Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus/Malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 Jinx Charkahn

Jinx Charkahn

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 11 September 2009 - 04:25 PM

Hi Guys,
I caught a nasty virus/malware 4 or 5 days ago. I came on the net in order to figure out how to get rid of it. It really screwed up my sytem. I've been working on it for a few days non stop. I went into safe mode (Windows Vista 32bit) ran virus scans etc and delted what Bitdefender came up with, upon rebooting I found that I didnt come close to getting rid of it. The virus got in safe mode and prevented everything from running. I got on another computer troubleshooted some more and had to run Bitdefender Rescue Cd, Kaspersky Rescue Cd (i was able turned off system restore). Those processes allowed me to run spybot and get rid of alot more. I was also able to run CCleaner. I pretty much did everything I could. So I'm now able to use the computer. I noticed that my internet browser still did some redirecting which indicated to me I still have some of the virus in my system. I must have crippled it in some way. So I came on here to get your help to once and for all kill it. I tried to run your prep steps but DDs wont run...root repel crashes the whole system on some of the scans. I ran hijack this and have those results. I will attach or post it for you along with the root repel logs that I was able to run.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:52:15 PM, on 9/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Cyberlink\PCM4Everio\EverioService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Wavexpress\TVTonic\TVTonicControlPanel.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Mail\WinMail.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jinx Charkahn\Desktop\RootRepeal.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OGTWUXV - Unknown owner - C:\Users\JINXCH~1\AppData\Local\Temp\OGTWUXV.exe (file missing)
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe
O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe
O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\JINXCH~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files\Stardock\MyColors\VistaSrv.exe
O23 - Service: TVTonic RSS (WXRSS) - Wavexpress, Inc. - C:\Program Files\Wavexpress\TVTonic\WXRSS.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6125 bytes

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/11 15:55
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Stealth Objects
-------------------
Object: Hidden Handle [Index: 4092, Type: UnknownType]
Process: vsserv.exe (PID: 1192) Address: 0x89715c48 Size: -

Object: Hidden Module [Name: ZuneResources.dll]
Process: ZuneNss.exe (PID: 1524) Address: 0x68be0000 Size: 344064


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/11 15:53
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

SSDT
-------------------
#: 000 Function Name: NtAcceptConnectPort
Status: Not hooked

