781E000 Size: 28672 File Visible: -
    Status: -

    Name: SASENUM.SYS
    Image Path: C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    Address: 0xED22A000 Size: 20480 File Visible: -
    Status: -

    Name: SASKUTIL.sys
    Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    Address: 0xEDACF000 Size: 135168 File Visible: -
    Status: -

    Name: SCSIPORT.SYS
    Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
    Address: 0xF73E7000 Size: 98304 File Visible: -
    Status: -

    Name: senfilt.sys
    Image Path: C:\WINDOWS\system32\drivers\senfilt.sys
    Address: 0xF69B6000 Size: 732928 File Visible: -
    Status: -

    Name: serenum.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
    Address: 0xF7982000 Size: 15744 File Visible: -
    Status: -

    Name: serial.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
    Address: 0xF7686000 Size: 64512 File Visible: -
    Status: -

    Name: smwdm.sys
    Image Path: C:\WINDOWS\system32\drivers\smwdm.sys
    Address: 0xF6A8D000 Size: 260352 File Visible: -
    Status: -

    Name: ssmdrv.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    Address: 0xF7816000 Size: 22912 File Visible: -
    Status: -

    Name: swenum.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
    Address: 0xF79C2000 Size: 4352 File Visible: -
    Status: -

    Name: sysaudio.sys
    Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
    Address: 0xEDD51000 Size: 60800 File Visible: -
    Status: -

    Name: tcpip.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
    Address: 0xEDBAE000 Size: 361600 File Visible: -
    Status: -

    Name: TDI.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
    Address: 0xF773E000 Size: 20480 File Visible: -
    Status: -

    Name: termdd.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
    Address: 0xF6CC1000 Size: 40704 File Visible: -
    Status: -

    Name: TfFsMon.sys
    Image Path: TfFsMon.sys
    Address: 0xF73B6000 Size: 69632 File Visible: -
    Status: -

    Name: TfKbMon.sys
    Image Path: C:\WINDOWS\System32\Drivers\TfKbMon.sys
    Address: 0xF7896000 Size: 32768 File Visible: -
    Status: -

    Name: TfNetMon.sys
    Image Path: C:\WINDOWS\system32\drivers\TfNetMon.sys
    Address: 0xEC70B000 Size: 45056 File Visible: -
    Status: -

    Name: TfSysMon.sys
    Image Path: TfSysMon.sys
    Address: 0xF74E6000 Size: 53248 File Visible: -
    Status: -

    Name: update.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
    Address: 0xF6929000 Size: 384768 File Visible: -
    Status: -

    Name: USBD.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
    Address: 0xF79DE000 Size: 8192 File Visible: -
    Status: -

    Name: usbehci.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
    Address: 0xF788E000 Size: 30208 File Visible: -
    Status: -

    Name: usbhub.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
    Address: 0xF7546000 Size: 59520 File Visible: -
    Status: -

    Name: USBPORT.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
    Address: 0xF6B2B000 Size: 147456 File Visible: -
    Status: -

    Name: usbprint.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
    Address: 0xF787E000 Size: 25856 File Visible: -
    Status: -

    Name: usbscan.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\usbscan.sys
    Address: 0xF6909000 Size: 15104 File Visible: -
    Status: -

    Name: USBSTOR.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    Address: 0xF7856000 Size: 26368 File Visible: -
    Status: -

    Name: usbuhci.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    Address: 0xF7886000 Size: 20608 File Visible: -
    Status: -

    Name: vga.sys
    Image Path: C:\WINDOWS\System32\drivers\vga.sys
    Address: 0xF77FE000 Size: 20992 File Visible: -
    Status: -

    Name: VIDEOPRT.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
    Address: 0xF6B4F000 Size: 81920 File Visible: -
    Status: -

    Name: VolSnap.sys
    Image Path: VolSnap.sys
    Address: 0xF74B6000 Size: 52352 File Visible: -
    Status: -

    Name: wanarp.sys
    Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
    Address: 0xF7596000 Size: 34560 File Visible: -
    Status: -

    Name: watchdog.sys
    Image Path: C:\WINDOWS\System32\watchdog.sys
    Address: 0xED923000 Size: 20480 File Visible: -
    Status: -

    Name: wdmaud.sys
    Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
    Address: 0xECB57000 Size: 83072 File Visible: -
    Status: -

    Name: Win32k
    Image Path: \Driver\Win32k
    Address: 0xBF800000 Size: 1847296 File Visible: -
    Status: -

    Name: win32k.sys
    Image Path: C:\WINDOWS\System32\win32k.sys
    Address: 0xBF800000 Size: 1847296 File Visible: -
    Status: -

    Name: WMILIB.SYS
    Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
    Address: 0xF7998000 Size: 8192 File Visible: -
    Status: -

    Name: WMIxWDM
    Image Path: \Driver\WMIxWDM
    Address: 0x804D7000 Size: 2189056 File Visible: -
    Status: -

    -----------------------------------------------------------------------------

    Processes :

    ROOTREPEAL (c) AD, 2007-2008
    ==================================================
    Scan Time: 2009/05/09 22:21
    Program Version: Version 1.2.3.0
    Windows Version: Windows XP SP3
    ==================================================

