Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus impacting system


  • This topic is locked This topic is locked
2 replies to this topic

#1 jsingh009

jsingh009

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 26 October 2009 - 12:10 AM

Hi. I ran my normal virus scan from BitDefender and AVG, they both showed viruses in my system. After they ran the scan, they were able to delete all virus except two. BitDefender said it was unable to clean those viruses as there was no solution for those viruses yet. How do I clean these viruses?

Issue #2: After rebooting my laptop, I am getting error which says RUNDLL: Error loading cpcp: cpo. How should I solve this?

I am attaching the logs that was asked for.

Please help and thanks to all in advance.


DDS (Ver_09-10-26.01) - NTFSx86
Run by Jas at 3:22:57.67 on Mon 10/26/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.964 [GMT -7:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Jas\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\MsiExec.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070416
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070416
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
mWinlogon: Shell=Explorer.exe rundll32.exe cpcp.cpo bef0regiiav
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [58445026] c:\documents and settings\all users\application data\58445026\58445026.exe
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mi1933~1\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jas\applic~1\mozilla\firefox\profiles\qyzi2ewo.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-18 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-18 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-18 285392]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2010\bdvedisk.sys [2009-4-1 82696]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-9-17 152328]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-9-1 110856]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-9-13 183880]

=============== Created Last 30 ================

2009-10-26 03:25:25 121 ----a-w- c:\windows\bdagent.INI
2009-10-26 01:44:03 208744 ----a-w- c:\windows\system32\muweb.dll
2009-10-26 01:44:02 27496 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-10-26 01:44:02 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-10-26 01:07:56 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-10-26 01:07:56 16 ----a-w- c:\windows\system32\asdict.dat
2009-10-26 01:07:56 0 ----a-w- c:\windows\system32\ab_bl.sig
2009-10-26 00:53:27 0 d-----w- c:\docume~1\jas\applic~1\BitDefender
2009-10-26 00:53:06 0 d-----w- C:\Binaries
2009-10-26 00:52:12 0 d-----w- c:\program files\BitDefender
2009-10-26 00:52:12 0 d-----w- c:\docume~1\alluse~1\applic~1\BitDefender
2009-10-25 23:13:19 0 d-----w- c:\program files\common files\BitDefender
2009-10-25 01:20:48 0 d-----w- c:\docume~1\alluse~1\applic~1\58445026
2009-10-19 01:11:40 0 d-----w- c:\program files\Garmin
2009-10-18 16:02:40 0 d--h--w- C:\$AVG
2009-10-18 16:02:29 12464 ------w- c:\windows\system32\avgrsstx.dll
2009-10-18 16:02:28 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-18 16:02:21 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-18 16:02:15 0 d-----w- c:\windows\system32\drivers\Avg
2009-10-18 16:02:00 0 d-----w- c:\program files\AVG
2009-10-18 16:01:57 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-10-18 15:55:30 0 d-----w- c:\program files\DVDVideoSoft
2009-10-18 15:55:30 0 d-----w- c:\program files\common files\DVDVideoSoft
2009-10-13 23:59:22 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-10-11 00:39:34 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-11 00:39:34 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-11 00:38:40 0 d-----w- c:\program files\iPod
2009-10-11 00:38:37 0 d-----w- c:\program files\iTunes
2009-10-11 00:38:37 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-11 00:38:17 0 d-----w- c:\program files\Bonjour
2009-10-11 00:36:44 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-10-11 00:36:44 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-10-09 04:43:46 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-10-09 04:43:46 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-10-09 04:43:45 129520 ------w- c:\windows\system32\pxafs.dll
2009-10-06 04:07:33 0 d-----w- c:\documents and settings\jas\outlook express contact
2009-10-04 16:09:48 0 d-----w- c:\program files\Microsoft Office Outlook Connector
2009-10-04 16:09:19 0 d-----w- c:\program files\MSECache