#: 001 Function Name: NtAccessCheck
Status: Not hooked

#: 002 Function Name: NtAccessCheckAndAuditAlarm
Status: Not hooked

#: 003 Function Name: NtAccessCheckByType
Status: Not hooked

#: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm
Status: Not hooked

#: 005 Function Name: NtAccessCheckByTypeResultList
Status: Not hooked

#: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm
Status: Not hooked

#: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
Status: Not hooked

#: 008 Function Name: NtAddAtom
Status: Not hooked

#: 009 Function Name: NtAddBootEntry
Status: Not hooked

#: 010 Function Name: NtAddDriverEntry
Status: Not hooked

#: 011 Function Name: NtAdjustGroupsToken
Status: Not hooked

#: 012 Function Name: NtAdjustPrivilegesToken
Status: Not hooked

#: 013 Function Name: NtAlertResumeThread
Status: Not hooked

#: 014 Function Name: NtAlertThread
Status: Not hooked

#: 015 Function Name: NtAllocateLocallyUniqueId
Status: Not hooked

#: 016 Function Name: NtAllocateUserPhysicalPages
Status: Not hooked

#: 017 Function Name: NtAllocateUuids
Status: Not hooked

#: 018 Function Name: NtAllocateVirtualMemory
Status: Not hooked

#: 019 Function Name: NtAlpcAcceptConnectPort
Status: Not hooked

#: 020 Function Name: NtAlpcCancelMessage
Status: Not hooked

#: 021 Function Name: NtAlpcConnectPort
Status: Not hooked

#: 022 Function Name: NtAlpcCreatePort
Status: Not hooked

#: 023 Function Name: NtAlpcCreatePortSection
Status: Not hooked

#: 024 Function Name: NtAlpcCreateResourceReserve
Status: Not hooked

#: 025 Function Name: NtAlpcCreateSectionView
Status: Not hooked

#: 026 Function Name: NtAlpcCreateSecurityContext
Status: Not hooked

#: 027 Function Name: NtAlpcDeletePortSection
Status: Not hooked

#: 028 Function Name: NtAlpcDeleteResourceReserve
Status: Not hooked

#: 029 Function Name: NtAlpcDeleteSectionView
Status: Not hooked

#: 030 Function Name: NtAlpcDeleteSecurityContext
Status: Not hooked

#: 031 Function Name: NtAlpcDisconnectPort
Status: Not hooked

#: 032 Function Name: NtAlpcImpersonateClientOfPort
Status: Not hooked

#: 033 Function Name: NtAlpcOpenSenderProcess
Status: Not hooked

#: 034 Function Name: NtAlpcOpenSenderThread
Status: Not hooked

#: 035 Function Name: NtAlpcQueryInformation
Status: Not hooked

#: 036 Function Name: NtAlpcQueryInformationMessage
Status: Not hooked

#: 037 Function Name: NtAlpcRevokeSecurityContext
Status: Not hooked

#: 038 Function Name: NtAlpcSendWaitReceivePort
Status: Not hooked

#: 039 Function Name: NtAlpcSetInformation
Status: Not hooked

#: 040 Function Name: NtApphelpCacheControl
Status: Not hooked

#: 041 Function Name: NtAreMappedFilesTheSame
Status: Not hooked

#: 042 Function Name: NtAssignProcessToJobObject
Status: Not hooked

#: 043 Function Name: NtCallbackReturn
Status: Not hooked

#: 044 Function Name: NtRequestDeviceWakeup
Status: Not hooked

#: 045 Function Name: NtCancelIoFile
Status: Not hooked

#: 046 Function Name: NtCancelTimer
Status: Not hooked

#: 047 Function Name: NtClearEvent
Status: Not hooked

#: 048 Function Name: NtClose
Status: Not hooked

#: 049 Function Name: NtCloseObjectAuditAlarm
Status: Not hooked

#: 050 Function Name: NtCompactKeys
Status: Not hooked

#: 051 Function Name: NtCompareTokens
Status: Not hooked

#: 052 Function Name: NtCompleteConnectPort
Status: Not hooked

#: 053 Function Name: NtCompressKey
Status: Not hooked

#: 054 Function Name: NtConnectPort
Status: Not hooked

#: 055 Function Name: NtContinue
Status: Not hooked

#: 056 Function Name: NtCreateDebugObject
Status: Not hooked

#: 057 Function Name: NtCreateDirectoryObject
Status: Not hooked

#: 058 Function Name: NtCreateEvent
Status: Not hooked

#: 059 Function Name: NtCreateEventPair
Status: Not hooked

#: 060 Function Name: NtCreateFile
Status: Not hooked

#: 061 Function Name: NtCreateIoCompletion
Status: Not hooked

#: 062 Function Name: NtCreateJobObject
Status: Not hooked

#: 063 Function Name: NtCreateJobSet
Status: Not hooked

#: 064 Function Name: NtCreateKey
Status: Not hooked

#: 065 Function Name: NtCreateKeyTransacted
Status: Not hooked

#: 066 Function Name: NtCreateMailslotFile
Status: Not hooked

#: 067 Function Name: NtCreateMutant
Status: Not hooked

#: 068 Function Name: NtCreateNamedPipeFile
Status: Not hooked

#: 069 Function Name: NtCreatePrivateNamespace
Status: Not hooked

#: 070 Function Name: NtCreatePagingFile
Status: Not hooked

#: 071 Function Name: NtCreatePort
Status: Not hooked

#: 072 Function Name: NtCreateProcess
Status: Not hooked

#: 073 Function Name: NtCreateProcessEx
Status: Not hooked

#: 074 Function Name: NtCreateProfile
Status: Not hooked

#: 075 Function Name: NtCreateSection
Status: Not hooked

#: 076 Function Name: NtCreateSemaphore
Status: Not hooked

#: 077 Function Name: NtCreateSymbolicLinkObject
Status: Not hooked

#: 078 Function Name: NtCreateThread
Status: Not hooked

#: 079 Function Name: NtCreateTimer
Status: Not hooked

#: 080 Function Name: NtCreateToken
Status: Not hooked

#: 081 Function Name: NtCreateTransaction
Status: Not hooked

#: 082 Function Name: NtOpenTransaction
Status: Not hooked

#: 083 Function Name: NtQueryInformationTransaction
Status: Not hooked

#: 084 Function Name: NtQueryInformationTransactionManager
Status: Not hooked

#: 085 Function Name: NtPrePrepareEnlistment
Status: Not hooked

#: 086 Function Name: NtPrepareEnlistment
Status: Not hooked

#: 087 Function Name: NtCommitEnlistment
Status: Not hooked

#: 088 Function Name: NtReadOnlyEnlistment
Status: Not hooked

#: 089 Function Name: NtRollbackComplete
Status: Not hooked

#: 090 Function Name: NtRollbackEnlistment
Status: Not hooked

#: 091 Function Name: NtCommitTransaction
Status: Not hooked

#: 092 Function Name: NtRollbackTransaction
Status: Not hooked

#: 093 Function Name: NtPrePrepareComplete
Status: Not hooked

#: 094 Function Name: NtPrepareComplete
Status: Not hooked

#: 095 Function Name: NtCommitComplete
Status: Not hooked

#: 096 Function Name: NtSinglePhaseReject
Status: Not hooked

#: 097 Function Name: NtSetInformationTransaction
Status: Not hooked

#: 098 Function Name: NtSetInformationTransactionManager
Status: Not hooked

#: 099 Function Name: NtSetInformationResourceManager
Status: Not hooked

#: 100 Function Name: NtCreateTransactionManager
Status: Not hooked

#: 101 Function Name: NtOpenTransactionManager
Status: Not hooked

#: 102 Function Name: NtRenameTransactionManager
Status: Not hooked

#: 103 Function Name: NtRollforwardTransactionManager
