Jump to content

timanderson

Honorary Members
  • Posts

    22
  • Joined

  • Last visited

Reputation

0 Neutral
  1. ok, removed viewpoint thanks for the help miekiemoes!
  2. I have recently been viewing some videos on megavideo.com (if you don't know what that is, it is a website similar to youtube -- but everytime you press play on any video, it force links you to a malicious website, such as themindquiz.com). Trust me when I say I would never go to such a terrible site, but as previously said, it was the only place to view the videos I was looking for. my computer seems to be acting completely normal, and the MBAM scans show nothing -- but I am almost positive that I have some sort of spyware or other threat on my computer. If someone could confirm the safety of my computer that would be great . Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:19:59 PM, on 4/25/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\ARPWRMSG.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\HP\KBD\KBD.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe c:\windows\system\hpsysdrv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [WinPatrol [FREE Edition]] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1216060255328 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F4872248-7CF1-4698-9324-F1790FBE3429}: NameServer = 192.168.1.1,68.87.73.242 O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - (no file) O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 10773 bytes
  3. BTW I use both the free avast! and the free Ad-Aware.
  4. Hey, I hope this fits in PC Help. Anyways I heard that having two anti-virus tools can cause problems, so I was wondering if using both avast! and Ad-Aware is okay? The reason is, they both have sort of a real-time protection, I think. avast! has an On-Access Scanner, and Ad-Aware has an Ad-Watch Live/Realtime Protection. I thought that Ad-Aware was a simple ad-blocker at the time I downloaded it, but it appears to have a Scan tool as well, which makes it look like a lot like an anti-virus tool. But anyways, is it okay to use both at the same time? And if not, which one should I keep. Thanks.
  5. Hello, I recently downloaded WinPatrol, and it works great. I have noticed that lately it has been finding a Hidden File called etilqs_XXXXXXXXXX, the XXXXXXXXXX being a mixup of random letters. I was wondering what this was, and if one of you thinks it's bad, what should I do to remove it? I looked it up and I found a similar topic on a different forum: http://www.wilderssecurity.com/showthread.php?t=215287 I also tried having WinPatrol remove it, and that works, it doesnt show up anymore for a bit, but then WinPatrol finds another one a short while later. It seems that it shows up every time my wireless internet connection goes out. Tim
  6. Yep!, everything seems back to normal, did a couple extra back-up scans and they found nothing, my computer seems to be running as fast as normal as well. Thanks so much for taking the time to help man! I believe I got the threat by an accidental click on an ad: If anyone using Firefox 3 doesn't want to risk going through this crap, I would suggest downloading the addons Noscript and Adblock Plus. Thanks again AdvancedSetup.
  7. "However I could not uncheck Registry Integrity because I could not find it as an option." I feel stupid, after looking at CCleaner again I found that it's actully right where you said it would be, I just was really spaced out at the time so wasn't thinking straight. When I did the cleaning Registry Integrity was not unchecked so I hope that it didn't mess anything up / do anything unwanted.
  8. Never-mind about that time question, got it fixed.
  9. Also, this may be a funny question, but after I used ComboFix, my time got all messed up, i.e my time right now is 22:46, when it should be 10:46. I know it's not really a security question but since you probably have ComboFix you probably know about this problem and how to fix it.