2009-10-04 02:15:25 3248 ----a-w- c:\windows\system32\wbem\Outlook_01ca449888f1619e.mof
2009-10-04 01:48:48 0 d-----w- c:\docume~1\jas\applic~1\Malwarebytes
2009-10-04 01:48:46 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-04 01:48:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-04 01:48:43 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-04 01:48:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-04 01:46:58 0 d-----w- c:\program files\VideoLAN
2009-10-04 01:44:44 517 ----a-w- c:\windows\system32\SUGW2lmk.smt
2009-10-04 01:44:44 20622 ----a-w- c:\windows\system32\SUGW2LMK.DLL
2009-10-04 01:44:43 57344 ----a-w- c:\windows\system32\SUGW2CI.dll
2009-10-04 01:44:43 151552 ----a-w- c:\windows\system32\SUGW2CI.exe
2009-10-04 01:44:43 11502 ------w- c:\windows\Dr. Printer Icon.ico
2009-10-04 01:44:23 41984 ------w- c:\windows\system32\drivers\DGIVECP.SYS
2009-10-04 01:44:23 0 d-----w- c:\windows\system32\drivers\Samsung
2009-10-04 01:44:21 0 d-----w- c:\program files\Samsung
2009-10-04 01:44:12 0 d-----w- c:\temp\SCX-4x21
2009-10-04 01:44:12 0 d-----w- C:\Temp
2009-10-04 01:13:39 0 d-----w- c:\docume~1\jas\applic~1\BitTorrent
2009-10-04 01:12:00 0 d-----w- c:\program files\Ask.com
2009-10-04 01:11:54 0 d-----w- c:\program files\BitTorrent
2009-10-04 00:27:49 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-10-04 00:27:48 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-04 00:27:48 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-04 00:27:47 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-10-03 20:35:13 0 d-sh--w- c:\documents and settings\jas\IECompatCache
2009-10-03 17:59:56 0 d-sh--w- c:\documents and settings\jas\PrivacIE
2009-10-03 17:58:46 0 d-sh--w- c:\documents and settings\jas\IETldCache
2009-10-03 17:47:40 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-03 17:47:20 0 d-----w- c:\windows\ie8updates
2009-10-03 17:47:12 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-03 17:47:12 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-03 17:47:12 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-03 17:47:12 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-10-03 17:47:12 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-03 17:47:12 11067392 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-10-03 17:45:46 0 dc-h--w- c:\windows\ie8
2009-10-03 15:33:23 0 d-----w- c:\windows\system32\scripting
2009-10-03 15:33:22 0 d-----w- c:\windows\system32\en
2009-10-03 15:33:22 0 d-----w- c:\windows\system32\bits
2009-10-03 15:33:22 0 d-----w- c:\windows\l2schemas
2009-10-03 15:33:13 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-10-03 15:25:14 0 d-----w- c:\windows\network diagnostic
2009-10-03 15:24:19 0 d-----w- c:\windows\SHELLNEW
2009-10-03 15:20:28 0 d-----w- c:\windows\EHome
2009-10-01 04:41:53 0 d-sh--w- c:\documents and settings\jas\UserData
2009-09-30 13:50:39 4128 ----a-w- C:\INFCACHE.1
2009-09-30 12:09:02 276992 ------w- c:\windows\system32\wmphoto.dll
2009-09-30 12:09:00 69120 ------w- c:\windows\system32\wlanapi.dll
2009-09-30 11:43:47 0 d-----w- c:\windows\ServicePackFiles
2009-09-30 11:42:22 0 d-----w- c:\program files\MSXML 4.0
2009-09-29 13:22:35 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-09-29 13:22:35 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-09-29 13:10:47 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-09-29 13:10:39 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-09-29 13:10:30 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-09-29 13:10:05 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-09-29 13:09:40 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-09-29 13:08:54 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-09-29 13:01:10 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-09-29 13:00:40 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-09-29 12:58:31 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-09-29 12:58:30 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-09-29 12:58:30 1203922 ------w- c:\windows\system32\dllcache\sysmain.sdb
2009-09-29 12:57:51 0 d-----w- c:\windows\system32\PreInstall
2009-09-29 12:41:21 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-09-29 10:44:21 0 d-----w- c:\docume~1\jas\applic~1\McAfee.com Personal Firewall
2009-09-29 10:41:12 8192 ----a-w- c:\windows\REGLOCS.OLD
2009-09-29 10:41:02 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-09-29 10:40:56 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