    Processes
    -------------------
    Path: System
    PID: 4 Status: -

    Path: C:\WINDOWS\system32\svchost.exe
    PID: 204 Status: -

    Path: C:\Program Files\ThreatFire\TFService.exe
    PID: 256 Status: -

    Path: C:\WINDOWS\system32\smss.exe
    PID: 520 Status: -

    Path: C:\WINDOWS\system32\csrss.exe
    PID: 576 Status: -

    Path: C:\WINDOWS\system32\winlogon.exe
    PID: 600 Status: -

    Path: C:\WINDOWS\system32\services.exe
    PID: 644 Status: -

    Path: C:\WINDOWS\system32\lsass.exe
    PID: 656 Status: -

    Path: C:\WINDOWS\system32\svchost.exe
    PID: 832 Status: -

    Path: C:\WINDOWS\system32\svchost.exe
    PID: 892 Status: -

    Path: C:\Program Files\Windows Defender\MsMpEng.exe
    PID: 984 Status: -

    Path: C:\WINDOWS\system32\svchost.exe
    PID: 1028 Status: -

    Path: C:\WINDOWS\system32\svchost.exe
    PID: 1064 Status: -

    Path: C:\WINDOWS\system32\svchost.exe
    PID: 1168 Status: -

    Path: C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    PID: 1388 Status: -

    Path: C:\WINDOWS\system32\spoolsv.exe
    PID: 1660 Status: -

    Path: C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PID: 1700 Status: -

    Path: C:\WINDOWS\explorer.exe
    PID: 1744 Status: -

    Path: C:\WINDOWS\system32\svchost.exe
    PID: 1820 Status: -

    Path: C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    PID: 1848 Status: -

    Path: C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PID: 1872 Status: -

    Path: C:\Program Files\PC Tools Firewall Plus\FWService.exe
    PID: 1940 Status: -

    Path: C:\WINDOWS\system32\alg.exe
    PID: 2012 Status: -

    Path: C:\Program Files\Analog Devices\Core\smax4pnp.exe
    PID: 2228 Status: -

    Path: C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
    PID: 2348 Status: -

    Path: C:\WINDOWS\system32\igfxpers.exe
    PID: 2360 Status: -

    Path: C:\WINDOWS\system32\hkcmd.exe
    PID: 2464 Status: -

    Path: C:\Program Files\Windows Defender\MSASCui.exe
    PID: 2488 Status: -

    Path: C:\Program Files\ThreatFire\TFTray.exe
    PID: 2504 Status: -

    Path: C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
    PID: 2540 Status: -

    Path: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PID: 2616 Status: -

    Path: C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    PID: 2684 Status: -

    Path: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PID: 2728 Status: -

    Path: C:\Program Files\Mozilla Firefox\firefox.exe
    PID: 3300 Status: -

    Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for RootRepeal.zip\RootRepeal.exe
    PID: 3332 Status: -

    Path: C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
    PID: 3480 Status: -

    ----------------------------------------------------------------------

  4. #4
    Advanced Member Lurch's Avatar
    Join Date
    Apr 2006
    Location
    TN
    Posts
    578
    And this one is SSDT :

    ROOTREPEAL (c) AD, 2007-2008
    ==================================================
    Scan Time: 2009/05/09 22:21
    Program Version: Version 1.2.3.0
    Windows Version: Windows XP SP3
    ==================================================

    SSDT
    -------------------
    #: 000 Function Name: NtAcceptConnectPort
    Status: Not hooked

    #: 001 Function Name: NtAccessCheck
    Status: Not hooked

    #: 002 Function Name: NtAccessCheckAndAuditAlarm
    Status: Not hooked

    #: 003 Function Name: NtAccessCheckByType
    Status: Not hooked

    #: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm
    Status: Not hooked

    #: 005 Function Name: NtAccessCheckByTypeResultList
    Status: Not hooked

    #: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm
    Status: Not hooked

    #: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
    Status: Not hooked

    #: 008 Function Name: NtAddAtom
    Status: Not hooked

    #: 009 Function Name: NtAddBootEntry
    Status: Not hooked

    #: 010 Function Name: NtAdjustGroupsToken
    Status: Not hooked

    #: 011 Function Name: NtAdjustPrivilegesToken
    Status: Not hooked

    #: 012 Function Name: NtAlertResumeThread
    Status: Not hooked

    #: 013 Function Name: NtAlertThread
    Status: Not hooked

    #: 014 Function Name: NtAllocateLocallyUniqueId
    Status: Not hooked

    #: 015 Function Name: NtAllocateUserPhysicalPages
    Status: Not hooked

    #: 016 Function Name: NtAllocateUuids
    Status: Not hooked

    #: 017 Function Name: NtAllocateVirtualMemory
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xec9e4b94

    #: 018 Function Name: NtAreMappedFilesTheSame
    Status: Not hooked

    #: 019 Function Name: NtAssignProcessToJobObject
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xec9e4586

