Okay I've been trying to deal with this virus for awile now, To start I had some trojan disguised as PC_Antivirus2010 spamming me trying to plant more viruses every time I restarted, I think I finally got rid of that but I know theirs still something not right as I can't go on the internet "I'm on a diff comp" and I can't run Malware bytes or Hijack this to post any logs for you guys, to be technical they do run it's just whenever I click scan & save log it just quits out of the program >_<, It's really starting to annoy me and I'm hoping you guys have some tricks to get them running. Any help would be appreciated thx!
THe only log program I could get to work was Win32kDiag here is that LOG,
Log file is located at: C:\Documents and Settings\????????\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP317.tmp\ZAP317.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Debug\UserMode\UserMode
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\mui\mui
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\occache\occache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\security\logs\logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1025\1025
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1028\1028
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1031\1031
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1037\1037
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1041\1041
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1042\1042
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1054\1054
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\2052\2052
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\3076\3076
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Google\Plugin\Plugin
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\{DFF16927-88E6-4EAA-A097-460B7E65289B}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{EDD39B6D-91C0-453A-8145-5ADBC4B87B1E}\{EDD39B6D-91C0-453A-8145-5ADBC4B87B1E}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1654141740-2376266550-3014290362-1003\S-1-5-21-1654141740-2376266550-3014290362-1003
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\javaws\cache\cache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google Desktop\cfa253216f31\cfa253216f31
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1654141740-2376266550-3014290362-1003\S-1-5-21-1654141740-2376266550-3014290362-1003
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Musicmatch\Jukebox\Cache\Cache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\CCWin\Address Book\Address Book
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\dhcp\dhcp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn
Not the best of methods providing repair steps without knowing more info about what all is there, but let's see if we can provide you with the means of fixing things enough to allow a check to be done. Do what you can compleet and post back those results here.
Copy that Win32kDiag.exe file directly to your C drive folder (this is assuming Windows is installed to that drive letter folder). Then go to Start - Run, type cmd (and press OK). At the prompt type or copy/paste the following, pressing Enter after:
win32kdiag -r -f
Once that completes press any key to finish the scan. Post the new Win32kDiag.txt log with your next reply (it will be in the same location as before).
------------------
Rename ComboFix.exe to alg.exe, then also place a copy of that directly oin your C drive folder. Then click that C:\alg.exe file to run ComboFix.
Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.
A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
------------------
Go here, scroll down and download RootRepeal.zip to your Desktop. Unzip that, and then click RootRepeal.exe to open the scanner. Next click on the Report tab, and then click on Scan. A Window will open asking what to include in the scan. Check all of the below and then click Ok.
You will then be asked which drive to scan. Check C: and click Ok again. The scan will start. It will take a little while so please be patient. When the scan has finished, click on Save Report. Name the log RootRepeal.txt and save it to your Documents folder (it should default there). When you have done this, please copy and paste it in this thread.Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.
Okay srry for late response only time I have is right now, the results aren't good whenever I type win32kdiag -r -f I get this response 'win32kdiag' is not recognized as an internal or external command, operable program or batch file.... Combofix won't run when I double click it just does that first combofix load then the screen flashes and nothing happens, I tried rootrepeal and was only able to scan drivers before it quit out and now I get a popup saying I don't have proper privileges to run this app
okay well that may have worked a few hours ago but now it seems the virus has blocked me from using win32kdiag as well. It gives me the same error as when I tried to use combofix. Now when I type in cd\win32kdiag -r -f I get "cannot find specified path" probably because the virus deleted it. I also can't uninstall it now says I don't have permission. It has been doing that to basically all my anti-viruses I've tried, Either they don't run at the beginning or they only work for a little bit till it bans it basically.
Try that please. Take your time, reread the steps provided and then carefully carry them out.Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.
I don't have enough actual system and file details to assess that any further at this point. Do the following, then also do the RootRepeal scan step I provided earlier please.
Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.
If on it's opening scan Gmer locates items shown in red or indicates "hidden" or "rootkit", stop there, and click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. We don't want any crashes just from taking an initial look at things.
If not, then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).
When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
Post that log and the RootRepeal log please.Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.
Srry for dbl post but I changed the name of the win32kdiag.exe and it did something different it said.
". Starting up... Log file is located at c:/documents/personsname/desktop/win32kdiag.txt removing all foundount points attempting to reset file permissions warning could not get backup privileges. Searching. C/windows"
This is what first showed when I first started up GMER, their was also a tab I could go to for processes that had some of them marked red, I didn't click scan.
GMER 1.0.15.15077 [7gncbk35.exe] - http://www.gmer.net Rootkit quick scan 2009-08-29 18:48:28 Windows 5.1.2600 Service Pack 3
Go ahead and run the scan please. And do the other scan as well before posting back, so I can review all the info at once.Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.
Okay so once I clicked scan after a little bit it just exited and now whenever I try to run gmer it says" windows cannot aces the specific path or file you may not have access to the item"
Rootrepeal will only let me scan drivers,processes,ssdt,stealth objects,hidden services and shadow ssdt. If I try to scan files it just quits
You have a very modified and major pest of a malware active there, and it is set to block even more than it has lately.
Go ahead with the modified RootRepeal scan then.
Also Go here and download reglooks.exe to your Desktop. Doubleclick on it to run it and when it has finished scanning, a log named result.txt will open in Notepad. Copy the log and post it in this thread.Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.
Oh yes I know it's a big pest >_<, Anyways heres what I could get from the rootrepeal scan
ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2009/08/29 20:16 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ==================================================
ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2009/08/29 20:16 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ==================================================
Processes ------------------- Path: System PID: 4 Status: -
ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2009/09/01 17:06 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ==================================================
Shadow SSDT ------------------- #: 000 Function Name: NtGdiAbortDoc Status: Not hooked
#: 001 Function Name: NtGdiAbortPath Status: Not hooked
#: 002 Function Name: NtGdiAddFontResourceW Status: Not hooked
#: 003 Function Name: NtGdiAddRemoteFontToDC Status: Not hooked
#: 004 Function Name: NtGdiAddFontMemResourceEx Status: Not hooked
#: 005 Function Name: NtGdiRemoveMergeFont Status: Not hooked
#: 006 Function Name: NtGdiAddRemoteMMInstanceToDC Status: Not hooked
#: 007 Function Name: NtGdiAlphaBlend Status: Not hooked
#: 008 Function Name: NtGdiAngleArc Status: Not hooked
#: 009 Function Name: NtGdiAnyLinkedFonts Status: Not hooked
#: 010 Function Name: NtGdiFontIsLinked Status: Not hooked
#: 011 Function Name: NtGdiArcInternal Status: Not hooked
#: 012 Function Name: NtGdiBeginPath Status: Not hooked
#: 013 Function Name: NtGdiBitBlt Status: Not hooked
#: 014 Function Name: NtGdiCancelDC Status: Not hooked
#: 015 Function Name: NtGdiCheckBitmapBits Status: Not hooked
#: 016 Function Name: NtGdiCloseFigure Status: Not hooked
#: 017 Function Name: NtGdiClearBitmapAttributes Status: Not hooked
#: 018 Function Name: NtGdiClearBrushAttributes Status: Not hooked
#: 019 Function Name: NtGdiColorCorrectPalette Status: Not hooked
#: 020 Function Name: NtGdiCombineRgn Status: Not hooked
#: 021 Function Name: NtGdiCombineTransform Status: Not hooked