Status: Not hooked

#: 104 Function Name: NtRecoverEnlistment
Status: Not hooked

#: 105 Function Name: NtRecoverResourceManager
Status: Not hooked

#: 106 Function Name: NtRecoverTransactionManager
Status: Not hooked

#: 107 Function Name: NtCreateResourceManager
Status: Not hooked

#: 108 Function Name: NtOpenResourceManager
Status: Not hooked

#: 109 Function Name: NtGetNotificationResourceManager
Status: Not hooked

#: 110 Function Name: NtQueryInformationResourceManager
Status: Not hooked

#: 111 Function Name: NtCreateEnlistment
Status: Not hooked

#: 112 Function Name: NtOpenEnlistment
Status: Not hooked

#: 113 Function Name: NtSetInformationEnlistment
Status: Not hooked

#: 114 Function Name: NtQueryInformationEnlistment
Status: Not hooked

#: 115 Function Name: NtCreateWaitablePort
Status: Not hooked

#: 116 Function Name: NtDebugActiveProcess
Status: Not hooked

#: 117 Function Name: NtDebugContinue
Status: Not hooked

#: 118 Function Name: NtDelayExecution
Status: Not hooked

#: 119 Function Name: NtDeleteAtom
Status: Not hooked

#: 120 Function Name: NtDeleteBootEntry
Status: Not hooked

#: 121 Function Name: NtDeleteDriverEntry
Status: Not hooked

#: 122 Function Name: NtDeleteFile
Status: Not hooked

#: 123 Function Name: NtDeleteKey
Status: Not hooked

#: 124 Function Name: NtDeletePrivateNamespace
Status: Not hooked

#: 125 Function Name: NtDeleteObjectAuditAlarm
Status: Not hooked

#: 126 Function Name: NtDeleteValueKey
Status: Not hooked

#: 127 Function Name: NtDeviceIoControlFile
Status: Not hooked

#: 128 Function Name: NtDisplayString
Status: Not hooked

#: 129 Function Name: NtDuplicateObject
Status: Not hooked

#: 130 Function Name: NtDuplicateToken
Status: Not hooked

#: 131 Function Name: NtEnumerateBootEntries
Status: Not hooked

#: 132 Function Name: NtEnumerateDriverEntries
Status: Not hooked

#: 133 Function Name: NtEnumerateKey
Status: Not hooked

#: 134 Function Name: NtEnumerateSystemEnvironmentValuesEx
Status: Not hooked

#: 135 Function Name: NtEnumerateTransactionObject
Status: Not hooked

#: 136 Function Name: NtEnumerateValueKey
Status: Not hooked

#: 137 Function Name: NtExtendSection
Status: Not hooked

#: 138 Function Name: NtFilterToken
Status: Not hooked

#: 139 Function Name: NtFindAtom
Status: Not hooked

#: 140 Function Name: NtFlushBuffersFile
Status: Not hooked

#: 141 Function Name: NtFlushInstructionCache
Status: Not hooked

#: 142 Function Name: NtFlushKey
Status: Not hooked

#: 143 Function Name: NtFlushProcessWriteBuffers
Status: Not hooked

#: 144 Function Name: NtFlushVirtualMemory
Status: Not hooked

#: 145 Function Name: NtFlushWriteBuffer
Status: Not hooked

#: 146 Function Name: NtFreeUserPhysicalPages
Status: Not hooked

#: 147 Function Name: NtFreeVirtualMemory
Status: Not hooked

#: 148 Function Name: NtFreezeRegistry
Status: Not hooked

#: 149 Function Name: NtFreezeTransactions
Status: Not hooked

#: 150 Function Name: NtFsControlFile
Status: Not hooked

#: 151 Function Name: NtGetContextThread
Status: Not hooked

#: 152 Function Name: NtGetDevicePowerState
Status: Not hooked

#: 153 Function Name: NtGetNlsSectionPtr
Status: Not hooked

#: 154 Function Name: NtGetPlugPlayEvent
Status: Not hooked

#: 155 Function Name: NtGetWriteWatch
Status: Not hooked

#: 156 Function Name: NtImpersonateAnonymousToken
Status: Not hooked

#: 157 Function Name: NtImpersonateClientOfPort
Status: Not hooked

#: 158 Function Name: NtImpersonateThread
Status: Not hooked

#: 159 Function Name: NtInitializeNlsFiles
Status: Not hooked

#: 160 Function Name: NtInitializeRegistry
Status: Not hooked

#: 161 Function Name: NtInitiatePowerAction
Status: Not hooked

#: 162 Function Name: NtIsProcessInJob
Status: Not hooked

#: 163 Function Name: NtIsSystemResumeAutomatic
Status: Not hooked

#: 164 Function Name: NtListenPort
Status: Not hooked

#: 165 Function Name: NtLoadDriver
Status: Not hooked

#: 166 Function Name: NtLoadKey
Status: Not hooked

#: 167 Function Name: NtLoadKey2
Status: Not hooked

#: 168 Function Name: NtLoadKeyEx
Status: Not hooked

#: 169 Function Name: NtLockFile
Status: Not hooked

#: 170 Function Name: NtLockProductActivationKeys
Status: Not hooked

#: 171 Function Name: NtLockRegistryKey
Status: Not hooked

#: 172 Function Name: NtLockVirtualMemory
Status: Not hooked

#: 173 Function Name: NtMakePermanentObject
Status: Not hooked

#: 174 Function Name: NtMakeTemporaryObject
Status: Not hooked

#: 175 Function Name: NtMapUserPhysicalPages
Status: Not hooked

#: 176 Function Name: NtMapUserPhysicalPagesScatter
Status: Not hooked

#: 177 Function Name: NtMapViewOfSection
Status: Not hooked

#: 178 Function Name: NtModifyBootEntry
Status: Not hooked

#: 179 Function Name: NtModifyDriverEntry
Status: Not hooked

#: 180 Function Name: NtNotifyChangeDirectoryFile
Status: Not hooked

#: 181 Function Name: NtNotifyChangeKey
Status: Not hooked

#: 182 Function Name: NtNotifyChangeMultipleKeys
Status: Not hooked

#: 183 Function Name: NtOpenDirectoryObject
Status: Not hooked

#: 184 Function Name: NtOpenEvent
Status: Not hooked

#: 185 Function Name: NtOpenEventPair
Status: Not hooked

#: 186 Function Name: NtOpenFile
Status: Not hooked

#: 187 Function Name: NtOpenIoCompletion
Status: Not hooked

#: 188 Function Name: NtOpenJobObject
Status: Not hooked

#: 189 Function Name: NtOpenKey
Status: Not hooked

#: 190 Function Name: NtOpenKeyTransacted
Status: Not hooked

#: 191 Function Name: NtOpenMutant
Status: Not hooked

#: 192 Function Name: NtOpenPrivateNamespace
Status: Not hooked

#: 193 Function Name: NtOpenObjectAuditAlarm
Status: Not hooked

#: 194 Function Name: NtOpenProcess
Status: Not hooked

#: 195 Function Name: NtOpenProcessToken
Status: Not hooked

#: 196 Function Name: NtOpenProcessTokenEx
Status: Not hooked

#: 197 Function Name: NtOpenSection
Status: Not hooked

#: 198 Function Name: NtOpenSemaphore
Status: Not hooked

#: 199 Function Name: NtOpenSession
Status: Not hooked

#: 200 Function Name: NtOpenSymbolicLinkObject
Status: Not hooked

#: 201 Function Name: NtOpenThread
Status: Not hooked

#: 202 Function Name: NtOpenThreadToken
Status: Not hooked

#: 203 Function Name: NtOpenThreadTokenEx
Status: Not hooked

#: 204 Function Name: NtOpenTimer
Status: Not hooked

#: 205 Function Name: NtPlugPlayControl
Status: Not hooked

#: 206 Function Name: NtPowerInformation
Status: Not hooked

#: 207 Function Name: NtPrivilegeCheck
Status: Not hooked

#: 208 Function Name: NtPrivilegeObjectAuditAlarm
Status: Not hooked

#: 209 Function Name: NtPrivilegedServiceAuditAlarm
Status: Not hooked

#: 210 Function Name: NtProtectVirtualMemory
Status: Not hooked

#: 211 Function Name: NtPulseEvent
Status: Not hooked

#: 212 Function Name: NtQueryAttributesFile
Status: Not hooked

#: 213 Function Name: NtQueryBootEntryOrder
Status: Not hooked

#: 214 Function Name: NtQueryBootOptions
Status: Not hooked

#: 215 Function Name: NtQueryDebugFilterState
Status: Not hooked

#: 216 Function Name: NtQueryDefaultLocale
Status: Not hooked

#: 217 Function Name: NtQueryDefaultUILanguage
Status: Not hooked

#: 218 Function Name: NtQueryDirectoryFile
Status: Not hooked

#: 219 Function Name: NtQueryDirectoryObject
Status: Not hooked

#: 220 Function Name: NtQueryDriverEntryOrder
Status: Not hooked

#: 221 Function Name: NtQueryEaFile
Status: Not hooked

#: 222 Function Name: NtQueryEvent
Status: Not hooked

#: 223 Function Name: NtQueryFullAttributesFile
Status: Not hooked

#: 224 Function Name: NtQueryInformationAtom
Status: Not hooked

#: 225 Function Name: NtQueryInformationFile
Status: Not hooked

#: 226 Function Name: NtQueryInformationJobObject
Status: Not hooked

#: 227 Function Name: NtQueryInformationPort
Status: Not hooked

#: 228 Function Name: NtQueryInformationProcess
Status: Not hooked

#: 229 Function Name: NtQueryInformationThread
Status: Not hooked

#: 230 Function Name: NtQueryInformationToken
Status: Not hooked

#: 231 Function Name: NtQueryInstallUILanguage
Status: Not hooked

#: 232 Function Name: NtQueryIntervalProfile
Status: Not hooked

#: 233 Function Name: NtQueryIoCompletion
Status: Not hooked

#: 234 Function Name: NtQueryKey
Status: Not hooked

#: 235 Function Name: NtQueryMultipleValueKey
Status: Not hooked

#: 236 Function Name: NtQueryMutant
Status: Not hooked

#: 237 Function Name: NtQueryObject
Status: Not hooked

#: 238 Function Name: NtQueryOpenSubKeys
Status: Not hooked

#: 239 Function Name: NtQueryOpenSubKeysEx
Status: Not hooked

#: 240 Function Name: NtQueryPerformanceCounter
Status: Not hooked

#: 241 Function Name: NtQueryQuotaInformationFile
Status: Not hooked

#: 242 Function Name: NtQuerySection
Status: Not hooked

#: 243 Function Name: NtQuerySecurityObject
Status: Not hooked

#: 244 Function Name: NtQuerySemaphore
Status: Not hooked

#: 245 Function Name: NtQuerySymbolicLinkObject
Status: Not hooked

#: 246 Function Name: NtQuerySystemEnvironmentValue
Status: Not hooked

#: 247 Function Name: NtQuerySystemEnvironmentValueEx
Status: Not hooked

#: 248 Function Name: NtQuerySystemInformation
Status: Not hooked

#: 249 Function Name: NtQuerySystemTime
Status: Not hooked

#: 250 Function Name: NtQueryTimer
Status: Not hooked

#: 251 Function Name: NtQueryTimerResolution
Status: Not hooked

#: 252 Function Name: NtQueryValueKey
Status: Not hooked

#: 253 Function Name: NtQueryVirtualMemory
Status: Not hooked

#: 254 Function Name: NtQueryVolumeInformationFile
Status: Not hooked

#: 255 Function Name: NtQueueApcThread
Status: Not hooked

#: 256 Function Name: NtRaiseException
Status: Not hooked

#: 257 Function Name: NtRaiseHardError
Status: Not hooked

#: 258 Function Name: NtReadFile
Status: Not hooked

#: 259 Function Name: NtReadFileScatter
Status: Not hooked

#: 260 Function Name: NtReadRequestData
Status: Not hooked

#: 261 Function Name: NtReadVirtualMemory
Status: Not hooked

#: 262 Function Name: NtRegisterThreadTerminatePort
Status: Not hooked

#: 263 Function Name: NtReleaseMutant
Status: Not hooked

#: 264 Function Name: NtReleaseSemaphore
Status: Not hooked

#: 265 Function Name: NtRemoveIoCompletion
Status: Not hooked

#: 266 Function Name: NtRemoveProcessDebug
Status: Not hooked

#: 267 Function Name: NtRenameKey
Status: Not hooked

#: 268 Function Name: NtReplaceKey
Status: Not hooked

#: 269 Function Name: NtReplacePartitionUnit
Status: Not hooked

#: 270 Function Name: NtReplyPort
Status: Not hooked

#: 271 Function Name: NtReplyWaitReceivePort
Status: Not hooked

#: 272 Function Name: NtReplyWaitReceivePortEx
Status: Not hooked

#: 273 Function Name: NtReplyWaitReplyPort
Status: Not hooked

#: 274 Function Name: NtRequestDeviceWakeup
Status: Not hooked

#: 275 Function Name: NtRequestPort
Status: Not hooked

#: 276 Function Name: NtRequestWaitReplyPort
Status: Not hooked

#: 277 Function Name: NtRequestWakeupLatency
Status: Not hooked

#: 278 Function Name: NtResetEvent
Status: Not hooked

#: 279 Function Name: NtResetWriteWatch
Status: Not hooked

#: 280 Function Name: NtRestoreKey
Status: Not hooked

#: 281 Function Name: NtResumeProcess
Status: Not hooked

#: 282 Function Name: NtResumeThread
Status: Not hooked

#: 283 Function Name: NtSaveKey
Status: Not hooked

#: 284 Function Name: NtSaveKeyEx
Status: Not hooked

#: 285 Function Name: NtSaveMergedKeys
Status: Not hooked

#: 286 Function Name: NtSecureConnectPort
Status: Not hooked

#: 287 Function Name: NtSetBootEntryOrder
Status: Not hooked

#: 288 Function Name: NtSetBootOptions
Status: Not hooked

#: 289 Function Name: NtSetContextThread
Status: Not hooked

#: 290 Function Name: NtSetDebugFilterState
Status: Not hooked

#: 291 Function Name: NtSetDefaultHardErrorPort
Status: Not hooked

#: 292 Function Name: NtSetDefaultLocale
Status: Not hooked

#: 293 Function Name: NtSetDefaultUILanguage
Status: Not hooked

#: 294 Function Name: NtSetDriverEntryOrder
Status: Not hooked

#: 295 Function Name: NtSetEaFile
Status: Not hooked

#: 296 Function Name: NtSetEvent
Status: Not hooked

#: 297 Function Name: NtSetEventBoostPriority
Status: Not hooked

#: 298 Function Name: NtSetHighEventPair
Status: Not hooked

#: 299 Function Name: NtSetHighWaitLowEventPair
Status: Not hooked

#: 300 Function Name: NtSetInformationDebugObject
Status: Not hooked

#: 301 Function Name: NtSetInformationFile
Status: Not hooked

#: 302 Function Name: NtSetInformationJobObject
Status: Not hooked

#: 303 Function Name: NtSetInformationKey
Status: Not hooked

#: 304 Function Name: NtSetInformationObject
Status: Not hooked

#: 305 Function Name: NtSetInformationProcess
Status: Not hooked

#: 306 Function Name: NtSetInformationThread
Status: Not hooked

#: 307 Function Name: NtSetInformationToken
Status: Not hooked

#: 308 Function Name: NtSetIntervalProfile
Status: Not hooked

#: 309 Function Name: NtSetIoCompletion
Status: Not hooked

#: 310 Function Name: NtSetLdtEntries
Status: Not hooked

#: 311 Function Name: NtSetLowEventPair
Status: Not hooked

#: 312 Function Name: NtSetLowWaitHighEventPair
Status: Not hooked

#: 313 Function Name: NtSetQuotaInformationFile
Status: Not hooked

#: 314 Function Name: NtSetSecurityObject
Status: Not hooked

#: 315 Function Name: NtSetSystemEnvironmentValue
Status: Not hooked

#: 316 Function Name: NtSetSystemEnvironmentValueEx
Status: Not hooked

#: 317 Function Name: NtSetSystemInformation
Status: Not hooked

#: 318 Function Name: NtSetSystemPowerState
Status: Not hooked

#: 319 Function Name: NtSetSystemTime
Status: Not hooked

#: 320 Function Name: NtSetThreadExecutionState
Status: Not hooked

#: 321 Function Name: NtSetTimer
Status: Not hooked

#: 322 Function Name: NtSetTimerResolution
Status: Not hooked

#: 323 Function Name: NtSetUuidSeed
Status: Not hooked

#: 324 Function Name: NtSetValueKey
Status: Not hooked

#: 325 Function Name: NtSetVolumeInformationFile
Status: Not hooked

#: 326 Function Name: NtShutdownSystem
Status: Not hooked

#: 327 Function Name: NtSignalAndWaitForSingleObject
Status: Not hooked

#: 328 Function Name: NtStartProfile
Status: Not hooked

#: 329 Function Name: NtStopProfile
Status: Not hooked

#: 330 Function Name: NtSuspendProcess
Status: Not hooked

#: 331 Function Name: NtSuspendThread
Status: Not hooked

#: 332 Function Name: NtSystemDebugControl
Status: Not hooked

#: 333 Function Name: NtTerminateJobObject
Status: Not hooked

#: 334 Function Name: NtTerminateProcess
Status: Not hooked

#: 335 Function Name: NtTerminateThread
Status: Not hooked

#: 336 Function Name: NtTestAlert
Status: Not hooked

#: 337 Function Name: NtThawRegistry
Status: Not hooked

#: 338 Function Name: NtThawTransactions
Status: Not hooked

#: 339 Function Name: NtTraceEvent
Status: Not hooked

#: 340 Function Name: NtTraceControl
Status: Not hooked

#: 341 Function Name: NtTranslateFilePath
Status: Not hooked

#: 342 Function Name: NtUnloadDriver
Status: Not hooked

#: 343 Function Name: NtUnloadKey
Status: Not hooked

#: 344 Function Name: NtUnloadKey2
Status: Not hooked

#: 345 Function Name: NtUnloadKeyEx
Status: Not hooked

#: 346 Function Name: NtUnlockFile
Status: Not hooked

#: 347 Function Name: NtUnlockVirtualMemory
Status: Not hooked

#: 348 Function Name: NtUnmapViewOfSection
Status: Not hooked

#: 349 Function Name: NtVdmControl
Status: Not hooked

#: 350 Function Name: NtWaitForDebugEvent
Status: Not hooked

#: 351 Function Name: NtWaitForMultipleObjects
Status: Not hooked

#: 352 Function Name: NtWaitForSingleObject
Status: Not hooked

#: 353 Function Name: NtWaitHighEventPair
Status: Not hooked

#: 354 Function Name: NtWaitLowEventPair
Status: Not hooked

#: 355 Function Name: NtWriteFile
Status: Not hooked

#: 356 Function Name: NtWriteFileGather
Status: Not hooked

#: 357 Function Name: NtWriteRequestData
Status: Not hooked

#: 358 Function Name: NtWriteVirtualMemory
Status: Not hooked

#: 359 Function Name: NtYieldExecution
Status: Not hooked

#: 360 Function Name: NtCreateKeyedEvent
Status: Not hooked

#: 361 Function Name: NtOpenKeyedEvent
Status: Not hooked

#: 362 Function Name: NtReleaseKeyedEvent
Status: Not hooked

#: 363 Function Name: NtWaitForKeyedEvent
Status: Not hooked

#: 364 Function Name: NtQueryPortInformationProcess
Status: Not hooked

#: 365 Function Name: NtGetCurrentProcessorNumber
Status: Not hooked

#: 366 Function Name: NtWaitForMultipleObjects32
Status: Not hooked

#: 367 Function Name: NtGetNextProcess
Status: Not hooked

#: 368 Function Name: NtGetNextThread
Status: Not hooked

#: 369 Function Name: NtCancelIoFileEx
Status: Not hooked

#: 370 Function Name: NtCancelSynchronousIoFile
Status: Not hooked

#: 371 Function Name: NtRemoveIoCompletionEx
Status: Not hooked

#: 372 Function Name: NtRegisterProtocolAddressInformation
Status: Not hooked

#: 373 Function Name: NtPropagationComplete
Status: Not hooked

#: 374 Function Name: NtPropagationFailed
Status: Not hooked

#: 375 Function Name: NtCreateWorkerFactory
Status: Not hooked

#: 376 Function Name: NtReleaseWorkerFactoryWorker
Status: Not hooked

#: 377 Function Name: NtWaitForWorkViaWorkerFactory
Status: Not hooked

#: 378 Function Name: NtSetInformationWorkerFactory
Status: Not hooked

#: 379 Function Name: NtQueryInformationWorkerFactory
Status: Not hooked

#: 380 Function Name: NtWorkerFactoryWorkerReady
Status: Not hooked

#: 381 Function Name: NtShutdownWorkerFactory
Status: Not hooked

#: 382 Function Name: NtCreateThreadEx
Status: Not hooked

#: 383 Function Name: NtCreateUserProcess
Status: Not hooked

#: 384 Function Name: NtQueryLicenseValue
Status: Not hooked

#: 385 Function Name: NtMapCMFModule
Status: Not hooked

#: 386 Function Name: NtIsUILanguageComitted
Status: Not hooked

#: 387 Function Name: NtFlushInstallUILanguage
Status: Not hooked

#: 388 Function Name: NtGetMUIRegistryInfo
Status: Not hooked

#: 389 Function Name: NtAcquireCMFViewOwnership
Status: Not hooked

#: 390 Function Name: NtReleaseCMFViewOwnership
Status: Not hooked


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/11 15:52
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\smss.exe
PID: 500 Status: -

Path: C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PID: 540 Status: -

Path: C:\Windows\System32\csrss.exe
PID: 576 Status: -

Path: C:\Windows\System32\wininit.exe
PID: 628 Status: -

Path: C:\Windows\System32\csrss.exe
PID: 640 Status: -

Path: C:\Windows\System32\winlogon.exe
PID: 692 Status: -

Path: C:\Windows\System32\services.exe
PID: 700 Status: -

Path: C:\Windows\System32\lsass.exe
PID: 748 Status: -

Path: C:\Windows\System32\lsm.exe
PID: 756 Status: -

Path: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 840 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 888 Status: -

Path: C:\Windows\System32\nvvsvc.exe
PID: 936 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 964 Status: -

Path: C:\Program Files\Wavexpress\TVTonic\TVTonicControlPanel.exe
PID: 1056 Status: -

Path: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PID: 1124 Status: -

Path: C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PID: 1132 Status: -

Path: C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
PID: 1144 Status: -

Path: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PID: 1176 Status: -

Path: C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
PID: 1192 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1212 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1300 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1328 Status: -

Path: C:\Windows\System32\audiodg.exe
PID: 1384 Status: Locked to the Windows API!

Path: C:\Program Files\iTunes\iTunesHelper.exe
PID: 1392 Status: -

Path: C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe
PID: 1408 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1412 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1416 Status: -

Path: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 1456 Status: -

Path: C:\Windows\System32\SLsvc.exe
PID: 1488 Status: -

Path: C:\Program Files\Zune\ZuneNss.exe
PID: 1524 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1536 Status: -

Path: C:\Windows\System32\rundll32.exe
PID: 1572 Status: -

Path: C:\Program Files\Stardock\MyColors\VistaSrv.exe
PID: 1616 Status: -

Path: C:\Program Files\Stardock\MyColors\WBVista.exe
PID: 1628 Status: -

Path: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
PID: 1644 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1696 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1772 Status: -

Path: C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PID: 1840 Status: -

Path: C:\Windows\System32\spoolsv.exe
PID: 1976 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 2000 Status: -

Path: C:\Program Files\Logitech\SetPoint\SetPoint.exe
PID: 2028 Status: -

Path: C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PID: 2076 Status: -

Path: C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PID: 2120 Status: -

Path: C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe
PID: 2132 Status: -

Path: C:\Program Files\Windows Sidebar\sidebar.exe
PID: 2224 Status: -

Path: C:\PROGRA~1\Iomega\System32\AppServices.exe
PID: 2252 Status: -

Path: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PID: 2308 Status: -

Path: C:\Users\Jinx Charkahn\Desktop\RootRepeal.exe
PID: 2332 Status: -

Path: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PID: 2356 Status: -

Path: C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PID: 2364 Status: -

Path: C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
PID: 2380 Status: -

Path: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
PID: 2396 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 2468 Status: -

Path: C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PID: 2552 Status: -

Path: C:\Program Files\Cyberlink\Shared files\RichVideo.exe
PID: 2596 Status: -

Path: C:\Windows\RtHDVCpl.exe
PID: 2724 Status: -

Path: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PID: 2832 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 2876 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 2936 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 3008 Status: -

Path: C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PID: 3080 Status: -

Path: C:\Windows\System32\SearchIndexer.exe
PID: 3112 Status: -

Path: C:\Windows\System32\drivers\XAudio.exe
PID: 3244 Status: -

Path: C:\Program Files\iPod\bin\iPodService.exe
PID: 3276 Status: -

Path: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PID: 3384 Status: -

Path: C:\Windows\System32\WUDFHost.exe
PID: 3636 Status: -

Path: C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PID: 3968 Status: -

Path: C:\Windows\System32\taskeng.exe
PID: 3988 Status: -

Path: C:\Program Files\Windows Media Player\wmpnetwk.exe
PID: 4040 Status: -

Path: C:\Program Files\MagicDisc\MagicDisc.exe
PID: 4120 Status: -

Path: C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PID: 4124 Status: -

Path: C:\hp\support\hpsysdrv.exe
PID: 4132 Status: -

Path: C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
PID: 4160 Status: -

Path: C:\Program Files\verizon\VSP\VerizonServicepoint.exe
PID: 4180 Status: -

Path: C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PID: 4244 Status: -

Path: C:\Windows\System32\wuauclt.exe
PID: 4276 Status: -

Path: C:\Windows\System32\rundll32.exe
PID: 4320 Status: -

Path: C:\Windows\System32\taskeng.exe
PID: 4424 Status: -

Path: C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
PID: 4476 Status: -

Path: C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
PID: 4532 Status: -

Path: C:\Windows\System32\wbem\unsecapp.exe
PID: 4616 Status: -

Path: C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
PID: 4760 Status: -

Path: C:\Program Files\Cyberlink\PCM4Everio\EverioService.exe
PID: 4888 Status: -

Path: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PID: 4908 Status: -

Path: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PID: 5008 Status: -

Path: C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
PID: 5028 Status: -

Path: C:\Program Files\Logitech\SetPoint\LBTWiz.exe
PID: 5048 Status: -

Path: C:\Windows\System32\dwm.exe
PID: 5084 Status: -

Path: C:\Windows\explorer.exe
PID: 5096 Status: -

Path: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PID: 5208 Status: -

Path: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 5224 Status: -

Path: C:\Windows\servicing\TrustedInstaller.exe
PID: 5288 Status: -

Path: C:\Windows\System32\taskeng.exe
PID: 5292 Status: -

Path: C:\Windows\ehome\ehtray.exe
PID: 5368 Status: -

Path: C:\Windows\System32\wbem\WmiPrvSE.exe
PID: 5388 Status: -

Path: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PID: 5472 Status: -

Path: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PID: 5536 Status: -

Path: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PID: 5664 Status: -

Path: C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PID: 5708 Status: -

Path: C:\Program Files\Zune\ZuneLauncher.exe
PID: 5712 Status: -

Path: C:\Windows\System32\wbem\WmiPrvSE.exe
PID: 5780 Status: -

Path: C:\Program Files\Search Settings\SearchSettings.exe
PID: 5816 Status: -

Path: C:\hp\KBD\kbd.exe
PID: 5916 Status: -

Path: C:\Windows\System32\SearchProtocolHost.exe
PID: 6004 Status: -

Path: C:\Windows\ehome\ehmsas.exe
PID: 6112 Status: -

Path: C:\Program Files\Windows Mail\WinMail.exe
PID: 6212 Status: -

Path: C:\Program Files\BitDefender\BitDefender 2010\uiscan.exe
PID: 6616 Status: -

Path: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PID: 7324 Status: -

Path: C:\Program Files\Windows Sidebar\sidebar.exe
PID: 7668 Status: -

Path: C:\Windows\System32\SearchFilterHost.exe
PID: 7980 Status: -

Path: C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PID: 8052 Status: -

Path: C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PID: 8108 Status: -



ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/11 15:50
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\Windows\system32\DRIVERS\1394BUS.SYS
Address: 0x8EADF000 Size: 57344 File Visible: - Signed: -
Status: -

Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x82A08000 Size: 286720 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x82434000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: adfs.SYS
Image Path: C:\Windows\System32\Drivers\adfs.SYS
Address: 0xA7456000 Size: 67840 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x9060D000 Size: 294912 File Visible: - Signed: -
Status: -

Name: amdk8.sys
Image Path: C:\Windows\system32\DRIVERS\amdk8.sys
Address: 0x8A9EE000 Size: 65536 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x82B20000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x82B28000 Size: 122880 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\Windows\System32\ATMFD.DLL
Address: 0x9C740000 Size: 311296 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS
Address: 0x82A98000 Size: 40960 File Visible: - Signed: -
Status: -

Name: bdfm.sys
Image Path: C:\Windows\system32\DRIVERS\bdfm.sys
Address: 0xABE3A000 Size: 145664 File Visible: - Signed: -
Status: -

Name: BdfNdisf6.sys
Image Path: C:\Windows\system32\DRIVERS\BdfNdisf6.sys
Address: 0x903D0000 Size: 122880 File Visible: - Signed: -
Status: -

Name: bdfsfltr.sys
Image Path: C:\Windows\system32\DRIVERS\bdfsfltr.sys
Address: 0x8300B000 Size: 279040 File Visible: - Signed: -
Status: -

Name: bdftdif.sys
Image Path: C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
Address: 0x8E9DC000 Size: 111872 File Visible: - Signed: -
Status: -

Name: BDHV.SYS
Image Path: C:\Windows\system32\DRIVERS\BDHV.SYS
Address: 0xABE5E000 Size: 102400 File Visible: - Signed: -
Status: -

Name: bdvedisk.sys
Image Path: C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys
Address: 0xA7467000 Size: 76032 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x90338000 Size: 28672 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x8061E000 Size: 32768 File Visible: - Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0xA675D000 Size: 102400 File Visible: - Signed: -
Status: -

Name: BthEnum.sys
Image Path: C:\Windows\system32\DRIVERS\BthEnum.sys
Address: 0x901D0000 Size: 40960 File Visible: - Signed: -
Status: -

Name: bthpan.sys
Image Path: C:\Windows\system32\DRIVERS\bthpan.sys
Address: 0x901DA000 Size: 106496 File Visible: - Signed: -
Status: -

Name: bthport.sys
Image Path: C:\Windows\System32\Drivers\bthport.sys
Address: 0x900C8000 Size: 524288 File Visible: - Signed: -
Status: -

Name: BTHUSB.sys
Image Path: C:\Windows\System32\Drivers\BTHUSB.sys
Address: 0x900BB000 Size: 53248 File Visible: - Signed: -
Status: -

Name: btusbflt.sys
Image Path: C:\Windows\system32\drivers\btusbflt.sys
Address: 0x900B2000 Size: 35584 File Visible: - Signed: -
Status: -

Name: btwaudio.sys
Image Path: C:\Windows\system32\drivers\btwaudio.sys
Address: 0x90289000 Size: 528384 File Visible: - Signed: -
Status: -

Name: btwavdt.sys
Image Path: C:\Windows\system32\drivers\btwavdt.sys
Address: 0x9020A000 Size: 471040 File Visible: - Signed: -
Status: -

Name: btwl2cap.sys
Image Path: C:\Windows\system32\DRIVERS\btwl2cap.sys
Address: 0x9030A000 Size: 45056 File Visible: - Signed: -
Status: -

Name: btwrchid.sys
Image Path: C:\Windows\system32\DRIVERS\btwrchid.sys
Address: 0x90315000 Size: 11648 File Visible: - Signed: -
Status: -

Name: c2scsi.sys
Image Path: C:\Windows\system32\DRIVERS\c2scsi.sys
Address: 0x8EB98000 Size: 247680 File Visible: - Signed: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x9C730000 Size: 57344 File Visible: - Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0xA75A1000 Size: 90112 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8EB7A000 Size: 98304 File Visible: - Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x80667000 Size: 917504 File Visible: - Signed: -
Status: -

Name: circlass.sys
Image Path: C:\Windows\system32\DRIVERS\circlass.sys
Address: 0x8EBD5000 Size: 57344 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x8A9A4000 Size: 135168 File Visible: - Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x80626000 Size: 266240 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: C:\Windows\system32\DRIVERS\compbatt.sys
Address: 0x82A95000 Size: 10496 File Visible: - Signed: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x90724000 Size: 53248 File Visible: - Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x8A9C5000 Size: 36864 File Visible: - Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x9070D000 Size: 94208 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x8A993000 Size: 69632 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x9006C000 Size: 151552 File Visible: - Signed: -
Status: -

Name: dump_diskdump.sys
Image Path: C:\Windows\System32\Drivers\dump_diskdump.sys
Address: 0x90731000 Size: 40960 File Visible: No Signed: -
Status: -

Name: dump_nvstor32.sys
Image Path: C:\Windows\System32\Drivers\dump_nvstor32.sys
Address: 0x9073B000 Size: 118784 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x90758000 Size: 40960 File Visible: - Signed: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8F72B000 Size: 651264 File Visible: - Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x8A964000 Size: 159744 File Visible: - Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x82BE3000 Size: 65536 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x82BB1000 Size: 204800 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x90328000 Size: 36864 File Visible: - Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x83332000 Size: 110592 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\Windows\System32\Drivers\GEARAspiWDM.sys
Address: 0x8EB92000 Size: 21120 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x82401000 Size: 208896 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8EAED000 Size: 577536 File Visible: - Signed: -
Status: -

Name: hidbth.sys
Image Path: C:\Windows\system32\DRIVERS\hidbth.sys
Address: 0x9027D000 Size: 49152 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x90151000 Size: 65536 File Visible: - Signed: -
Status: -

Name: hidir.sys
Image Path: C:\Windows\system32\DRIVERS\hidir.sys
Address: 0x901F4000 Size: 45056 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x90161000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0x90148000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HSX_CNXT.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_CNXT.sys
Address: 0x8EA0D000 Size: 741376 File Visible: - Signed: -
Status: -

Name: HSX_DP.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_DP.sys
Address: 0x8E87E000 Size: 1056768 File Visible: - Signed: -
Status: -

Name: HSXHWBS2.sys
Image Path: C:\Windows\system32\DRIVERS\HSXHWBS2.sys
Address: 0x8E808000 Size: 311296 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0xA66D5000 Size: 438272 File Visible: - Signed: -
Status: -

Name: iomdisk.sys
Image Path: C:\Windows\System32\DRIVERS\iomdisk.sys
Address: 0x8A98B000 Size: 30560 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8EFA4000 Size: 45056 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys
Address: 0x9019E000 Size: 36864 File Visible: - Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x80606000 Size: 28672 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x8E854000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x83073000 Size: 462848 File Visible: - Signed: -
Status: -

Name: LHidFilt.Sys
Image Path: C:\Windows\system32\DRIVERS\LHidFilt.Sys
Address: 0x90196000 Size: 28800 File Visible: - Signed: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0xA66B2000 Size: 65536 File Visible: - Signed: -
Status: -

Name: LMouFilt.Sys
Image Path: C:\Windows\system32\DRIVERS\LMouFilt.Sys
Address: 0x90320000 Size: 30720 File Visible: - Signed: -
Status: -

Name: lvusbsta.sys
Image Path: C:\Windows\system32\drivers\lvusbsta.sys
Address: 0x9017E000 Size: 45056 File Visible: - Signed: -
Status: -

Name: mcdbus.sys
Image Path: C:\Windows\system32\DRIVERS\mcdbus.sys
Address: 0x8EFBA000 Size: 116736 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\Windows\system32\DRIVERS\mdmxsdk.sys
Address: 0xA747A000 Size: 12672 File Visible: - Signed: -
Status: -

Name: modem.sys
Image Path: C:\Windows\system32\drivers\modem.sys
Address: 0x8EAC2000 Size: 53248 File Visible: - Signed: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x90762000 Size: 61440 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8EFAF000 Size: 45056 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0x90318000 Size: 32768 File Visible: - Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x82B10000 Size: 65536 File Visible: - Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0xA6776000 Size: 86016 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0xA678B000 Size: 135168 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0xA67AC000 Size: 126976 File Visible: - Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x90782000 Size: 233472 File Visible: - Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0xA67CB000 Size: 98304 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x9038F000 Size: 45056 File Visible: - Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x82A57000 Size: 32768 File Visible: - Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8EF0A000 Size: 192512 File Visible: - Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x807D0000 Size: 176128 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8EBE3000 Size: 40960 File Visible: - Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x8A955000 Size: 61440 File Visible: - Signed: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x830E4000 Size: 1093632 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8F000000 Size: 45056 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8EF39000 Size: 143360 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8E9B5000 Size: 69632 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x906A6000 Size: 57344 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x90655000 Size: 204800 File Visible: - Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x8320D000 Size: 241664 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x9039A000 Size: 57344 File Visible: - Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x90703000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x8A804000 Size: 1114112 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x82434000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x90331000 Size: 28672 File Visible: - Signed: -
Status: -