    #: 020 Function Name: NtCallbackReturn
    Status: Not hooked

    #: 021 Function Name: NtCancelDeviceWakeupRequest
    Status: Not hooked

    #: 022 Function Name: NtCancelIoFile
    Status: Not hooked

    #: 023 Function Name: NtCancelTimer
    Status: Not hooked

    #: 024 Function Name: NtClearEvent
    Status: Not hooked

    #: 025 Function Name: NtClose
    Status: Not hooked

    #: 026 Function Name: NtCloseObjectAuditAlarm
    Status: Not hooked

    #: 027 Function Name: NtCompactKeys
    Status: Not hooked

    #: 028 Function Name: NtCompareTokens
    Status: Not hooked

    #: 029 Function Name: NtCompleteConnectPort
    Status: Not hooked

    #: 030 Function Name: NtCompressKey
    Status: Not hooked

    #: 031 Function Name: NtConnectPort
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xec9e45da

    #: 032 Function Name: NtContinue
    Status: Not hooked

    #: 033 Function Name: NtCreateDebugObject
    Status: Not hooked

    #: 034 Function Name: NtCreateDirectoryObject
    Status: Not hooked

    #: 035 Function Name: NtCreateEvent
    Status: Not hooked

    #: 036 Function Name: NtCreateEventPair
    Status: Not hooked

    #: 037 Function Name: NtCreateFile
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xec9e4640

    #: 038 Function Name: NtCreateIoCompletion
    Status: Not hooked

    #: 039 Function Name: NtCreateJobObject
    Status: Not hooked

    #: 040 Function Name: NtCreateJobSet
    Status: Not hooked

    #: 041 Function Name: NtCreateKey
    Status: Hooked by "<unknown>" at address 0xf7b1adb6

    #: 042 Function Name: NtCreateMailslotFile
    Status: Not hooked

    #: 043 Function Name: NtCreateMutant
    Status: Not hooked

    #: 044 Function Name: NtCreateNamedPipeFile
    Status: Not hooked

    #: 045 Function Name: NtCreatePagingFile
    Status: Not hooked

    #: 046 Function Name: NtCreatePort
    Status: Not hooked

    #: 047 Function Name: NtCreateProcess
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xec9e472e

    #: 048 Function Name: NtCreateProcessEx
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xec9e47ba

    #: 049 Function Name: NtCreateProfile
    Status: Not hooked

    #: 050 Function Name: NtCreateSection
    Status: Not hooked

    #: 051 Function Name: NtCreateSemaphore
    Status: Not hooked

    #: 052 Function Name: NtCreateSymbolicLinkObject
    Status: Not hooked

    #: 053 Function Name: NtCreateThread
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xec9e484a

    #: 054 Function Name: NtCreateTimer
    Status: Not hooked

    #: 055 Function Name: NtCreateToken
    Status: Not hooked

    #: 056 Function Name: NtCreateWaitablePort
    Status: Not hooked

    #: 057 Function Name: NtDebugActiveProcess
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xec9e4980

    #: 058 Function Name: NtDebugContinue
    Status: Not hooked

    #: 059 Function Name: NtDelayExecution
    Status: Not hooked

    #: 060 Function Name: NtDeleteAtom
    Status: Not hooked

    #: 061 Function Name: NtDeleteBootEntry
    Status: Not hooked

    #: 062 Function Name: NtDeleteFile
    Status: Not hooked

    #: 063 Function Name: NtDeleteKey
    Status: Hooked by "<unknown>" at address 0xf7b1adbb

    #: 064 Function Name: NtDeleteObjectAuditAlarm
    Status: Not hooked

    #: 065 Function Name: NtDeleteValueKey
    Status: Hooked by "<unknown>" at address 0xf7b1adc5

    #: 066 Function Name: NtDeviceIoControlFile
    Status: Not hooked

    #: 067 Function Name: NtDisplayString
    Status: Not hooked

    #: 068 Function Name: NtDuplicateObject
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xec9e49d4

    #: 069 Function Name: NtDuplicateToken
    Status: Not hooked

    #: 070 Function Name: NtEnumerateBootEntries
    Status: Not hooked

    #: 071 Function Name: NtEnumerateKey
    Status: Not hooked

    #: 072 Function Name: NtEnumerateSystemEnvironmentValuesEx
    Status: Not hooked