#: 022 Function Name: NtGdiComputeXformCoefficients Status: Not hooked
#: 023 Function Name: NtGdiConsoleTextOut Status: Not hooked
#: 024 Function Name: NtGdiConvertMetafileRect Status: Not hooked
#: 025 Function Name: NtGdiCreateBitmap Status: Not hooked
#: 026 Function Name: NtGdiCreateClientObj Status: Not hooked
#: 027 Function Name: NtGdiCreateColorSpace Status: Not hooked
#: 028 Function Name: NtGdiCreateColorTransform Status: Not hooked
#: 029 Function Name: NtGdiCreateCompatibleBitmap Status: Not hooked
#: 030 Function Name: NtGdiCreateCompatibleDC Status: Not hooked
#: 031 Function Name: NtGdiCreateDIBBrush Status: Not hooked
#: 032 Function Name: NtGdiCreateDIBitmapInternal Status: Not hooked
#: 033 Function Name: NtGdiCreateDIBSection Status: Not hooked
#: 034 Function Name: NtGdiCreateEllipticRgn Status: Not hooked
#: 035 Function Name: NtGdiCreateHalftonePalette Status: Not hooked
#: 036 Function Name: NtGdiCreateHatchBrushInternal Status: Not hooked
#: 037 Function Name: NtGdiCreateMetafileDC Status: Not hooked
#: 038 Function Name: NtGdiCreatePaletteInternal Status: Not hooked
#: 039 Function Name: NtGdiCreatePatternBrushInternal Status: Not hooked
#: 040 Function Name: NtGdiCreatePen Status: Not hooked
#: 041 Function Name: NtGdiCreateRectRgn Status: Not hooked
#: 042 Function Name: NtGdiCreateRoundRectRgn Status: Not hooked
#: 043 Function Name: NtGdiCreateServerMetaFile Status: Not hooked
#: 044 Function Name: NtGdiCreateSolidBrush Status: Not hooked
#: 045 Function Name: NtGdiD3dContextCreate Status: Not hooked
#: 046 Function Name: NtGdiD3dContextDestroy Status: Not hooked
#: 047 Function Name: NtGdiD3dContextDestroyAll Status: Not hooked
#: 048 Function Name: NtGdiD3dValidateTextureStageState Status: Not hooked
#: 049 Function Name: NtGdiD3dDrawPrimitives2 Status: Not hooked
#: 050 Function Name: NtGdiDdGetDriverState Status: Not hooked
#: 051 Function Name: NtGdiDdAddAttachedSurface Status: Not hooked
#: 052 Function Name: NtGdiDdAlphaBlt Status: Not hooked
#: 053 Function Name: NtGdiDdAttachSurface Status: Not hooked
#: 054 Function Name: NtGdiDdBeginMoCompFrame Status: Not hooked
#: 055 Function Name: NtGdiDdBlt Status: Not hooked
#: 056 Function Name: NtGdiDdCanCreateSurface Status: Not hooked
#: 057 Function Name: NtGdiDdCanCreateD3DBuffer Status: Not hooked
#: 058 Function Name: NtGdiDdColorControl Status: Not hooked
#: 059 Function Name: NtGdiDdCreateDirectDrawObject Status: Not hooked
#: 060 Function Name: NtGdiDdCreateSurface Status: Not hooked
#: 061 Function Name: NtGdiDdCreateD3DBuffer Status: Not hooked
#: 062 Function Name: NtGdiDdCreateMoComp Status: Not hooked
#: 063 Function Name: NtGdiDdCreateSurfaceObject Status: Not hooked
#: 064 Function Name: NtGdiDdDeleteDirectDrawObject Status: Not hooked
#: 065 Function Name: NtGdiDdDeleteSurfaceObject Status: Not hooked
#: 066 Function Name: NtGdiDdDestroyMoComp Status: Not hooked
#: 067 Function Name: NtGdiDdDestroySurface Status: Not hooked
#: 068 Function Name: NtGdiDdDestroyD3DBuffer Status: Not hooked
#: 069 Function Name: NtGdiDdEndMoCompFrame Status: Not hooked
#: 070 Function Name: NtGdiDdFlip Status: Not hooked
#: 071 Function Name: NtGdiDdFlipToGDISurface Status: Not hooked
#: 072 Function Name: NtGdiDdGetAvailDriverMemory Status: Not hooked
#: 073 Function Name: NtGdiDdGetBltStatus Status: Not hooked
#: 074 Function Name: NtGdiDdGetDC Status: Not hooked
#: 075 Function Name: NtGdiDdGetDriverInfo Status: Not hooked
#: 076 Function Name: NtGdiDdGetDxHandle Status: Not hooked
#: 077 Function Name: NtGdiDdGetFlipStatus Status: Not hooked
#: 078 Function Name: NtGdiDdGetInternalMoCompInfo Status: Not hooked
#: 079 Function Name: NtGdiDdGetMoCompBuffInfo Status: Not hooked
#: 080 Function Name: NtGdiDdGetMoCompGuids Status: Not hooked
#: 081 Function Name: NtGdiDdGetMoCompFormats Status: Not hooked
#: 082 Function Name: NtGdiDdGetScanLine Status: Not hooked
#: 083 Function Name: NtGdiDdLock Status: Not hooked
#: 084 Function Name: NtGdiDdLockD3D Status: Not hooked
#: 085 Function Name: NtGdiDdQueryDirectDrawObject Status: Not hooked
#: 086 Function Name: NtGdiDdQueryMoCompStatus Status: Not hooked
#: 087 Function Name: NtGdiDdReenableDirectDrawObject Status: Not hooked
#: 088 Function Name: NtGdiDdReleaseDC Status: Not hooked
#: 089 Function Name: NtGdiDdRenderMoComp Status: Not hooked
#: 090 Function Name: NtGdiDdResetVisrgn Status: Not hooked
#: 091 Function Name: NtGdiDdSetColorKey Status: Not hooked
#: 092 Function Name: NtGdiDdSetExclusiveMode Status: Not hooked
#: 093 Function Name: NtGdiDdSetGammaRamp Status: Not hooked
#: 094 Function Name: NtGdiDdCreateSurfaceEx Status: Not hooked
#: 095 Function Name: NtGdiDdSetOverlayPosition Status: Not hooked
#: 096 Function Name: NtGdiDdUnattachSurface Status: Not hooked
#: 097 Function Name: NtGdiDdUnlock Status: Not hooked
#: 098 Function Name: NtGdiDdUnlockD3D Status: Not hooked
#: 099 Function Name: NtGdiDdUpdateOverlay Status: Not hooked
#: 100 Function Name: NtGdiDdWaitForVerticalBlank Status: Not hooked
#: 101 Function Name: NtGdiDvpCanCreateVideoPort Status: Not hooked
#: 102 Function Name: NtGdiDvpColorControl Status: Not hooked
#: 103 Function Name: NtGdiDvpCreateVideoPort Status: Not hooked
#: 104 Function Name: NtGdiDvpDestroyVideoPort Status: Not hooked
#: 105 Function Name: NtGdiDvpFlipVideoPort Status: Not hooked
#: 106 Function Name: NtGdiDvpGetVideoPortBandwidth Status: Not hooked
#: 107 Function Name: NtGdiDvpGetVideoPortField Status: Not hooked
#: 108 Function Name: NtGdiDvpGetVideoPortFlipStatus Status: Not hooked
#: 109 Function Name: NtGdiDvpGetVideoPortInputFormats Status: Not hooked
#: 110 Function Name: NtGdiDvpGetVideoPortLine Status: Not hooked
#: 111 Function Name: NtGdiDvpGetVideoPortOutputFormats Status: Not hooked
#: 112 Function Name: NtGdiDvpGetVideoPortConnectInfo Status: Not hooked
#: 113 Function Name: NtGdiDvpGetVideoSignalStatus Status: Not hooked
#: 114 Function Name: NtGdiDvpUpdateVideoPort Status: Not hooked
#: 115 Function Name: NtGdiDvpWaitForVideoPortSync Status: Not hooked
#: 116 Function Name: NtGdiDvpAcquireNotification Status: Not hooked
#: 117 Function Name: NtGdiDvpReleaseNotification Status: Not hooked
#: 118 Function Name: NtGdiDxgGenericThunk Status: Not hooked
#: 119 Function Name: NtGdiDeleteClientObj Status: Not hooked
#: 120 Function Name: NtGdiDeleteColorSpace Status: Not hooked
#: 121 Function Name: NtGdiDeleteColorTransform Status: Not hooked
#: 122 Function Name: NtGdiDeleteObjectApp Status: Not hooked
#: 123 Function Name: NtGdiDescribePixelFormat Status: Not hooked
#: 124 Function Name: NtGdiGetPerBandInfo Status: Not hooked
#: 125 Function Name: NtGdiDoBanding Status: Not hooked
#: 126 Function Name: NtGdiDoPalette Status: Not hooked
#: 127 Function Name: NtGdiDrawEscape Status: Not hooked
#: 128 Function Name: NtGdiEllipse Status: Not hooked
#: 129 Function Name: NtGdiEnableEudc Status: Not hooked
#: 130 Function Name: NtGdiEndDoc Status: Not hooked
#: 131 Function Name: NtGdiEndPage Status: Not hooked
#: 132 Function Name: NtGdiEndPath Status: Not hooked
#: 133 Function Name: NtGdiEnumFontChunk Status: Not hooked
#: 134 Function Name: NtGdiEnumFontClose Status: Not hooked
#: 135 Function Name: NtGdiEnumFontOpen Status: Not hooked
#: 136 Function Name: NtGdiEnumObjects Status: Not hooked
#: 137 Function Name: NtGdiEqualRgn Status: Not hooked
#: 138 Function Name: NtGdiEudcLoadUnloadLink Status: Not hooked
#: 139 Function Name: NtGdiExcludeClipRect Status: Not hooked
#: 140 Function Name: NtGdiExtCreatePen Status: Not hooked
#: 141 Function Name: NtGdiExtCreateRegion Status: Not hooked
#: 142 Function Name: NtGdiExtEscape Status: Not hooked
#: 143 Function Name: NtGdiExtFloodFill Status: Not hooked
#: 144 Function Name: NtGdiExtGetObjectW Status: Not hooked
#: 145 Function Name: NtGdiExtSelectClipRgn Status: Not hooked
#: 146 Function Name: NtGdiExtTextOutW Status: Not hooked
#: 147 Function Name: NtGdiFillPath Status: Not hooked
#: 148 Function Name: NtGdiFillRgn Status: Not hooked
#: 149 Function Name: NtGdiFlattenPath Status: Not hooked
#: 150 Function Name: NtGdiFlushUserBatch Status: Not hooked
#: 151 Function Name: NtGdiFlush Status: Not hooked
#: 152 Function Name: NtGdiForceUFIMapping Status: Not hooked
#: 153 Function Name: NtGdiFrameRgn Status: Not hooked
#: 154 Function Name: NtGdiFullscreenControl Status: Not hooked
#: 155 Function Name: NtGdiGetAndSetDCDword Status: Not hooked
#: 156 Function Name: NtGdiGetAppClipBox Status: Not hooked
#: 157 Function Name: NtGdiGetBitmapBits Status: Not hooked
#: 158 Function Name: NtGdiGetBitmapDimension Status: Not hooked
#: 159 Function Name: NtGdiGetBoundsRect Status: Not hooked
#: 160 Function Name: NtGdiGetCharABCWidthsW Status: Not hooked
#: 161 Function Name: NtGdiGetCharacterPlacementW Status: Not hooked
#: 162 Function Name: NtGdiGetCharSet Status: Not hooked
#: 163 Function Name: NtGdiGetCharWidthW Status: Not hooked
#: 164 Function Name: NtGdiGetCharWidthInfo Status: Not hooked
#: 165 Function Name: NtGdiGetColorAdjustment Status: Not hooked
#: 166 Function Name: NtGdiGetColorSpaceforBitmap Status: Not hooked
#: 167 Function Name: NtGdiGetDCDword Status: Not hooked
#: 168 Function Name: NtGdiGetDCforBitmap Status: Not hooked
#: 169 Function Name: NtGdiGetDCObject Status: Not hooked
#: 170 Function Name: NtGdiGetDCPoint Status: Not hooked
#: 171 Function Name: NtGdiGetDeviceCaps Status: Not hooked
#: 172 Function Name: NtGdiGetDeviceGammaRamp Status: Not hooked
#: 173 Function Name: NtGdiGetDeviceCapsAll Status: Not hooked
#: 174 Function Name: NtGdiGetDIBitsInternal Status: Not hooked
#: 175 Function Name: NtGdiGetETM Status: Not hooked
#: 176 Function Name: NtGdiGetEudcTimeStampEx Status: Not hooked
#: 177 Function Name: NtGdiGetFontData Status: Not hooked
#: 178 Function Name: NtGdiGetFontResourceInfoInternalW Status: Not hooked