==================== Find3M ====================

2009-10-26 03:11:58 152328 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-09-17 23:11:04 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\SET5B.tmp
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-01 22:24:36 110856 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2009-08-23 21:00:38 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-08-23 21:00:38 922112 ------w- c:\windows\system32\dllcache\imapi2fs.dll
2009-08-23 21:00:38 62592 ------w- c:\windows\system32\dllcache\cdrom.sys
2009-08-23 21:00:38 426496 ------w- c:\windows\system32\imapi2.dll
2009-08-23 21:00:38 426496 ------w- c:\windows\system32\dllcache\imapi2.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 09:01:48 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-05 03:44:46 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 15:13:08 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 14:20:09 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 14:20:08 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-29 04:37:01 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37:01 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2009-07-29 04:37:01 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37:01 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

============= FINISH: 3:27:18.75 ===============

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/26 03:30
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA8C27000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA604000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA7FCE000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Config.Msi
Status: Invisible to the Windows API!

Path: C:\WINDOWS\inf\A0008914.dll
Status: Locked to the Windows API!

Path: c:\windows\inf\oem25.inf
Status: Size mismatch (API: 24620, Raw: 24850)

Path: c:\windows\inf\oem25.pnf
Status: Size mismatch (API: 59684, Raw: 59948)

Path: C:\$AVG\$CHJW\8f80a01a-0d39-4611-9ee8-64544b413e59
Status: Visible to the Windows API, but not on disk.

Path: C:\$AVG\$CHJW\c288a6a9-7ba6-4291-9a7c-901b1877c73d
Status: Visible to the Windows API, but not on disk.

Path: c:\windows\installer\{90120000-0030-0000-0000-0000000ff1ce}\xlicons.exe
Status: Allocation size mismatch (API: 1179648, Raw: 1175552)

Path: c:\documents and settings\jas\application data\gtek\gtny\88d7456f-2d0e-40aa-bdbc-7bc292a1ff1a_confirm.cache
Status: Size mismatch (API: 193187, Raw: 192685)

Path: C:\Documents and Settings\Jas\Application Data\Mozilla\Firefox\Profiles\qyzi2ewo.default\sessionstore.js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Jas\Local Settings\Application Data\Mozilla\Firefox\Profiles\qyzi2ewo.default\Cache\1AD56785d01
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Jas\Local Settings\Application Data\Mozilla\Firefox\Profiles\qyzi2ewo.default\Cache\3FD8EF15d01
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Jas\Local Settings\Application Data\Mozilla\Firefox\Profiles\qyzi2ewo.default\Cache\5F0997A0d01
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Jas\Local Settings\Application Data\Mozilla\Firefox\Profiles\qyzi2ewo.default\Cache\618978F1d01
Status: Could not get file information (Error 0xc0000008)

SSDT
-------------------
#: 001 Function Name: NtAccessCheck
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805f0ae8

#: 002 Function Name: NtAccessCheckAndAuditAlarm
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805f431e

#: 003 Function Name: NtAccessCheckByType
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805f0b1a

#: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805f4358

#: 005 Function Name: NtAccessCheckByTypeResultList
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805f0b50

#: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805f439c

#: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805f43e0

#: 008 Function Name: NtAddAtom
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x806153cc

#: 009 Function Name: NtAddBootEntry
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8061610e

#: 010 Function Name: NtAdjustGroupsToken
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805ebee6

#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805ebb3e

#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805d4b46

#: 013 Function Name: NtAlertThread
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805d4af6

#: 014 Function Name: NtAllocateLocallyUniqueId
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x806159f2

#: 015 Function Name: NtAllocateUserPhysicalPages
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805b5f7e

#: 016 Function Name: NtAllocateUuids
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8061500e

#: 018 Function Name: NtAreMappedFilesTheSame
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805b0596