    #: 073 Function Name: NtEnumerateValueKey
    Status: Not hooked

    #: 074 Function Name: NtExtendSection
    Status: Not hooked

    #: 075 Function Name: NtFilterToken
    Status: Not hooked

    #: 076 Function Name: NtFindAtom
    Status: Not hooked

    #: 077 Function Name: NtFlushBuffersFile
    Status: Not hooked

    #: 078 Function Name: NtFlushInstructionCache
    Status: Not hooked

    #: 079 Function Name: NtFlushKey
    Status: Not hooked

    #: 080 Function Name: NtFlushVirtualMemory
    Status: Not hooked

    #: 081 Function Name: NtFlushWriteBuffer
    Status: Not hooked

    #: 082 Function Name: NtFreeUserPhysicalPages
    Status: Not hooked

    #: 083 Function Name: NtFreeVirtualMemory
    Status: Not hooked

    #: 084 Function Name: NtFsControlFile
    Status: Not hooked

    #: 085 Function Name: NtGetContextThread
    Status: Not hooked

    #: 086 Function Name: NtGetDevicePowerState
    Status: Not hooked

    #: 087 Function Name: NtGetPlugPlayEvent
    Status: Not hooked

    #: 088 Function Name: NtGetWriteWatch
    Status: Not hooked

    #: 089 Function Name: NtImpersonateAnonymousToken
    Status: Not hooked

    #: 090 Function Name: NtImpersonateClientOfPort
    Status: Not hooked

    #: 091 Function Name: NtImpersonateThread
    Status: Not hooked

    #: 092 Function Name: NtInitializeRegistry
    Status: Not hooked

    #: 093 Function Name: NtInitiatePowerAction
    Status: Not hooked

    #: 094 Function Name: NtIsProcessInJob
    Status: Not hooked

    #: 095 Function Name: NtIsSystemResumeAutomatic
    Status: Not hooked

    #: 096 Function Name: NtListenPort
    Status: Not hooked

    #: 097 Function Name: NtLoadDriver
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xec9e4a3a

    #: 098 Function Name: NtLoadKey
    Status: Hooked by "<unknown>" at address 0xf7b1adca

    #: 099 Function Name: NtLoadKey2
    Status: Not hooked

    #: 100 Function Name: NtLockFile
    Status: Not hooked

    #: 101 Function Name: NtLockProductActivationKeys
    Status: Not hooked

    #: 102 Function Name: NtLockRegistryKey
    Status: Not hooked

    #: 103 Function Name: NtLockVirtualMemory
    Status: Not hooked

    #: 104 Function Name: NtMakePermanentObject
    Status: Not hooked

    #: 105 Function Name: NtMakeTemporaryObject
    Status: Not hooked

    #: 106 Function Name: NtMapUserPhysicalPages
    Status: Not hooked

    #: 107 Function Name: NtMapUserPhysicalPagesScatter
    Status: Not hooked

    #: 108 Function Name: NtMapViewOfSection
    Status: Not hooked

    #: 109 Function Name: NtModifyBootEntry
    Status: Not hooked

    #: 110 Function Name: NtNotifyChangeDirectoryFile
    Status: Not hooked

    #: 111 Function Name: NtNotifyChangeKey
    Status: Not hooked

    #: 112 Function Name: NtNotifyChangeMultipleKeys
    Status: Not hooked

    #: 113 Function Name: NtOpenDirectoryObject
    Status: Not hooked

    #: 114 Function Name: NtOpenEvent
    Status: Not hooked

    #: 115 Function Name: NtOpenEventPair
    Status: Not hooked

    #: 116 Function Name: NtOpenFile
    Status: Not hooked

    #: 117 Function Name: NtOpenIoCompletion
    Status: Not hooked

    #: 118 Function Name: NtOpenJobObject
    Status: Not hooked

    #: 119 Function Name: NtOpenKey
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xec9e4a8c

    #: 120 Function Name: NtOpenMutant
    Status: Not hooked

    #: 121 Function Name: NtOpenObjectAuditAlarm
    Status: Not hooked

    #: 122 Function Name: NtOpenProcess
    Status: Hooked by "<unknown>" at address 0xf7b1ad98

    #: 123 Function Name: NtOpenProcessToken
    Status: Not hooked

    #: 124 Function Name: NtOpenProcessTokenEx
    Status: Not hooked

    #: 125 Function Name: NtOpenSection
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xec9e4ae4

    #: 126 Function Name: NtOpenSemaphore
    Status: Not hooked

    #: 127 Function Name: NtOpenSymbolicLinkObject
    Status: Not hooked

    #: 128 Function Name: NtOpenThread
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xec9e4b3c

    #: 129 Function Name: NtOpenThreadToken
    Status: Not hooked

    #: 130 Function Name: NtOpenThreadTokenEx
    Status: Not hooked

    #: 131 Function Name: NtOpenTimer
    Status: Not hooked

    #: 132 Function Name: NtPlugPlayControl
    Status: Not hooked

    #: 133 Function Name: NtPowerInformation
    Status: Not hooked

    #: 134 Function Name: NtPrivilegeCheck
    Status: Not hooked

    #: 135 Function Name: NtPrivilegeObjectAuditAlarm
    Status: Not hooked

    #: 136 Function Name: NtPrivilegedServiceAuditAlarm
    Status: Not hooked

    #: 137 Function Name: NtProtectVirtualMemory
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xec9e4bfa