  10. STEP 01) - Completed: JavaRa 1.13 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Apr 05 04:10:46 2009 Found and removed: C:\Program Files\Java\jre1.5.0_05 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\JavaPlugin.150_05 Found and removed: SOFTWARE\Classes\JavaPlugin.150_06 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_05\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\ ------------------------------------ Finished reporting. STEP 02) - Completed. STEP 03) - Completed. However I could not uncheck Registry Integrity because I could not find it as an option. STEP 04) - Completed. STEP 05) - Completed. STEP 06) - STEP A: Completed /// STEP B: I could not uninstall GMER because apparently it did not find it, I got this when I entered in %windir%\gmer_uninstall.cmd: (Windows cannot find 'C:\WINDOWS\gmer_uninstall.cmd'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.) /// STEP C: Completed. STEP 07) - Completed. STEP 08) - Completed. Malwarebyte Scan(looking good!): Malwarebytes' Anti-Malware 1.35 Database version: 1940 Windows 5.1.2600 Service Pack 3 4/5/2009 6:14:42 AM mbam-log-2009-04-05 (06-14-42).txt Scan type: Quick Scan Objects scanned: 78155 Time elapsed: 4 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) HiJackThis Scan: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 06:17, on 4/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\ARPWRMSG.EXE C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe C:\Program Files\Mozilla Firefox\firefox.exe c:\windows\system\hpsysdrv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1216060255328 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F4872248-7CF1-4698-9324-F1790FBE3429}: NameServer = 192.168.1.1,68.87.73.242 O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 11217 bytes
  11. ROOTREPEAL © AD, 2007-2008 ================================================== Scan Time: 2009/04/05 01:33 Program Version: Version 1.2.3.0 Windows Version: Windows XP Media Center Edition SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB62EA000 Size: 98304 File Visible: No Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBAE08000 Size: 8192 File Visible: No Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB15D9000 Size: 45056 File Visible: No Status: - Name: SYMEFA.SYS Image Path: SYMEFA.SYS Address: 0xBA5B5000 Size: 323584 File Visible: No Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\etilqs_kdfxMTuzo0CYt2Rq7CNl Status: Allocation size mismatch (API: 32768, Raw: 0) Path: C:\Program Files\Updates from HP\9972322\Users\Default\Data\inuse.txt Status: Allocation size mismatch (API: 48, Raw: 32) Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\Interface\Addons\Cartographer\Libs\Changelog-PeriodicTable-3.0-InstanceLootHeroic-r35395.xml Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\Interface\Addons\Cartographer\Libs\Changelog-PeriodicTable-3.0-InstanceLootHeroic-r35741.xml Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\Interface\Addons\Cartographer\Libs\Changelog-PeriodicTable-3.0-InstanceLootHeroic-r36257.xml Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\SavedVariables\Cartographer_Mining.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\SavedVariables\Cartographer_Treasure.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\SavedVariables\FuBar_oRA2CooldownFu.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\SavedVariables\FuBar_PerformanceFu.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1680x1050 Wide\Account\YourAccountNameHere\SavedVariables\Cartographer_Herbalism.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1680x1050 Wide\Account\YourAccountNameHere\SavedVariables\Cartographer_Treasure.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\Interface\Addons\AutoBar\libs\PeriodicTable-3.0-Consumable\PeriodicTable-3.0-Consumable.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\Interface\Addons\AutoBar\libs\PeriodicTable-3.0-Consumable\PeriodicTable-3.0-Consumable.toc Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\Interface\Addons\AutoBar\libs\PeriodicTable-3.0-Tradeskill\PeriodicTable-3.0-Tradeskill.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\Interface\Addons\AutoBar\libs\PeriodicTable-3.0-Tradeskill\PeriodicTable-3.0-Tradeskill.toc Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\Interface\Addons\BulkMail2\lib\PeriodicTable-3.0-Consumable\PeriodicTable-3.0-Consumable.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\Interface\Addons\BulkMail2\lib\PeriodicTable-3.0-Consumable\PeriodicTable-3.0-Consumable.toc Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\Interface\Addons\BulkMail2\lib\PeriodicTable-3.0-Reputation\PeriodicTable-3.0-Reputation.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\Interface\Addons\BulkMail2\lib\PeriodicTable-3.0-Reputation\PeriodicTable-3.0-Reputation.toc Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\Interface\Addons\BulkMail2\lib\PeriodicTable-3.0-Tradeskill\PeriodicTable-3.0-Tradeskill.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\Interface\Addons\BulkMail2\lib\PeriodicTable-3.0-Tradeskill\PeriodicTable-3.0-Tradeskill.toc Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\Interface\Addons\BulkMail2\lib\PeriodicTable-3.0-TradeskillResultMats\PeriodicTable-3.0-TradeskillResultMats.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\Interface\Addons\BulkMail2\lib\PeriodicTable-3.0-TradeskillResultMats\PeriodicTable-3.0-TradeskillResultMats.toc Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\Interface\Addons\Cartographer\Libs\PeriodicTable-3.0-InstanceLoot\PeriodicTable-3.0-InstanceLoot.