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805d660a

#: 021 Function Name: NtCancelDeviceWakeupRequest
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80616100

#: 024 Function Name: NtClearEvent
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8060e5dc

#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805bc4f8

#: 026 Function Name: NtCloseObjectAuditAlarm
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805f4858

#: 027 Function Name: NtCompactKeys
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80623380

#: 028 Function Name: NtCompareTokens
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805f8d68

#: 030 Function Name: NtCompressKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x806235d4

#: 033 Function Name: NtCreateDebugObject
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80641ea6

#: 034 Function Name: NtCreateDirectoryObject
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805be4a8

#: 035 Function Name: NtCreateEvent
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8060e62c

#: 036 Function Name: NtCreateEventPair
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80616984

#: 039 Function Name: NtCreateJobObject
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805d55ce

#: 040 Function Name: NtCreateJobSet
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805d5306

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x806237b0

#: 043 Function Name: NtCreateMutant
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80616d7c

#: 045 Function Name: NtCreatePagingFile
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805ab9d4

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805d11f8

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805d1142

#: 049 Function Name: NtCreateProfile
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8061719c

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805ab3ae

#: 051 Function Name: NtCreateSemaphore
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8061472c

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805c39c2

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805d0fe0

#: 054 Function Name: NtCreateTimer
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8061664c

#: 055 Function Name: NtCreateToken
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805f9110

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80642f82

#: 058 Function Name: NtDebugContinue
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x806430d2

#: 059 Function Name: NtDelayExecution
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80616050

#: 060 Function Name: NtDeleteAtom
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80615882

#: 061 Function Name: NtDeleteBootEntry
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80616100

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80623c40

#: 064 Function Name: NtDeleteObjectAuditAlarm
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805f4964

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80623e10

#: 067 Function Name: NtDisplayString
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x806126aa

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805bdfd0

#: 069 Function Name: NtDuplicateToken
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805ecd94

#: 070 Function Name: NtEnumerateBootEntries
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8061610e

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80623ff0

#: 072 Function Name: NtEnumerateSystemEnvironmentValuesEx
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x806160f2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8062425a

#: 074 Function Name: NtExtendSection
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805b3c9e

#: 075 Function Name: NtFilterToken
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805ecf40

#: 076 Function Name: NtFindAtom
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80615636

#: 078 Function Name: NtFlushInstructionCache
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805b6812

#: 079 Function Name: NtFlushKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x806244c4

#: 080 Function Name: NtFlushVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805ac6e8

#: 081 Function Name: NtFlushWriteBuffer
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805b67b4

#: 082 Function Name: NtFreeUserPhysicalPages
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805b6320

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805b2f7e

#: 085 Function Name: NtGetContextThread
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805d14f2

#: 086 Function Name: NtGetDevicePowerState
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805c864c

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805f8a5c

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805d77ca

#: 092 Function Name: NtInitializeRegistry
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80621906

#: 093 Function Name: NtInitiatePowerAction
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805c8432

#: 094 Function Name: NtIsProcessInJob
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805d51ca

#: 095 Function Name: NtIsSystemResumeAutomatic
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805c8638

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x806259ac

#: 099 Function Name: NtLoadKey2
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x806255b8

#: 101 Function Name: NtLockProductActivationKeys
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80612c9c

#: 102 Function Name: NtLockRegistryKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80623680

#: 103 Function Name: NtLockVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805b691a

#: 104 Function Name: NtMakePermanentObject
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805be29e

#: 105 Function Name: NtMakeTemporaryObject
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805bc59c

#: 106 Function Name: NtMapUserPhysicalPages
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805b53de

#: 107 Function Name: NtMapUserPhysicalPagesScatter
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805b592e

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805b2006

#: 109 Function Name: NtModifyBootEntry
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80616100

#: 111 Function Name: NtNotifyChangeKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80625976

#: 112 Function Name: NtNotifyChangeMultipleKeys
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x806245c6

#: 113 Function Name: NtOpenDirectoryObject
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805be57a