#: 179 Function Name: NtGdiGetGlyphIndicesW Status: Not hooked
#: 180 Function Name: NtGdiGetGlyphIndicesWInternal Status: Not hooked
#: 181 Function Name: NtGdiGetGlyphOutline Status: Not hooked
#: 182 Function Name: NtGdiGetKerningPairs Status: Not hooked
#: 183 Function Name: NtGdiGetLinkedUFIs Status: Not hooked
#: 184 Function Name: NtGdiGetMiterLimit Status: Not hooked
#: 185 Function Name: NtGdiGetMonitorID Status: Not hooked
#: 186 Function Name: NtGdiGetNearestColor Status: Not hooked
#: 187 Function Name: NtGdiGetNearestPaletteIndex Status: Not hooked
#: 188 Function Name: NtGdiGetObjectBitmapHandle Status: Not hooked
#: 189 Function Name: NtGdiGetOutlineTextMetricsInternalW Status: Not hooked
#: 190 Function Name: NtGdiGetPath Status: Not hooked
#: 191 Function Name: NtGdiGetPixel Status: Not hooked
#: 192 Function Name: NtGdiGetRandomRgn Status: Not hooked
#: 193 Function Name: NtGdiGetRasterizerCaps Status: Not hooked
#: 194 Function Name: NtGdiGetRealizationInfo Status: Not hooked
#: 195 Function Name: NtGdiGetRegionData Status: Not hooked
#: 196 Function Name: NtGdiGetRgnBox Status: Not hooked
#: 197 Function Name: NtGdiGetServerMetaFileBits Status: Not hooked
#: 198 Function Name: NtGdiGetSpoolMessage Status: Not hooked
#: 199 Function Name: NtGdiGetStats Status: Not hooked
#: 200 Function Name: NtGdiGetStockObject Status: Not hooked
#: 201 Function Name: NtGdiGetStringBitmapW Status: Not hooked
#: 202 Function Name: NtGdiGetSystemPaletteUse Status: Not hooked
#: 203 Function Name: NtGdiGetTextCharsetInfo Status: Not hooked
#: 204 Function Name: NtGdiGetTextExtent Status: Not hooked
#: 205 Function Name: NtGdiGetTextExtentExW Status: Not hooked
#: 206 Function Name: NtGdiGetTextFaceW Status: Not hooked
#: 207 Function Name: NtGdiGetTextMetricsW Status: Not hooked
#: 208 Function Name: NtGdiGetTransform Status: Not hooked
#: 209 Function Name: NtGdiGetUFI Status: Not hooked
#: 210 Function Name: NtGdiGetEmbUFI Status: Not hooked
#: 211 Function Name: NtGdiGetUFIPathname Status: Not hooked
#: 212 Function Name: NtGdiGetEmbedFonts Status: Not hooked
#: 213 Function Name: NtGdiChangeGhostFont Status: Not hooked
#: 214 Function Name: NtGdiAddEmbFontToDC Status: Not hooked
#: 215 Function Name: NtGdiGetFontUnicodeRanges Status: Not hooked
#: 216 Function Name: NtGdiGetWidthTable Status: Not hooked
#: 217 Function Name: NtGdiGradientFill Status: Not hooked
#: 218 Function Name: NtGdiHfontCreate Status: Not hooked
#: 219 Function Name: NtGdiIcmBrushInfo Status: Not hooked
#: 220 Function Name: NtGdiInit Status: Not hooked
#: 221 Function Name: NtGdiInitSpool Status: Not hooked
#: 222 Function Name: NtGdiIntersectClipRect Status: Not hooked
#: 223 Function Name: NtGdiInvertRgn Status: Not hooked
#: 224 Function Name: NtGdiLineTo Status: Not hooked
#: 225 Function Name: NtGdiMakeFontDir Status: Not hooked
#: 226 Function Name: NtGdiMakeInfoDC Status: Not hooked
#: 227 Function Name: NtGdiMaskBlt Status: Not hooked
#: 228 Function Name: NtGdiModifyWorldTransform Status: Not hooked
#: 229 Function Name: NtGdiMonoBitmap Status: Not hooked
#: 230 Function Name: NtGdiMoveTo Status: Not hooked
#: 231 Function Name: NtGdiOffsetClipRgn Status: Not hooked
#: 232 Function Name: NtGdiOffsetRgn Status: Not hooked
#: 233 Function Name: NtGdiOpenDCW Status: Not hooked
#: 234 Function Name: NtGdiPatBlt Status: Not hooked
#: 235 Function Name: NtGdiPolyPatBlt Status: Not hooked
#: 236 Function Name: NtGdiPathToRegion Status: Not hooked
#: 237 Function Name: NtGdiPlgBlt Status: Not hooked
#: 238 Function Name: NtGdiPolyDraw Status: Not hooked
#: 239 Function Name: NtGdiPolyPolyDraw Status: Not hooked
#: 240 Function Name: NtGdiPolyTextOutW Status: Not hooked
#: 241 Function Name: NtGdiPtInRegion Status: Not hooked
#: 242 Function Name: NtGdiPtVisible Status: Not hooked
#: 243 Function Name: NtGdiQueryFonts Status: Not hooked
#: 244 Function Name: NtGdiQueryFontAssocInfo Status: Not hooked
#: 245 Function Name: NtGdiRectangle Status: Not hooked
#: 246 Function Name: NtGdiRectInRegion Status: Not hooked
#: 247 Function Name: NtGdiRectVisible Status: Not hooked
#: 248 Function Name: NtGdiRemoveFontResourceW Status: Not hooked
#: 249 Function Name: NtGdiRemoveFontMemResourceEx Status: Not hooked
#: 250 Function Name: NtGdiResetDC Status: Not hooked
#: 251 Function Name: NtGdiResizePalette Status: Not hooked
#: 252 Function Name: NtGdiRestoreDC Status: Not hooked
#: 253 Function Name: NtGdiRoundRect Status: Not hooked
#: 254 Function Name: NtGdiSaveDC Status: Not hooked
#: 255 Function Name: NtGdiScaleViewportExtEx Status: Not hooked
#: 256 Function Name: NtGdiScaleWindowExtEx Status: Not hooked
#: 257 Function Name: NtGdiSelectBitmap Status: Not hooked
#: 258 Function Name: NtGdiSelectBrush Status: Not hooked
#: 259 Function Name: NtGdiSelectClipPath Status: Not hooked
#: 260 Function Name: NtGdiSelectFont Status: Not hooked
#: 261 Function Name: NtGdiSelectPen Status: Not hooked
#: 262 Function Name: NtGdiSetBitmapAttributes Status: Not hooked
#: 263 Function Name: NtGdiSetBitmapBits Status: Not hooked
#: 264 Function Name: NtGdiSetBitmapDimension Status: Not hooked
#: 265 Function Name: NtGdiSetBoundsRect Status: Not hooked
#: 266 Function Name: NtGdiSetBrushAttributes Status: Not hooked
#: 267 Function Name: NtGdiSetBrushOrg Status: Not hooked
#: 268 Function Name: NtGdiSetColorAdjustment Status: Not hooked
#: 269 Function Name: NtGdiSetColorSpace Status: Not hooked
#: 270 Function Name: NtGdiSetDeviceGammaRamp Status: Not hooked
#: 271 Function Name: NtGdiSetDIBitsToDeviceInternal Status: Not hooked
#: 272 Function Name: NtGdiSetFontEnumeration Status: Not hooked
#: 273 Function Name: NtGdiSetFontXform Status: Not hooked
#: 274 Function Name: NtGdiSetIcmMode Status: Not hooked
#: 275 Function Name: NtGdiSetLinkedUFIs Status: Not hooked
#: 276 Function Name: NtGdiSetMagicColors Status: Not hooked
#: 277 Function Name: NtGdiSetMetaRgn Status: Not hooked
#: 278 Function Name: NtGdiSetMiterLimit Status: Not hooked
#: 279 Function Name: NtGdiGetDeviceWidth Status: Not hooked
#: 280 Function Name: NtGdiMirrorWindowOrg Status: Not hooked
#: 281 Function Name: NtGdiSetLayout Status: Not hooked
#: 282 Function Name: NtGdiSetPixel Status: Not hooked
#: 283 Function Name: NtGdiSetPixelFormat Status: Not hooked
#: 284 Function Name: NtGdiSetRectRgn Status: Not hooked
#: 285 Function Name: NtGdiSetSystemPaletteUse Status: Not hooked
#: 286 Function Name: NtGdiSetTextJustification Status: Not hooked
#: 287 Function Name: NtGdiSetupPublicCFONT Status: Not hooked
#: 288 Function Name: NtGdiSetVirtualResolution Status: Not hooked
#: 289 Function Name: NtGdiSetSizeDevice Status: Not hooked
#: 290 Function Name: NtGdiStartDoc Status: Not hooked
#: 291 Function Name: NtGdiStartPage Status: Not hooked
#: 292 Function Name: NtGdiStretchBlt Status: Not hooked
#: 293 Function Name: NtGdiStretchDIBitsInternal Status: Not hooked
#: 294 Function Name: NtGdiStrokeAndFillPath Status: Not hooked
#: 295 Function Name: NtGdiStrokePath Status: Not hooked
#: 296 Function Name: NtGdiSwapBuffers Status: Not hooked
#: 297 Function Name: NtGdiTransformPoints Status: Not hooked
#: 298 Function Name: NtGdiTransparentBlt Status: Not hooked
#: 299 Function Name: NtGdiUnloadPrinterDriver Status: Not hooked
#: 300 Function Name: NtGdiUnmapMemFont Status: Not hooked
#: 301 Function Name: NtGdiUnrealizeObject Status: Not hooked
#: 302 Function Name: NtGdiUpdateColors Status: Not hooked
#: 303 Function Name: NtGdiWidenPath Status: Not hooked
#: 304 Function Name: NtUserActivateKeyboardLayout Status: Not hooked
#: 305 Function Name: NtUserAlterWindowStyle Status: Not hooked
#: 306 Function Name: NtUserAssociateInputContext Status: Not hooked
#: 307 Function Name: NtUserAttachThreadInput Status: Hooked by "<unknown>" at address 0x82bf8240
#: 308 Function Name: NtUserBeginPaint Status: Not hooked
#: 309 Function Name: NtUserBitBltSysBmp Status: Not hooked
#: 310 Function Name: NtUserBlockInput Status: Not hooked
#: 311 Function Name: NtUserBuildHimcList Status: Not hooked
#: 312 Function Name: NtUserBuildHwndList Status: Not hooked
#: 313 Function Name: NtUserBuildNameList Status: Not hooked
#: 314 Function Name: NtUserBuildPropList Status: Not hooked
#: 315 Function Name: NtUserCallHwnd Status: Not hooked
#: 316 Function Name: NtUserCallHwndLock Status: Not hooked
#: 317 Function Name: NtUserCallHwndOpt Status: Not hooked
#: 318 Function Name: NtUserCallHwndParam Status: Not hooked
#: 319 Function Name: NtUserCallHwndParamLock Status: Not hooked
#: 320 Function Name: NtUserCallMsgFilter Status: Not hooked
#: 321 Function Name: NtUserCallNextHookEx Status: Not hooked
#: 322 Function Name: NtUserCallNoParam Status: Not hooked
#: 323 Function Name: NtUserCallOneParam Status: Not hooked
#: 324 Function Name: NtUserCallT!!!aram Status: Not hooked
#: 325 Function Name: NtUserChangeClipboardChain Status: Not hooked
#: 326 Function Name: NtUserChangeDisplaySettings Status: Not hooked
#: 327 Function Name: NtUserCheckImeHotKey Status: Not hooked
#: 328 Function Name: NtUserCheckMenuItem Status: Not hooked
#: 329 Function Name: NtUserChildWindowFromPointEx Status: Not hooked
#: 330 Function Name: NtUserClipCursor Status: Not hooked
#: 331 Function Name: NtUserCloseClipboard Status: Not hooked
#: 332 Function Name: NtUserCloseDesktop Status: Not hooked
#: 333 Function Name: NtUserCloseWindowStation Status: Not hooked
#: 334 Function Name: NtUserConsoleControl Status: Not hooked
#: 335 Function Name: NtUserConvertMemHandle Status: Not hooked
#: 336 Function Name: NtUserCopyAcceleratorTable Status: Not hooked
#: 337 Function Name: NtUserCountClipboardFormats Status: Not hooked
#: 338 Function Name: NtUserCreateAcceleratorTable Status: Not hooked
#: 339 Function Name: NtUserCreateCaret Status: Not hooked
