Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus adware popups and privileges problem


  • This topic is locked This topic is locked
22 replies to this topic

#1 omghelpme

omghelpme

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 06 November 2009 - 06:20 PM

Referred from this topic: http://www.bleepingcomputer.com/forums/t/269634/unknown-virusmalware-has-messed-up-computer-privileges-and-such/ ~ OB

Hi, I have recently got some sort of virus or malware from surfing a video streaming website (I think...).
since then:

- I did get the blue screen, but one of the anti virus programs must have fixed that error.

- i havnt been able to run various programs, such as windows "disk cleanup". That seems to just disappear when i try to scan the C: drive but if I scan the E: drive it runs fine.

- Other programs, mainly anti virus software seem to just crash when scanning or fixing problems. Some work some don't. but the thing is, obviouslly none of them work otherwise i wouldnt still have this problem dry.gif .

- A few windows updates wont fully install, such as a security update and windows live update. (They successfully install but on reboot they appear ready for installation again???)

- svchost.exe could be a problem, many virus scanners have found it but never fixed. and svchost fix wizard found something wrong with "invalid data 2 at value start of the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" and "system DLLs re-registration is pending". These were the erros it found but i cannot fix because it COSTS MONEY!

- when browsing internet, i get alot of random pop ups!

- now my sound doesnt work on the internet. like when im listening to on-line music or you tube videos.

BASICALLY! Nothing works, i would tell you everything I have done since this happened, but I couldnt possibly do that because i have done so much. I have been browsing these forums and alot of other forums for the answers, but I still have the same issues!!
But yeah I have tried alot of anti virus programs, AVG, kaspersky, malwarebytes etc... you name it i have probably tried it!
Although there are a few programs I have yet to use such as: combofix

a main error I get is when i install a program, use it, and then when i try to re-use it i get a similar message to: "cannot find file, path... inavlid privileges" (something like that anyway) and then the program would have to be reinstalled to try and use it again.

I'm not sure if this a virus or what???? Help please!!!

Oh and its that bad that i cant even use hijackthis, because every time i do it crashes then i cant open the program and get this error: "Windows cannot access the specified device, path, or file. You may not have the apporpriate permissions to access the item." AND I AM AN ADMINISTRATOR as i am the only one on this computer! also i wasnt able to use the rootrepeal.exe, that also crashed when scanning.

although i did manage to get the DDS working, here it is (with attached file too):
-----------------------------------------------------------------



DDS (Ver_09-10-26.01) - NTFSx86
Run by owner at 23:01:20.21 on 06/11/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_04
Microsoft® Windows Vistaāā€˛¢ Home Premium 6.0.6002.2.1252.44.1033.18.2047.1184 [GMT 0:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Sunbelt CounterSpy *enabled* (Updated) {9817B764-AE4E-4B29-AEE7-725B7A50BD48}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\drivers\CDAC11BA.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\CTsvcCDA.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\lxbkcoms.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\msiexec.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Users\owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

ustart page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoThemesTab = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoColorChoice = 0 (0x0)
mPolicies-system: NoSizeChoice = 0 (0x0)
mPolicies-system: NoVisualStyleChoice = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
{8053af4f-f35d-4ec6-a411-039efb515cd8}
{eba0f461-d69f-4be7-9f08-467e81ef96f3}
LSA: Authentication Packages = msv1_0 c:\windows\system32\byXQJBTM

================= FIREFOX ===================

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\u3z6rx53.default\
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\u3z6rx53.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\u3z6rx53.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-10-26 30280]
R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2009-10-26 51656]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2008-9-12 69168]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2009-10-26 24368]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2002-1-9 46592]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; [x]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2009-9-10 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-9-10 79360]
S3 emuumidi;E-MU USB-MIDI Driver;c:\windows\system32\drivers\emuumidi.sys [2006-4-12 37120]
S3 ExterminateIt;ExterminateIt;c:\windows\system32\drivers\extit.sys [2009-10-28 22016]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-11 21504]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2008-9-11 21504]

=============== Created Last 30 ================

2009-11-06 22:42:55 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-11-06 22:32:06 0 d-----w- c:\program files\EA SPORTS
2009-11-06 22:04:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-06 22:04:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-06 22:04:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-06 20:20:06 396288 ----a-w- C:\HijackThis.exe
2009-11-06 18:39:50 0 d-----w- c:\programdata\McAfee
2009-11-06 18:39:30 0 d-----w- c:\programdata\McAfee Security Scan
2009-11-06 18:38:56 0 d-----w- c:\programdata\NOS
2009-11-06 18:01:17 0 d-----w- C:\AVGTemp
2009-11-06 01:47:47 0 d-----w- c:\program files\AVG
2009-11-06 01:47:46 0 d-----w- c:\programdata\avg9
2009-11-06 00:25:12 0 d-----w- C:\VundoFix Backups
2009-11-05 20:35:40 0 d-----w- c:\users\owner\appdata\roaming\True Sword
2009-11-05 20:35:32 0 d-----w- c:\program files\Windows Cannot Find Fix Wizard
2009-11-04 09:59:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-11-03 11:58:08 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-11-03 11:58:08 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-11-03 11:58:07 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-11-03 11:58:06 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-11-03 11:58:06 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-11-03 11:58:06 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-11-03 11:58:05 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-11-03 11:58:05 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-11-03 11:58:04 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-11-02 18:20:52 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-02 18:14:13 0 d-----w- c:\users\owner\.housecall6.6
2009-11-01 16:03:02 116675 ----a-w- C:\BdUninstallTool2009.11.01-04.03.02.reg
2009-11-01 11:52:01 0 d-----w- c:\program files\Uniblue
2009-10-31 16:22:08 0 d-----w- c:\program files\common files\MSSoap
2009-10-31 12:43:57 0 d-----w- c:\program files\Trend Micro
2009-10-30 19:40:48 0 ----a-w- c:\windows\system32\SBRC.dat
2009-10-30 19:32:26 0 d-----w- c:\program files\Sunbelt Software
2009-10-30 17:23:04 0 d-----w- c:\temp\ja-jp
2009-10-30 17:23:04 0 d-----w- c:\temp\fr-fr
2009-10-30 17:23:04 0 d-----w- c:\temp\es-es
2009-10-30 17:23:03 99840 ----a-w- c:\temp\sdbapiu.dll
2009-10-30 17:23:03 298160 ----a-w- c:\temp\spinstall.exe
2009-10-30 17:23:03 2560 ----a-w- c:\temp\acres.dll
2009-10-30 17:23:03 190464 ----a-w- c:\temp\sperror.dll
2009-10-30 17:23:03 164352 ----a-w- c:\temp\spwizui.dll
2009-10-30 17:23:03 13312 ----a-w- c:\temp\spcmsg.dll
2009-10-30 17:23:03 112640 ----a-w- c:\temp\spreview.exe
2009-10-30 17:23:03 0 d-----w- c:\temp\readme
2009-10-30 17:23:03 0 d-----w- c:\temp\eula
2009-10-30 17:23:03 0 d-----w- c:\temp\en-us
2009-10-30 17:23:03 0 d-----w- c:\temp\de-de
2009-10-30 17:01:34 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-10-30 17:01:26 0 d-----w- c:\users\owner\appdata\roaming\SUPERAntiSpyware.com
2009-10-30 17:01:26 0 d-----w- C:\SUPERAntiSpyware
2009-10-30 15:05:57 365230920 ----a-w- c:\temp\Windows6.0-KB948465-X86.exe
2009-10-30 03:10:58 0 d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2009-10-30 03:10:45 0 d-----w- c:\programdata\Malwarebytes
2009-10-30 00:52:57 108336 ----a-w- c:\windows\system32\mswinsck.ocx
2009-10-30 00:28:37 0 d-----w- c:\program files\common files\Windows Live
2009-10-30 00:27:04 0 d-----w- c:\program files\Microsoft
2009-10-30 00:26:18 0 d-----w- c:\program files\Enigma Software Group
2009-10-29 18:40:00 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-29 18:39:33 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-29 18:39:28 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-29 18:39:28 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-29 14:43:50 0 d-----w- c:\users\owner\appdata\roaming\Uniblue
2009-10-29 13:59:34 0 d-----w- c:\programdata\RegAce
2009-10-29 12:52:59 81920 ----a-w- c:\windows\eSellerateControl350.dll
2009-10-29 12:52:59 356352 ----a-w- c:\windows\eSellerateEngine.dll
2009-10-29 12:52:59 0 d-----w- c:\program files\Svchost Fix Wizard
2009-10-29 02:13:06 54044 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-29 02:13:06 4519968 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-28 19:22:39 0 d-----w- c:\programdata\PC Tools
2009-10-28 17:39:27 22016 ----a-w- c:\windows\system32\drivers\extit.sys
2009-10-28 02:12:54 0 d-----w- c:\program files\Windows Portable Devices
2009-10-28 01:48:27 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-10-28 01:47:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-28 01:44:19 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-28 01:42:15 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-28 01:42:14 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-28 01:42:14 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-28 01:40:09 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 01:40:07 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 03:20:45 891392 ----a-w- c:\windows\system32\jkkKdebc.dll
2009-10-27 03:09:11 42 ----a-w- c:\windows\system32\RegistryEasy.lie
2009-10-27 01:01:27 0 d-----w- c:\program files\MSECACHE
2009-10-27 00:50:22 891392 ----a-w- c:\windows\system32\pmnLefdA.dll
2009-10-27 00:06:38 0 d-----w- c:\program files\SUPERAntiSpyware
2009-10-26 23:38:16 52624 ----a-w- c:\windows\system32\PxSecure.dll
2009-10-26 23:38:15 51656 ----a-w- c:\windows\system32\drivers\pxrts.sys
2009-10-26 23:38:15 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-10-26 23:38:15 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2009-10-26 23:38:15 0 d-----w- c:\program files\Prevx
2009-10-26 23:38:09 50 ----a-w- c:\windows\wininit.ini
2009-10-26 17:03:58 524288 --sha-w- c:\users\owner\ntuser.dat{b11b8d22-c24d-11de-b212-00028a55ed6b}.TMContainer00000000000000000002.regtrans-ms
2009-10-26 17:03:57 65536 --sha-w- c:\users\owner\ntuser.dat{b11b8d22-c24d-11de-b212-00028a55ed6b}.TM.blf
2009-10-26 17:03:57 524288 --sha-w- c:\users\owner\ntuser.dat{b11b8d22-c24d-11de-b212-00028a55ed6b}.TMContainer00000000000000000001.regtrans-ms
2009-10-25 16:35:34 673280 ----a-w- c:\windows\isRS-000.tmp
2009-10-25 13:33:09 0 ----a-w- c:\windows\win32k.sys
2009-10-21 09:19:14 891392 --sh--r- C:\nds0q.exe
2009-10-16 06:50:54 3930 ----a-w- c:\windows\system32\ludap17.ini
2009-10-16 02:11:56 1168896 ----a-w- c:\windows\system32\drivers\P17.sys
2009-10-15 22:22:39 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-10-15 22:22:37 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-10-15 22:22:37 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-10-15 22:22:37 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-10-15 22:22:37 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-10-15 22:22:36 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-10-15 22:22:36 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-10-15 22:22:35 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-10-15 22:22:33 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2009-10-15 22:22:33 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2009-10-15 22:22:32 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2009-10-14 10:19:17 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 10:19:09 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 10:19:09 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-08 09:29:18 0 d-----w- c:\users\owner\appdata\roaming\EA

==================== Find3M ====================

2009-11-06 18:13:58 86016 ----a-w- c:\windows\inf\infpub.dat
2009-11-06 18:13:58 143360 ----a-w- c:\windows\inf\infstor.dat
2009-11-06 18:13:57 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-31 12:08:55 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-10-31 12:08:55 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-28 02:12:49 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41:26 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41:26 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41:26 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41:26 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:25 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-14 09:29:50 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-11 17:14:41 118784 ----a-w- c:\windows\dsdxirmv.exe
2009-09-10 02:01:02 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-09-10 02:00:54 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-09-10 02:00:36 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-26 02:17:50 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-25 02:31:18 613503 ----a-w- c:\windows\system32\APOIM32.exe
2009-08-17 22:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-13 07:19:42 144384 ----a-w- c:\windows\system32\OemSpiE.dll
2008-09-13 14:58:06 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-06-09 11:37:33 485864 --sha-w- c:\windows\system32\MTBJQXyb.ini2

============= FINISH: 23:05:14.65 ===============

Attached Files


Edited by Orange Blossom, 06 November 2009 - 07:12 PM.


BC AdBot (Login to Remove)

 


#2 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:04:35 PM

Posted 06 November 2009 - 10:46 PM

Hi omghelpme
Welcome to Bleeping Computer.
I'm maranatha and I will be handling your log to help you get cleaned up. I am a student here at BC so all my posts will be checked by one of our experts, so there may be a slight delay between posts.

Please do the following if you still require help.