#: 114 Function Name: NtOpenEvent
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8060e72c

#: 115 Function Name: NtOpenEventPair
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80616a5c

#: 118 Function Name: NtOpenJobObject
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805d5754

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80624b82

#: 120 Function Name: NtOpenMutant
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80616e54

#: 121 Function Name: NtOpenObjectAuditAlarm
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805f4426

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa7ec6c90

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805ed72e

#: 124 Function Name: NtOpenProcessTokenEx
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805ed392

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805aa3d2

#: 126 Function Name: NtOpenSemaphore
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80614826

#: 127 Function Name: NtOpenSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805c3ba8

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa7ec6d7e

#: 129 Function Name: NtOpenThreadToken
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805ed74c

#: 130 Function Name: NtOpenThreadTokenEx
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805ed502

#: 131 Function Name: NtOpenTimer
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8061676e

#: 132 Function Name: NtPlugPlayControl
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80645174

#: 133 Function Name: NtPowerInformation
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805c94ba

#: 134 Function Name: NtPrivilegeCheck
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805f7b0e

#: 135 Function Name: NtPrivilegeObjectAuditAlarm
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805f3738

#: 136 Function Name: NtPrivilegedServiceAuditAlarm
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805f3924

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805b83e6

#: 138 Function Name: NtPulseEvent
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8060e7e4

#: 140 Function Name: NtQueryBootEntryOrder
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8061610e

#: 141 Function Name: NtQueryBootOptions
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8061610e

#: 143 Function Name: NtQueryDefaultLocale
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x806103d6

#: 144 Function Name: NtQueryDefaultUILanguage
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80611036

#: 146 Function Name: NtQueryDirectoryObject
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805be61a

#: 148 Function Name: NtQueryEvent
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8060e8ac

#: 150 Function Name: NtQueryInformationAtom
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x806158aa

#: 152 Function Name: NtQueryInformationJobObject
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805d5c26

#: 154 Function Name: NtQueryInformationProcess
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805ccf5c

#: 155 Function Name: NtQueryInformationThread
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805cbb8a

#: 156 Function Name: NtQueryInformationToken
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805ed82c

#: 157 Function Name: NtQueryInstallUILanguage
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x806107d4

#: 158 Function Name: NtQueryIntervalProfile
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8061761e

#: 160 Function Name: NtQueryKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80624ea8

#: 161 Function Name: NtQueryMultipleValueKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x806228fe

#: 162 Function Name: NtQueryMutant
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80616efc

#: 163 Function Name: NtQueryObject
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805c5294

#: 164 Function Name: NtQueryOpenSubKeys
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80622faa

#: 165 Function Name: NtQueryPerformanceCounter
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x806176ac

#: 167 Function Name: NtQuerySection
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805b85a8

#: 168 Function Name: NtQuerySecurityObject
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805c0062

#: 169 Function Name: NtQuerySemaphore
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x806148de

#: 170 Function Name: NtQuerySymbolicLinkObject
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805c3c48

#: 171 Function Name: NtQuerySystemEnvironmentValue
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8061612a

#: 172 Function Name: NtQuerySystemEnvironmentValueEx
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x806160e4

#: 173 Function Name: NtQuerySystemInformation
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x806110b6

#: 174 Function Name: NtQuerySystemTime
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80612876

#: 175 Function Name: NtQueryTimer
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80616826

#: 176 Function Name: NtQueryTimerResolution
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80612908

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x806219e8

#: 178 Function Name: NtQueryVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805b8c36

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805d123e

#: 182 Function Name: NtRaiseHardError
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80614550

#: 186 Function Name: NtReadVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805b428a

#: 187 Function Name: NtRegisterThreadTerminatePort
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805d2760

#: 188 Function Name: NtReleaseMutant
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80617034

#: 189 Function Name: NtReleaseSemaphore
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80614a0e

#: 191 Function Name: NtRemoveProcessDebug
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80643052

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x806231d2

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8062585c

#: 198 Function Name: NtRequestDeviceWakeup
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805c85ca