#: 340 Function Name: NtUserCreateDesktop Status: Not hooked
#: 341 Function Name: NtUserCreateInputContext Status: Not hooked
#: 342 Function Name: NtUserCreateLocalMemHandle Status: Not hooked
#: 343 Function Name: NtUserCreateWindowEx Status: Not hooked
#: 344 Function Name: NtUserCreateWindowStation Status: Not hooked
#: 345 Function Name: NtUserDdeGetQualityOfService Status: Not hooked
#: 346 Function Name: NtUserDdeInitialize Status: Not hooked
#: 347 Function Name: NtUserDdeSetQualityOfService Status: Not hooked
#: 348 Function Name: NtUserDeferWindowPos Status: Not hooked
#: 349 Function Name: NtUserDefSetText Status: Not hooked
#: 350 Function Name: NtUserDeleteMenu Status: Not hooked
#: 351 Function Name: NtUserDestroyAcceleratorTable Status: Not hooked
#: 352 Function Name: NtUserDestroyCursor Status: Not hooked
#: 353 Function Name: NtUserDestroyInputContext Status: Not hooked
#: 354 Function Name: NtUserDestroyMenu Status: Not hooked
#: 355 Function Name: NtUserDestroyWindow Status: Not hooked
#: 356 Function Name: NtUserDisableThreadIme Status: Not hooked
#: 357 Function Name: NtUserDispatchMessage Status: Not hooked
#: 358 Function Name: NtUserDragDetect Status: Not hooked
#: 359 Function Name: NtUserDragObject Status: Not hooked
#: 360 Function Name: NtUserDrawAnimatedRects Status: Not hooked
#: 361 Function Name: NtUserDrawCaption Status: Not hooked
#: 362 Function Name: NtUserDrawCaptionTemp Status: Not hooked
#: 363 Function Name: NtUserDrawIconEx Status: Not hooked
#: 364 Function Name: NtUserDrawMenuBarTemp Status: Not hooked
#: 365 Function Name: NtUserEmptyClipboard Status: Not hooked
#: 366 Function Name: NtUserEnableMenuItem Status: Not hooked
#: 367 Function Name: NtUserEnableScrollBar Status: Not hooked
#: 368 Function Name: NtUserEndDeferWindowPosEx Status: Not hooked
#: 369 Function Name: NtUserEndMenu Status: Not hooked
#: 370 Function Name: NtUserEndPaint Status: Not hooked
#: 371 Function Name: NtUserEnumDisplayDevices Status: Not hooked
#: 372 Function Name: NtUserEnumDisplayMonitors Status: Not hooked
#: 373 Function Name: NtUserEnumDisplaySettings Status: Not hooked
#: 374 Function Name: NtUserEvent Status: Not hooked
#: 375 Function Name: NtUserExcludeUpdateRgn Status: Not hooked
#: 376 Function Name: NtUserFillWindow Status: Not hooked
#: 377 Function Name: NtUserFindExistingCursorIcon Status: Not hooked
#: 378 Function Name: NtUserFindWindowEx Status: Not hooked
#: 379 Function Name: NtUserFlashWindowEx Status: Not hooked
#: 380 Function Name: NtUserGetAltTabInfo Status: Not hooked
#: 381 Function Name: NtUserGetAncestor Status: Not hooked
#: 382 Function Name: NtUserGetAppImeLevel Status: Not hooked
#: 383 Function Name: NtUserGetAsyncKeyState Status: Hooked by "<unknown>" at address 0x82f8f2d0
#: 384 Function Name: NtUserGetAtomName Status: Not hooked
#: 385 Function Name: NtUserGetCaretBlinkTime Status: Not hooked
#: 386 Function Name: NtUserGetCaretPos Status: Not hooked
#: 387 Function Name: NtUserGetClassInfo Status: Not hooked
#: 388 Function Name: NtUserGetClassName Status: Not hooked
#: 389 Function Name: NtUserGetClipboardData Status: Not hooked
#: 390 Function Name: NtUserGetClipboardFormatName Status: Not hooked
#: 391 Function Name: NtUserGetClipboardOwner Status: Not hooked
#: 392 Function Name: NtUserGetClipboardSequenceNumber Status: Not hooked
#: 393 Function Name: NtUserGetClipboardViewer Status: Not hooked
#: 394 Function Name: NtUserGetClipCursor Status: Not hooked
#: 395 Function Name: NtUserGetComboBoxInfo Status: Not hooked
#: 396 Function Name: NtUserGetControlBrush Status: Not hooked
#: 397 Function Name: NtUserGetControlColor Status: Not hooked
#: 398 Function Name: NtUserGetCPD Status: Not hooked
#: 399 Function Name: NtUserGetCursorFrameInfo Status: Not hooked
#: 400 Function Name: NtUserGetCursorInfo Status: Not hooked
#: 401 Function Name: NtUserGetDC Status: Not hooked
#: 402 Function Name: NtUserGetDCEx Status: Not hooked
#: 403 Function Name: NtUserGetDoubleClickTime Status: Not hooked
#: 404 Function Name: NtUserGetForegroundWindow Status: Not hooked
#: 405 Function Name: NtUserGetGuiResources Status: Not hooked
#: 406 Function Name: NtUserGetGUIThreadInfo Status: Not hooked
#: 407 Function Name: NtUserGetIconInfo Status: Not hooked
#: 408 Function Name: NtUserGetIconSize Status: Not hooked
#: 409 Function Name: NtUserGetImeHotKey Status: Not hooked
#: 410 Function Name: NtUserGetImeInfoEx Status: Not hooked
#: 411 Function Name: NtUserGetInternalWindowPos Status: Not hooked
#: 412 Function Name: NtUserGetKeyboardLayoutList Status: Not hooked
#: 413 Function Name: NtUserGetKeyboardLayoutName Status: Not hooked
#: 414 Function Name: NtUserGetKeyboardState Status: Hooked by "<unknown>" at address 0x82ea3af0
#: 415 Function Name: NtUserGetKeyNameText Status: Not hooked
#: 416 Function Name: NtUserGetKeyState Status: Hooked by "<unknown>" at address 0x82f1b588
#: 417 Function Name: NtUserGetListBoxInfo Status: Not hooked
#: 418 Function Name: NtUserGetMenuBarInfo Status: Not hooked
#: 419 Function Name: NtUserGetMenuIndex Status: Not hooked
#: 420 Function Name: NtUserGetMenuItemRect Status: Not hooked
#: 421 Function Name: NtUserGetMessage Status: Not hooked
#: 422 Function Name: NtUserGetMouseMovePointsEx Status: Not hooked
#: 423 Function Name: NtUserGetObjectInformation Status: Not hooked
#: 424 Function Name: NtUserGetOpenClipboardWindow Status: Not hooked
#: 425 Function Name: NtUserGetPriorityClipboardFormat Status: Not hooked
#: 426 Function Name: NtUserGetProcessWindowStation Status: Not hooked
#: 427 Function Name: NtUserGetRawInputBuffer Status: Not hooked
#: 428 Function Name: NtUserGetRawInputData Status: Not hooked
#: 429 Function Name: NtUserGetRawInputDeviceInfo Status: Not hooked
#: 430 Function Name: NtUserGetRawInputDeviceList Status: Not hooked
#: 431 Function Name: NtUserGetRegisteredRawInputDevices Status: Not hooked
#: 432 Function Name: NtUserGetScrollBarInfo Status: Not hooked
#: 433 Function Name: NtUserGetSystemMenu Status: Not hooked
#: 434 Function Name: NtUserGetThreadDesktop Status: Not hooked
#: 435 Function Name: NtUserGetThreadState Status: Not hooked
#: 436 Function Name: NtUserGetTitleBarInfo Status: Not hooked
#: 437 Function Name: NtUserGetUpdateRect Status: Not hooked
#: 438 Function Name: NtUserGetUpdateRgn Status: Not hooked
#: 439 Function Name: NtUserGetWindowDC Status: Not hooked
#: 440 Function Name: NtUserGetWindowPlacement Status: Not hooked
#: 441 Function Name: NtUserGetWOWClass Status: Not hooked
#: 442 Function Name: NtUserHardErrorControl Status: Not hooked
#: 443 Function Name: NtUserHideCaret Status: Not hooked
#: 444 Function Name: NtUserHiliteMenuItem Status: Not hooked
#: 445 Function Name: NtUserImpersonateDdeClientWindow Status: Not hooked
#: 446 Function Name: NtUserInitialize Status: Not hooked
#: 447 Function Name: NtUserInitializeClientPfnArrays Status: Not hooked
#: 448 Function Name: NtUserInitTask Status: Not hooked
#: 449 Function Name: NtUserInternalGetWindowText Status: Not hooked
#: 450 Function Name: NtUserInvalidateRect Status: Not hooked
#: 451 Function Name: NtUserInvalidateRgn Status: Not hooked
#: 452 Function Name: NtUserIsClipboardFormatAvailable Status: Not hooked
#: 453 Function Name: NtUserKillTimer Status: Not hooked
#: 454 Function Name: NtUserLoadKeyboardLayoutEx Status: Not hooked
#: 455 Function Name: NtUserLockWindowStation Status: Not hooked
#: 456 Function Name: NtUserLockWindowUpdate Status: Not hooked
#: 457 Function Name: NtUserLockWorkStation Status: Not hooked
#: 458 Function Name: NtUserMapVirtualKeyEx Status: Not hooked
#: 459 Function Name: NtUserMenuItemFromPoint Status: Not hooked
#: 460 Function Name: NtUserMessageCall Status: Hooked by "<unknown>" at address 0x82c26358
#: 461 Function Name: NtUserMinMaximize Status: Not hooked
#: 462 Function Name: NtUserMNDragLeave Status: Not hooked
#: 463 Function Name: NtUserMNDragOver Status: Not hooked
#: 464 Function Name: NtUserModifyUserStartupInfoFlags Status: Not hooked
#: 465 Function Name: NtUserMoveWindow Status: Not hooked
#: 466 Function Name: NtUserNotifyIMEStatus Status: Not hooked
#: 467 Function Name: NtUserNotifyProcessCreate Status: Not hooked
#: 468 Function Name: NtUserNotifyWinEvent Status: Not hooked
#: 469 Function Name: NtUserOpenClipboard Status: Not hooked
#: 470 Function Name: NtUserOpenDesktop Status: Not hooked
#: 471 Function Name: NtUserOpenInputDesktop Status: Not hooked
#: 472 Function Name: NtUserOpenWindowStation Status: Not hooked
#: 473 Function Name: NtUserPaintDesktop Status: Not hooked
#: 474 Function Name: NtUserPeekMessage Status: Not hooked
#: 475 Function Name: NtUserPostMessage Status: Hooked by "<unknown>" at address 0x82bec100
#: 476 Function Name: NtUserPostThreadMessage Status: Hooked by "<unknown>" at address 0x82e34d00
#: 477 Function Name: NtUserPrintWindow Status: Not hooked
#: 478 Function Name: NtUserProcessConnect Status: Not hooked
#: 479 Function Name: NtUserQueryInformationThread Status: Not hooked
#: 480 Function Name: NtUserQueryInputContext Status: Not hooked
#: 481 Function Name: NtUserQuerySendMessage Status: Not hooked
#: 482 Function Name: NtUserQueryUserCounters Status: Not hooked
#: 483 Function Name: NtUserQueryWindow Status: Not hooked
#: 484 Function Name: NtUserRealChildWindowFromPoint Status: Not hooked
#: 485 Function Name: NtUserRealInternalGetMessage Status: Not hooked
#: 486 Function Name: NtUserRealWaitMessageEx Status: Not hooked
#: 487 Function Name: NtUserRedrawWindow Status: Not hooked
#: 488 Function Name: NtUserRegisterClassExWOW Status: Not hooked
#: 489 Function Name: NtUserRegisterUserApiHook Status: Not hooked
#: 490 Function Name: NtUserRegisterHotKey Status: Not hooked
#: 491 Function Name: NtUserRegisterRawInputDevices Status: Not hooked
#: 492 Function Name: NtUserRegisterTasklist Status: Not hooked