    #: 138 Function Name: NtPulseEvent
    Status: Not hooked

    #: 139 Function Name: NtQueryAttributesFile
    Status: Not hooked

    #: 140 Function Name: NtQueryBootEntryOrder
    Status: Not hooked

    #: 141 Function Name: NtQueryBootOptions
    Status: Not hooked

    #: 142 Function Name: NtQueryDebugFilterState
    Status: Not hooked

    #: 143 Function Name: NtQueryDefaultLocale
    Status: Not hooked

    #: 144 Function Name: NtQueryDefaultUILanguage
    Status: Not hooked

    #: 145 Function Name: NtQueryDirectoryFile
    Status: Not hooked

    #: 146 Function Name: NtQueryDirectoryObject
    Status: Not hooked

    #: 147 Function Name: NtQueryEaFile
    Status: Not hooked

    #: 148 Function Name: NtQueryEvent
    Status: Not hooked

    #: 149 Function Name: NtQueryFullAttributesFile
    Status: Not hooked

    #: 150 Function Name: NtQueryInformationAtom
    Status: Not hooked

    #: 151 Function Name: NtQueryInformationFile
    Status: Not hooked

    #: 152 Function Name: NtQueryInformationJobObject
    Status: Not hooked

    #: 153 Function Name: NtQueryInformationPort
    Status: Not hooked

    #: 154 Function Name: NtQueryInformationProcess
    Status: Not hooked

    #: 155 Function Name: NtQueryInformationThread
    Status: Not hooked

    #: 156 Function Name: NtQueryInformationToken
    Status: Not hooked

    #: 157 Function Name: NtQueryInstallUILanguage
    Status: Not hooked

    #: 158 Function Name: NtQueryIntervalProfile
    Status: Not hooked

    #: 159 Function Name: NtQueryIoCompletion
    Status: Not hooked

    #: 160 Function Name: NtQueryKey
    Status: Not hooked

    #: 161 Function Name: NtQueryMultipleValueKey
    Status: Not hooked

    #: 162 Function Name: NtQueryMutant
    Status: Not hooked

    #: 163 Function Name: NtQueryObject
    Status: Not hooked

    #: 164 Function Name: NtQueryOpenSubKeys
    Status: Not hooked

    #: 165 Function Name: NtQueryPerformanceCounter
    Status: Not hooked

    #: 166 Function Name: NtQueryQuotaInformationFile
    Status: Not hooked

    #: 167 Function Name: NtQuerySection
    Status: Not hooked

    #: 168 Function Name: NtQuerySecurityObject
    Status: Not hooked

    #: 169 Function Name: NtQuerySemaphore
    Status: Not hooked

    #: 170 Function Name: NtQuerySymbolicLinkObject
    Status: Not hooked

    #: 171 Function Name: NtQuerySystemEnvironmentValue
    Status: Not hooked

    #: 172 Function Name: NtQuerySystemEnvironmentValueEx
    Status: Not hooked

    #: 173 Function Name: NtQuerySystemInformation
    Status: Not hooked

    #: 174 Function Name: NtQuerySystemTime
    Status: Not hooked

    #: 175 Function Name: NtQueryTimer
    Status: Not hooked

    #: 176 Function Name: NtQueryTimerResolution
    Status: Not hooked

    #: 177 Function Name: NtQueryValueKey
    Status: Not hooked

    #: 178 Function Name: NtQueryVirtualMemory
    Status: Not hooked

    #: 179 Function Name: NtQueryVolumeInformationFile
    Status: Not hooked

    #: 180 Function Name: NtQueueApcThread
    Status: Not hooked

    #: 181 Function Name: NtRaiseException
    Status: Not hooked

    #: 182 Function Name: NtRaiseHardError
    Status: Not hooked

    #: 183 Function Name: NtReadFile
    Status: Not hooked

    #: 184 Function Name: NtReadFileScatter
    Status: Not hooked

    #: 185 Function Name: NtReadRequestData
    Status: Not hooked

    #: 186 Function Name: NtReadVirtualMemory
    Status: Not hooked

    #: 187 Function Name: NtRegisterThreadTerminatePort
    Status: Not hooked

    #: 188 Function Name: NtReleaseMutant
    Status: Not hooked

    #: 189 Function Name: NtReleaseSemaphore
    Status: Not hooked

    #: 190 Function Name: NtRemoveIoCompletion
    Status: Not hooked

    #: 191 Function Name: NtRemoveProcessDebug
    Status: Not hooked

    #: 192 Function Name: NtRenameKey
    Status: Not hooked

    #: 193 Function Name: NtReplaceKey
    Status: Hooked by "<unknown>" at address 0xf7b1add4

    #: 194 Function Name: NtReplyPort
    Status: Not hooked

    #: 195 Function Name: NtReplyWaitReceivePort
    Status: Not hooked

    #: 196 Function Name: NtReplyWaitReceivePortEx
    Status: Not hooked

    #: 197 Function Name: NtReplyWaitReplyPort
    Status: Not hooked

    #: 198 Function Name: NtRequestDeviceWakeup
    Status: Not hooked

    #: 199 Function Name: NtRequestPort
    Status: Not hooked

    #: 200 Function Name: NtRequestWaitReplyPort
    Status: Not hooked

    #: 201 Function Name: NtRequestWakeupLatency
    Status: Not hooked

    #: 202 Function Name: NtResetEvent
    Status: Not hooked

    #: 203 Function Name: NtResetWriteWatch
    Status: Not hooked

    #: 204 Function Name: NtRestoreKey
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xec9e4c58