#: 201 Function Name: NtRequestWakeupLatency
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805c83d8

#: 202 Function Name: NtResetEvent
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8060e9be

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80625168

#: 205 Function Name: NtResumeProcess
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805d4aa0

#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805d4982

#: 207 Function Name: NtSaveKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80625264

#: 208 Function Name: NtSaveKeyEx
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8062534a

#: 209 Function Name: NtSaveMergedKeys
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80625472

#: 211 Function Name: NtSetBootEntryOrder
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8061610e

#: 212 Function Name: NtSetBootOptions
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8061610e

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805d1702

#: 214 Function Name: NtSetDebugFilterState
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80645d0a

#: 215 Function Name: NtSetDefaultHardErrorPort
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x806143fa

#: 216 Function Name: NtSetDefaultLocale
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80610526

#: 217 Function Name: NtSetDefaultUILanguage
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80610d98

#: 219 Function Name: NtSetEvent
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8060ea7e

#: 220 Function Name: NtSetEventBoostPriority
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8060eb48

#: 221 Function Name: NtSetHighEventPair
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80616d18

#: 222 Function Name: NtSetHighWaitLowEventPair
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80616c48

#: 223 Function Name: NtSetInformationDebugObject
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80642a1c

#: 225 Function Name: NtSetInformationJobObject
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805d6934

#: 226 Function Name: NtSetInformationKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x806224ca

#: 227 Function Name: NtSetInformationObject
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805c480a

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805cde52

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805cc0d6

#: 230 Function Name: NtSetInformationToken
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805f9e8a

#: 231 Function Name: NtSetIntervalProfile
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80617180

#: 233 Function Name: NtSetLdtEntries
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805d38cc

#: 234 Function Name: NtSetLowEventPair
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80616cb4

#: 235 Function Name: NtSetLowWaitHighEventPair
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80616bdc

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805c05f6

#: 238 Function Name: NtSetSystemEnvironmentValue
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x806163ae

#: 239 Function Name: NtSetSystemEnvironmentValueEx
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x806160e4

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8060f3e4

#: 242 Function Name: NtSetSystemTime
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80613b7e

#: 243 Function Name: NtSetThreadExecutionState
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805c82ec

#: 245 Function Name: NtSetTimerResolution
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80613050

#: 246 Function Name: NtSetUuidSeed
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80614ec4

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80621d36

#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8061266e

#: 251 Function Name: NtStartProfile
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x806173ca

#: 252 Function Name: NtStopProfile
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80617574

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805d4a4a

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805d48bc

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80617798

#: 256 Function Name: NtTerminateJobObject
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805d74c8

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa7ec6bf4

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa7ec6ec4

#: 259 Function Name: NtTestAlert
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805d4c0a

#: 261 Function Name: NtTranslateFilePath
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8061611c

#: 263 Function Name: NtUnloadKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80622060

#: 264 Function Name: NtUnloadKeyEx
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x8062227a

#: 266 Function Name: NtUnlockVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805b6ea8

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805b2e14

#: 268 Function Name: NtVdmControl
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805fb242

#: 269 Function Name: NtWaitForDebugEvent
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80642784

#: 270 Function Name: NtWaitForMultipleObjects
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805c07ac

#: 271 Function Name: NtWaitForSingleObject
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805c06c2

#: 272 Function Name: NtWaitHighEventPair
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80616b78

#: 273 Function Name: NtWaitLowEventPair
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80616b14

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805b4394

#: 279 Function Name: NtCreateKeyedEvent
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80617bf0

#: 280 Function Name: NtOpenKeyedEvent
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80617cda

#: 281 Function Name: NtReleaseKeyedEvent
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80617d8c

#: 282 Function Name: NtWaitForKeyedEvent
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x80617fe8

#: 283 Function Name: NtQueryPortInformationProcess
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x805cb90a

==EOF==

Attached Files


Edited by jsingh009, 26 October 2009 - 05:49 AM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:55 AM

Posted 01 November 2009 - 05:34 PM

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:55 AM

Posted 05 November 2009 - 07:49 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users