#: 493 Function Name: NtUserRegisterWindowMessage Status: Not hooked
#: 494 Function Name: NtUserRemoveMenu Status: Not hooked
#: 495 Function Name: NtUserRemoveProp Status: Not hooked
#: 496 Function Name: NtUserResolveDesktop Status: Not hooked
#: 497 Function Name: NtUserResolveDesktopForWOW Status: Not hooked
#: 498 Function Name: NtUserSBGetParms Status: Not hooked
#: 499 Function Name: NtUserScrollDC Status: Not hooked
#: 500 Function Name: NtUserScrollWindowEx Status: Not hooked
#: 501 Function Name: NtUserSelectPalette Status: Not hooked
#: 502 Function Name: NtUserSendInput Status: Not hooked
#: 503 Function Name: NtUserSetActiveWindow Status: Not hooked
#: 504 Function Name: NtUserSetAppImeLevel Status: Not hooked
#: 505 Function Name: NtUserSetCapture Status: Not hooked
#: 506 Function Name: NtUserSetClassLong Status: Not hooked
#: 507 Function Name: NtUserSetClassWord Status: Not hooked
#: 508 Function Name: NtUserSetClipboardData Status: Not hooked
#: 509 Function Name: NtUserSetClipboardViewer Status: Not hooked
#: 510 Function Name: NtUserSetConsoleReserveKeys Status: Not hooked
#: 511 Function Name: NtUserSetCursor Status: Not hooked
#: 512 Function Name: NtUserSetCursorContents Status: Not hooked
#: 513 Function Name: NtUserSetCursorIconData Status: Not hooked
#: 514 Function Name: NtUserSetDbgTag Status: Not hooked
#: 515 Function Name: NtUserSetFocus Status: Not hooked
#: 516 Function Name: NtUserSetImeHotKey Status: Not hooked
#: 517 Function Name: NtUserSetImeInfoEx Status: Not hooked
#: 518 Function Name: NtUserSetImeOwnerWindow Status: Not hooked
#: 519 Function Name: NtUserSetInformationProcess Status: Not hooked
#: 520 Function Name: NtUserSetInformationThread Status: Not hooked
#: 521 Function Name: NtUserSetInternalWindowPos Status: Not hooked
#: 522 Function Name: NtUserSetKeyboardState Status: Not hooked
#: 523 Function Name: NtUserSetLogonNotifyWindow Status: Not hooked
#: 524 Function Name: NtUserSetMenu Status: Not hooked
#: 525 Function Name: NtUserSetMenuContextHelpId Status: Not hooked
#: 526 Function Name: NtUserSetMenuDefaultItem Status: Not hooked
#: 527 Function Name: NtUserSetMenuFlagRtoL Status: Not hooked
#: 528 Function Name: NtUserSetObjectInformation Status: Not hooked
#: 529 Function Name: NtUserSetParent Status: Not hooked
#: 530 Function Name: NtUserSetProcessWindowStation Status: Not hooked
#: 531 Function Name: NtUserSetProp Status: Not hooked
#: 532 Function Name: NtUserSetRipFlags Status: Not hooked
#: 533 Function Name: NtUserSetScrollInfo Status: Not hooked
#: 534 Function Name: NtUserSetShellWindowEx Status: Not hooked
#: 535 Function Name: NtUserSetSysColors Status: Not hooked
#: 536 Function Name: NtUserSetSystemCursor Status: Not hooked
#: 537 Function Name: NtUserSetSystemMenu Status: Not hooked
#: 538 Function Name: NtUserSetSystemTimer Status: Not hooked
#: 539 Function Name: NtUserSetThreadDesktop Status: Not hooked
#: 540 Function Name: NtUserSetThreadLayoutHandles Status: Not hooked
#: 541 Function Name: NtUserSetThreadState Status: Not hooked
#: 542 Function Name: NtUserSetTimer Status: Not hooked
#: 543 Function Name: NtUserSetWindowFNID Status: Not hooked
#: 544 Function Name: NtUserSetWindowLong Status: Not hooked
#: 545 Function Name: NtUserSetWindowPlacement Status: Not hooked
#: 546 Function Name: NtUserSetWindowPos Status: Not hooked
#: 547 Function Name: NtUserSetWindowRgn Status: Not hooked
#: 548 Function Name: NtUserSetWindowsHookAW Status: Not hooked
#: 549 Function Name: NtUserSetWindowsHookEx Status: Hooked by "<unknown>" at address 0x82c51ca0
#: 550 Function Name: NtUserSetWindowStationUser Status: Not hooked
#: 551 Function Name: NtUserSetWindowWord Status: Not hooked
#: 552 Function Name: NtUserSetWinEventHook Status: Hooked by "<unknown>" at address 0x82c01148
#: 553 Function Name: NtUserShowCaret Status: Not hooked
#: 554 Function Name: NtUserShowScrollBar Status: Not hooked
#: 555 Function Name: NtUserShowWindow Status: Not hooked
#: 556 Function Name: NtUserShowWindowAsync Status: Not hooked
#: 557 Function Name: NtUserSoundSentry Status: Not hooked
#: 558 Function Name: NtUserSwitchDesktop Status: Not hooked
#: 559 Function Name: NtUserSystemParametersInfo Status: Not hooked
#: 560 Function Name: NtUserTestForInteractiveUser Status: Not hooked
#: 561 Function Name: NtUserThunkedMenuInfo Status: Not hooked
#: 562 Function Name: NtUserThunkedMenuItemInfo Status: Not hooked
#: 563 Function Name: NtUserToUnicodeEx Status: Not hooked
#: 564 Function Name: NtUserTrackMouseEvent Status: Not hooked
#: 565 Function Name: NtUserTrackPopupMenuEx Status: Not hooked
#: 566 Function Name: NtUserCalcMenuBar Status: Not hooked
#: 567 Function Name: NtUserPaintMenuBar Status: Not hooked
#: 568 Function Name: NtUserTranslateAccelerator Status: Not hooked
#: 569 Function Name: NtUserTranslateMessage Status: Not hooked
#: 570 Function Name: NtUserUnhookWindowsHookEx Status: Not hooked
#: 571 Function Name: NtUserUnhookWinEvent Status: Not hooked
#: 572 Function Name: NtUserUnloadKeyboardLayout Status: Not hooked
#: 573 Function Name: NtUserUnlockWindowStation Status: Not hooked
#: 574 Function Name: NtUserUnregisterClass Status: Not hooked
#: 575 Function Name: NtUserUnregisterUserApiHook Status: Not hooked
#: 576 Function Name: NtUserUnregisterHotKey Status: Not hooked
#: 577 Function Name: NtUserUpdateInputContext Status: Not hooked
#: 578 Function Name: NtUserUpdateInstance Status: Not hooked
#: 579 Function Name: NtUserUpdateLayeredWindow Status: Not hooked
#: 580 Function Name: NtUserGetLayeredWindowAttributes Status: Not hooked
#: 581 Function Name: NtUserSetLayeredWindowAttributes Status: Not hooked
#: 582 Function Name: NtUserUpdatePerUserSystemParameters Status: Not hooked
#: 583 Function Name: NtUserUserHandleGrantAccess Status: Not hooked
#: 584 Function Name: NtUserValidateHandleSecure Status: Not hooked
#: 585 Function Name: NtUserValidateRect Status: Not hooked
#: 586 Function Name: NtUserValidateTimerCallback Status: Not hooked
#: 587 Function Name: NtUserVkKeyScanEx Status: Not hooked
#: 588 Function Name: NtUserWaitForInputIdle Status: Not hooked
#: 589 Function Name: NtUserWaitForMsgAndEvent Status: Not hooked
#: 590 Function Name: NtUserWaitMessage Status: Not hooked
#: 591 Function Name: NtUserWin32PoolAllocationStats Status: Not hooked
#: 592 Function Name: NtUserWindowFromPoint Status: Not hooked
#: 593 Function Name: NtUserYieldTask Status: Not hooked
#: 594 Function Name: NtUserRemoteConnect Status: Not hooked
#: 595 Function Name: NtUserRemoteRedrawRectangle Status: Not hooked
#: 596 Function Name: NtUserRemoteRedrawScreen Status: Not hooked
#: 597 Function Name: NtUserRemoteStopScreenUpdates Status: Not hooked
#: 598 Function Name: NtUserCtxDisplayIOCtl Status: Not hooked
#: 599 Function Name: NtGdiEngAssociateSurface Status: Not hooked
#: 600 Function Name: NtGdiEngCreateBitmap Status: Not hooked
#: 601 Function Name: NtGdiEngCreateDeviceSurface Status: Not hooked
#: 602 Function Name: NtGdiEngCreateDeviceBitmap Status: Not hooked
#: 603 Function Name: NtGdiEngCreatePalette Status: Not hooked
#: 604 Function Name: NtGdiEngComputeGlyphSet Status: Not hooked
#: 605 Function Name: NtGdiEngCopyBits Status: Not hooked
#: 606 Function Name: NtGdiEngDeletePalette Status: Not hooked
#: 607 Function Name: NtGdiEngDeleteSurface Status: Not hooked
#: 608 Function Name: NtGdiEngEraseSurface Status: Not hooked
#: 609 Function Name: NtGdiEngUnlockSurface Status: Not hooked
#: 610 Function Name: NtGdiEngLockSurface Status: Not hooked
#: 611 Function Name: NtGdiEngBitBlt Status: Not hooked
#: 612 Function Name: NtGdiEngStretchBlt Status: Not hooked
#: 613 Function Name: NtGdiEngPlgBlt Status: Not hooked
#: 614 Function Name: NtGdiEngMarkBandingSurface Status: Not hooked
#: 615 Function Name: NtGdiEngStrokePath Status: Not hooked
#: 616 Function Name: NtGdiEngFillPath Status: Not hooked
#: 617 Function Name: NtGdiEngStrokeAndFillPath Status: Not hooked
#: 618 Function Name: NtGdiEngPaint Status: Not hooked
#: 619 Function Name: NtGdiEngLineTo Status: Not hooked
#: 620 Function Name: NtGdiEngAlphaBlend Status: Not hooked
#: 621 Function Name: NtGdiEngGradientFill Status: Not hooked
#: 622 Function Name: NtGdiEngTransparentBlt Status: Not hooked
#: 623 Function Name: NtGdiEngTextOut Status: Not hooked
#: 624 Function Name: NtGdiEngStretchBltROP Status: Not hooked
#: 625 Function Name: NtGdiXLATEOBJ_cGetPalette Status: Not hooked
#: 626 Function Name: NtGdiXLATEOBJ_iXlate Status: Not hooked
#: 627 Function Name: NtGdiXLATEOBJ_hGetColorTransform Status: Not hooked
#: 628 Function Name: NtGdiCLIPOBJ_bEnum Status: Not hooked
#: 629 Function Name: NtGdiCLIPOBJ_cEnumStart Status: Not hooked
#: 630 Function Name: NtGdiCLIPOBJ_ppoGetPath Status: Not hooked
#: 631 Function Name: NtGdiEngDeletePath Status: Not hooked
#: 632 Function Name: NtGdiEngCreateClip Status: Not hooked
#: 633 Function Name: NtGdiEngDeleteClip Status: Not hooked
#: 634 Function Name: NtGdiBRUSHOBJ_ulGetBrushColor Status: Not hooked
#: 635 Function Name: NtGdiBRUSHOBJ_pvAllocRbrush Status: Not hooked
#: 636 Function Name: NtGdiBRUSHOBJ_pvGetRbrush Status: Not hooked
#: 637 Function Name: NtGdiBRUSHOBJ_hGetColorTransform Status: Not hooked
#: 638 Function Name: NtGdiXFORMOBJ_bApplyXform Status: Not hooked
#: 639 Function Name: NtGdiXFORMOBJ_iGetXform Status: Not hooked
#: 640 Function Name: NtGdiFONTOBJ_vGetInfo Status: Not hooked
#: 641 Function Name: NtGdiFONTOBJ_pxoGetXform Status: Not hooked
#: 642 Function Name: NtGdiFONTOBJ_cGetGlyphs Status: Not hooked
#: 643 Function Name: NtGdiFONTOBJ_pifi Status: Not hooked
#: 644 Function Name: NtGdiFONTOBJ_pfdg Status: Not hooked
#: 645 Function Name: NtGdiFONTOBJ_pQueryGlyphAttrs Status: Not hooked
#: 646 Function Name: NtGdiFONTOBJ_pvTrueTypeFontFile Status: Not hooked