    #: 205 Function Name: NtResumeProcess
    Status: Not hooked

    #: 206 Function Name: NtResumeThread
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xec9e4cb6

    #: 207 Function Name: NtSaveKey
    Status: Not hooked

    #: 208 Function Name: NtSaveKeyEx
    Status: Not hooked

    #: 209 Function Name: NtSaveMergedKeys
    Status: Not hooked

    #: 210 Function Name: NtSecureConnectPort
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xec9e4d74

    #: 211 Function Name: NtSetBootEntryOrder
    Status: Not hooked

    #: 212 Function Name: NtSetBootOptions
    Status: Not hooked

    #: 213 Function Name: NtSetContextThread
    Status: Not hooked

    #: 214 Function Name: NtSetDebugFilterState
    Status: Not hooked

    #: 215 Function Name: NtSetDefaultHardErrorPort
    Status: Not hooked

    #: 216 Function Name: NtSetDefaultLocale
    Status: Not hooked

    #: 217 Function Name: NtSetDefaultUILanguage
    Status: Not hooked

    #: 218 Function Name: NtSetEaFile
    Status: Not hooked

    #: 219 Function Name: NtSetEvent
    Status: Not hooked

    #: 220 Function Name: NtSetEventBoostPriority
    Status: Not hooked

    #: 221 Function Name: NtSetHighEventPair
    Status: Not hooked

    #: 222 Function Name: NtSetHighWaitLowEventPair
    Status: Not hooked

    #: 223 Function Name: NtSetInformationDebugObject
    Status: Not hooked

    #: 224 Function Name: NtSetInformationFile
    Status: Not hooked

    #: 225 Function Name: NtSetInformationJobObject
    Status: Not hooked

    #: 226 Function Name: NtSetInformationKey
    Status: Not hooked

    #: 227 Function Name: NtSetInformationObject
    Status: Not hooked

    #: 228 Function Name: NtSetInformationProcess
    Status: Not hooked

    #: 229 Function Name: NtSetInformationThread
    Status: Not hooked

    #: 230 Function Name: NtSetInformationToken
    Status: Not hooked

    #: 231 Function Name: NtSetIntervalProfile
    Status: Not hooked

    #: 232 Function Name: NtSetIoCompletion
    Status: Not hooked

    #: 233 Function Name: NtSetLdtEntries
    Status: Not hooked

    #: 234 Function Name: NtSetLowEventPair
    Status: Not hooked

    #: 235 Function Name: NtSetLowWaitHighEventPair
    Status: Not hooked

    #: 236 Function Name: NtSetQuotaInformationFile
    Status: Not hooked

    #: 237 Function Name: NtSetSecurityObject
    Status: Not hooked

    #: 238 Function Name: NtSetSystemEnvironmentValue
    Status: Not hooked

    #: 239 Function Name: NtSetSystemEnvironmentValueEx
    Status: Not hooked

    #: 240 Function Name: NtSetSystemInformation
    Status: Not hooked

    #: 241 Function Name: NtSetSystemPowerState
    Status: Not hooked

    #: 242 Function Name: NtSetSystemTime
    Status: Not hooked

    #: 243 Function Name: NtSetThreadExecutionState
    Status: Not hooked

    #: 244 Function Name: NtSetTimer
    Status: Not hooked

    #: 245 Function Name: NtSetTimerResolution
    Status: Not hooked

    #: 246 Function Name: NtSetUuidSeed
    Status: Not hooked

    #: 247 Function Name: NtSetValueKey
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xec9e4d08

    #: 248 Function Name: NtSetVolumeInformationFile
    Status: Not hooked

    #: 249 Function Name: NtShutdownSystem
    Status: Not hooked

    #: 250 Function Name: NtSignalAndWaitForSingleObject
    Status: Not hooked

    #: 251 Function Name: NtStartProfile
    Status: Not hooked

    #: 252 Function Name: NtStopProfile
    Status: Not hooked

    #: 253 Function Name: NtSuspendProcess
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xec9e4dde

    #: 254 Function Name: NtSuspendThread
    Status: Not hooked

    #: 255 Function Name: NtSystemDebugControl
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xec9e4e30

    #: 256 Function Name: NtTerminateJobObject
    Status: Not hooked

    #: 257 Function Name: NtTerminateProcess
    Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xedad7f20

    #: 258 Function Name: NtTerminateThread
    Status: Not hooked

    #: 259 Function Name: NtTestAlert
    Status: Not hooked

    #: 260 Function Name: NtTraceEvent
    Status: Not hooked

    #: 261 Function Name: NtTranslateFilePath
    Status: Not hooked

    #: 262 Function Name: NtUnloadDriver
    Status: Not hooked

    #: 263 Function Name: NtUnloadKey
    Status: Not hooked

    #: 264 Function Name: NtUnloadKeyEx
    Status: Not hooked

    #: 265 Function Name: NtUnlockFile
    Status: Not hooked

    #: 266 Function Name: NtUnlockVirtualMemory
    Status: Not hooked

    #: 267 Function Name: NtUnmapViewOfSection
    Status: Not hooked

    #: 268 Function Name: NtVdmControl
    Status: Not hooked

    #: 269 Function Name: NtWaitForDebugEvent
    Status: Not hooked

    #: 270 Function Name: NtWaitForMultipleObjects
    Status: Not hooked

    #: 271 Function Name: NtWaitForSingleObject
    Status: Not hooked

    #: 272 Function Name: NtWaitHighEventPair
    Status: Not hooked

    #: 273 Function Name: NtWaitLowEventPair
    Status: Not hooked

    #: 274 Function Name: NtWriteFile
    Status: Not hooked

    #: 275 Function Name: NtWriteFileGather
    Status: Not hooked

    #: 276 Function Name: NtWriteRequestData
    Status: Not hooked

    #: 277 Function Name: NtWriteVirtualMemory
    Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xec9e4ef4