Upload these Files to Virustotal
Please visit Virustotal
  • Click the Browse... button
  • Navigate to these files one at a time
    c:\windows\system32\oleaccrc.dll
    c:\windows\system32\jkkKdebc.dll
    C:\nds0q.exe
  • Click the Open button
  • Click the Send button
  • Copy and paste the results back here please.
Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#3 omghelpme

omghelpme
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 07 November 2009 - 06:16 AM

RESULTS FOR: c:\windows\system32\oleaccrc.dll
==================================

AhnLab-V3 5.0.0.2 2009.11.06 -
AntiVir 7.9.1.61 2009.11.06 -
Antiy-AVL 2.0.3.7 2009.11.05 -
Authentium 5.2.0.5 2009.11.07 -
Avast 4.8.1351.0 2009.11.06 -
AVG 8.5.0.423 2009.11.07 -
BitDefender 7.2 2009.11.07 -
CAT-QuickHeal 10.00 2009.11.07 -
ClamAV 0.94.1 2009.11.07 -
Comodo 2870 2009.11.07 -
DrWeb 5.0.0.12182 2009.11.07 -
eTrust-Vet 35.1.7108 2009.11.06 -
F-Prot 4.5.1.85 2009.11.06 -
F-Secure 9.0.15370.0 2009.11.04 -
Fortinet 3.120.0.0 2009.11.07 -
GData 19 2009.11.07 -
Ikarus T3.1.1.74.0 2009.11.07 -
Jiangmin 11.0.800 2009.11.07 -
K7AntiVirus 7.10.890 2009.11.06 -
Kaspersky 7.0.0.125 2009.11.07 -
McAfee 5794 2009.11.06 -
McAfee+Artemis 5794 2009.11.06 -
McAfee-GW-Edition 6.8.5 2009.11.07 -
Microsoft 1.5202 2009.11.07 -
NOD32 4580 2009.11.06 -
Norman 6.03.02 2009.11.06 -
nProtect 2009.1.8.0 2009.11.07 -
Panda 10.0.2.2 2009.11.06 -
PCTools 7.0.3.5 2009.11.06 -
Prevx 3.0 2009.11.07 -
Rising 21.54.52.00 2009.11.07 -
Sophos 4.47.0 2009.11.07 -
Sunbelt 3.2.1858.2 2009.11.06 -
Symantec 1.4.4.12 2009.11.07 -
TheHacker 6.5.0.2.063 2009.11.06 -
TrendMicro 9.0.0.1003 2009.11.07 -
VBA32 3.12.10.11 2009.11.06 -
ViRobot 2009.11.6.2025 2009.11.06 -
VirusBuster 4.6.5.0 2009.11.06 -
Additional information
File size: 4096 bytes
MD5...: 3551474b2db6312db6df56140a68df6e
SHA1..: 2c01e6c2d66fe84052ef843053ddcd1f7f1754d1
SHA256: cfa3ee3e67cf1707ce8daeb7f29883bafd2df2374e33f636fbc9e6a7d2828b20
ssdeep: 48:Kzq21D5fKWo/zE20dPRJnJtR+s6mPeZWy4OWlEOp5Wwav+oc:CttfJ1dd/nt+
JFWnlR3Wwz
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x0
timedatestamp.....: 0x4ace54af (Thu Oct 08 21:07:59 2009)
machinetype.......: 0x14c (I386)

( 1 sections )
name viradd virsiz rawdsiz ntrpy md5
.rsrc 0x1000 0xd60 0xe00 3.64 3a6d0950c4facf3430a601e1fae0de2a

( 0 imports )

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: © Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Active Accessibility Resource DLL
original name: OLEACCRC.DLL
internal name: OLEACCRC
file version.: 7.0.6002.18155 (vistasp2_gdr_win7ip_uia(wmbla).091008-1406)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

#4 omghelpme

omghelpme
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 07 November 2009 - 06:21 AM

RESULTS FOR: c:\windows\system32\jkkKdebc.dll
==================================

a-squared 4.5.0.41 2009.11.07 -
AhnLab-V3 5.0.0.2 2009.11.06 -
AntiVir 7.9.1.61 2009.11.06 -
Antiy-AVL 2.0.3.7 2009.11.05 -
Authentium 5.2.0.5 2009.11.07 -
Avast 4.8.1351.0 2009.11.06 -
AVG 8.5.0.423 2009.11.07 -
BitDefender 7.2 2009.11.07 -
CAT-QuickHeal 10.00 2009.11.07 -
ClamAV 0.94.1 2009.11.07 -
Comodo 2870 2009.11.07 -
DrWeb 5.0.0.12182 2009.11.07 -
eTrust-Vet 35.1.7108 2009.11.06 -
F-Prot 4.5.1.85 2009.11.06 -
F-Secure 9.0.15370.0 2009.11.04 -
Fortinet 3.120.0.0 2009.11.07 -
GData 19 2009.11.07 -
Ikarus T3.1.1.74.0 2009.11.07 -
Jiangmin 11.0.800 2009.11.07 -
K7AntiVirus 7.10.890 2009.11.06 -
Kaspersky 7.0.0.125 2009.11.07 -
McAfee-GW-Edition 6.8.5 2009.11.07 -
Microsoft 1.5202 2009.11.07 -
NOD32 4580 2009.11.06 -
Norman 6.03.02 2009.11.06 -
nProtect 2009.1.8.0 2009.11.07 -
Panda 10.0.2.2 2009.11.06 -
PCTools 7.0.3.5 2009.11.06 -
Prevx 3.0 2009.11.07 -
Rising 21.54.52.00 2009.11.07 -
Sophos 4.47.0 2009.11.07 -
Sunbelt 3.2.1858.2 2009.11.06 -
Symantec 1.4.4.12 2009.11.07 -
TheHacker 6.5.0.2.063 2009.11.06 -
TrendMicro 9.0.0.1003 2009.11.07 -
VBA32 3.12.10.11 2009.11.06 -
ViRobot 2009.11.6.2025 2009.11.06 -
VirusBuster 4.6.5.0 2009.11.06 -
Additional information
File size: 891392 bytes
MD5...: bb8509089e7df514310814e1b2593ffc
SHA1..: b399dc427fbae211a1d1c55c5b7c89ab4d4e8607
SHA256: 841f718d1d343baf2f4e2f14f5a0e68c58ad3ba1fba354f59191f2c6b4f3b1d7
ssdeep: 12288:t+zqQTpTS1Oj5H541pKjI6oCiWoLCuPLTb3wgIecp3gnJNM35dHKdzAvLj
47a4RE:tYqPQ5zeHLCu0gfcp3gnG7sJQ/9B
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4b7f5
timedatestamp.....: 0x49e037dd (Sat Apr 11 06:25:33 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xcc8c1 0xcca00 6.74 9d553a2aa8c5ef5771051e6cd7a3c6d3
.data 0xce000 0x2b84 0x2a00 1.30 672713342d433d26a8514ca60515c476
.rsrc 0xd1000 0x520 0x600 2.98 b4ef936bd36186fd3ed1d69d4d12e7ce
.reloc 0xd2000 0x9aac 0x9c00 6.50 ffbb54d3b0c7368aa12b9b1d01e568dc

( 1 imports )
> ntdll.dll: _aullrem, RtlExitUserProcess, RtlExitUserThread, RtlInitializeExceptionChain, memcpy, NtFsControlFile, NtCreateFile, _wcsnicmp, RtlAllocateHeap, RtlFreeHeap, memset, NtOpenFile, NtQueryInformationFile, NtQueryEaFile, RtlLengthSecurityDescriptor, NtQuerySecurityObject, NtSetEaFile, NtSetSecurityObject, NtSetInformationFile, CsrClientCallServer, NtClose, NtDeviceIoControlFile, RtlReleaseSRWLockExclusive, LdrAddRefDll, RtlAcquireSRWLockExclusive, NtQueryValueKey, NtOpenKey, RtlInitUnicodeString, NtFlushKey, NtSetValueKey, NtCreateKey, _memicmp, memmove, RtlNtStatusToDosError, wcscspn, RtlUnicodeToMultiByteSize, RtlFreeUnicodeString, RtlDnsHostNameToComputerName, RtlUnicodeStringToAnsiString, RtlxUnicodeStringToAnsiSize, NlsMbCodePageTag, RtlInitUnicodeStringEx, RtlAnsiStringToUnicodeString, RtlInitAnsiString, RtlCreateUnicodeStringFromAsciiz, wcschr, wcsstr, RtlPrefixString, _wcsicmp, RtlGetFullPathName_U, RtlGetCurrentDirectory_U, RtlSetCurrentDirectory_U, NtQueryInformationProcess, RtlSetCurrentTransaction, RtlGetCurrentTransaction, RtlFreeAnsiString, RtlTimeToTimeFields, RtlTimeFieldsToTime, _allmul, RtlInitializeSRWLock, NtQuerySystemInformation, NtSetSystemInformation, _vsnwprintf, RtlAcquirePrivilege, RtlReleasePrivilege, NtSetSystemTime, RtlCutoverTimeToSystemTime, RtlReleaseSRWLockShared, RtlAcquireSRWLockShared, RtlUnicodeStringToInteger, RtlpCheckDynamicTimeZoneInformation, DbgBreakPoint, RtlFreeSid, RtlSetSaclSecurityDescriptor, RtlAddMandatoryAce, RtlSetDaclSecurityDescriptor, RtlAddAccessAllowedAce, RtlCreateAcl, RtlLengthSid, RtlCreateSecurityDescriptor, RtlAllocateAndInitializeSid, DbgPrint, NtOpenProcess, CsrGetProcessId, DbgUiDebugActiveProcess, DbgUiConnectToDbg, DbgUiIssueRemoteBreakin, NtSetInformationDebugObject, DbgUiGetThreadDebugObject, NtQueryInformationThread, NtFlushInstructionCache, DbgUiConvertStateChangeStructure, DbgUiWaitStateChange, DbgUiContinue, DbgUiStopDebugging, RtlReleaseRelativeName, RtlDosPathNameToRelativeNtPathName_U, RtlIsDosDeviceName_U, RtlEqualUnicodeString, RtlDestroyAtomTable, RtlCreateAtomTable, NtDeleteAtom, RtlDeleteAtomFromAtomTable, NtAddAtom, RtlAddAtomToAtomTable, NtFindAtom, RtlLookupAtomInAtomTable, NtQueryInformationAtom, RtlQueryAtomInAtomTable, RtlMultiByteToUnicodeN, RtlUnicodeToMultiByteN, RtlMultiByteToUnicodeSize, RtlPrefixUnicodeString, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, RtlFormatCurrentUserKeyPath, NtEnumerateValueKey, NtDeleteValueKey, RtlIsTextUnicode, NtReadFile, NtAllocateVirtualMemory, NtUnlockFile, NtLockFile, RtlDosPathNameToNtPathName_U, RtlCopyUnicodeString, NtFreeVirtualMemory, NtWriteFile, CsrVerifyRegion, RtlGetLongestNtPathLength, NtEnumerateKey, RtlEqualString, CsrFreeCaptureBuffer, CsrCaptureMessageString, CsrAllocateCaptureBuffer, RtlCharToInteger, RtlSetLastWin32ErrorAndNtStatusFromNtStatus, RtlUpcaseUnicodeChar, RtlUpcaseUnicodeString, CsrAllocateMessagePointer, NtQueryObject, RtlCompareMemory, NtQueryDirectoryObject, NtQuerySymbolicLinkObject, NtOpenSymbolicLinkObject, NtOpenDirectoryObject, NtSetInformationToken, NtOpenProcessToken, RtlQueryElevationFlags, NtQuerySection, NtCreateSection, EtwEventUnregister, EtwEventWrite, EtwEventRegister, RtlNtStatusToDosErrorNoTeb, RtlSetLastWin32Error, NtCreateIoCompletion, NtSetIoCompletion, NtRemoveIoCompletion, RtlDeactivateActivationContextUnsafeFast, NtRemoveIoCompletionEx, RtlActivateActivationContextUnsafeFast, NtSetInformationProcess, NtQueryDirectoryFile, NtNotifyChangeDirectoryFile, NtWaitForSingleObject, RtlInitializeCriticalSection, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlDeleteCriticalSection, NtQueryVolumeInformationFile, NtCancelIoFileEx, NtCancelSynchronousIoFile, NtCancelIoFile, NtReadFileScatter, NtWriteFileGather, RtlWow64EnableFsRedirection, RtlWow64EnableFsRedirectionEx, NtFlushBuffersFile, NtOpenSection, NtMapViewOfSection, NtFlushVirtualMemory, RtlFlushSecureMemoryCache, NtUnmapViewOfSection, NtQueryAttributesFile, NtQueryFullAttributesFile, RtlUnicodeStringToOemString, RtlDetermineDosPathNameType_U, NtCreateKeyTransacted, RtlDosPathNameToRelativeNtPathName_U_WithStatus, RtlGetAce, RtlQueryInformationAcl, RtlEqualSid, RtlDosPathNameToNtPathName_U_WithStatus, NtRaiseHardError, RtlGetThreadErrorMode, RtlGetLastNtStatus, NtQuerySystemEnvironmentValueEx, RtlGUIDFromString, NtSetSystemEnvironmentValueEx, RtlInitString, RtlUnlockHeap, RtlIsValidHandle, RtlLockHeap, RtlGetUserInfoHeap, RtlSizeHeap, RtlFreeHandle, RtlCompactHeap, RtlImageNtHeader, RtlRegisterSecureMemoryCacheCallback, RtlDeregisterSecureMemoryCacheCallback, RtlSetUserValueHeap, RtlAllocateHandle, RtlReAllocateHeap, NtDuplicateObject, NtSetInformationObject, RtlOemStringToUnicodeString, NtSetInformationThread, NtOpenThreadToken, LdrQueryImageFileExecutionOptions, CsrClientConnectToServer, RtlCreateTagHeap, LdrSetDllManifestProber, RtlSetUnhandledExceptionFilter, RtlSetThreadPoolStartFunc, RtlEncodePointer, RtlCleanUpTEBLangLists, _stricmp, RtlCreateHeap, RtlDestroyHeap, RtlQueryHeapInformation, RtlValidateHeap, RtlGetProcessHeaps, RtlWalkHeap, RtlSetHeapInformation, RtlInitializeHandleTable, RtlExtendedLargeIntegerDivide, NtCreateMailslotFile, RtlFormatMessageEx, RtlFindMessage, LdrUnloadAlternateResourceModule, LdrRemoveLoadAsDataTable, LdrUnloadDll, LdrDisableThreadCalloutsForDll, RtlCreateUnicodeString, RtlInitAnsiStringEx, strchr, LdrUnlockLoaderLock, LdrLockLoaderLock, LdrGetDllHandle, RtlComputePrivatizedDllName_U, RtlPcToFileHeader, LdrGetProcedureAddress, RtlGetProductInfo, RtlGetVersion, RtlVerifyVersionInfo, LdrAccessResource, LdrFindResourceDirectory_U, LdrpResGetRCConfig, RtlImageDirectoryEntryToData, LdrpResGetResourceDirectory, LdrFindResource_U, LdrResFindResource, LdrResFindResourceDirectory, LdrpResGetMappingSize, LdrLoadAlternateResourceModule, LdrLoadAlternateResourceModuleEx, LdrEnumerateLoadedModules, strtoul, RtlCultureNameToLCID, NtQueryVirtualMemory, wcsrchr, LdrGetFileNameFromLoadAsDataTable, wcstoul, LdrAddLoadAsDataTable, RtlDosApplyFileIsolationRedirection_Ustr, LdrLoadDll, LdrGetDllHandleEx, _strcmpi, NtCreateEvent, NtCreateNamedPipeFile, RtlDefaultNpAcl, _alldiv, _allshl, RtlDosSearchPath_Ustr, RtlQueryEnvironmentVariable_U, RtlAnsiCharToUnicodeChar, RtlIntegerToChar, NtSetVolumeInformationFile, RtlIsNameLegalDOS8Dot3, RtlSetThreadErrorMode, NtQueryPerformanceCounter, NtPowerInformation, NtInitiatePowerAction, NtSetThreadExecutionState, NtRequestWakeupLatency, NtGetDevicePowerState, NtIsSystemResumeAutomatic, NtRequestDeviceWakeup, NtCancelDeviceWakeupRequest, RtlDestroyProcessParameters, RtlCreateProcessParametersEx, wcspbrk, NtWriteVirtualMemory, NtTerminateProcess, RtlRaiseStatus, RtlCompareUnicodeString, RtlQueryRegistryValues, NtCreateJobSet, NtCreateJobObject, RtlSubAuthoritySid, RtlInitializeSid, NtQueryInformationToken, RtlGetNativeSystemInformation, RtlDestroyEnvironment, NtAssignProcessToJobObject, NtRemoveProcessDebug, NtResumeThread, LdrQueryImageFileKeyOption, NtCreateUserProcess, RtlGetFullPathName_UstrEx, RtlCreateEnvironmentEx, RtlxAnsiStringToUnicodeSize, NtReplacePartitionUnit, RtlxOemStringToUnicodeSize, NlsMbOemCodePageTag, RtlxUnicodeStringToOemSize, NtOpenPrivateNamespace, NtDeletePrivateNamespace, RtlCreateBoundaryDescriptor, RtlAddSIDToBoundaryDescriptor, _alloca_probe, RtlReleasePebLock, RtlQueryEnvironmentVariable, RtlAcquirePebLock, NtCreatePrivateNamespace, RtlInitializeCriticalSectionAndSpinCount, RtlInitializeCriticalSectionEx, NtOpenEvent, NtSetEvent, NtClearEvent, NtPulseEvent, NtCreateSemaphore, NtOpenSemaphore, NtReleaseSemaphore, NtCreateMutant, NtOpenMutant, NtReleaseMutant, NtWaitForMultipleObjects, NtCreateTimer, NtOpenTimer, NtSetTimer, NtCancelTimer, RtlSleepConditionVariableCS, RtlSleepConditionVariableSRW, RtlRunOnceExecuteOnce, RtlRunOnceBeginInitialize, RtlRunOnceComplete, NtSignalAndWaitForSingleObject, strrchr, NtOpenThread, NtGetContextThread, NtSetContextThread, NtSuspendThread, NtDelayExecution, RtlFindClearBitsAndSet, RtlClearBits, RtlAreBitsSet, TpCaptureCaller, RtlReleaseActivationContext, NtQueueApcThread, RtlQueryInformationActivationContext, RtlFlsAlloc, RtlProcessFlsData, RtlFlsFree, RtlCreateUserStack, RtlFreeActivationContextStack, RtlAllocateActivationContextStack, RtlFreeUserStack, NtYieldExecution, NtTerminateThread, RtlActivateActivationContextEx, NtCreateThreadEx, TpCheckTerminateWorker, RtlCaptureStackBackTrace, RtlDestroyQueryDebugBuffer, RtlQueryProcessDebugInformation, RtlCreateQueryDebugBuffer, NtQueryEvent, RtlCreateEnvironment, RtlFreeOemString, RtlCopyLuid, toupper, isdigit, atol, tolower, NtOpenJobObject, NtTerminateJobObject, NtQueryInformationJobObject, NtSetInformationJobObject, NtIsProcessInJob, RtlAddRefActivationContext, RtlZombifyActivationContext, RtlActivateActivationContext, RtlDeactivateActivationContext, RtlGetActiveActivationContext, DbgPrintEx, RtlpApplyLengthFunction, RtlGetLengthWithoutLastFullDosOrNtPathElement, RtlpEnsureBufferSize, RtlMultiAppendUnicodeStringBuffer, RtlGetThreadPreferredUILanguages, RtlQueryActivationContextApplicationSettings, RtlSetThreadPreferredUILanguages, RtlImageNtHeaderEx, RtlCreateActivationContext, RtlDoesFileExists_U, RtlFindActivationContextSectionString, RtlFindActivationContextSectionGuid, CsrCaptureMessageMultiUnicodeStringsInPlace, NtApphelpCacheControl, RtlFindCharInUnicodeString, RtlNtPathNameToDosPathName, RtlEncodeSystemPointer, RtlDecodeSystemPointer, bsearch, RtlComputeImportTableHash, CsrCaptureMessageBuffer, RtlSetEnvironmentStrings, RtlSetEnvironmentVariable, RtlSetEnvironmentVar, RtlExpandEnvironmentStrings, RtlUnicodeToOemN, RtlExpandEnvironmentStrings_U, NtReadVirtualMemory, NtProtectVirtualMemory, NtLockVirtualMemory, NtUnlockVirtualMemory, NtAllocateUserPhysicalPages, NtFreeUserPhysicalPages, NtMapUserPhysicalPages, NtMapUserPhysicalPagesScatter, NtGetWriteWatch, NtResetWriteWatch, RtlDeregisterWait, RtlDeregisterWaitEx, RtlQueueWorkItem, RtlSetIoCompletionCallback, RtlCreateTimerQueue, RtlCreateTimer, RtlUpdateTimer, RtlDeleteTimer, RtlDeleteTimerQueueEx, RtlRegisterWait, RtlRaiseException, RtlDecodePointer, wcsncmp, RtlLcidToLocaleName, wcsncpy, LdrFindResourceEx_U, RtlUnhandledExceptionFilter, RtlCompareUnicodeStrings, NtSetDefaultLocale, EtwEventEnabled, RtlLocaleNameToLcid, RtlpMuiFreeLangRegistryInfo, qsort, RtlpIsQualifiedLanguage, RtlpGetLCIDFromLangInfoNode, RtlpGetNameFromLangInfoNode, NtQueryInstallUILanguage, RtlLCIDToCultureName, RtlpLoadUserUIByPolicy, RtlpLoadMachineUIByPolicy, RtlpCreateProcessRegistryInfo, RtlpInitializeLangRegistryInfo, _wcslwr, _wtol, RtlIntegerToUnicodeString, _ui64tow, _aulldiv, RtlGetFileMUIPath, RtlGetUILanguageInfo, RtlpGetSystemDefaultUILanguage, RtlpQueryDefaultUILanguage, RtlGetSystemPreferredUILanguages, RtlGetUserPreferredUILanguages, RtlpConvertLCIDsToCultureNames, RtlpConvertCultureNamesToLCIDs, RtlNormalizeString, RtlIsNormalizedString, RtlIdnToAscii, RtlIdnToNameprepUnicode, RtlIdnToUnicode, NtGetNlsSectionPtr, NtInitializeNlsFiles, RtlOpenCurrentUser, _strlwr, strncat, RtlUnwind, TpAllocPool, TpSetPoolMinThreads, TpAllocCleanupGroup, TpSimpleTryPost, TpAllocWork, TpAllocTimer, TpAllocWait, TpAllocIoCompletion, _aulldvrm, LdrResSearchResource, _strnicmp, strncmp, NtDuplicateToken, RtlWerpReportException, RtlTryAcquirePebLock, _vsnprintf, _chkstk, WerReportWatsonEvent, WerReportSQMEvent, WerCheckEventEscalation, RtlConvertSidToUnicodeString, NtAccessCheck, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, VerSetConditionMask