#: 647 Function Name: NtGdiFONTOBJ_cGetAllGlyphHandles Status: Not hooked
#: 648 Function Name: NtGdiSTROBJ_bEnum Status: Not hooked
#: 649 Function Name: NtGdiSTROBJ_bEnumPositionsOnly Status: Not hooked
#: 650 Function Name: NtGdiSTROBJ_bGetAdvanceWidths Status: Not hooked
#: 651 Function Name: NtGdiSTROBJ_vEnumStart Status: Not hooked
#: 652 Function Name: NtGdiSTROBJ_dwGetCodePage Status: Not hooked
#: 653 Function Name: NtGdiPATHOBJ_vGetBounds Status: Not hooked
#: 654 Function Name: NtGdiPATHOBJ_bEnum Status: Not hooked
#: 655 Function Name: NtGdiPATHOBJ_vEnumStart Status: Not hooked
#: 656 Function Name: NtGdiPATHOBJ_vEnumStartClipLines Status: Not hooked
#: 657 Function Name: NtGdiPATHOBJ_bEnumClipLines Status: Not hooked
#: 658 Function Name: NtGdiGetDhpdev Status: Not hooked
#: 659 Function Name: NtGdiEngCheckAbort Status: Not hooked
#: 660 Function Name: NtGdiHT_Get8BPPFormatPalette Status: Not hooked
#: 661 Function Name: NtGdiHT_Get8BPPMaskPalette Status: Not hooked
#: 662 Function Name: NtGdiUpdateTransform Status: Not hooked
#: 663 Function Name: NtGdiSetPUMPDOBJ Status: Not hooked
#: 664 Function Name: NtGdiBRUSHOBJ_DeleteRbrush Status: Not hooked
#: 665 Function Name: NtGdiUnmapMemFont Status: Not hooked
#: 666 Function Name: NtGdiDrawStream Status: Not hooked
ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2009/09/01 17:05 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ==================================================
SSDT ------------------- #: 000 Function Name: NtAcceptConnectPort Status: Not hooked
#: 001 Function Name: NtAccessCheck Status: Not hooked
#: 002 Function Name: NtAccessCheckAndAuditAlarm Status: Not hooked
#: 003 Function Name: NtAccessCheckByType Status: Not hooked
#: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm Status: Not hooked
#: 005 Function Name: NtAccessCheckByTypeResultList Status: Not hooked
#: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm Status: Not hooked
#: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle Status: Not hooked
#: 008 Function Name: NtAddAtom Status: Not hooked
#: 009 Function Name: NtAddBootEntry Status: Not hooked
#: 010 Function Name: NtAdjustGroupsToken Status: Not hooked
#: 011 Function Name: NtAdjustPrivilegesToken Status: Not hooked
#: 012 Function Name: NtAlertResumeThread Status: Not hooked
#: 013 Function Name: NtAlertThread Status: Not hooked
#: 014 Function Name: NtAllocateLocallyUniqueId Status: Not hooked
#: 015 Function Name: NtAllocateUserPhysicalPages Status: Not hooked
#: 016 Function Name: NtAllocateUuids Status: Not hooked
#: 017 Function Name: NtAllocateVirtualMemory Status: Hooked by "<unknown>" at address 0x82f93e40
#: 018 Function Name: NtAreMappedFilesTheSame Status: Not hooked
#: 019 Function Name: NtAssignProcessToJobObject Status: Not hooked
#: 020 Function Name: NtCallbackReturn Status: Not hooked
#: 021 Function Name: NtCancelDeviceWakeupRequest Status: Not hooked
#: 022 Function Name: NtCancelIoFile Status: Not hooked
#: 023 Function Name: NtCancelTimer Status: Not hooked
#: 024 Function Name: NtClearEvent Status: Not hooked
#: 025 Function Name: NtClose Status: Not hooked
#: 026 Function Name: NtCloseObjectAuditAlarm Status: Not hooked
#: 027 Function Name: NtCompactKeys Status: Not hooked
#: 028 Function Name: NtCompareTokens Status: Not hooked
#: 029 Function Name: NtCompleteConnectPort Status: Not hooked
#: 030 Function Name: NtCompressKey Status: Not hooked
#: 031 Function Name: NtConnectPort Status: Not hooked
#: 032 Function Name: NtContinue Status: Not hooked
#: 033 Function Name: NtCreateDebugObject Status: Not hooked
#: 034 Function Name: NtCreateDirectoryObject Status: Not hooked
#: 035 Function Name: NtCreateEvent Status: Not hooked
#: 036 Function Name: NtCreateEventPair Status: Not hooked
#: 037 Function Name: NtCreateFile Status: Not hooked
#: 038 Function Name: NtCreateIoCompletion Status: Not hooked
#: 039 Function Name: NtCreateJobObject Status: Not hooked
#: 040 Function Name: NtCreateJobSet Status: Not hooked
#: 041 Function Name: NtCreateKey Status: Hooked by "<unknown>" at address 0x82fb2158
#: 042 Function Name: NtCreateMailslotFile Status: Not hooked
#: 043 Function Name: NtCreateMutant Status: Not hooked
#: 044 Function Name: NtCreateNamedPipeFile Status: Not hooked
#: 045 Function Name: NtCreatePagingFile Status: Not hooked
#: 046 Function Name: NtCreatePort Status: Not hooked
#: 047 Function Name: NtCreateProcess Status: Hooked by "<unknown>" at address 0x82fa24a0
#: 048 Function Name: NtCreateProcessEx Status: Hooked by "<unknown>" at address 0x82fa2428
#: 049 Function Name: NtCreateProfile Status: Not hooked
#: 050 Function Name: NtCreateSection Status: Not hooked
#: 051 Function Name: NtCreateSemaphore Status: Not hooked
#: 052 Function Name: NtCreateSymbolicLinkObject Status: Not hooked
#: 053 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0x82fa2248
#: 054 Function Name: NtCreateTimer Status: Not hooked
#: 055 Function Name: NtCreateToken Status: Not hooked
#: 056 Function Name: NtCreateWaitablePort Status: Not hooked
#: 057 Function Name: NtDebugActiveProcess Status: Not hooked
#: 058 Function Name: NtDebugContinue Status: Not hooked
#: 059 Function Name: NtDelayExecution Status: Not hooked
#: 060 Function Name: NtDeleteAtom Status: Not hooked
#: 061 Function Name: NtDeleteBootEntry Status: Not hooked
#: 062 Function Name: NtDeleteFile Status: Not hooked
#: 063 Function Name: NtDeleteKey Status: Hooked by "<unknown>" at address 0x82f6cdb0
#: 064 Function Name: NtDeleteObjectAuditAlarm Status: Not hooked
#: 065 Function Name: NtDeleteValueKey Status: Hooked by "<unknown>" at address 0x82fe6200
#: 066 Function Name: NtDeviceIoControlFile Status: Not hooked
#: 067 Function Name: NtDisplayString Status: Not hooked
#: 068 Function Name: NtDuplicateObject Status: Not hooked
#: 069 Function Name: NtDuplicateToken Status: Not hooked
#: 070 Function Name: NtEnumerateBootEntries Status: Not hooked
#: 071 Function Name: NtEnumerateKey Status: Not hooked
#: 072 Function Name: NtEnumerateSystemEnvironmentValuesEx Status: Not hooked
#: 073 Function Name: NtEnumerateValueKey Status: Not hooked
#: 074 Function Name: NtExtendSection Status: Not hooked
#: 075 Function Name: NtFilterToken Status: Not hooked
#: 076 Function Name: NtFindAtom Status: Not hooked
#: 077 Function Name: NtFlushBuffersFile Status: Not hooked
#: 078 Function Name: NtFlushInstructionCache Status: Not hooked
#: 079 Function Name: NtFlushKey Status: Not hooked
#: 080 Function Name: NtFlushVirtualMemory Status: Not hooked
#: 081 Function Name: NtFlushWriteBuffer Status: Not hooked
#: 082 Function Name: NtFreeUserPhysicalPages Status: Not hooked
#: 083 Function Name: NtFreeVirtualMemory Status: Not hooked
#: 084 Function Name: NtFsControlFile Status: Not hooked
#: 085 Function Name: NtGetContextThread Status: Not hooked
#: 086 Function Name: NtGetDevicePowerState Status: Not hooked
#: 087 Function Name: NtGetPlugPlayEvent Status: Not hooked
#: 088 Function Name: NtGetWriteWatch Status: Not hooked
#: 089 Function Name: NtImpersonateAnonymousToken Status: Not hooked
#: 090 Function Name: NtImpersonateClientOfPort Status: Not hooked
#: 091 Function Name: NtImpersonateThread Status: Not hooked
#: 092 Function Name: NtInitializeRegistry Status: Not hooked
#: 093 Function Name: NtInitiatePowerAction Status: Not hooked
#: 094 Function Name: NtIsProcessInJob Status: Not hooked
#: 095 Function Name: NtIsSystemResumeAutomatic Status: Not hooked
#: 096 Function Name: NtListenPort Status: Not hooked
#: 097 Function Name: NtLoadDriver Status: Not hooked
#: 098 Function Name: NtLoadKey Status: Not hooked
#: 099 Function Name: NtLoadKey2 Status: Not hooked
#: 100 Function Name: NtLockFile Status: Not hooked
#: 101 Function Name: NtLockProductActivationKeys Status: Not hooked
#: 102 Function Name: NtLockRegistryKey Status: Not hooked
#: 103 Function Name: NtLockVirtualMemory Status: Not hooked
#: 104 Function Name: NtMakePermanentObject Status: Not hooked
#: 105 Function Name: NtMakeTemporaryObject Status: Not hooked
#: 106 Function Name: NtMapUserPhysicalPages Status: Not hooked
#: 107 Function Name: NtMapUserPhysicalPagesScatter Status: Not hooked
#: 108 Function Name: NtMapViewOfSection Status: Not hooked
#: 109 Function Name: NtModifyBootEntry Status: Not hooked
#: 110 Function Name: NtNotifyChangeDirectoryFile Status: Not hooked
#: 111 Function Name: NtNotifyChangeKey Status: Not hooked
#: 112 Function Name: NtNotifyChangeMultipleKeys Status: Not hooked
#: 113 Function Name: NtOpenDirectoryObject Status: Not hooked
#: 114 Function Name: NtOpenEvent Status: Not hooked
#: 115 Function Name: NtOpenEventPair Status: Not hooked
#: 116 Function Name: NtOpenFile Status: Not hooked
#: 117 Function Name: NtOpenIoCompletion Status: Not hooked
#: 118 Function Name: NtOpenJobObject Status: Not hooked
#: 119 Function Name: NtOpenKey Status: Not hooked
#: 120 Function Name: NtOpenMutant Status: Not hooked
#: 121 Function Name: NtOpenObjectAuditAlarm Status: Not hooked
#: 122 Function Name: NtOpenProcess Status: Not hooked
#: 123 Function Name: NtOpenProcessToken Status: Not hooked
#: 124 Function Name: NtOpenProcessTokenEx Status: Not hooked
#: 125 Function Name: NtOpenSection Status: Not hooked
#: 126 Function Name: NtOpenSemaphore Status: Not hooked
#: 127 Function Name: NtOpenSymbolicLinkObject Status: Not hooked
#: 128 Function Name: NtOpenThread Status: Not hooked
#: 129 Function Name: NtOpenThreadToken Status: Not hooked
#: 130 Function Name: NtOpenThreadTokenEx Status: Not hooked
#: 131 Function Name: NtOpenTimer Status: Not hooked
#: 132 Function Name: NtPlugPlayControl Status: Not hooked
#: 133 Function Name: NtPowerInformation Status: Not hooked
#: 134 Function Name: NtPrivilegeCheck Status: Not hooked
#: 135 Function Name: NtPrivilegeObjectAuditAlarm Status: Not hooked