    #: 278 Function Name: NtYieldExecution
    Status: Not hooked

    #: 279 Function Name: NtCreateKeyedEvent
    Status: Not hooked

    #: 280 Function Name: NtOpenKeyedEvent
    Status: Not hooked

    #: 281 Function Name: NtReleaseKeyedEvent
    Status: Not hooked

    #: 282 Function Name: NtWaitForKeyedEvent
    Status: Not hooked

    #: 283 Function Name: NtQueryPortInformationProcess
    Status: Not hooked

  5. #5
    Ohh Hell yeah.. Sava700's Avatar
    Join Date
    Feb 2002
    Location
    Somewhere
    Posts
    24,052
    that speed up my pc stuff is crap..uninstall it, also get rid of the PC Tools Firewall Plus I really wouldn't see a need for it and just make sure your updated on everything such as latest version of IE to IE8, all MS updates too. Adaware is almost useless now...waste of space may as well uninstall it too.

    As for malware bytes trojan..look in the quarantine box and copy and paste it here so I can see what you had.

  6. #6
    Second Most EVIL YARDofSTUF's Avatar
    Join Date
    Nov 2000
    Location
    USA
    Posts
    69,983
    PC tools firewall is good, if you don't have a router I would keep it, if you are behind a router then, you can let it take a nap.

  7. #7
    Advanced Member Lurch's Avatar
    Join Date
    Apr 2006
    Location
    TN
    Posts
    578
    Quote Originally Posted by Sava700 View Post
    that speed up my pc stuff is crap..uninstall it, also get rid of the PC Tools Firewall Plus I really wouldn't see a need for it and just make sure your updated on everything such as latest version of IE to IE8, all MS updates too. Adaware is almost useless now...waste of space may as well uninstall it too.

    As for malware bytes trojan..look in the quarantine box and copy and paste it here so I can see what you had.
    I think it was mccoffee and/or philip from this site that told me to get PC Tools Firewall in the first place, when I was having broadband speed issues.

    I kind of hate to remove UniBlue SpeedUpMyPC after paying $30 for it a year or so ago but will try it. I also got their Registry Cleaner that I have ran once a week or so.

    How will I keep crap off my PC after I do these things? Any other software that you'd recommend using in place of these? How about SpyBot S&D?

    Thanks for your opinion! Will definitely try it and may very well stick with it.

  8. #8
    Advanced Member Lurch's Avatar
    Join Date
    Apr 2006
    Location
    TN
    Posts
    578
    Quote Originally Posted by YARDofSTUF View Post
    PC tools firewall is good, if you don't have a router I would keep it, if you are behind a router then, you can let it take a nap.
    I have an RCA DCM-425 broadband modem and a Vonage V-Portal VoIP modem [but it has a router built in, so I guess I should keep PC Tools Firewall after all?]

    What firewall should I use instead if I remove PC Tools?

    Thank you.
    Last edited by Lurch; 05-10-09 at 05:47 AM.

  9. #9
    Advanced Member Lurch's Avatar
    Join Date
    Apr 2006
    Location
    TN
    Posts
    578
    PS - The Trojan I had was :

    TR/Agent.YUP

  10. #10
    Advanced Member Lurch's Avatar
    Join Date
    Apr 2006
    Location
    TN
    Posts
    578
    Update :

    Would you recommend I continue to use UniBlue RegistryBooster now that I've removed their SpeedUpMyPC software?

    Does my Vonage V-Portal VoIP unit qualify as a router? Should I run PC Tools Firewall with it?

    What was weird [I thought] was that I could no longer remove anything using SuperAntiSpywareBlaster. Before then I removed 50 or more spyware items every day.

    Thanks again.

  11. #11
    Ohh Hell yeah.. Sava700's Avatar
    Join Date
    Feb 2002
    Location
    Somewhere
    Posts
    24,052
    Quote Originally Posted by Lurch View Post
    I think it was mccoffee and/or philip from this site that told me to get PC Tools Firewall in the first place, when I was having broadband speed issues.

    I kind of hate to remove UniBlue SpeedUpMyPC after paying $30 for it a year or so ago but will try it. I also got their Registry Cleaner that I have ran once a week or so.

    How will I keep crap off my PC after I do these things? Any other software that you'd recommend using in place of these? How about SpyBot S&D?