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\Interface\Addons\Cartographer\Libs\PeriodicTable-3.0-InstanceLoot\PeriodicTable-3.0-InstanceLoot.toc Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\Interface\Addons\Cartographer\Libs\PeriodicTable-3.0-InstanceLootHeroic\PeriodicTable-3.0-InstanceLootHeroic.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\Interface\Addons\Cartographer\Libs\PeriodicTable-3.0-InstanceLootHeroic\PeriodicTable-3.0-InstanceLootHeroic.toc Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\AddOns.txt Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\bindings-cache.wtf Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\camera-settings.txt Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\chat-cache.txt Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\layout-cache.txt Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1440x900 Wide\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\AddOns.txt Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1440x900 Wide\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\bindings-cache.wtf Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1440x900 Wide\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\camera-settings.txt Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1440x900 Wide\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\chat-cache.txt Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1440x900 Wide\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\layout-cache.txt Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1440x900 Wide\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\macros-cache.txt Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1440x900 Wide\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\macros-local.txt Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1440x900 Wide\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1440x900 Wide\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1440x900 Wide\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Messenger\Canadian.yeti@hotmail.com\SharingMetadata\dragonskull700@hotmail.com\DFSR\Staging\CS{A7929E70-D28F-A535-8107-7743468D1037}\01\12-{A7929E70-D28F-A535-8107-7743468D1037}-v1-{A70A544D-1BC2-47D1-991B-C9A42B9F1EE5}-v12-Downloaded.frx Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Messenger\Canadian.yeti@hotmail.com\SharingMetadata\itsamemario112@hotmail.com\DFSR\Staging\CS{3F7DC3DE-37B8-4CA7-7793-0088D1BAFAA8}\01\11-{3F7DC3DE-37B8-4CA7-7793-0088D1BAFAA8}-v1-{A70A544D-1BC2-47D1-991B-C9A42B9F1EE5}-v11-Downloaded.frx Status: Locked to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\Adobe\Flash CS3\en\Configuration\HelpPanel\Help\ActionScriptLangRefV3\fl\controls\dataGridClasses\examples\DataGridCellEditorExample.swf:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\Adobe\Flash CS3\en\Configuration\HelpPanel\Help\ActionScriptLangRefV3\fl\controls\dataGridClasses\examples\DataGridCellEditorExample.swf:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Invisible to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\Fizzle.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\AutoBar.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\AutoBar.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\BigWigs.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\BigWigs.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\Cellular.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\Cellular.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\Click2Cast.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\Click2Cast.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\ClosetGnome.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\ClosetGnome.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\Fizzle.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\FuBar_HonorFu.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\FuBar_HonorFu.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\FuBar_MailFu.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\FuBar_MailFu.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\FuBar_MoneyFu.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\FuBar_MoneyFu.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\FuBar_TopScoreFu.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\FuBar_TopScoreFu.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\KLHThreatMeter.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\KLHThreatMeter.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\MountMe.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\MountMe.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\moveFrames.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\moveFrames.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\MrPlow.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\MrPlow.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\Prat.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\Prat.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\SimpleCombatLog.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\SimpleCombatLog.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\TinyTip.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\TinyTip.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\TrinketMenu.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1280x1024 Normal\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\TrinketMenu.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1440x900 Wide\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\ClosetGnome.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1440x900 Wide\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\FuBar_TopScoreFu.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1440x900 Wide\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\moveFrames.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1440x900 Wide\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\AutoBar.lua Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1440x900 Wide\Account\YourAccountNameHere\YourServerNameHere\YourCharacterNameHere\SavedVariables\AutoBar.lua.bak Status: Locked to the Windows API! Path: C:\Documents and Settings\HP_Administrator\Desktop\Jonathans' Folder\World of Warcraft\Modstuff that doesnt fit in Extract folder\all-deuce-ui-ace2-v-2-1-0\ADUI v 2.1.0\WTF_1440x900 Wide\Account\YourAccountNaSSDT ------------------- #: 012 Function Name: NtAlertResumeThread Status: Hooked by "<unknown>" at address 0x8a497070 #: 013 Function Name: NtAlertThread Status: Hooked by "<unknown>" at address 0x8a496300 #: 017 Function Name: NtAllocateVirtualMemory Status: Hooked by "<unknown>" at address 0x89d86808 #: 019 Function Name: NtAssignProcessToJobObject Status: Hooked by "<unknown>" at address 0x8a5bf400 #: 031 Function Name: NtConnectPort Status: Hooked by "<unknown>" at address 0x89f4e810 #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb6700040 #: 043 Function Name: NtCreateMutant Status: Hooked by "<unknown>" at address 0x89fbc868 #: 052 Function Name: NtCreateSymbolicLinkObject Status: Hooked by "<unknown>" at address 0x89b97908 #: 053 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0x89dec338 #: 057 Function Name: NtDebugActiveProcess Status: Hooked by "<unknown>" at address 0x8a466a08 #: 063 Function Name: NtDeleteKey Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb67002c0 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb6700820 #: 068 Function Name: NtDuplicateObject Status: Hooked by "<unknown>" at address 0x89d39588 #: 083 Function Name: NtFreeVirtualMemory Status: Hooked by "<unknown>" at address 0x89d50838 #: 089 Function Name: NtImpersonateAnonymousToken Status: Hooked by "<unknown>" at address 0x8a48d2d8 #: 091 Function Name: NtImpersonateThread Status: Hooked by "<unknown>" at address 0x8a4951f0 #: 097 Function Name: NtLoadDriver Status: Hooked by "<unknown>" at address 0x8a03b820 #: 108 Function Name: NtMapViewOfSection Status: Hooked by "<unknown>" at address 0x8a07e958 #: 114 Function Name: NtOpenEvent Status: Hooked by "<unknown>" at address 0x8a485a20 #: 122 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0x89e0b768 #: 123 Function Name: NtOpenProcessToken Status: Hooked by "<unknown>" at address 0x89f849b8 #: 125 Function Name: NtOpenSection Status: Hooked by "<unknown>" at address 0x8a47c5b0 #: 128 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0x89d39718 #: 137 Function Name: NtProtectVirtualMemory Status: Hooked by "<unknown>" at address 0x89b8f908 #: 206 Function Name: NtResumeThread Status: Hooked by "<unknown>" at address 0x89f8c628 #: 213 Function Name: NtSetContextThread Status: Hooked by "<unknown>" at address 0x8a4d9e28 #: 228 Function Name: NtSetInformationProcess Status: Hooked by "<unknown>" at address 0x89db0570 #: 240 Function Name: NtSetSystemInformation Status: Hooked by "<unknown>" at address 0x8a476c28 #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb6700a70 #: 253 Function Name: NtSuspendProcess Status: Hooked by "<unknown>" at address 0x8a48c548 #: 254 Function Name: NtSuspendThread Status: Hooked by "<unknown>" at address 0x8a495330 #: 257 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0x89f888f0 #: 258 Function Name: NtTerminateThread Status: Hooked by "<unknown>" at address 0x8a4992b0 #: 267 Function Name: NtUnmapViewOfSection Status: Hooked by "<unknown>" at address 0x8a692108 #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "<unknown>" at address 0x8a49a368
  12. While waiting for the RootRepeal scan to finish, I thought I might as well summarize what happened more descriptively. I believe that I got the threats by an accidental click on a very shady ad. Windows Defender popped up and told me that I had a threat, so I did a malwarebyte scan and found a load of crap.. 24 different threats. It got rid of almost every threat in one go.. but the stubborn Trojan.BHO wouldn't die. Malwarebyte would tell me it would be removed upon restart, after the restart I naturally did another scan to make sure everything was clean and well, but the scan notified right off the bat that the b*stard was still on my computer. I tried about 4-5 times, to no avail. I used another trusted Malware/Spyware scanner doubtfully and it found 3 Adware.Vundo Variants, which I promptly had it remove.. and after that, Malwarebytes never seemed to pick up the Trojan.BHO again! I did multiple Malware/Spyware scans after that, and they all came out 100% clean. During the time I looked for a response here I also made another, more descriptive post on another trusted site. You can find it here: http://forums.techguy.org/malware-removal-...tml#post6599912 I really hope that my computer is finally clean, and that it didn't just hide itself or something like that.