( 1218 exports )
AcquireSRWLockExclusive, AcquireSRWLockShared, ActivateActCtx, AddAtomA, AddAtomW, AddConsoleAliasA, AddConsoleAliasW, AddLocalAlternateComputerNameA, AddLocalAlternateComputerNameW, AddRefActCtx, AddSIDToBoundaryDescriptor, AddSecureMemoryCacheCallback, AddVectoredContinueHandler, AddVectoredExceptionHandler, AdjustCalendarDate, AllocConsole, AllocateUserPhysicalPages, AllocateUserPhysicalPagesNuma, ApplicationRecoveryFinished, ApplicationRecoveryInProgress, AreFileApisANSI, AssignProcessToJobObject, AttachConsole, BackupRead, BackupSeek, BackupWrite, BaseCheckAppcompatCache, BaseCheckRunApp, BaseCleanupAppcompatCacheSupport, BaseDumpAppcompatCache, BaseFlushAppcompatCache, BaseGenerateAppCompatData, BaseInitAppcompatCacheSupport, BaseIsAppcompatInfrastructureDisabled, BaseQueryModuleData, BaseThreadInitThunk, BaseUpdateAppcompatCache, BasepCheckBadapp, BasepCheckWinSaferRestrictions, BasepFreeAppCompatData, Beep, BeginUpdateResourceA, BeginUpdateResourceW, BindIoCompletionCallback, BuildCommDCBA, BuildCommDCBAndTimeoutsA, BuildCommDCBAndTimeoutsW, BuildCommDCBW, CallNamedPipeA, CallNamedPipeW, CallbackMayRunLong, CancelDeviceWakeupRequest, CancelIo, CancelIoEx, CancelSynchronousIo, CancelThreadpoolIo, CancelTimerQueueTimer, CancelWaitableTimer, ChangeTimerQueueTimer, CheckElevation, CheckElevationEnabled, CheckForReadOnlyResource, CheckNameLegalDOS8Dot3A, CheckNameLegalDOS8Dot3W, CheckRemoteDebuggerPresent, ClearCommBreak, ClearCommError, CloseConsoleHandle, CloseHandle, ClosePrivateNamespace, CloseProfileUserMapping, CloseThreadpool, CloseThreadpoolCleanupGroup, CloseThreadpoolCleanupGroupMembers, CloseThreadpoolIo, CloseThreadpoolTimer, CloseThreadpoolWait, CloseThreadpoolWork, CmdBatNotification, CommConfigDialogA, CommConfigDialogW, CompareCalendarDates, CompareFileTime, CompareStringA, CompareStringEx, CompareStringOrdinal, CompareStringW, ConnectNamedPipe, ConsoleMenuControl, ContinueDebugEvent, ConvertCalDateTimeToSystemTime, ConvertDefaultLocale, ConvertFiberToThread, ConvertNLSDayOfWeekToWin32DayOfWeek, ConvertSystemTimeToCalDateTime, ConvertThreadToFiber, ConvertThreadToFiberEx, CopyFileA, CopyFileExA, CopyFileExW, CopyFileTransactedA, CopyFileTransactedW, CopyFileW, CopyLZFile, CreateActCtxA, CreateActCtxW, CreateBoundaryDescriptorA, CreateBoundaryDescriptorW, CreateConsoleScreenBuffer, CreateDirectoryA, CreateDirectoryExA, CreateDirectoryExW, CreateDirectoryTransactedA, CreateDirectoryTransactedW, CreateDirectoryW, CreateEventA, CreateEventExA, CreateEventExW, CreateEventW, CreateFiber, CreateFiberEx, CreateFileA, CreateFileMappingA, CreateFileMappingNumaA, CreateFileMappingNumaW, CreateFileMappingW, CreateFileTransactedA, CreateFileTransactedW, CreateFileW, CreateHardLinkA, CreateHardLinkTransactedA, CreateHardLinkTransactedW, CreateHardLinkW, CreateIoCompletionPort, CreateJobObjectA, CreateJobObjectW, CreateJobSet, CreateMailslotA, CreateMailslotW, CreateMemoryResourceNotification, CreateMutexA, CreateMutexExA, CreateMutexExW, CreateMutexW, CreateNamedPipeA, CreateNamedPipeW, CreatePipe, CreatePrivateNamespaceA, CreatePrivateNamespaceW, CreateProcessA, CreateProcessInternalA, CreateProcessInternalW, CreateProcessW, CreateRemoteThread, CreateSemaphoreA, CreateSemaphoreExA, CreateSemaphoreExW, CreateSemaphoreW, CreateSocketHandle, CreateSymbolicLinkA, CreateSymbolicLinkTransactedA, CreateSymbolicLinkTransactedW, CreateSymbolicLinkW, CreateTapePartition, CreateThread, CreateThreadpool, CreateThreadpoolCleanupGroup, CreateThreadpoolIo, CreateThreadpoolTimer, CreateThreadpoolWait, CreateThreadpoolWork, CreateTimerQueue, CreateTimerQueueTimer, CreateToolhelp32Snapshot, CreateWaitableTimerA, CreateWaitableTimerExA, CreateWaitableTimerExW, CreateWaitableTimerW, DeactivateActCtx, DebugActiveProcess, DebugActiveProcessStop, DebugBreak, DebugBreakProcess, DebugSetProcessKillOnExit, DecodePointer, DecodeSystemPointer, DefineDosDeviceA, DefineDosDeviceW, DelayLoadFailureHook, DeleteAtom, DeleteBoundaryDescriptor, DeleteCriticalSection, DeleteFiber, DeleteFileA, DeleteFileTransactedA, DeleteFileTransactedW, DeleteFileW, DeleteProcThreadAttributeList, DeleteTimerQueue, DeleteTimerQueueEx, DeleteTimerQueueTimer, DeleteVolumeMountPointA, DeleteVolumeMountPointW, DeviceIoControl, DisableThreadLibraryCalls, DisassociateCurrentThreadFromCallback, DisconnectNamedPipe, DnsHostnameToComputerNameA, DnsHostnameToComputerNameW, DosDateTimeToFileTime, DosPathToSessionPathA, DosPathToSessionPathW, DuplicateConsoleHandle, DuplicateHandle, EncodePointer, EncodeSystemPointer, EndUpdateResourceA, EndUpdateResourceW, EnterCriticalSection, EnumCalendarInfoA, EnumCalendarInfoExA, EnumCalendarInfoExEx, EnumCalendarInfoExW, EnumCalendarInfoW, EnumDateFormatsA, EnumDateFormatsExA, EnumDateFormatsExEx, EnumDateFormatsExW, EnumDateFormatsW, EnumLanguageGroupLocalesA, EnumLanguageGroupLocalesW, EnumResourceLanguagesA, EnumResourceLanguagesExA, EnumResourceLanguagesExW, EnumResourceLanguagesW, EnumResourceNamesA, EnumResourceNamesExA, EnumResourceNamesExW, EnumResourceNamesW, EnumResourceTypesA, EnumResourceTypesExA, EnumResourceTypesExW, EnumResourceTypesW, EnumSystemCodePagesA, EnumSystemCodePagesW, EnumSystemFirmwareTables, EnumSystemGeoID, EnumSystemLanguageGroupsA, EnumSystemLanguageGroupsW, EnumSystemLocalesA, EnumSystemLocalesEx, EnumSystemLocalesW, EnumTimeFormatsA, EnumTimeFormatsEx, EnumTimeFormatsW, EnumUILanguagesA, EnumUILanguagesW, EnumerateLocalComputerNamesA, EnumerateLocalComputerNamesW, EraseTape, EscapeCommFunction, ExitProcess, ExitThread, ExitVDM, ExpandEnvironmentStringsA, ExpandEnvironmentStringsW, ExpungeConsoleCommandHistoryA, ExpungeConsoleCommandHistoryW, FatalAppExitA, FatalAppExitW, FatalExit, FileTimeToDosDateTime, FileTimeToLocalFileTime, FileTimeToSystemTime, FillConsoleOutputAttribute, FillConsoleOutputCharacterA, FillConsoleOutputCharacterW, FindActCtxSectionGuid, FindActCtxSectionStringA, FindActCtxSectionStringW, FindAtomA, FindAtomW, FindClose, FindCloseChangeNotification, FindFirstChangeNotificationA, FindFirstChangeNotificationW, FindFirstFileA, FindFirstFileExA, FindFirstFileExW, FindFirstFileNameTransactedW, FindFirstFileNameW, FindFirstFileTransactedA, FindFirstFileTransactedW, FindFirstFileW, FindFirstStreamTransactedW, FindFirstStreamW, FindFirstVolumeA, FindFirstVolumeMountPointA, FindFirstVolumeMountPointW, FindFirstVolumeW, FindNLSString, FindNLSStringEx, FindNextChangeNotification, FindNextFileA, FindNextFileNameW, FindNextFileW, FindNextStreamW, FindNextVolumeA, FindNextVolumeMountPointA, FindNextVolumeMountPointW, FindNextVolumeW, FindResourceA, FindResourceExA, FindResourceExW, FindResourceW, FindVolumeClose, FindVolumeMountPointClose, FlsAlloc, FlsFree, FlsGetValue, FlsSetValue, FlushConsoleInputBuffer, FlushFileBuffers, FlushInstructionCache, FlushProcessWriteBuffers, FlushViewOfFile, FoldStringA, FoldStringW, FormatMessageA, FormatMessageW, FreeConsole, FreeEnvironmentStringsA, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryAndExitThread, FreeLibraryWhenCallbackReturns, FreeResource, FreeUserPhysicalPages, GenerateConsoleCtrlEvent, GetACP, GetApplicationRecoveryCallback, GetApplicationRestartSettings, GetAtomNameA, GetAtomNameW, GetBinaryType, GetBinaryTypeA, GetBinaryTypeW, GetCPFileNameFromRegistry, GetCPInfo, GetCPInfoExA, GetCPInfoExW, GetCalendarDateFormat, GetCalendarDateFormatEx, GetCalendarDaysInMonth, GetCalendarDifferenceInDays, GetCalendarInfoA, GetCalendarInfoEx, GetCalendarInfoW, GetCalendarMonthsInYear, GetCalendarSupportedDateRange, GetCalendarWeekNumber, GetComPlusPackageInstallStatus, GetCommConfig, GetCommMask, GetCommModemStatus, GetCommProperties, GetCommState, GetCommTimeouts, GetCommandLineA, GetCommandLineW, GetCompressedFileSizeA, GetCompressedFileSizeTransactedA, GetCompressedFileSizeTransactedW, GetCompressedFileSizeW, GetComputerNameA, GetComputerNameExA, GetComputerNameExW, GetComputerNameW, GetConsoleAliasA, GetConsoleAliasExesA, GetConsoleAliasExesLengthA, GetConsoleAliasExesLengthW, GetConsoleAliasExesW, GetConsoleAliasW, GetConsoleAliasesA, GetConsoleAliasesLengthA, GetConsoleAliasesLengthW, GetConsoleAliasesW, GetConsoleCP, GetConsoleCharType, GetConsoleCommandHistoryA, GetConsoleCommandHistoryLengthA, GetConsoleCommandHistoryLengthW, GetConsoleCommandHistoryW, GetConsoleCursorInfo, GetConsoleCursorMode, GetConsoleDisplayMode, GetConsoleFontInfo, GetConsoleFontSize, GetConsoleHardwareState, GetConsoleHistoryInfo, GetConsoleInputExeNameA, GetConsoleInputExeNameW, GetConsoleInputWaitHandle, GetConsoleKeyboardLayoutNameA, GetConsoleKeyboardLayoutNameW, GetConsoleMode, GetConsoleNlsMode, GetConsoleOriginalTitleA, GetConsoleOriginalTitleW, GetConsoleOutputCP, GetConsoleProcessList, GetConsoleScreenBufferInfo, GetConsoleScreenBufferInfoEx, GetConsoleSelectionInfo, GetConsoleTitleA, GetConsoleTitleW, GetConsoleWindow, GetCurrencyFormatA, GetCurrencyFormatEx, GetCurrencyFormatW, GetCurrentActCtx, GetCurrentConsoleFont, GetCurrentConsoleFontEx, GetCurrentDirectoryA, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentProcessorNumber, GetCurrentThread, GetCurrentThreadId, GetDateFormatA, GetDateFormatEx, GetDateFormatW, GetDefaultCommConfigA, GetDefaultCommConfigW, GetDevicePowerState, GetDiskFreeSpaceA, GetDiskFreeSpaceExA, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetDllDirectoryA, GetDllDirectoryW, GetDriveTypeA, GetDriveTypeW, GetDurationFormat, GetDurationFormatEx, GetDynamicTimeZoneInformation, GetEnvironmentStrings, GetEnvironmentStringsA, GetEnvironmentStringsW, GetEnvironmentVariableA, GetEnvironmentVariableW, GetErrorMode, GetExitCodeProcess, GetExitCodeThread, GetExpandedNameA, GetExpandedNameW, GetFileAttributesA, GetFileAttributesExA, GetFileAttributesExW, GetFileAttributesTransactedA, GetFileAttributesTransactedW, GetFileAttributesW, GetFileBandwidthReservation, GetFileInformationByHandle, GetFileInformationByHandleEx, GetFileMUIInfo, GetFileMUIPath, GetFileSize, GetFileSizeEx, GetFileTime, GetFileType, GetFinalPathNameByHandleA, GetFinalPathNameByHandleW, GetFirmwareEnvironmentVariableA, GetFirmwareEnvironmentVariableW, GetFullPathNameA, GetFullPathNameTransactedA, GetFullPathNameTransactedW, GetFullPathNameW, GetGeoInfoA, GetGeoInfoW, GetHandleContext, GetHandleInformation, GetLargePageMinimum, GetLargestConsoleWindowSize, GetLastError, GetLocalTime, GetLocaleInfoA, GetLocaleInfoEx, GetLocaleInfoW, GetLogicalDriveStringsA, GetLogicalDriveStringsW, GetLogicalDrives, GetLogicalProcessorInformation, GetLongPathNameA, GetLongPathNameTransactedA, GetLongPathNameTransactedW, GetLongPathNameW, GetMailslotInfo, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExA, GetModuleHandleExW, GetModuleHandleW, GetNLSVersion, GetNLSVersionEx, GetNamedPipeAttribute, GetNamedPipeClientComputerNameA, GetNamedPipeClientComputerNameW, GetNamedPipeClientProcessId, GetNamedPipeClientSessionId, GetNamedPipeHandleStateA, GetNamedPipeHandleStateW, GetNamedPipeInfo, GetNamedPipeServerProcessId, GetNamedPipeServerSessionId, GetNativeSystemInfo, GetNextVDMCommand, GetNumaAvailableMemoryNode, GetNumaHighestNodeNumber, GetNumaNodeProcessorMask, GetNumaProcessorNode, GetNumaProximityNode, GetNumberFormatA, GetNumberFormatEx, GetNumberFormatW, GetNumberOfConsoleFonts, GetNumberOfConsoleInputEvents, GetNumberOfConsoleMouseButtons, GetOEMCP, GetOverlappedResult, GetPhysicallyInstalledSystemMemory, GetPriorityClass, GetPrivateProfileIntA, GetPrivateProfileIntW, GetPrivateProfileSectionA, GetPrivateProfileSectionNamesA, GetPrivateProfileSectionNamesW, GetPrivateProfileSectionW, GetPrivateProfileStringA, GetPrivateProfileStringW, GetPrivateProfileStructA, GetPrivateProfileStructW, GetProcAddress, GetProcessAffinityMask, GetProcessDEPPolicy, GetProcessHandleCount, GetProcessHeap, GetProcessHeaps, GetProcessId, GetProcessIdOfThread, GetProcessIoCounters, GetProcessPriorityBoost, GetProcessShutdownParameters, GetProcessTimes, GetProcessVersion, GetProcessWorkingSetSize, GetProcessWorkingSetSizeEx, GetProductInfo, GetProfileIntA, GetProfileIntW, GetProfileSectionA, GetProfileSectionW, GetProfileStringA, GetProfileStringW, GetQueuedCompletionStatus, GetQueuedCompletionStatusEx, GetShortPathNameA, GetShortPathNameW, GetStartupInfoA, GetStartupInfoW, GetStdHandle, GetStringScripts, GetStringTypeA, GetStringTypeExA, GetStringTypeExW, GetStringTypeW, GetSystemDEPPolicy, GetSystemDefaultLCID, GetSystemDefaultLangID, GetSystemDefaultLocaleName, GetSystemDefaultUILanguage, GetSystemDirectoryA, GetSystemDirectoryW, GetSystemFileCacheSize, GetSystemFirmwareTable, GetSystemInfo, GetSystemPowerStatus, GetSystemPreferredUILanguages, GetSystemRegistryQuota, GetSystemTime, GetSystemTimeAdjustment, GetSystemTimeAsFileTime, GetSystemTimes, GetSystemWindowsDirectoryA, GetSystemWindowsDirectoryW, GetSystemWow64DirectoryA, GetSystemWow64DirectoryW, GetTapeParameters, GetTapePosition, GetTapeStatus, GetTempFileNameA, GetTempFileNameW, GetTempPathA, GetTempPathW, GetThreadContext, GetThreadIOPendingFlag, GetThreadId, GetThreadLocale, GetThreadPreferredUILanguages, GetThreadPriority, GetThreadPriorityBoost, GetThreadSelectorEntry, GetThreadTimes, GetThreadUILanguage, GetTickCount, GetTickCount64, GetTimeFormatA, GetTimeFormatEx, GetTimeFormatW, GetTimeZoneInformation, GetTimeZoneInformationForYear, GetUILanguageInfo, GetUserDefaultLCID, GetUserDefaultLangID, GetUserDefaultLocaleName, GetUserDefaultUILanguage, GetUserGeoID, GetUserPreferredUILanguages, GetVDMCurrentDirectories, GetVersion, GetVersionExA, GetVersionExW, GetVolumeInformationA, GetVolumeInformationByHandleW, GetVolumeInformationW, GetVolumeNameForVolumeMountPointA, GetVolumeNameForVolumeMountPointW, GetVolumePathNameA, GetVolumePathNameW, GetVolumePathNamesForVolumeNameA, GetVolumePathNamesForVolumeNameW, GetWindowsDirectoryA, GetWindowsDirectoryW, GetWriteWatch, GlobalAddAtomA, GlobalAddAtomW, GlobalAlloc, GlobalCompact, GlobalDeleteAtom, GlobalFindAtomA, GlobalFindAtomW, GlobalFix, GlobalFlags, GlobalFree, GlobalGetAtomNameA, GlobalGetAtomNameW, GlobalHandle, GlobalLock, GlobalMemoryStatus, GlobalMemoryStatusEx, GlobalReAlloc, GlobalSize, GlobalUnWire, GlobalUnfix, GlobalUnlock, GlobalWire, Heap32First, Heap32ListFirst, Heap32ListNext, Heap32Next, HeapAlloc, HeapCompact, HeapCreate, HeapDestroy, HeapFree, HeapLock, HeapQueryInformation, HeapReAlloc, HeapSetInformation, HeapSize, HeapSummary, HeapUnlock, HeapValidate, HeapWalk, IdnToAscii, IdnToNameprepUnicode, IdnToUnicode, InitAtomTable, InitOnceBeginInitialize, InitOnceComplete, InitOnceExecuteOnce, InitOnceInitialize, InitializeConditionVariable, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeProcThreadAttributeList, InitializeSListHead, InitializeSRWLock, InterlockedCompareExchange, InterlockedCompareExchange64, InterlockedDecrement, InterlockedExchange, InterlockedExchangeAdd, InterlockedFlushSList, InterlockedIncrement, InterlockedPopEntrySList, InterlockedPushEntrySList, InterlockedPushListSList, InvalidateConsoleDIBits, IsBadCodePtr, IsBadHugeReadPtr, IsBadHugeWritePtr, IsBadReadPtr, IsBadStringPtrA, IsBadStringPtrW, IsBadWritePtr, IsCalendarLeapDay, IsCalendarLeapMonth, IsCalendarLeapYear, IsDBCSLeadByte, IsDBCSLeadByteEx, IsDebuggerPresent, IsNLSDefinedString, IsNormalizedString, IsProcessInJob, IsProcessorFeaturePresent, IsSystemResumeAutomatic, IsThreadAFiber, IsThreadpoolTimerSet, IsTimeZoneRedirectionEnabled, IsValidCalDateTime, IsValidCodePage, IsValidLanguageGroup, IsValidLocale, IsValidLocaleName, IsWow64Process, LCIDToLocaleName, LCMapStringA, LCMapStringEx, LCMapStringW, LZClose, LZCloseFile, LZCopy, LZCreateFileW, LZDone, LZInit, LZOpenFileA, LZOpenFileW, LZRead, LZSeek, LZStart, LeaveCriticalSection, LeaveCriticalSectionWhenCallbackReturns, LoadLibraryA, LoadLibraryExA, LoadLibraryExW, LoadLibraryW, LoadModule, LoadResource, LoadStringBaseExW, LoadStringBaseW, LocalAlloc, LocalCompact, LocalFileTimeToFileTime, LocalFlags, LocalFree, LocalHandle, LocalLock, LocalReAlloc, LocalShrink, LocalSize, LocalUnlock, LocaleNameToLCID, LockFile, LockFileEx, LockResource, MapUserPhysicalPages, MapUserPhysicalPagesScatter, MapViewOfFile, MapViewOfFileEx, MapViewOfFileExNuma, Module32First, Module32FirstW, Module32Next, Module32NextW, MoveFileA, MoveFileExA, MoveFileExW, MoveFileTransactedA, MoveFileTransactedW, MoveFileW, MoveFileWithProgressA, MoveFileWithProgressW, MulDiv, MultiByteToWideChar, NeedCurrentDirectoryForExePathA, NeedCurrentDirectoryForExePathW, NlsCheckPolicy, NlsConvertIntegerToString, NlsEventDataDescCreate, NlsGetCacheUpdateCount, NlsUpdateLocale, NlsUpdateSystemLocale, NlsWriteEtwEvent, NormalizeString, NotifyUILanguageChange, OpenConsoleW, OpenEventA, OpenEventW, OpenFile, OpenFileById, OpenFileMappingA, OpenFileMappingW, OpenJobObjectA, OpenJobObjectW, OpenMutexA, OpenMutexW, OpenPrivateNamespaceA, OpenPrivateNamespaceW, OpenProcess, OpenProfileUserMapping, OpenSemaphoreA, OpenSemaphoreW, OpenThread, OpenWaitableTimerA, OpenWaitableTimerW, OutputDebugStringA, OutputDebugStringW, PeekConsoleInputA, PeekConsoleInputW, PeekNamedPipe, PostQueuedCompletionStatus, PrepareTape, PrivCopyFileExW, PrivMoveFileIdentityW, Process32First, Process32FirstW, Process32Next, Process32NextW, ProcessIdToSessionId, PulseEvent, PurgeComm, QueryActCtxSettingsW, QueryActCtxW, QueryDepthSList, QueryDosDeviceA, QueryDosDeviceW, QueryFullProcessImageNameA, QueryFullProcessImageNameW, QueryIdleProcessorCycleTime, QueryInformationJobObject, QueryMemoryResourceNotification, QueryPerformanceCounter, QueryPerformanceFrequency, QueryProcessAffinityUpdateMode, QueryProcessCycleTime, QueryThreadCycleTime, QueueUserAPC, QueueUserWorkItem, RaiseException, ReOpenFile, ReadConsoleA, ReadConsoleInputA, ReadConsoleInputExA, ReadConsoleInputExW, ReadConsoleInputW, ReadConsoleOutputA, ReadConsoleOutputAttribute, ReadConsoleOutputCharacterA, ReadConsoleOutputCharacterW, ReadConsoleOutputW, ReadConsoleW, ReadDirectoryChangesW, ReadFile, ReadFileEx, ReadFileScatter, ReadProcessMemory, RegisterApplicationRecoveryCallback, RegisterApplicationRestart, RegisterConsoleIME, RegisterConsoleOS2, RegisterConsoleVDM, RegisterWaitForInputIdle, RegisterWaitForSingleObject, RegisterWaitForSingleObjectEx, RegisterWowBaseHandlers, RegisterWowExec, ReleaseActCtx, ReleaseMutex, ReleaseMutexWhenCallbackReturns, ReleaseSRWLockExclusive, ReleaseSRWLockShared, ReleaseSemaphore, ReleaseSemaphoreWhenCallbackReturns, RemoveDirectoryA, RemoveDirectoryTransactedA, RemoveDirectoryTransactedW, RemoveDirectoryW, RemoveLocalAlternateComputerNameA, RemoveLocalAlternateComputerNameW, RemoveSecureMemoryCacheCallback, RemoveVectoredContinueHandler, RemoveVectoredExceptionHandler, ReplaceFile, ReplaceFileA, ReplaceFileW, ReplacePartitionUnit, RequestDeviceWakeup, RequestWakeupLatency, ResetEvent, ResetWriteWatch, RestoreLastError, ResumeThread, RtlCaptureContext, RtlCaptureStackBackTrace, RtlFillMemory, RtlMoveMemory, RtlUnwind, RtlZeroMemory, ScrollConsoleScreenBufferA, ScrollConsoleScreenBufferW, SearchPathA, SearchPathW, SetCalendarInfoA, SetCalendarInfoW, SetClientTimeZoneInformation, SetComPlusPackageInstallStatus, SetCommBreak, SetCommConfig, SetCommMask, SetCommState, SetCommTimeouts, SetComputerNameA, SetComputerNameExA, SetComputerNameExW, SetComputerNameW, SetConsoleActiveScreenBuffer, SetConsoleCP, SetConsoleCtrlHandler, SetConsoleCursor, SetConsoleCursorInfo, SetConsoleCursorMode, SetConsoleCursorPosition, SetConsoleDisplayMode, SetConsoleFont, SetConsoleHardwareState, SetConsoleHistoryInfo, SetConsoleIcon, SetConsoleInputExeNameA, SetConsoleInputExeNameW, SetConsoleKeyShortcuts, SetConsoleLocalEUDC, SetConsoleMaximumWindowSize, SetConsoleMenuClose, SetConsoleMode, SetConsoleNlsMode, SetConsoleNumberOfCommandsA, SetConsoleNumberOfCommandsW, SetConsoleOS2OemFormat, SetConsoleOutputCP, SetConsolePalette, SetConsoleScreenBufferInfoEx, SetConsoleScreenBufferSize, SetConsoleTextAttribute, SetConsoleTitleA, SetConsoleTitleW, SetConsoleWindowInfo, SetCriticalSectionSpinCount, SetCurrentConsoleFontEx, SetCurrentDirectoryA, SetCurrentDirectoryW, SetDefaultCommConfigA, SetDefaultCommConfigW, SetDllDirectoryA, SetDllDirectoryW, SetDynamicTimeZoneInformation, SetEndOfFile, SetEnvironmentStringsA, SetEnvironmentStringsW, SetEnvironmentVariableA, SetEnvironmentVariableW, SetErrorMode, SetEvent, SetEventWhenCallbackReturns, SetFileApisToANSI, SetFileApisToOEM, SetFileAttributesA, SetFileAttributesTransactedA, SetFileAttributesTransactedW, SetFileAttributesW, SetFileBandwidthReservation, SetFileCompletionNotificationModes, SetFileInformationByHandle, SetFileIoOverlappedRange, SetFilePointer, SetFilePointerEx, SetFileShortNameA, SetFileShortNameW, SetFileTime, SetFileValidData, SetFirmwareEnvironmentVariableA, SetFirmwareEnvironmentVariableW, SetHandleContext, SetHandleCount, SetHandleInformation, SetInformationJobObject, SetLastConsoleEventActive, SetLastError, SetLocalPrimaryComputerNameA, SetLocalPrimaryComputerNameW, SetLocalTime, SetLocaleInfoA, SetLocaleInfoW, SetMailslotInfo, SetMessageWaitingIndicator, SetNamedPipeAttribute, SetNamedPipeHandleState, SetPriorityClass, SetProcessAffinityMask, SetProcessAffinityUpdateMode, SetProcessDEPPolicy, SetProcessPriorityBoost, SetProcessShutdownParameters, SetProcessWorkingSetSize, SetProcessWorkingSetSizeEx, SetSearchPathMode, SetStdHandle, SetStdHandleEx, SetSystemFileCacheSize, SetSystemPowerState, SetSystemTime, SetSystemTimeAdjustment, SetTapeParameters, SetTapePosition, SetTermsrvAppInstallMode, SetThreadAffinityMask, SetThreadContext, SetThreadExecutionState, SetThreadIdealProcessor, SetThreadLocale, SetThreadPreferredUILanguages, SetThreadPriority, SetThreadPriorityBoost, SetThreadStackGuarantee, SetThreadUILanguage, SetThreadpoolThreadMaximum, SetThreadpoolThreadMinimum, SetThreadpoolTimer, SetThreadpoolWait, SetTimeZoneInformation, SetTimerQueueTimer, SetUnhandledExceptionFilter, SetUserGeoID, SetVDMCurrentDirectories, SetVolumeLabelA, SetVolumeLabelW, SetVolumeMountPointA, SetVolumeMountPointW, SetWaitableTimer, SetupComm, ShowConsoleCursor, SignalObjectAndWait, SizeofResource, Sleep, SleepConditionVariableCS, SleepConditionVariableSRW, SleepEx, StartThreadpoolIo, SubmitThreadpoolWork, SuspendThread, SwitchToFiber, SwitchToThread, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, TerminateJobObject, TerminateProcess, TerminateThread, TermsrvAppInstallMode, Thread32First, Thread32Next, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, Toolhelp32ReadProcessMemory, TransactNamedPipe, TransmitCommChar, TryEnterCriticalSection, TrySubmitThreadpoolCallback, TzSpecificLocalTimeToSystemTime, UTRegister, UTUnRegister, UnhandledExceptionFilter, UnlockFile, UnlockFileEx, UnmapViewOfFile, UnregisterApplicationRecoveryCallback, UnregisterApplicationRestart, UnregisterConsoleIME, UnregisterWait, UnregisterWaitEx, UpdateCalendarDayOfWeek, UpdateProcThreadAttribute, UpdateResourceA, UpdateResourceW, VDMConsoleOperation, VDMOperationStarted, VerLanguageNameA, VerLanguageNameW, VerSetConditionMask, VerifyConsoleIoHandle, VerifyScripts, VerifyVersionInfoA, VerifyVersionInfoW, VirtualAlloc, VirtualAllocEx, VirtualAllocExNuma, VirtualFree, VirtualFreeEx, VirtualLock, VirtualProtect, VirtualProtectEx, VirtualQuery, VirtualQueryEx, VirtualUnlock, WTSGetActiveConsoleSessionId, WaitCommEvent, WaitForDebugEvent, WaitForMultipleObjects, WaitForMultipleObjectsEx, WaitForSingleObject, WaitForSingleObjectEx, WaitForThreadpoolIoCallbacks, WaitForThreadpoolTimerCallbacks, WaitForThreadpoolWaitCallbacks, WaitForThreadpoolWorkCallbacks, WaitNamedPipeA, WaitNamedPipeW, WakeAllConditionVariable, WakeConditionVariable, WerGetFlags, WerRegisterFile, WerRegisterMemoryBlock, WerSetFlags, WerUnregisterFile, WerUnregisterMemoryBlock, WerpCleanupMessageMapping, WerpInitiateRemoteRecovery, WerpNotifyLoadStringResource, WerpNotifyLoadStringResourceEx, WerpNotifyUseStringResource, WerpStringLookup, WideCharToMultiByte, WinExec, Wow64DisableWow64FsRedirection, Wow64EnableWow64FsRedirection, Wow64GetThreadContext, Wow64RevertWow64FsRedirection, Wow64SetThreadContext, Wow64SuspendThread, WriteConsoleA, WriteConsoleInputA, WriteConsoleInputVDMA, WriteConsoleInputVDMW, WriteConsoleInputW, WriteConsoleOutputA, WriteConsoleOutputAttribute, WriteConsoleOutputCharacterA, WriteConsoleOutputCharacterW, WriteConsoleOutputW, WriteConsoleW, WriteFile, WriteFileEx, WriteFileGather, WritePrivateProfileSectionA, WritePrivateProfileSectionW, WritePrivateProfileStringA, WritePrivateProfileStringW, WritePrivateProfileStructA, WritePrivateProfileStructW, WriteProcessMemory, WriteProfileSectionA, WriteProfileSectionW, WriteProfileStringA, WriteProfileStringW, WriteTapemark, ZombifyActCtx, _hread, _hwrite, _lclose, _lcreat, _llseek, _lopen, _lread, _lwrite, lstrcat, lstrcatA, lstrcatW, lstrcmp, lstrcmpA, lstrcmpW, lstrcmpi, lstrcmpiA, lstrcmpiW, lstrcpy, lstrcpyA, lstrcpyW, lstrcpyn, lstrcpynA, lstrcpynW, lstrlen, lstrlenA, lstrlenW
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (42.6%)
Win32 EXE PECompact compressed (generic) (20.7%)
Win32 Executable MS Visual C++ (generic) (18.8%)
Win 9x/ME Control Panel applet (7.7%)
Win32 Executable Generic (4.2%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: © Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows NT BASE API Client DLL
original name: kernel32
internal name: kernel32
file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

#5 omghelpme

omghelpme
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 07 November 2009 - 06:26 AM

RESULTS FOR: C:\nds0q.exe
======================

a-squared 4.5.0.41 2009.11.07 -
AhnLab-V3 5.0.0.2 2009.11.06 -
AntiVir 7.9.1.61 2009.11.06 -
Antiy-AVL 2.0.3.7 2009.11.05 -
Authentium 5.2.0.5 2009.11.07 -
Avast 4.8.1351.0 2009.11.06 -
AVG 8.5.0.423 2009.11.07 -
BitDefender 7.2 2009.11.07 -
CAT-QuickHeal 10.00 2009.11.07 -
ClamAV 0.94.1 2009.11.07 -
Comodo 2870 2009.11.07 -
DrWeb 5.0.0.12182 2009.11.07 -
eSafe 7.0.17.0 2009.11.05 -
eTrust-Vet 35.1.7108 2009.11.06 -
F-Prot 4.5.1.85 2009.11.06 -
F-Secure 9.0.15370.0 2009.11.04 -
Fortinet 3.120.0.0 2009.11.07 -
GData 19 2009.11.07 -
Ikarus T3.1.1.74.0 2009.11.07 -
Jiangmin 11.0.800 2009.11.07 -
K7AntiVirus 7.10.890 2009.11.06 -
Kaspersky 7.0.0.125 2009.11.07 -
McAfee 5794 2009.11.06 -
McAfee+Artemis 5794 2009.11.06 -
McAfee-GW-Edition 6.8.5 2009.11.07 -
Microsoft 1.5202 2009.11.07 -
NOD32 4580 2009.11.06 -
Norman 6.03.02 2009.11.06 -
nProtect 2009.1.8.0 2009.11.07 -
Panda 10.0.2.2 2009.11.06 -
PCTools 7.0.3.5 2009.11.06 -
Prevx 3.0 2009.11.07 -
Rising 21.54.52.00 2009.11.07 -
Sophos 4.47.0 2009.11.07 -
Sunbelt 3.2.1858.2 2009.11.06 -
Symantec 1.4.4.12 2009.11.07 -
TheHacker 6.5.0.2.063 2009.11.06 -
TrendMicro 9.0.0.1003 2009.11.07 -
VBA32 3.12.10.11 2009.11.06 -
ViRobot 2009.11.6.2025 2009.11.06 -
VirusBuster 4.6.5.0 2009.11.06 -
Additional information
File size: 891392 bytes
MD5...: bb8509089e7df514310814e1b2593ffc
SHA1..: b399dc427fbae211a1d1c55c5b7c89ab4d4e8607
SHA256: 841f718d1d343baf2f4e2f14f5a0e68c58ad3ba1fba354f59191f2c6b4f3b1d7
ssdeep: 12288:t+zqQTpTS1Oj5H541pKjI6oCiWoLCuPLTb3wgIecp3gnJNM35dHKdzAvLj
47a4RE:tYqPQ5zeHLCu0gfcp3gnG7sJQ/9B
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4b7f5
timedatestamp.....: 0x49e037dd (Sat Apr 11 06:25:33 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xcc8c1 0xcca00 6.74 9d553a2aa8c5ef5771051e6cd7a3c6d3
.data 0xce000 0x2b84 0x2a00 1.30 672713342d433d26a8514ca60515c476
.rsrc 0xd1000 0x520 0x600 2.98 b4ef936bd36186fd3ed1d69d4d12e7ce
.reloc 0xd2000 0x9aac 0x9c00 6.50 ffbb54d3b0c7368aa12b9b1d01e568dc

( 1 imports )
> ntdll.dll: _aullrem, RtlExitUserProcess, RtlExitUserThread, RtlInitializeExceptionChain, memcpy, NtFsControlFile, NtCreateFile, _wcsnicmp, RtlAllocateHeap, RtlFreeHeap, memset, NtOpenFile, NtQueryInformationFile, NtQueryEaFile, RtlLengthSecurityDescriptor, NtQuerySecurityObject, NtSetEaFile, NtSetSecurityObject, NtSetInformationFile, CsrClientCallServer, NtClose, NtDeviceIoControlFile, RtlReleaseSRWLockExclusive, LdrAddRefDll, RtlAcquireSRWLockExclusive, NtQueryValueKey, NtOpenKey, RtlInitUnicodeString, NtFlushKey, NtSetValueKey, NtCreateKey, _memicmp, memmove, RtlNtStatusToDosError, wcscspn, RtlUnicodeToMultiByteSize, RtlFreeUnicodeString, RtlDnsHostNameToComputerName, RtlUnicodeStringToAnsiString, RtlxUnicodeStringToAnsiSize, NlsMbCodePageTag, RtlInitUnicodeStringEx, RtlAnsiStringToUnicodeString, RtlInitAnsiString, RtlCreateUnicodeStringFromAsciiz, wcschr, wcsstr, RtlPrefixString, _wcsicmp, RtlGetFullPathName_U, RtlGetCurrentDirectory_U, RtlSetCurrentDirectory_U, NtQueryInformationProcess, RtlSetCurrentTransaction, RtlGetCurrentTransaction, RtlFreeAnsiString, RtlTimeToTimeFields, RtlTimeFieldsToTime, _allmul, RtlInitializeSRWLock, NtQuerySystemInformation, NtSetSystemInformation, _vsnwprintf, RtlAcquirePrivilege, RtlReleasePrivilege, NtSetSystemTime, RtlCutoverTimeToSystemTime, RtlReleaseSRWLockShared, RtlAcquireSRWLockShared, RtlUnicodeStringToInteger, RtlpCheckDynamicTimeZoneInformation, DbgBreakPoint, RtlFreeSid, RtlSetSaclSecurityDescriptor, RtlAddMandatoryAce, RtlSetDaclSecurityDescriptor, RtlAddAccessAllowedAce, RtlCreateAcl, RtlLengthSid, RtlCreateSecurityDescriptor, RtlAllocateAndInitializeSid, DbgPrint, NtOpenProcess, CsrGetProcessId, DbgUiDebugActiveProcess, DbgUiConnectToDbg, DbgUiIssueRemoteBreakin, NtSetInformationDebugObject, DbgUiGetThreadDebugObject, NtQueryInformationThread, NtFlushInstructionCache, DbgUiConvertStateChangeStructure, DbgUiWaitStateChange, DbgUiContinue, DbgUiStopDebugging, RtlReleaseRelativeName, RtlDosPathNameToRelativeNtPathName_U, RtlIsDosDeviceName_U, RtlEqualUnicodeString, RtlDestroyAtomTable, RtlCreateAtomTable, NtDeleteAtom, RtlDeleteAtomFromAtomTable, NtAddAtom, RtlAddAtomToAtomTable, NtFindAtom, RtlLookupAtomInAtomTable, NtQueryInformationAtom, RtlQueryAtomInAtomTable, RtlMultiByteToUnicodeN, RtlUnicodeToMultiByteN, RtlMultiByteToUnicodeSize, RtlPrefixUnicodeString, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, RtlFormatCurrentUserKeyPath, NtEnumerateValueKey, NtDeleteValueKey, RtlIsTextUnicode, NtReadFile, NtAllocateVirtualMemory, NtUnlockFile, NtLockFile, RtlDosPathNameToNtPathName_U, RtlCopyUnicodeString, NtFreeVirtualMemory, NtWriteFile, CsrVerifyRegion, RtlGetLongestNtPathLength, NtEnumerateKey, RtlEqualString, CsrFreeCaptureBuffer, CsrCaptureMessageString, CsrAllocateCaptureBuffer, RtlCharToInteger, RtlSetLastWin32ErrorAndNtStatusFromNtStatus, RtlUpcaseUnicodeChar, RtlUpcaseUnicodeString, CsrAllocateMessagePointer, NtQueryObject, RtlCompareMemory, NtQueryDirectoryObject, NtQuerySymbolicLinkObject, NtOpenSymbolicLinkObject, NtOpenDirectoryObject, NtSetInformationToken, NtOpenProcessToken, RtlQueryElevationFlags, NtQuerySection, NtCreateSection, EtwEventUnregister, EtwEventWrite, EtwEventRegister, RtlNtStatusToDosErrorNoTeb, RtlSetLastWin32Error, NtCreateIoCompletion, NtSetIoCompletion, NtRemoveIoCompletion, RtlDeactivateActivationContextUnsafeFast, NtRemoveIoCompletionEx, RtlActivateActivationContextUnsafeFast, NtSetInformationProcess, NtQueryDirectoryFile, NtNotifyChangeDirectoryFile, NtWaitForSingleObject, RtlInitializeCriticalSection, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlDeleteCriticalSection, NtQueryVolumeInformationFile, NtCancelIoFileEx, NtCancelSynchronousIoFile, NtCancelIoFile, NtReadFileScatter, NtWriteFileGather, RtlWow64EnableFsRedirection, RtlWow64EnableFsRedirectionEx, NtFlushBuffersFile, NtOpenSection, NtMapViewOfSection, NtFlushVirtualMemory, RtlFlushSecureMemoryCache, NtUnmapViewOfSection, NtQueryAttributesFile, NtQueryFullAttributesFile, RtlUnicodeStringToOemString, RtlDetermineDosPathNameType_U, NtCreateKeyTransacted, RtlDosPathNameToRelativeNtPathName_U_WithStatus, RtlGetAce, RtlQueryInformationAcl, RtlEqualSid, RtlDosPathNameToNtPathName_U_WithStatus, NtRaiseHardError, RtlGetThreadErrorMode, RtlGetLastNtStatus, NtQuerySystemEnvironmentValueEx, RtlGUIDFromString, NtSetSystemEnvironmentValueEx, RtlInitString, RtlUnlockHeap, RtlIsValidHandle, RtlLockHeap, RtlGetUserInfoHeap, RtlSizeHeap, RtlFreeHandle, RtlCompactHeap, RtlImageNtHeader, RtlRegisterSecureMemoryCacheCallback, RtlDeregisterSecureMemoryCacheCallback, RtlSetUserValueHeap, RtlAllocateHandle, RtlReAllocateHeap, NtDuplicateObject, NtSetInformationObject, RtlOemStringToUnicodeString, NtSetInformationThread, NtOpenThreadToken, LdrQueryImageFileExecutionOptions, CsrClientConnectToServer, RtlCreateTagHeap, LdrSetDllManifestProber, RtlSetUnhandledExceptionFilter, RtlSetThreadPoolStartFunc, RtlEncodePointer, RtlCleanUpTEBLangLists, _stricmp, RtlCreateHeap, RtlDestroyHeap, RtlQueryHeapInformation, RtlValidateHeap, RtlGetProcessHeaps, RtlWalkHeap, RtlSetHeapInformation, RtlInitializeHandleTable, RtlExtendedLargeIntegerDivide, NtCreateMailslotFile, RtlFormatMessageEx, RtlFindMessage, LdrUnloadAlternateResourceModule, LdrRemoveLoadAsDataTable, LdrUnloadDll, LdrDisableThreadCalloutsForDll, RtlCreateUnicodeString, RtlInitAnsiStringEx, strchr, LdrUnlockLoaderLock, LdrLockLoaderLock, LdrGetDllHandle, RtlComputePrivatizedDllName_U, RtlPcToFileHeader, LdrGetProcedureAddress, RtlGetProductInfo, RtlGetVersion, RtlVerifyVersionInfo, LdrAccessResource, LdrFindResourceDirectory_U, LdrpResGetRCConfig, RtlImageDirectoryEntryToData, LdrpResGetResourceDirectory, LdrFindResource_U, LdrResFindResource, LdrResFindResourceDirectory, LdrpResGetMappingSize, LdrLoadAlternateResourceModule, LdrLoadAlternateResourceModuleEx, LdrEnumerateLoadedModules, strtoul, RtlCultureNameToLCID, NtQueryVirtualMemory, wcsrchr, LdrGetFileNameFromLoadAsDataTable, wcstoul, LdrAddLoadAsDataTable, RtlDosApplyFileIsolationRedirection_Ustr, LdrLoadDll, LdrGetDllHandleEx, _strcmpi, NtCreateEvent, NtCreateNamedPipeFile, RtlDefaultNpAcl, _alldiv, _allshl, RtlDosSearchPath_Ustr, RtlQueryEnvironmentVariable_U, RtlAnsiCharToUnicodeChar, RtlIntegerToChar, NtSetVolumeInformationFile, RtlIsNameLegalDOS8Dot3, RtlSetThreadErrorMode, NtQueryPerformanceCounter, NtPowerInformation, NtInitiatePowerAction, NtSetThreadExecutionState, NtRequestWakeupLatency, NtGetDevicePowerState, NtIsSystemResumeAutomatic, NtRequestDeviceWakeup, NtCancelDeviceWakeupRequest, RtlDestroyProcessParameters, RtlCreateProcessParametersEx, wcspbrk, NtWriteVirtualMemory, NtTerminateProcess, RtlRaiseStatus, RtlCompareUnicodeString, RtlQueryRegistryValues, NtCreateJobSet, NtCreateJobObject, RtlSubAuthoritySid, RtlInitializeSid, NtQueryInformationToken, RtlGetNativeSystemInformation, RtlDestroyEnvironment, NtAssignProcessToJobObject, NtRemoveProcessDebug, NtResumeThread, LdrQueryImageFileKeyOption, NtCreateUserProcess, RtlGetFullPathName_UstrEx, RtlCreateEnvironmentEx, RtlxAnsiStringToUnicodeSize, NtReplacePartitionUnit, RtlxOemStringToUnicodeSize, NlsMbOemCodePageTag, RtlxUnicodeStringToOemSize, NtOpenPrivateNamespace, NtDeletePrivateNamespace, RtlCreateBoundaryDescriptor, RtlAddSIDToBoundaryDescriptor, _alloca_probe, RtlReleasePebLock, RtlQueryEnvironmentVariable, RtlAcquirePebLock, NtCreatePrivateNamespace, RtlInitializeCriticalSectionAndSpinCount, RtlInitializeCriticalSectionEx, NtOpenEvent, NtSetEvent, NtClearEvent, NtPulseEvent, NtCreateSemaphore, NtOpenSemaphore, NtReleaseSemaphore, NtCreateMutant, NtOpenMutant, NtReleaseMutant, NtWaitForMultipleObjects, NtCreateTimer, NtOpenTimer, NtSetTimer, NtCancelTimer, RtlSleepConditionVariableCS, RtlSleepConditionVariableSRW, RtlRunOnceExecuteOnce, RtlRunOnceBeginInitialize, RtlRunOnceComplete, NtSignalAndWaitForSingleObject, strrchr, NtOpenThread, NtGetContextThread, NtSetContextThread, NtSuspendThread, NtDelayExecution, RtlFindClearBitsAndSet, RtlClearBits, RtlAreBitsSet, TpCaptureCaller, RtlReleaseActivationContext, NtQueueApcThread, RtlQueryInformationActivationContext, RtlFlsAlloc, RtlProcessFlsData, RtlFlsFree, RtlCreateUserStack, RtlFreeActivationContextStack, RtlAllocateActivationContextStack, RtlFreeUserStack, NtYieldExecution, NtTerminateThread, RtlActivateActivationContextEx, NtCreateThreadEx, TpCheckTerminateWorker, RtlCaptureStackBackTrace, RtlDestroyQueryDebugBuffer, RtlQueryProcessDebugInformation, RtlCreateQueryDebugBuffer, NtQueryEvent, RtlCreateEnvironment, RtlFreeOemString, RtlCopyLuid, toupper, isdigit, atol, tolower, NtOpenJobObject, NtTerminateJobObject, NtQueryInformationJobObject, NtSetInformationJobObject, NtIsProcessInJob, RtlAddRefActivationContext, RtlZombifyActivationContext, RtlActivateActivationContext, RtlDeactivateActivationContext, RtlGetActiveActivationContext, DbgPrintEx, RtlpApplyLengthFunction, RtlGetLengthWithoutLastFullDosOrNtPathElement, RtlpEnsureBufferSize, RtlMultiAppendUnicodeStringBuffer, RtlGetThreadPreferredUILanguages, RtlQueryActivationContextApplicationSettings, RtlSetThreadPreferredUILanguages, RtlImageNtHeaderEx, RtlCreateActivationContext, RtlDoesFileExists_U, RtlFindActivationContextSectionString, RtlFindActivationContextSectionGuid, CsrCaptureMessageMultiUnicodeStringsInPlace, NtApphelpCacheControl, RtlFindCharInUnicodeString, RtlNtPathNameToDosPathName, RtlEncodeSystemPointer, RtlDecodeSystemPointer, bsearch, RtlComputeImportTableHash, CsrCaptureMessageBuffer, RtlSetEnvironmentStrings, RtlSetEnvironmentVariable, RtlSetEnvironmentVar, RtlExpandEnvironmentStrings, RtlUnicodeToOemN, RtlExpandEnvironmentStrings_U, NtReadVirtualMemory, NtProtectVirtualMemory, NtLockVirtualMemory, NtUnlockVirtualMemory, NtAllocateUserPhysicalPages, NtFreeUserPhysicalPages, NtMapUserPhysicalPages, NtMapUserPhysicalPagesScatter, NtGetWriteWatch, NtResetWriteWatch, RtlDeregisterWait, RtlDeregisterWaitEx, RtlQueueWorkItem, RtlSetIoCompletionCallback, RtlCreateTimerQueue, RtlCreateTimer, RtlUpdateTimer, RtlDeleteTimer, RtlDeleteTimerQueueEx, RtlRegisterWait, RtlRaiseException, RtlDecodePointer, wcsncmp, RtlLcidToLocaleName, wcsncpy, LdrFindResourceEx_U, RtlUnhandledExceptionFilter, RtlCompareUnicodeStrings, NtSetDefaultLocale, EtwEventEnabled, RtlLocaleNameToLcid, RtlpMuiFreeLangRegistryInfo, qsort, RtlpIsQualifiedLanguage, RtlpGetLCIDFromLangInfoNode, RtlpGetNameFromLangInfoNode, NtQueryInstallUILanguage, RtlLCIDToCultureName, RtlpLoadUserUIByPolicy, RtlpLoadMachineUIByPolicy, RtlpCreateProcessRegistryInfo, RtlpInitializeLangRegistryInfo, _wcslwr, _wtol, RtlIntegerToUnicodeString, _ui64tow, _aulldiv, RtlGetFileMUIPath, RtlGetUILanguageInfo, RtlpGetSystemDefaultUILanguage, RtlpQueryDefaultUILanguage, RtlGetSystemPreferredUILanguages, RtlGetUserPreferredUILanguages, RtlpConvertLCIDsToCultureNames, RtlpConvertCultureNamesToLCIDs, RtlNormalizeString, RtlIsNormalizedString, RtlIdnToAscii, RtlIdnToNameprepUnicode, RtlIdnToUnicode, NtGetNlsSectionPtr, NtInitializeNlsFiles, RtlOpenCurrentUser, _strlwr, strncat, RtlUnwind, TpAllocPool, TpSetPoolMinThreads, TpAllocCleanupGroup, TpSimpleTryPost, TpAllocWork, TpAllocTimer, TpAllocWait, TpAllocIoCompletion, _aulldvrm, LdrResSearchResource, _strnicmp, strncmp, NtDuplicateToken, RtlWerpReportException, RtlTryAcquirePebLock, _vsnprintf, _chkstk, WerReportWatsonEvent, WerReportSQMEvent, WerCheckEventEscalation, RtlConvertSidToUnicodeString, NtAccessCheck, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, VerSetConditionMask