Name: nvlddmkm.sys
Image Path: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Address: 0x8F00C000 Size: 7465312 File Visible: - Signed: -
Status: -

Name: nvmfdx32.sys
Image Path: C:\Windows\system32\DRIVERS\nvmfdx32.sys
Address: 0x8EE07000 Size: 1058432 File Visible: - Signed: -
Status: -

Name: nvstor.sys
Image Path: C:\Windows\system32\DRIVERS\nvstor.sys
Address: 0x82B46000 Size: 53248 File Visible: - Signed: -
Status: -

Name: nvstor32.sys
Image Path: C:\Windows\system32\DRIVERS\nvstor32.sys
Address: 0x82B94000 Size: 118784 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: C:\Windows\system32\DRIVERS\ohci1394.sys
Address: 0x8EACF000 Size: 62208 File Visible: - Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x90690000 Size: 90112 File Visible: - Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x82A86000 Size: 61440 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x82A5F000 Size: 159744 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: C:\Windows\system32\drivers\pciide.sys
Address: 0x82AFB000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x82B02000 Size: 57344 File Visible: - Signed: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0xA747E000 Size: 909312 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x82434000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x9003F000 Size: 184320 File Visible: - Signed: -
Status: -

Name: profos.sys
Image Path: C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys
Address: 0xABE77000 Size: 14720 File Visible: - Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x8060D000 Size: 69632 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: C:\Windows\System32\Drivers\PxHelp20.sys
Address: 0x83050000 Size: 37376 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x903C7000 Size: 36864 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8F7E1000 Size: 94208 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8EF5C000 Size: 61440 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8EF6B000 Size: 81920 File Visible: - Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8EF7F000 Size: 86016 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x82434000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x906C7000 Size: 245760 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x9037F000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x90387000 Size: 32768 File Visible: - Signed: -
Status: -

Name: RDPWD.SYS
Image Path: C:\Windows\System32\Drivers\RDPWD.SYS
Address: 0xABE07000 Size: 208896 File Visible: - Signed: -
Status: -

Name: rfcomm.sys
Image Path: C:\Windows\system32\DRIVERS\rfcomm.sys
Address: 0x901A7000 Size: 167936 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xABE85000 Size: 49152 File Visible: No Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0xA66C2000 Size: 77824 File Visible: - Signed: -
Status: -

Name: RTKVHDA.sys
Image Path: C:\Windows\system32\drivers\RTKVHDA.sys
Address: 0x8FE08000 Size: 2319104 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\SCSIPORT.SYS
Address: 0x8EFD7000 Size: 155648 File Visible: - Signed: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0xA755C000 Size: 40960 File Visible: - Signed: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x833C1000 Size: 81920 File Visible: - Signed: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x8A94D000 Size: 32768 File Visible: - Signed: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0xA6602000 Size: 720896 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0xA740A000 Size: 311296 File Visible: - Signed: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0x907BB000 Size: 159744 File Visible: - Signed: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0xA6740000 Size: 118784 File Visible: - Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x82B53000 Size: 266240 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8F7F8000 Size: 4992 File Visible: - Signed: -
Status: -

Name: szkg.sys
Image Path: C:\Windows\system32\drivers\szkg.sys
Address: 0x90771000 Size: 33920 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x83248000 Size: 958464 File Visible: - Signed: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0xA7566000 Size: 49152 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8F7D6000 Size: 45056 File Visible: - Signed: -
Status: -

Name: tdtcp.sys
Image Path: C:\Windows\system32\drivers\tdtcp.sys
Address: 0xA75B7000 Size: 45056 File Visible: - Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x8E9C6000 Size: 90112 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8EF94000 Size: 65536 File Visible: - Signed: -
Status: -

Name: TPkd.sys
Image Path: C:\Windows\System32\Drivers\TPkd.sys
Address: 0x8305A000 Size: 102400 File Visible: - Signed: -
Status: -

Name: trufos.sys
Image Path: C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys
Address: 0xABE7B000 Size: 39808 File Visible: - Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x9C710000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tssecsrv.sys
Image Path: C:\Windows\System32\DRIVERS\tssecsrv.sys
Address: 0xA75C2000 Size: 49152 File Visible: - Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x8A9E5000 Size: 36864 File Visible: - Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8EBED000 Size: 53248 File Visible: - Signed: -
Status: -

Name: usbcir.sys
Image Path: C:\Windows\system32\DRIVERS\usbcir.sys
Address: 0x90168000 Size: 90112 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x9009B000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x833B2000 Size: 61440 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8E980000 Size: 217088 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\Windows\system32\DRIVERS\usbohci.sys
Address: 0x8336A000 Size: 40960 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x83374000 Size: 253952 File Visible: - Signed: -
Status: -

Name: usbprint.sys
Image Path: C:\Windows\system32\DRIVERS\usbprint.sys
Address: 0x90091000 Size: 40960 File Visible: - Signed: -
Status: -

Name: usbscan.sys
Image Path: C:\Windows\system32\DRIVERS\usbscan.sys
Address: 0x90189000 Size: 53248 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Address: 0x9009D000 Size: 86016 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x90352000 Size: 49152 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x9035E000 Size: 135168 File Visible: - Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x82AA2000 Size: 61440 File Visible: - Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x82AB1000 Size: 303104 File Visible: - Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x8A914000 Size: 233472 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x906B4000 Size: 77824 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8F7CA000 Size: 49152 File Visible: - Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x80747000 Size: 507904 File Visible: - Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x807C3000 Size: 53248 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x9C4F0000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x9C4F0000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\system32\drivers\WMILIB.SYS
Address: 0x82A4E000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x82434000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: ws2ifsl.sys
Image Path: C:\Windows\system32\drivers\ws2ifsl.sys
Address: 0x90687000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WUDFPf.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFPf.sys
Address: 0xA7587000 Size: 73728 File Visible: - Signed: -
Status: -

Name: WUDFRd.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFRd.sys
Address: 0xA7572000 Size: 83328 File Visible: - Signed: -
Status: -

Name: xaudio.sys
Image Path: C:\Windows\system32\DRIVERS\xaudio.sys
Address: 0xA7599000 Size: 32768 File Visible: - Signed: -
Status: -

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 AM

Posted 27 September 2009 - 07:25 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:25 AM

Posted 09 October 2009 - 03:03 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users