    Thanks for your opinion! Will definitely try it and may very well stick with it.
    I would never recommend pc tools firewall...that for sure goes if your behind that router like YOS said so I think your ok..just turn on Windows Firewall and don't worry. Same goes for any registry cleaner..they often cause more harm than good.

    Spybot gets ride of certain things, but don't install Tea Timer..very annoying!

    Run it on demand or when you just feel like you want to. Superantispyware,malwarebytes are also good to clean certain things. I don't use avira antivirus I use Avast, I love their boot scanner as its pretty darn good at removing things and some would say Avira is best but doesn't matter they both have a built in boot scan setup to run.

    If malware bytes found and removed the trojan than your ok and don't worry about it anymore as it did what it was supposed to do. Just empty your Quarantine box and go on. The 50 or more spyware "things" sound like cookies and they are normal and harmless... don't worry about them if thats what they are.

  12. #12
    Second Most EVIL YARDofSTUF's Avatar
    Join Date
    Nov 2000
    Location
    USA
    Posts
    69,983
    Ya that V portal isnt very good as a main router, so I would stick with PC Tools firewall since you don't have a router with NAT.

    PC Tools Firewall is very good.

  13. #13
    Advanced Member Lurch's Avatar
    Join Date
    Apr 2006
    Location
    TN
    Posts
    578
    Thank you two for the heads up.

    I made many changes - uninstalled many things I don't use or use seldom. Used Easy Cleaner, defragged my main drive, made some Firefox tweaks a guy here recommded a few years ago, and I have to say my surfing seems to have really improved. I'm getting close to the 10 Mbps I'm paying for.

    So it seems this has really helped. Thanks again. Will refer back to this post and forum in the future.

  14. #14
    Advanced Member Lurch's Avatar
    Join Date
    Apr 2006
    Location
    TN
    Posts
    578
    PS - I don't know but offhand I'd say both PC Tools Firewall as well as Windows Firewall work well with me. I don't seem to have ever had a problem with either.

  15. #15
    Advanced Member Lurch's Avatar
    Join Date
    Apr 2006
    Location
    TN
    Posts
    578
    PS - Can any of you tell me why it takes 15-20 seconds or more right now just to open a file on my desktop with only about 40 MB of images?

  16. #16
    Ohh Hell yeah.. Sava700's Avatar
    Join Date
    Feb 2002
    Location
    Somewhere
    Posts
    24,052
    Quote Originally Posted by Lurch View Post
    PS - Can any of you tell me why it takes 15-20 seconds or more right now just to open a file on my desktop with only about 40 MB of images?
    what kind of file? Open with what program?

  17. #17
    Advanced Member Lurch's Avatar
    Join Date
    Apr 2006
    Location
    TN
    Posts
    578
    Quote Originally Posted by Sava700 View Post
    what kind of file? Open with what program?
    Hi. It's a shortcut to a folder of 278 MB of images from my digital camera that's stored on my 150 GB slave drive [which is only 2% used]. I changed the settings so it will highlight when I put cursur on it and will open with one click but it still take a long time to open [17 seconds - I just timed it]. This is since I updated to Firefox 3. I feel kind of like going back to FF2 again. I didn't have these issues with FF2.
    Last edited by Lurch; 05-11-09 at 09:28 AM. Reason: brain phart

  18. #18
    Elite Member TonyT's Avatar
    Join Date
    Jan 2000
    Location
    Fairfax, VA
    Posts
    10,335
    Quote Originally Posted by Lurch View Post
    Hi. It's a shortcut to a folder of 278 MB of images from my digital camera that's stored on my 150 GB slave drive [which is only 2% used]. I changed the settings so it will highlight when I put cursur on it and will open with one click but it still take a long time to open [17 seconds - I just timed it]. This is since I updated to Firefox 3. I feel kind of like going back to FF2 again. I didn't have these issues with FF2.
    1. Any stealth objects or hidden services in the RootRepeal scan?
    2. re long time to open image: turn off thumbnails in that folder. View menu > icons or tiles or list. And rt click an image > open with > choose program > Win Pic & Fax Viewer > checkmark "always use this program".
    No one has any right to force data on you
    and command you to believe it or else.
    If it is not true for you, it isn't true.

    LRH

  19. #19
    Certified SG Addict
    Join Date
    Dec 2001
    Posts
    29,514
    Sava, if you're going to "not recommend" something, at least give reasons why. Someone who isn't all that versed as Lurch seems to not be deserves to know why your "recommendation" contradicts those of several of the forums' most respected and technically proficient members.

  20. #20
    Ohh Hell yeah.. Sava700's Avatar
    Join Date
    Feb 2002
    Location
    Somewhere
    Posts
    24,052
    Quote Originally Posted by Burke View Post
    Sava, if you're going to "not recommend" something, at least give reasons why. Someone who isn't all that versed as Lurch seems to not be deserves to know why your "recommendation" contradicts those of several of the forums' most respected and technically proficient members.
    well it certainly isn't going to explode or cause a fire

    I think you worry too much Burke...had he really wanted to know I'm sure he would have asked or maybe it was common sense to know that it would likely cause issues at some point regardless what they are.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •