Title was: i don't have CMD in my system, i dont know what to do ~ OBhi,
so i was told that i don't have CMD in m system and i was told that my computer is infected so i am asking for your help.
thank you in advance..
dds.txt
DDS (Ver_09-10-13.01) - NTFSx86
Run by abet at 22:17:27.89 on Tue 10/13/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1406.564 [GMT 8:00]
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
============== Running Processes ===============
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\Program Files\Tall Emu\Online Armor\OAcat.exe
D:\Program Files\Tall Emu\Online Armor\oasrv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
D:\Program Files\IObit\IObit Security 360\IS360srv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\WINDOWS\system32\VTTimer.exe
D:\WINDOWS\system32\S3trayp.exe
D:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
D:\Program Files\IObit\IObit Security 360\IS360tray.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Tall Emu\Online Armor\OAui.exe
D:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Tall Emu\Online Armor\OAhlp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Windows Desktop Search\WindowsSearch.exe
D:\Program Files\IObit\IObit Security 360\is360.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\msiexec.exe
D:\WINDOWS\system32\SearchProtocolHost.exe
D:\Documents and Settings\abet\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://aa.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://ph.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.tallemu.com/webhelp
uSearchURL,(Default) = hxxp://aa.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ph.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - d:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - d:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [SUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Messenger (Yahoo!)] "d:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] d:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [SpybotSD TeaTimer] d:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [VTTimer] VTTimer.exe
mRun: [S3Trayp] S3trayp.exe
mRun: [HDAudDeck] d:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [IObit Security 360] d:\program files\iobit\iobit security 360\IS360tray.exe
mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [@OnlineArmor GUI] "d:\program files\tall emu\online armor\OAui.exe"
mRun: [YSearchProtection] "d:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Windows Defender] "d:\program files\windows defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - d:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com \*.windowsupdate
Trusted Zone: windowsupdate.com
Trusted Zone: yahoo.com
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255146281640
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - d:\progra~1\tallem~1\online~1\oaevent.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - d:\progra~1\window~4\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - d:\program files\windows desktop search\MSNLNamespaceMgr.dll
================= FIREFOX ===================
FF - ProfilePath - d:\docume~1\abet\applic~1\mozilla\firefox\profiles\ntbr8vxl.default\
FF - prefs.js: browser.startup.homepage - hxxp://ph.yahoo.com/s/1000717
FF - plugin: d:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: d:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 ViBus;ViBus;d:\windows\system32\drivers\ViBus.sys [2009-10-9 16896]
R0 ViPrt;VIA SATA IDE Device Driver;d:\windows\system32\drivers\ViPrt.sys [2009-10-9 52224]
R1 OADevice;OADriver;d:\windows\system32\drivers\OADriver.sys [2009-10-9 200784]
R1 OAmon;OAmon;d:\windows\system32\drivers\OAmon.sys [2009-10-9 24656]
R1 OAnet;OAnet;d:\windows\system32\drivers\OAnet.sys [2009-10-9 29776]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\avira\antivir desktop\sched.exe [2009-10-9 108289]
R2 IS360service;IS360service;d:\program files\iobit\iobit security 360\is360srv.exe [2009-10-9 309008]
R2 OAcat;Online Armor Helper Service;d:\program files\tall emu\online armor\oacat.exe [2009-10-9 1244360]
R2 SvcOnlineArmor;Online Armor;d:\program files\tall emu\online armor\oasrv.exe [2009-10-9 3184328]
R2 YahooAUService;Yahoo! Updater;d:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-10 602392]
R3 S3GIGP;S3GIGP;d:\windows\system32\drivers\S3gIGPm.sys [2009-10-9 714240]
R3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2009-10-13 133104]
=============== Created Last 30 ================
2009-10-13 21:52 <DIR> --d----- d:\program files\Trend Micro
2009-10-13 09:39 <DIR> --d----- d:\docume~1\abet\applic~1\Auslogics
2009-10-13 09:38 <DIR> --d----- d:\program files\Auslogics
2009-10-10 23:42 411,368 a------- d:\windows\system32\deploytk.dll
2009-10-10 23:42 73,728 a------- d:\windows\system32\javacpl.cpl
2009-10-10 19:11 268,648 a------- d:\windows\system32\mucltui.dll
2009-10-10 19:11 27,496 a------- d:\windows\system32\mucltui.dll.mui
2009-10-10 17:29 2,265 a------- D:\Skype.lnk
2009-10-10 16:33 <DIR> --d----- d:\docume~1\abet\applic~1\Windows Search
2009-10-10 11:50 <DIR> --d----- d:\program files\CONEXANT
2009-10-10 11:46 1,089,593 -c------ d:\windows\system32\dllcache\ntprint.cat
2009-10-10 11:30 <DIR> --d----- d:\windows\system32\XPSViewer
2009-10-10 11:29 1,676,288 -c------ d:\windows\system32\dllcache\xpssvcs.dll
2009-10-10 11:29 597,504 -c------ d:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-10 11:29 575,488 -c------ d:\windows\system32\dllcache\xpsshhdr.dll
2009-10-10 11:29 89,088 -c------ d:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-10 11:29 <DIR> --d----- D:\e025f46f8633f754ea
2009-10-10 11:29 1,676,288 -------- d:\windows\system32\xpssvcs.dll
2009-10-10 11:29 575,488 -------- d:\windows\system32\xpsshhdr.dll
2009-10-10 11:29 117,760 -------- d:\windows\system32\prntvpt.dll
2009-10-10 10:31 <DIR> --d----- d:\docume~1\abet\applic~1\Windows Desktop Search
2009-10-10 10:31 <DIR> --d----- d:\windows\system32\GroupPolicy
2009-10-10 10:31 <DIR> --d----- d:\program files\Windows Desktop Search
2009-10-10 10:30 192,000 -c------ d:\windows\system32\dllcache\offfilt.dll
2009-10-10 10:30 98,304 -c------ d:\windows\system32\dllcache\nlhtml.dll
2009-10-10 10:30 29,696 -c------ d:\windows\system32\dllcache\mimefilt.dll
2009-10-10 10:29 <DIR> --d----- d:\windows\system32\URTTemp
2009-10-10 09:29 <DIR> --dsh--- d:\documents and settings\abet\IECompatCache
2009-10-10 09:29 <DIR> --dsh--- d:\documents and settings\abet\PrivacIE
2009-10-10 09:27 <DIR> --dsh--- d:\documents and settings\abet\IETldCache
2009-10-10 09:00 100,352 -c------ d:\windows\system32\dllcache\iecompat.dll
2009-10-10 08:59 <DIR> --d----- d:\windows\ie8updates
2009-10-10 08:59 12,800 -c------ d:\windows\system32\dllcache\xpshims.dll
2009-10-10 08:59 11,067,392 -c------ d:\windows\system32\dllcache\ieframe.dll
2009-10-10 08:59 1,985,536 -c------ d:\windows\system32\dllcache\iertutil.dll
2009-10-10 08:59 594,432 -c------ d:\windows\system32\dllcache\msfeeds.dll
2009-10-10 08:59 246,272 -c------ d:\windows\system32\dllcache\ieproxy.dll
2009-10-10 08:59 55,296 -c------ d:\windows\system32\dllcache\msfeedsbs.dll
2009-10-10 08:59 <DIR> -cd-h--- d:\windows\ie8
2009-10-10 08:41 195,440 -------- d:\windows\system32\MpSigStub.exe
2009-10-10 06:00 <DIR> --d----- d:\program files\common files\ODBC
2009-10-10 06:00 <DIR> --d----- d:\program files\common files\SpeechEngines
2009-10-10 05:59 66,082 ac------ d:\windows\system32\dllcache\c_28595.nls
2009-10-10 05:59 <DIR> --d--r-- d:\documents and settings\all users\Documents
2009-10-10 05:58 261 a------- d:\windows\system32\$winnt$.inf
2009-10-09 23:51 <DIR> --d--r-- d:\program files\Skype
2009-10-09 23:50 <DIR> --d----- d:\program files\Yahoo!
2009-10-09 23:33 <DIR> --dsh--- d:\documents and settings\abet\UserData
2009-10-09 23:05 <DIR> --d----- d:\docume~1\alluse~1\applic~1\OnlineArmor
2009-10-09 23:05 <DIR> --d----- d:\docume~1\abet\applic~1\OnlineArmor
2009-10-09 22:52 <DIR> --d----- d:\program files\Spybot - Search & Destroy
2009-10-09 22:52 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-09 22:34 <DIR> --d----- d:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-09 22:34 <DIR> --d----- d:\program files\SUPERAntiSpyware
2009-10-09 22:34 <DIR> --d----- d:\docume~1\abet\applic~1\SUPERAntiSpyware.com
2009-10-09 22:34 <DIR> --d----- d:\program files\common files\Wise Installation Wizard
2009-10-09 22:32 <DIR> --d----- d:\program files\SpywareBlaster
2009-10-09 22:28 <DIR> --d----- d:\docume~1\abet\applic~1\Malwarebytes
2009-10-09 22:28 <DIR> --d----- d:\program files\Malwarebytes' Anti-Malware
2009-10-09 22:28 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-09 22:25 <DIR> --d----- d:\program files\Tall Emu
2009-10-09 22:22 <DIR> --d----- d:\program files\Avira
2009-10-09 22:22 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Avira
2009-10-09 22:21 <DIR> --d----- d:\docume~1\alluse~1\applic~1\IObit
2009-10-09 22:21 <DIR> --d----- d:\program files\IObit
2009-10-09 22:14 <DIR> --d----- d:\program files\S3
2009-10-09 22:11 <DIR> --d----- d:\program files\VIA
2009-10-09 22:04 <DIR> --dsh--- d:\documents and settings\all users\DRM
2009-10-09 22:03 <DIR> --d-h--- d:\program files\WindowsUpdate
2009-10-09 22:03 <DIR> --d----- d:\program files\common files\MSSoap
2009-10-09 22:02 <DIR> --d----- d:\program files\Online Services
2009-10-09 22:02 <DIR> --d----- d:\program files\Messenger
2009-10-09 22:02 <DIR> --d----- d:\program files\MSN Gaming Zone
2009-10-09 22:01 <DIR> --d----- d:\program files\Windows NT
==================== Find3M ====================
2009-10-10 00:16 76,487 a------- d:\windows\pchealth\helpctr\offlinecache\index.dat
2009-10-09 22:02 21,640 a------- d:\windows\system32\emptyregdb.dat
2009-09-17 22:44 24,656 a------- d:\windows\system32\drivers\OAmon.sys
2009-09-17 22:44 29,776 a------- d:\windows\system32\drivers\OAnet.sys
2009-09-17 22:44 200,784 a------- d:\windows\system32\drivers\OADriver.sys
2009-09-10 14:54 38,224 a------- d:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- d:\windows\system32\drivers\mbam.sys
2009-08-05 17:01 204,800 a------- d:\windows\system32\mswebdvd.dll
2009-07-29 12:37 119,808 a------- d:\windows\system32\t2embed.dll
2009-07-29 12:37 81,920 a------- d:\windows\system32\fontsub.dll
2009-07-18 03:01 58,880 a------- d:\windows\system32\atl.dll
============= FINISH: 22:19:00.93 ===============
here's my root repeal log
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/13 22:22
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_ViPrt.sys
Image Path: D:\WINDOWS\System32\Drivers\dump_ViPrt.sys
Address: 0xB9D44000 Size: 65536 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: D:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF76D7000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: D:\Program Files\Mozilla Firefox\settings.dat
Status: Visible to the Windows API, but not on disk.
Path: D:\Documents and Settings\abet\Local Settings\Temp\MSNL\PVC3954828.mhtml
Status: Visible to the Windows API, but not on disk.
Path: d:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\systemindex.ntfy5.gthr
Status: Size mismatch (API: 707552, Raw: 706566)
Path: D:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.ci
Status: Visible to the Windows API, but not on disk.
Path: D:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.dir
Status: Visible to the Windows API, but not on disk.
Path: D:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid
Status: Visible to the Windows API, but not on disk.
Path: D:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.ci
Status: Visible to the Windows API, but not on disk.
Path: D:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.dir
Status: Visible to the Windows API, but not on disk.
Path: D:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid
Status: Visible to the Windows API, but not on disk.
SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84bae60
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84bb5c0
#: 031 Function Name: NtConnectPort
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b9610
#: 037 Function Name: NtCreateFile
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84c80d0
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xb83f81de
#: 046 Function Name: NtCreatePort
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b92c0
#: 047 Function Name: NtCreateProcess
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b6580
#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b6960
#: 050 Function Name: NtCreateSection
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b6060
#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xb83f81d4
#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b85a0
#: 062 Function Name: NtDeleteFile
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84c8b50
#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xb83f81e3
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xb83f81ed
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b8fe0
#: 071 Function Name: NtEnumerateKey
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84c8070
#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84c80a0
#: 097 Function Name: NtLoadDriver
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84ba5d0
#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xb83f81f2
#: 116 Function Name: NtOpenFile
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84c8760
#: 119 Function Name: NtOpenKey
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84c6c20
#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xb83f81c0
#: 125 Function Name: NtOpenSection
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b6300
#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xb83f81c5
#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84bb250
#: 145 Function Name: NtQueryDirectoryFile
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84baa10
#: 160 Function Name: NtQueryKey
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84c8010
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84c8040
#: 180 Function Name: NtQueueApcThread
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84bb740
#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xb83f81fc
#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84ba180
#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xb83f81f7
#: 206 Function Name: NtResumeThread
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b8c90
#: 207 Function Name: NtSaveKey
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84c7ff0
#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b99d0
#: 213 Function Name: NtSetContextThread
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b83c0
#: 224 Function Name: NtSetInformationFile
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84c8e10
#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b8720
#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xb83f81e8
#: 249 Function Name: NtShutdownSystem
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84ba4d0
#: 253 Function Name: NtSuspendProcess
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b8e40
#: 254 Function Name: NtSuspendThread
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b8ac0
#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b8900
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xb85190b0
#: 258 Function Name: NtTerminateThread
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b81a0
#: 262 Function Name: NtUnloadDriver
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84ba7f0
#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84bb400
Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b48b0
#: 233 Function Name: NtGdiOpenDCW
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b4be0
#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b1d50
#: 310 Function Name: NtUserBlockInput
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b37d0
#: 319 Function Name: NtUserCallHwndParamLock
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b3350
#: 324 Function Name: NtUserCallTwoParam
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b41c0
#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b2770
#: 389 Function Name: NtUserGetClipboardData
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b3a80
#: 401 Function Name: NtUserGetDC
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b4590
#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b2640
#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b2510
#: 439 Function Name: NtUserGetWindowDC
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b4720
#: 460 Function Name: NtUserMessageCall
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b28a0
#: 465 Function Name: NtUserMoveWindow
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b3da0
#: 475 Function Name: NtUserPostMessage
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b2ca0
#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b3000
#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b1bf0
#: 502 Function Name: NtUserSendInput
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b35a0
#: 509 Function Name: NtUserSetClipboardViewer
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b3940
#: 529 Function Name: NtUserSetParent
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b3bd0
#: 546 Function Name: NtUserSetWindowPos
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b4090
#: 548 Function Name: NtUserSetWindowsHookAW
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b1740
#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b1360
#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b19a0
#: 555 Function Name: NtUserShowWindow
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b3fc0
==EOF==
Edited by Orange Blossom, 24 October 2009 - 01:50 PM.
Merged topics. ~ OB