  13. STEP 03) ntbtlogtxt: Service Pack 3 4 5 2009 01:22:36.375 Loaded driver \WINDOWS\system32\ntkrnlpa.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver ACPI.sys Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver ohci1394.sys Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS Loaded driver pciide.sys Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS Loaded driver viaide.sys Loaded driver intelide.sys Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver dmload.sys Loaded driver dmio.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver iaStor.sys Loaded driver atapi.sys Loaded driver disk.sys Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver SYMEFA.SYS Loaded driver PxHelp20.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver Mup.sys Loaded driver \SystemRoot\system32\DRIVERS\AmdK8.sys Loaded driver \SystemRoot\system32\DRIVERS\aracpi.sys Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys Loaded driver \SystemRoot\system32\DRIVERS\usbohci.sys Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys Loaded driver \SystemRoot\System32\Drivers\GEARAspiWDM.sys Loaded driver \SystemRoot\system32\DRIVERS\nic1394.sys Loaded driver \SystemRoot\system32\DRIVERS\RT61.sys Loaded driver \SystemRoot\system32\DRIVERS\HSXHWBS2.sys Loaded driver \SystemRoot\system32\DRIVERS\HSX_DP.sys Loaded driver \SystemRoot\system32\DRIVERS\HSX_CNXT.sys Loaded driver \SystemRoot\System32\Drivers\Modem.SYS Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys Loaded driver \SystemRoot\system32\DRIVERS\nvnetbus.sys Loaded driver \SystemRoot\system32\DRIVERS\arpolicy.sys Loaded driver \SystemRoot\system32\DRIVERS\wacomvhid.sys Loaded driver \SystemRoot\system32\DRIVERS\arhidfltr.sys Loaded driver \SystemRoot\system32\DRIVERS\WacomVKHid.sys Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\system32\DRIVERS\psched.sys Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys Loaded driver \SystemRoot\system32\DRIVERS\rdpdr.sys Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\system32\DRIVERS\SymIM.sys Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys Loaded driver \SystemRoot\system32\DRIVERS\update.sys Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\system32\DRIVERS\NVENETFD.sys Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys Loaded driver \SystemRoot\system32\DRIVERS\wacommousefilter.sys Loaded driver \SystemRoot\system32\DRIVERS\armoucfltr.sys Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys Loaded driver \SystemRoot\system32\DRIVERS\arkbcfltr.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys Loaded driver \SystemRoot\system32\drivers\RtkHDAud.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Fdc.SYS Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Did not load driver \SystemRoot\system32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\system32\DRIVERS\arp1394.sys Loaded driver \??\C:\WINDOWS\system32\drivers\NIS\1005000.087\SYMNDIS.SYS Loaded driver \??\C:\WINDOWS\system32\drivers\NIS\1005000.087\SYMFW.SYS Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys Loaded driver \SystemRoot\system32\DRIVERS\USBSTOR.SYS Loaded driver \??\C:\WINDOWS\system32\drivers\NIS\1005000.087\SYMIDS.SYS Loaded driver Loaded driver \??\C:\WINDOWS\system32\drivers\NIS\1005000.087\SYMTDI.SYS Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\ws2ifsl.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys Did not load driver \SystemRoot\system32\DRIVERS\processr.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \??\C:\WINDOWS\system32\drivers\NIS\1005000.087\SRTSPX.SYS Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys Loaded driver \??\C:\WINDOWS\system32\drivers\NIS\1005000.087\ccHPx86.sys Loaded driver \??\C:\WINDOWS\system32\drivers\NIS\1005000.087\BHDrvx86.sys Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS Loaded driver \SystemRoot\System32\Drivers\Udfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\AegisP.sys Loaded driver \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys Did not load driver \SystemRoot\System32\Drivers\Serial.SYS Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \SystemRoot\System32\Drivers\HTTP.sys Loaded driver \SystemRoot\system32\DRIVERS\srv.sys Loaded driver \SystemRoot\system32\DRIVERS\mdmxsdk.sys Loaded driver \SystemRoot\system32\DRIVERS\secdrv.sys Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver Loaded driver Loaded driver \SystemRoot\system32\drivers\kmixer.sys Did not load driver \??\C:\WINDOWS\system32\drivers\NIS\1005000.087\SRTSPX.SYS Loaded driver \??\C:\WINDOWS\system32\drivers\NIS\1005000.087\SRTSP.SYS Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.