#: 136 Function Name: NtPrivilegedServiceAuditAlarm Status: Not hooked
#: 137 Function Name: NtProtectVirtualMemory Status: Not hooked
#: 138 Function Name: NtPulseEvent Status: Not hooked
#: 139 Function Name: NtQueryAttributesFile Status: Not hooked
#: 140 Function Name: NtQueryBootEntryOrder Status: Not hooked
#: 141 Function Name: NtQueryBootOptions Status: Not hooked
#: 142 Function Name: NtQueryDebugFilterState Status: Not hooked
#: 143 Function Name: NtQueryDefaultLocale Status: Not hooked
#: 144 Function Name: NtQueryDefaultUILanguage Status: Not hooked
#: 145 Function Name: NtQueryDirectoryFile Status: Not hooked
#: 146 Function Name: NtQueryDirectoryObject Status: Not hooked
#: 147 Function Name: NtQueryEaFile Status: Not hooked
#: 148 Function Name: NtQueryEvent Status: Not hooked
#: 149 Function Name: NtQueryFullAttributesFile Status: Not hooked
#: 150 Function Name: NtQueryInformationAtom Status: Not hooked
#: 151 Function Name: NtQueryInformationFile Status: Not hooked
#: 152 Function Name: NtQueryInformationJobObject Status: Not hooked
#: 153 Function Name: NtQueryInformationPort Status: Not hooked
#: 154 Function Name: NtQueryInformationProcess Status: Not hooked
#: 155 Function Name: NtQueryInformationThread Status: Not hooked
#: 156 Function Name: NtQueryInformationToken Status: Not hooked
#: 157 Function Name: NtQueryInstallUILanguage Status: Not hooked
#: 158 Function Name: NtQueryIntervalProfile Status: Not hooked
#: 159 Function Name: NtQueryIoCompletion Status: Not hooked
#: 160 Function Name: NtQueryKey Status: Not hooked
#: 161 Function Name: NtQueryMultipleValueKey Status: Not hooked
#: 162 Function Name: NtQueryMutant Status: Not hooked
#: 163 Function Name: NtQueryObject Status: Not hooked
#: 164 Function Name: NtQueryOpenSubKeys Status: Not hooked
#: 165 Function Name: NtQueryPerformanceCounter Status: Not hooked
#: 166 Function Name: NtQueryQuotaInformationFile Status: Not hooked
#: 167 Function Name: NtQuerySection Status: Not hooked
#: 168 Function Name: NtQuerySecurityObject Status: Not hooked
#: 169 Function Name: NtQuerySemaphore Status: Not hooked
#: 170 Function Name: NtQuerySymbolicLinkObject Status: Not hooked
#: 171 Function Name: NtQuerySystemEnvironmentValue Status: Not hooked
#: 172 Function Name: NtQuerySystemEnvironmentValueEx Status: Not hooked
#: 173 Function Name: NtQuerySystemInformation Status: Not hooked
#: 174 Function Name: NtQuerySystemTime Status: Not hooked
#: 175 Function Name: NtQueryTimer Status: Not hooked
#: 176 Function Name: NtQueryTimerResolution Status: Not hooked
#: 177 Function Name: NtQueryValueKey Status: Not hooked
#: 178 Function Name: NtQueryVirtualMemory Status: Not hooked
#: 179 Function Name: NtQueryVolumeInformationFile Status: Not hooked
#: 180 Function Name: NtQueueApcThread Status: Hooked by "<unknown>" at address 0x82f93eb8
#: 181 Function Name: NtRaiseException Status: Not hooked
#: 182 Function Name: NtRaiseHardError Status: Not hooked
#: 183 Function Name: NtReadFile Status: Not hooked
#: 184 Function Name: NtReadFileScatter Status: Not hooked
#: 185 Function Name: NtReadRequestData Status: Not hooked
#: 186 Function Name: NtReadVirtualMemory Status: Hooked by "<unknown>" at address 0x82f93d50
#: 187 Function Name: NtRegisterThreadTerminatePort Status: Not hooked
#: 188 Function Name: NtReleaseMutant Status: Not hooked
#: 189 Function Name: NtReleaseSemaphore Status: Not hooked
#: 190 Function Name: NtRemoveIoCompletion Status: Not hooked
#: 191 Function Name: NtRemoveProcessDebug Status: Not hooked
#: 192 Function Name: NtRenameKey Status: Hooked by "<unknown>" at address 0x82faf450
#: 193 Function Name: NtReplaceKey Status: Not hooked
#: 194 Function Name: NtReplyPort Status: Not hooked
#: 195 Function Name: NtReplyWaitReceivePort Status: Not hooked
#: 196 Function Name: NtReplyWaitReceivePortEx Status: Not hooked
#: 197 Function Name: NtReplyWaitReplyPort Status: Not hooked
#: 198 Function Name: NtRequestDeviceWakeup Status: Not hooked
#: 199 Function Name: NtRequestPort Status: Not hooked
#: 200 Function Name: NtRequestWaitReplyPort Status: Not hooked
#: 201 Function Name: NtRequestWakeupLatency Status: Not hooked
#: 202 Function Name: NtResetEvent Status: Not hooked
#: 203 Function Name: NtResetWriteWatch Status: Not hooked
#: 204 Function Name: NtRestoreKey Status: Not hooked
#: 205 Function Name: NtResumeProcess Status: Not hooked
#: 206 Function Name: NtResumeThread Status: Not hooked
#: 207 Function Name: NtSaveKey Status: Not hooked
#: 208 Function Name: NtSaveKeyEx Status: Not hooked
#: 209 Function Name: NtSaveMergedKeys Status: Not hooked
#: 210 Function Name: NtSecureConnectPort Status: Not hooked
#: 211 Function Name: NtSetBootEntryOrder Status: Not hooked
#: 212 Function Name: NtSetBootOptions Status: Not hooked
#: 213 Function Name: NtSetContextThread Status: Hooked by "<unknown>" at address 0x82f93fa8
#: 214 Function Name: NtSetDebugFilterState Status: Not hooked
#: 215 Function Name: NtSetDefaultHardErrorPort Status: Not hooked
#: 216 Function Name: NtSetDefaultLocale Status: Not hooked
#: 217 Function Name: NtSetDefaultUILanguage Status: Not hooked
#: 218 Function Name: NtSetEaFile Status: Not hooked
#: 219 Function Name: NtSetEvent Status: Not hooked
#: 220 Function Name: NtSetEventBoostPriority Status: Not hooked
#: 221 Function Name: NtSetHighEventPair Status: Not hooked
#: 222 Function Name: NtSetHighWaitLowEventPair Status: Not hooked
#: 223 Function Name: NtSetInformationDebugObject Status: Not hooked
#: 224 Function Name: NtSetInformationFile Status: Not hooked
#: 225 Function Name: NtSetInformationJobObject Status: Not hooked
#: 226 Function Name: NtSetInformationKey Status: Hooked by "<unknown>" at address 0x82fe74a8
#: 227 Function Name: NtSetInformationObject Status: Not hooked
#: 228 Function Name: NtSetInformationProcess Status: Hooked by "<unknown>" at address 0x82fa2338
#: 229 Function Name: NtSetInformationThread Status: Hooked by "<unknown>" at address 0x82fa2158
#: 230 Function Name: NtSetInformationToken Status: Not hooked
#: 231 Function Name: NtSetIntervalProfile Status: Not hooked
#: 232 Function Name: NtSetIoCompletion Status: Not hooked
#: 233 Function Name: NtSetLdtEntries Status: Not hooked
#: 234 Function Name: NtSetLowEventPair Status: Not hooked
#: 235 Function Name: NtSetLowWaitHighEventPair Status: Not hooked
#: 236 Function Name: NtSetQuotaInformationFile Status: Not hooked
#: 237 Function Name: NtSetSecurityObject Status: Not hooked
#: 238 Function Name: NtSetSystemEnvironmentValue Status: Not hooked
#: 239 Function Name: NtSetSystemEnvironmentValueEx Status: Not hooked
#: 240 Function Name: NtSetSystemInformation Status: Not hooked
#: 241 Function Name: NtSetSystemPowerState Status: Not hooked
#: 242 Function Name: NtSetSystemTime Status: Not hooked
#: 243 Function Name: NtSetThreadExecutionState Status: Not hooked
#: 244 Function Name: NtSetTimer Status: Not hooked
#: 245 Function Name: NtSetTimerResolution Status: Not hooked
#: 246 Function Name: NtSetUuidSeed Status: Not hooked
#: 247 Function Name: NtSetValueKey Status: Hooked by "<unknown>" at address 0x82f6b1b0
#: 248 Function Name: NtSetVolumeInformationFile Status: Not hooked
#: 249 Function Name: NtShutdownSystem Status: Not hooked
#: 250 Function Name: NtSignalAndWaitForSingleObject Status: Not hooked
#: 251 Function Name: NtStartProfile Status: Not hooked
#: 252 Function Name: NtStopProfile Status: Not hooked
#: 253 Function Name: NtSuspendProcess Status: Hooked by "<unknown>" at address 0x82fa22c0
#: 254 Function Name: NtSuspendThread Status: Hooked by "<unknown>" at address 0x82f93f30
#: 255 Function Name: NtSystemDebugControl Status: Not hooked
#: 256 Function Name: NtTerminateJobObject Status: Not hooked
#: 257 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0x82fa23b0
#: 258 Function Name: NtTerminateThread Status: Hooked by "<unknown>" at address 0x82fa21d0
#: 259 Function Name: NtTestAlert Status: Not hooked
#: 260 Function Name: NtTraceEvent Status: Not hooked
#: 261 Function Name: NtTranslateFilePath Status: Not hooked
#: 262 Function Name: NtUnloadDriver Status: Not hooked
#: 263 Function Name: NtUnloadKey Status: Not hooked
#: 264 Function Name: NtUnloadKeyEx Status: Not hooked
#: 265 Function Name: NtUnlockFile Status: Not hooked
#: 266 Function Name: NtUnlockVirtualMemory Status: Not hooked
#: 267 Function Name: NtUnmapViewOfSection Status: Not hooked
#: 268 Function Name: NtVdmControl Status: Not hooked
#: 269 Function Name: NtWaitForDebugEvent Status: Not hooked
#: 270 Function Name: NtWaitForMultipleObjects Status: Not hooked
#: 271 Function Name: NtWaitForSingleObject Status: Not hooked
#: 272 Function Name: NtWaitHighEventPair Status: Not hooked
#: 273 Function Name: NtWaitLowEventPair Status: Not hooked
#: 274 Function Name: NtWriteFile Status: Not hooked
#: 275 Function Name: NtWriteFileGather Status: Not hooked
#: 276 Function Name: NtWriteRequestData Status: Not hooked
#: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "<unknown>" at address 0x82f93dc8
#: 278 Function Name: NtYieldExecution Status: Not hooked
#: 279 Function Name: NtCreateKeyedEvent Status: Not hooked
#: 280 Function Name: NtOpenKeyedEvent Status: Not hooked
#: 281 Function Name: NtReleaseKeyedEvent Status: Not hooked
#: 282 Function Name: NtWaitForKeyedEvent Status: Not hooked
#: 283 Function Name: NtQueryPortInformationProcess Status: Not hooked
ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2009/09/01 17:05 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ==================================================
That's it, and I tried reglooks but it just quits out once I try to run it, I did after right clicking and selecting run as get a screen popup that had this written in it, not sure if it helps as it seems to be written in a diff language.
Kan swreg.exe niet aanmaken Bezig met uitpakken van asic Kan asic niet aanmaken Bezig met uitpakken van dumphive.exe Kan dumphive.exe niet aanmaken Bezig met uitpakken van fdsv.exe Kan fdsv.exe niet aanmaken Bezig met uitpakken van MD5File.exe Kan MD5File.exe niet aanmaken Bezig met uitpakken van netsvcs Kan netsvcs niet aanmaken Bezig met uitpakken van reglooks.bat Kan reglooks.bat niet aanmaken Bezig met uitpakken van reglooks.vbs Kan reglooks.vbs niet aanmaken Bezig met uitpakken van search.ico Kan search.ico niet aanmaken
Then reboot to Safe Mode. At startup tap the F8 key about once per half-second, then select Safe Mode with Networking from the menu.
Download ComboFix.exe from here to your desktop, but I would like you to rename the file as you download it (do not download it directly without renaming it - use right click "Save Target/Link As" ). For this, rename the downloading file to 456out.com, then click the renamed 456out.com to run that scan.
Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.
A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
Good work. Let's go right to a different repair scan. This next group of steps will be a few extra logs to post, but we need to make up for some needed info now.
Whenever you do any of these repairs, to keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.
Then download Malwarebytes' Anti-Malware from Here or Here.
Right click to download, select Save Target/File As, and rename that mbam-setup.exe to bami.com as you download and save it to your desktop (don't download and then rename it).
Double Click bami.com to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform quick scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. * The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes. * Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.
------- Download RSIT (random's system information tool) from here to your desktop, then click on the RSIT.exe to start the scan.
If necessary allow it to locate or download a copy of HijackThis as needed.
Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.
RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).
You can break logs into parts and use separate posts here when replying and posting the log files, if needed.
--------------
Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer.
If on it's opening scan Gmer locates items shown in red or indicates "hidden" or "rootkit", stop there, and click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. We don't want any crashes just from taking an initial look at things.
If not, then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).
When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
Post the Malwarebytes log, the RSIT logs and the Gmer log please.Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.
Logfile of random's system information tool 1.06 (written by random/random) Run by Linda Miller at 2009-09-02 19:54:01 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 61 GB (83%) free of 73 GB Total RAM: 510 MB (37% free)
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:54:17 PM, on 9/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b45e9512-9287-11de-bb95-001676139fe1}] shell\AutoRun\command - F:\LaunchU3.exe -a
======List of files/folders created in the last 3 months======
info.txt logfile of random's system information tool 1.06 2009-09-02 19:54:19
======Uninstall list======
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} -->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095} -->MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 9-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Corel Photo Album 6-->MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354} Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76} Digital Content Portal-->MsiExec.exe /I{B702CCCE-3176-4DBF-B932-D1B8F402F330} Google-->MsiExec.exe /I{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC} HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" HP Extended Capabilities 4.7-->C:\Program Files\Hewlett-Packard\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Image Zone 4.7-->C:\Program Files\Hewlett-Packard\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP PSC & OfficeJet 4.7-->"C:\Program Files\Hewlett-Packard\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB} Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572 Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7} Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c} Malwarebytes' Anti-Malware-->"C:\Program Files\bami.com\unins000.exe" MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Compression Client Pack 1.0 for Windows XP-->regedit.exe Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7} Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Nitro PDF Professional-->MsiExec.exe /X{8803FCD6-F5BA-475F-A71B-D83D8E31F251} OpenOffice.org 2.2-->MsiExec.exe /I{A1C8D94A-4303-4489-B585-4B6E6CD408CB} Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA} QuickBooks Pro 2002-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{809987B2-F964-11D4-A1A5-00104BD190B1}\setup.exe" -addremove QuickBooks Simple Start Special Edition-->msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1 QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0 Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe" Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Spy Sweeper-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe" Tax Forms Helper 2006 7.5-->"C:\Program Files\Adams Business Forms\Tax Forms Helper 2006\unins000.exe" Tenant File 6.0-->"C:\Tenant File\TF4WIN\unins000.exe" TFWP 4.0.0-->"C:\Tenant File\TF4WIN\unins001.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89} Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
======Security center information======
AV: Spy Sweeper with AntiVirus
======System event log======
Computer Name: DCLNLN91 Event Code: 7023 Message: The Application Management service terminated with the following error: The specified module could not be found.
Record Number: 934 Source Name: Service Control Manager Time Written: 20090825080917.000000-420 Event Type: error User:
Computer Name: DCLNLN91 Event Code: 7023 Message: The Application Management service terminated with the following error: The specified module could not be found.
Record Number: 931 Source Name: Service Control Manager Time Written: 20090825080917.000000-420 Event Type: error User:
Computer Name: DCLNLN91 Event Code: 7023 Message: The Application Management service terminated with the following error: The specified module could not be found.
Record Number: 928 Source Name: Service Control Manager Time Written: 20090825080917.000000-420 Event Type: error User:
Computer Name: DCLNLN91 Event Code: 7023 Message: The Application Management service terminated with the following error: The specified module could not be found.
Record Number: 925 Source Name: Service Control Manager Time Written: 20090825080917.000000-420 Event Type: error User:
Computer Name: DCLNLN91 Event Code: 7023 Message: The Application Management service terminated with the following error: The specified module could not be found.
Record Number: 922 Source Name: Service Control Manager Time Written: 20090825080917.000000-420 Event Type: error User:
=====Application event log=====
Computer Name: DCLNLN91 Event Code: 1004 Message: Detection of product '{8A9B8148-DDD7-448F-BD6C-358386D32354}', feature 'PaintShopPhotoAlbum', component '{25F669D8-9DC1-44D1-A06B-28E42E930387}' failed. The resource 'HKEY_CURRENT_USER\Software\Corel\Auto Update\{8A9B8148-DDD7-448F-BD6C-358386D32354}\Interval' does not exist.
Record Number: 301376 Source Name: MsiInstaller Time Written: 20081003104154.000000-420 Event Type: warning User: NT AUTHORITY\NETWORK SERVICE
Computer Name: DCLNLN91 Event Code: 1001 Message: Detection of product '{8A9B8148-DDD7-448F-BD6C-358386D32354}', feature 'PaintShopPhotoAlbum' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'
Record Number: 301374 Source Name: MsiInstaller Time Written: 20081002102551.000000-420 Event Type: warning User:
Computer Name: DCLNLN91 Event Code: 1004 Message: Detection of product '{8A9B8148-DDD7-448F-BD6C-358386D32354}', feature 'PaintShopPhotoAlbum', component '{25F669D8-9DC1-44D1-A06B-28E42E930387}' failed. The resource 'HKEY_CURRENT_USER\Software\Corel\Auto Update\{8A9B8148-DDD7-448F-BD6C-358386D32354}\Interval' does not exist.
Record Number: 301373 Source Name: MsiInstaller Time Written: 20081002102551.000000-420 Event Type: warning User:
Computer Name: DCLNLN91 Event Code: 1001 Message: Detection of product '{8A9B8148-DDD7-448F-BD6C-358386D32354}', feature 'PaintShopPhotoAlbum' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'
Record Number: 301372 Source Name: MsiInstaller Time Written: 20081002102546.000000-420 Event Type: warning User: NT AUTHORITY\NETWORK SERVICE
Computer Name: DCLNLN91 Event Code: 1004 Message: Detection of product '{8A9B8148-DDD7-448F-BD6C-358386D32354}', feature 'PaintShopPhotoAlbum', component '{25F669D8-9DC1-44D1-A06B-28E42E930387}' failed. The resource 'HKEY_CURRENT_USER\Software\Corel\Auto Update\{8A9B8148-DDD7-448F-BD6C-358386D32354}\Interval' does not exist.
Record Number: 301371 Source Name: MsiInstaller Time Written: 20081002102546.000000-420 Event Type: warning User: NT AUTHORITY\NETWORK SERVICE
I think Gmer is showing functions of your security software there, though the info is not quite clear. The logs indicate issues with getting IE information:
MSIE: Unable to get Internet Explorer version!
Do you know why there are problems with locating Internet Explorer data? Did you by chance do some changes to that there? Post back on that and do the following scan now, and let's see if anything remains.
Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:
Remove found threats Scan unwanted applications
Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please.
If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.
I'm pretty sure the virus deleted the internet explorer which is why it's probably showing that error, cause whenever I double click IE nothing happens. But I was able to download updates to the viruse protection programs so I know the internet is working.
Just infection already removed by ComboFix to it's Qoobox quarantine, so no active files remain now. Very good. Clicking the shortcut icon is not quite a sure way to determine the status of the Internet Explorer there - could be a corrupted shortcut. Let's check that, and run a different scan to verify no malware-locked legit items remain that might cause you problems later.
Got to Start - Run, type iexplore and press OK. Does IE open then?
If not, then do this:
Go to Start > Run and type:
cmd.exe
and ok. Copy and paste the below string after the prompt, then press Enter >
dir /s /a "c:\*iexplore*.*" > c:\find.txt && notepad c:\find.txt
Your drive will be scanned and when finished, Notepad will pop up with some information. Copy and paste it in this thread please.
Once that Notepad textbox opens, also click at the prompt in the still open command console window and type exit to close that.
---------------------
Also let's check with Win32kDiag there. Make sure the Win32kDiag.exe file is in the C folder.
Go to Start - Run, type cmd (and press OK). At the prompt type or copy/paste the following, pressing Enter after:
cd\ win32kdiag -r -f
Once that completes press any key to finish the scan. Post the new Win32kDiag.txt log with your next reply (it should be located on the desktop).Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.
when I tried the run "IEexplore" command I got a popup that said I didn't have proper privileges to run this. so I did the next step you listed, here's that log.
Volume in drive C has no label. Volume Serial Number is DC14-DB52
Directory of c:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\Anti-Spam
12/28/2007 11:03 AM <DIR> iexplore 0 File(s) 0 bytes
Directory of c:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\Anti-Spam\iexplore
10/03/2008 08:32 AM 1,578 iexplore000.log 1 File(s) 1,578 bytes
Directory of c:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\MSAD
The win32kdiag command I only got "Cannot find specific path" I made sure the cd\ and win32kdiag -r -f were two separate lines, or win32kdiag is not recognized as an internal or external command.....
Currently it is Wednesday, March 17, 2010 9:14 PM (GMT +1) There are a total of 76.277 posts in 17.610 threads. In the last 3 days there were 11 new threads and 60 reply posts. View Active Threads
Who's Online
This forum has 31151 registered members. Please welcome our newest member, kas. 26 Guest(s), 1 Registered Member(s) are currently online. Details Dickens
|