( 1218 exports )
AcquireSRWLockExclusive, AcquireSRWLockShared, ActivateActCtx, AddAtomA, AddAtomW, AddConsoleAliasA, AddConsoleAliasW, AddLocalAlternateComputerNameA, AddLocalAlternateComputerNameW, AddRefActCtx, AddSIDToBoundaryDescriptor, AddSecureMemoryCacheCallback, AddVectoredContinueHandler, AddVectoredExceptionHandler, AdjustCalendarDate, AllocConsole, AllocateUserPhysicalPages, AllocateUserPhysicalPagesNuma, ApplicationRecoveryFinished, ApplicationRecoveryInProgress, AreFileApisANSI, AssignProcessToJobObject, AttachConsole, BackupRead, BackupSeek, BackupWrite, BaseCheckAppcompatCache, BaseCheckRunApp, BaseCleanupAppcompatCacheSupport, BaseDumpAppcompatCache, BaseFlushAppcompatCache, BaseGenerateAppCompatData, BaseInitAppcompatCacheSupport, BaseIsAppcompatInfrastructureDisabled, BaseQueryModuleData, BaseThreadInitThunk, BaseUpdateAppcompatCache, BasepCheckBadapp, BasepCheckWinSaferRestrictions, BasepFreeAppCompatData, Beep, BeginUpdateResourceA, BeginUpdateResourceW, BindIoCompletionCallback, BuildCommDCBA, BuildCommDCBAndTimeoutsA, BuildCommDCBAndTimeoutsW, BuildCommDCBW, CallNamedPipeA, CallNamedPipeW, CallbackMayRunLong, CancelDeviceWakeupRequest, CancelIo, CancelIoEx, CancelSynchronousIo, CancelThreadpoolIo, CancelTimerQueueTimer, CancelWaitableTimer, ChangeTimerQueueTimer, CheckElevation, CheckElevationEnabled, CheckForReadOnlyResource, CheckNameLegalDOS8Dot3A, CheckNameLegalDOS8Dot3W, CheckRemoteDebuggerPresent, ClearCommBreak, ClearCommError, CloseConsoleHandle, CloseHandle, ClosePrivateNamespace, CloseProfileUserMapping, CloseThreadpool, CloseThreadpoolCleanupGroup, CloseThreadpoolCleanupGroupMembers, CloseThreadpoolIo, CloseThreadpoolTimer, CloseThreadpoolWait, CloseThreadpoolWork, CmdBatNotification, CommConfigDialogA, CommConfigDialogW, CompareCalendarDates, CompareFileTime, CompareStringA, CompareStringEx, CompareStringOrdinal, CompareStringW, ConnectNamedPipe, ConsoleMenuControl, ContinueDebugEvent, ConvertCalDateTimeToSystemTime, ConvertDefaultLocale, ConvertFiberToThread, ConvertNLSDayOfWeekToWin32DayOfWeek, ConvertSystemTimeToCalDateTime, ConvertThreadToFiber, ConvertThreadToFiberEx, CopyFileA, CopyFileExA, CopyFileExW, CopyFileTransactedA, CopyFileTransactedW, CopyFileW, CopyLZFile, CreateActCtxA, CreateActCtxW, CreateBoundaryDescriptorA, CreateBoundaryDescriptorW, CreateConsoleScreenBuffer, CreateDirectoryA, CreateDirectoryExA, CreateDirectoryExW, CreateDirectoryTransactedA, CreateDirectoryTransactedW, CreateDirectoryW, CreateEventA, CreateEventExA, CreateEventExW, CreateEventW, CreateFiber, CreateFiberEx, CreateFileA, CreateFileMappingA, CreateFileMappingNumaA, CreateFileMappingNumaW, CreateFileMappingW, CreateFileTransactedA, CreateFileTransactedW, CreateFileW, CreateHardLinkA, CreateHardLinkTransactedA, CreateHardLinkTransactedW, CreateHardLinkW, CreateIoCompletionPort, CreateJobObjectA, CreateJobObjectW, CreateJobSet, CreateMailslotA, CreateMailslotW, CreateMemoryResourceNotification, CreateMutexA, CreateMutexExA, CreateMutexExW, CreateMutexW, CreateNamedPipeA, CreateNamedPipeW, CreatePipe, CreatePrivateNamespaceA, CreatePrivateNamespaceW, CreateProcessA, CreateProcessInternalA, CreateProcessInternalW, CreateProcessW, CreateRemoteThread, CreateSemaphoreA, CreateSemaphoreExA, CreateSemaphoreExW, CreateSemaphoreW, CreateSocketHandle, CreateSymbolicLinkA, CreateSymbolicLinkTransactedA, CreateSymbolicLinkTransactedW, CreateSymbolicLinkW, CreateTapePartition, CreateThread, CreateThreadpool, CreateThreadpoolCleanupGroup, CreateThreadpoolIo, CreateThreadpoolTimer, CreateThreadpoolWait, CreateThreadpoolWork, CreateTimerQueue, CreateTimerQueueTimer, CreateToolhelp32Snapshot, CreateWaitableTimerA, CreateWaitableTimerExA, CreateWaitableTimerExW, CreateWaitableTimerW, DeactivateActCtx, DebugActiveProcess, DebugActiveProcessStop, DebugBreak, DebugBreakProcess, DebugSetProcessKillOnExit, DecodePointer, DecodeSystemPointer, DefineDosDeviceA, DefineDosDeviceW, DelayLoadFailureHook, DeleteAtom, DeleteBoundaryDescriptor, DeleteCriticalSection, DeleteFiber, DeleteFileA, DeleteFileTransactedA, DeleteFileTransactedW, DeleteFileW, DeleteProcThreadAttributeList, DeleteTimerQueue, DeleteTimerQueueEx, DeleteTimerQueueTimer, DeleteVolumeMountPointA, DeleteVolumeMountPointW, DeviceIoControl, DisableThreadLibraryCalls, DisassociateCurrentThreadFromCallback, DisconnectNamedPipe, DnsHostnameToComputerNameA, DnsHostnameToComputerNameW, DosDateTimeToFileTime, DosPathToSessionPathA, DosPathToSessionPathW, DuplicateConsoleHandle, DuplicateHandle, EncodePointer, EncodeSystemPointer, EndUpdateResourceA, EndUpdateResourceW, EnterCriticalSection, EnumCalendarInfoA, EnumCalendarInfoExA, EnumCalendarInfoExEx, EnumCalendarInfoExW, EnumCalendarInfoW, EnumDateFormatsA, EnumDateFormatsExA, EnumDateFormatsExEx, EnumDateFormatsExW, EnumDateFormatsW, EnumLanguageGroupLocalesA, EnumLanguageGroupLocalesW, EnumResourceLanguagesA, EnumResourceLanguagesExA, EnumResourceLanguagesExW, EnumResourceLanguagesW, EnumResourceNamesA, EnumResourceNamesExA, EnumResourceNamesExW, EnumResourceNamesW, EnumResourceTypesA, EnumResourceTypesExA, EnumResourceTypesExW, EnumResourceTypesW, EnumSystemCodePagesA, EnumSystemCodePagesW, EnumSystemFirmwareTables, EnumSystemGeoID, EnumSystemLanguageGroupsA, EnumSystemLanguageGroupsW, EnumSystemLocalesA, EnumSystemLocalesEx, EnumSystemLocalesW, EnumTimeFormatsA, EnumTimeFormatsEx, EnumTimeFormatsW, EnumUILanguagesA, EnumUILanguagesW, EnumerateLocalComputerNamesA, EnumerateLocalComputerNamesW, EraseTape, EscapeCommFunction, ExitProcess, ExitThread, ExitVDM, ExpandEnvironmentStringsA, ExpandEnvironmentStringsW, ExpungeConsoleCommandHistoryA, ExpungeConsoleCommandHistoryW, FatalAppExitA, FatalAppExitW, FatalExit, FileTimeToDosDateTime, FileTimeToLocalFileTime, FileTimeToSystemTime, FillConsoleOutputAttribute, FillConsoleOutputCharacterA, FillConsoleOutputCharacterW, FindActCtxSectionGuid, FindActCtxSectionStringA, FindActCtxSectionStringW, FindAtomA, FindAtomW, FindClose, FindCloseChangeNotification, FindFirstChangeNotificationA, FindFirstChangeNotificationW, FindFirstFileA, FindFirstFileExA, FindFirstFileExW, FindFirstFileNameTransactedW, FindFirstFileNameW, FindFirstFileTransactedA, FindFirstFileTransactedW, FindFirstFileW, FindFirstStreamTransactedW, FindFirstStreamW, FindFirstVolumeA, FindFirstVolumeMountPointA, FindFirstVolumeMountPointW, FindFirstVolumeW, FindNLSString, FindNLSStringEx, FindNextChangeNotification, FindNextFileA, FindNextFileNameW, FindNextFileW, FindNextStreamW, FindNextVolumeA, FindNextVolumeMountPointA, FindNextVolumeMountPointW, FindNextVolumeW, FindResourceA, FindResourceExA, FindResourceExW, FindResourceW, FindVolumeClose, FindVolumeMountPointClose, FlsAlloc, FlsFree, FlsGetValue, FlsSetValue, FlushConsoleInputBuffer, FlushFileBuffers, FlushInstructionCache, FlushProcessWriteBuffers, FlushViewOfFile, FoldStringA, FoldStringW, FormatMessageA, FormatMessageW, FreeConsole, FreeEnvironmentStringsA, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryAndExitThread, FreeLibraryWhenCallbackReturns, FreeResource, FreeUserPhysicalPages, GenerateConsoleCtrlEvent, GetACP, GetApplicationRecoveryCallback, GetApplicationRestartSettings, GetAtomNameA, GetAtomNameW, GetBinaryType, GetBinaryTypeA, GetBinaryTypeW, GetCPFileNameFromRegistry, GetCPInfo, GetCPInfoExA, GetCPInfoExW, GetCalendarDateFormat, GetCalendarDateFormatEx, GetCalendarDaysInMonth, GetCalendarDifferenceInDays, GetCalendarInfoA, GetCalendarInfoEx, GetCalendarInfoW, GetCalendarMonthsInYear, GetCalendarSupportedDateRange, GetCalendarWeekNumber, GetComPlusPackageInstallStatus, GetCommConfig, GetCommMask, GetCommModemStatus, GetCommProperties, GetCommState, GetCommTimeouts, GetCommandLineA, GetCommandLineW, GetCompressedFileSizeA, GetCompressedFileSizeTransactedA, GetCompressedFileSizeTransactedW, GetCompressedFileSizeW, GetComputerNameA, GetComputerNameExA, GetComputerNameExW, GetComputerNameW, GetConsoleAliasA, GetConsoleAliasExesA, GetConsoleAliasExesLengthA, GetConsoleAliasExesLengthW, GetConsoleAliasExesW, GetConsoleAliasW, GetConsoleAliasesA, GetConsoleAliasesLengthA, GetConsoleAliasesLengthW, GetConsoleAliasesW, GetConsoleCP, GetConsoleCharType, GetConsoleCommandHistoryA, GetConsoleCommandHistoryLengthA, GetConsoleCommandHistoryLengthW, GetConsoleCommandHistoryW, GetConsoleCursorInfo, GetConsoleCursorMode, GetConsoleDisplayMode, GetConsoleFontInfo, GetConsoleFontSize, GetConsoleHardwareState, GetConsoleHistoryInfo, GetConsoleInputExeNameA, GetConsoleInputExeNameW, GetConsoleInputWaitHandle, GetConsoleKeyboardLayoutNameA, GetConsoleKeyboardLayoutNameW, GetConsoleMode, GetConsoleNlsMode, GetConsoleOriginalTitleA, GetConsoleOriginalTitleW, GetConsoleOutputCP, GetConsoleProcessList, GetConsoleScreenBufferInfo, GetConsoleScreenBufferInfoEx, GetConsoleSelectionInfo, GetConsoleTitleA, GetConsoleTitleW, GetConsoleWindow, GetCurrencyFormatA, GetCurrencyFormatEx, GetCurrencyFormatW, GetCurrentActCtx, GetCurrentConsoleFont, GetCurrentConsoleFontEx, GetCurrentDirectoryA, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentProcessorNumber, GetCurrentThread, GetCurrentThreadId, GetDateFormatA, GetDateFormatEx, GetDateFormatW, GetDefaultCommConfigA, GetDefaultCommConfigW, GetDevicePowerState, GetDiskFreeSpaceA, GetDiskFreeSpaceExA, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetDllDirectoryA, GetDllDirectoryW, GetDriveTypeA, GetDriveTypeW, GetDurationFormat, GetDurationFormatEx, GetDynamicTimeZoneInformation, GetEnvironmentStrings, GetEnvironmentStringsA, GetEnvironmentStringsW, GetEnvironmentVariableA, GetEnvironmentVariableW, GetErrorMode, GetExitCodeProcess, GetExitCodeThread, GetExpandedNameA, GetExpandedNameW, GetFileAttributesA, GetFileAttributesExA, GetFileAttributesExW, GetFileAttributesTransactedA, GetFileAttributesTransactedW, GetFileAttributesW, GetFileBandwidthReservation, GetFileInformationByHandle, GetFileInformationByHandleEx, GetFileMUIInfo, GetFileMUIPath, GetFileSize, GetFileSizeEx, GetFileTime, GetFileType, GetFinalPathNameByHandleA, GetFinalPathNameByHandleW, GetFirmwareEnvironmentVariableA, GetFirmwareEnvironmentVariableW, GetFullPathNameA, GetFullPathNameTransactedA, GetFullPathNameTransactedW, GetFullPathNameW, GetGeoInfoA, GetGeoInfoW, GetHandleContext, GetHandleInformation, GetLargePageMinimum, GetLargestConsoleWindowSize, GetLastError, GetLocalTime, GetLocaleInfoA, GetLocaleInfoEx, GetLocaleInfoW, GetLogicalDriveStringsA, GetLogicalDriveStringsW, GetLogicalDrives, GetLogicalProcessorInformation, GetLongPathNameA, GetLongPathNameTransactedA, GetLongPathNameTransactedW, GetLongPathNameW, GetMailslotInfo, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExA, GetModuleHandleExW, GetModuleHandleW, GetNLSVersion, GetNLSVersionEx, GetNamedPipeAttribute, GetNamedPipeClientComputerNameA, GetNamedPipeClientComputerNameW, GetNamedPipeClientProcessId, GetNamedPipeClientSessionId, GetNamedPipeHandleStateA, GetNamedPipeHandleStateW, GetNamedPipeInfo, GetNamedPipeServerProcessId, GetNamedPipeServerSessionId, GetNativeSystemInfo, GetNextVDMCommand, GetNumaAvailableMemoryNode, GetNumaHighestNodeNumber, GetNumaNodeProcessorMask, GetNumaProcessorNode, GetNumaProximityNode, GetNumberFormatA, GetNumberFormatEx, GetNumberFormatW, GetNumberOfConsoleFonts, GetNumberOfConsoleInputEvents, GetNumberOfConsoleMouseButtons, GetOEMCP, GetOverlappedResult, GetPhysicallyInstalledSystemMemory, GetPriorityClass, GetPrivateProfileIntA, GetPrivateProfileIntW, GetPrivateProfileSectionA, GetPrivateProfileSectionNamesA, GetPrivateProfileSectionNamesW, GetPrivateProfileSectionW, GetPrivateProfileStringA, GetPrivateProfileStringW, GetPrivateProfileStructA, GetPrivateProfileStructW, GetProcAddress, GetProcessAffinityMask, GetProcessDEPPolicy, GetProcessHandleCount, GetProcessHeap, GetProcessHeaps, GetProcessId, GetProcessIdOfThread, GetProcessIoCounters, GetProcessPriorityBoost, GetProcessShutdownParameters, GetProcessTimes, GetProcessVersion, GetProcessWorkingSetSize, GetProcessWorkingSetSizeEx, GetProductInfo, GetProfileIntA, GetProfileIntW, GetProfileSectionA, GetProfileSectionW, GetProfileStringA, GetProfileStringW, GetQueuedCompletionStatus, GetQueuedCompletionStatusEx, GetShortPathNameA, GetShortPathNameW, GetStartupInfoA, GetStartupInfoW, GetStdHandle, GetStringScripts, GetStringTypeA, GetStringTypeExA, GetStringTypeExW, GetStringTypeW, GetSystemDEPPolicy, GetSystemDefaultLCID, GetSystemDefaultLangID, GetSystemDefaultLocaleName, GetSystemDefaultUILanguage, GetSystemDirectoryA, GetSystemDirectoryW, GetSystemFileCacheSize, GetSystemFirmwareTable, GetSystemInfo, GetSystemPowerStatus, GetSystemPreferredUILanguages, GetSystemRegistryQuota, GetSystemTime, GetSystemTimeAdjustment, GetSystemTimeAsFileTime, GetSystemTimes, GetSystemWindowsDirectoryA, GetSystemWindowsDirectoryW, GetSystemWow64DirectoryA, GetSystemWow64DirectoryW, GetTapeParameters, GetTapePosition, GetTapeStatus, GetTempFileNameA, GetTempFileNameW, GetTempPathA, GetTempPathW, GetThreadContext, GetThreadIOPendingFlag, GetThreadId, GetThreadLocale, GetThreadPreferredUILanguages, GetThreadPriority, GetThreadPriorityBoost, GetThreadSelectorEntry, GetThreadTimes, GetThreadUILanguage, GetTickCount, GetTickCount64, GetTimeFormatA, GetTimeFormatEx, GetTimeFormatW, GetTimeZoneInformation, GetTimeZoneInformationForYear, GetUILanguageInfo, GetUserDefaultLCID, GetUserDefaultLangID, GetUserDefaultLocaleName, GetUserDefaultUILanguage, GetUserGeoID, GetUserPreferredUILanguages, GetVDMCurrentDirectories, GetVersion, GetVersionExA, GetVersionExW, GetVolumeInformationA, GetVolumeInformationByHandleW, GetVolumeInformationW, GetVolumeNameForVolumeMountPointA, GetVolumeNameForVolumeMountPointW, GetVolumePathNameA, GetVolumePathNameW, GetVolumePathNamesForVolumeNameA, GetVolumePathNamesForVolumeNameW, GetWindowsDirectoryA, GetWindowsDirectoryW, GetWriteWatch, GlobalAddAtomA, GlobalAddAtomW, GlobalAlloc, GlobalCompact, GlobalDeleteAtom, GlobalFindAtomA, GlobalFindAtomW, GlobalFix, GlobalFlags, GlobalFree, GlobalGetAtomNameA, GlobalGetAtomNameW, GlobalHandle, GlobalLock, GlobalMemoryStatus, GlobalMemoryStatusEx, GlobalReAlloc, GlobalSize, GlobalUnWire, GlobalUnfix, GlobalUnlock, GlobalWire, Heap32First, Heap32ListFirst, Heap32ListNext, Heap32Next, HeapAlloc, HeapCompact, HeapCreate, HeapDestroy, HeapFree, HeapLock, HeapQueryInformation, HeapReAlloc, HeapSetInformation, HeapSize, HeapSummary, HeapUnlock, HeapValidate, HeapWalk, IdnToAscii, IdnToNameprepUnicode, IdnToUnicode, InitAtomTable, InitOnceBeginInitialize, InitOnceComplete, InitOnceExecuteOnce, InitOnceInitialize, InitializeConditionVariable, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeProcThreadAttributeList, InitializeSListHead, InitializeSRWLock, InterlockedCompareExchange, InterlockedCompareExchange64, InterlockedDecrement, InterlockedExchange, InterlockedExchangeAdd, InterlockedFlushSList, InterlockedIncrement, InterlockedPopEntrySList, InterlockedPushEntrySList, InterlockedPushListSList, InvalidateConsoleDIBits, IsBadCodePtr, IsBadHugeReadPtr, IsBadHugeWritePtr, IsBadReadPtr, IsBadStringPtrA, IsBadStringPtrW, IsBadWritePtr, IsCalendarLeapDay, IsCalendarLeapMonth, IsCalendarLeapYear, IsDBCSLeadByte, IsDBCSLeadByteEx, IsDebuggerPresent, IsNLSDefinedString, IsNormalizedString, IsProcessInJob, IsProcessorFeaturePresent, IsSystemResumeAutomatic, IsThreadAFiber, IsThreadpoolTimerSet, IsTimeZoneRedirectionEnabled, IsValidCalDateTime, IsValidCodePage, IsValidLanguageGroup, IsValidLocale, IsValidLocaleName, IsWow64Process, LCIDToLocaleName, LCMapStringA, LCMapStringEx, LCMapStringW, LZClose, LZCloseFile, LZCopy, LZCreateFileW, LZDone, LZInit, LZOpenFileA, LZOpenFileW, LZRead, LZSeek, LZStart, LeaveCriticalSection, LeaveCriticalSectionWhenCallbackReturns, LoadLibraryA, LoadLibraryExA, LoadLibraryExW, LoadLibraryW, LoadModule, LoadResource, LoadStringBaseExW, LoadStringBaseW, LocalAlloc, LocalCompact, LocalFileTimeToFileTime, LocalFlags, LocalFree, LocalHandle, LocalLock, LocalReAlloc, LocalShrink, LocalSize, LocalUnlock, LocaleNameToLCID, LockFile, LockFileEx, LockResource, MapUserPhysicalPages, MapUserPhysicalPagesScatter, MapViewOfFile, MapViewOfFileEx, MapViewOfFileExNuma, Module32First, Module32FirstW, Module32Next, Module32NextW, MoveFileA, MoveFileExA, MoveFileExW, MoveFileTransactedA, MoveFileTransactedW, MoveFileW, MoveFileWithProgressA, MoveFileWithProgressW, MulDiv, MultiByteToWideChar, NeedCurrentDirectoryForExePathA, NeedCurrentDirectoryForExePathW, NlsCheckPolicy, NlsConvertIntegerToString, NlsEventDataDescCreate, NlsGetCacheUpdateCount, NlsUpdateLocale, NlsUpdateSystemLocale, NlsWriteEtwEvent, NormalizeString, NotifyUILanguageChange, OpenConsoleW, OpenEventA, OpenEventW, OpenFile, OpenFileById, OpenFileMappingA, OpenFileMappingW, OpenJobObjectA, OpenJobObjectW, OpenMutexA, OpenMutexW, OpenPrivateNamespaceA, OpenPrivateNamespaceW, OpenProcess, OpenProfileUserMapping, OpenSemaphoreA, OpenSemaphoreW, OpenThread, OpenWaitableTimerA, OpenWaitableTimerW, OutputDebugStringA, OutputDebugStringW, PeekConsoleInputA, PeekConsoleInputW, PeekNamedPipe, PostQueuedCompletionStatus, PrepareTape, PrivCopyFileExW, PrivMoveFileIdentityW, Process32First, Process32FirstW, Process32Next, Process32NextW, ProcessIdToSessionId, PulseEvent, PurgeComm, QueryActCtxSettingsW, QueryActCtxW, QueryDepthSList, QueryDosDeviceA, QueryDosDeviceW, QueryFullProcessImageNameA, QueryFullProcessImageNameW, QueryIdleProcessorCycleTime, QueryInformationJobObject, QueryMemoryResourceNotification, QueryPerformanceCounter, QueryPerformanceFrequency, QueryProcessAffinityUpdateMode, QueryProcessCycleTime, QueryThreadCycleTime, QueueUserAPC, QueueUserWorkItem, RaiseException, ReOpenFile, ReadConsoleA, ReadConsoleInputA, ReadConsoleInputExA, ReadConsoleInputExW, ReadConsoleInputW, ReadConsoleOutputA, ReadConsoleOutputAttribute, ReadConsoleOutputCharacterA, ReadConsoleOutputCharacterW, ReadConsoleOutputW, ReadConsoleW, ReadDirectoryChangesW, ReadFile, ReadFileEx, ReadFileScatter, ReadProcessMemory, RegisterApplicationRecoveryCallback, RegisterApplicationRestart, RegisterConsoleIME, RegisterConsoleOS2, RegisterConsoleVDM, RegisterWaitForInputIdle, RegisterWaitForSingleObject, RegisterWaitForSingleObjectEx, RegisterWowBaseHandlers, RegisterWowExec, ReleaseActCtx, ReleaseMutex, ReleaseMutexWhenCallbackReturns, ReleaseSRWLockExclusive, ReleaseSRWLockShared, ReleaseSemaphore, ReleaseSemaphoreWhenCallbackReturns, RemoveDirectoryA, RemoveDirectoryTransactedA, RemoveDirectoryTransactedW, RemoveDirectoryW, RemoveLocalAlternateComputerNameA, RemoveLocalAlternateComputerNameW, RemoveSecureMemoryCacheCallback, RemoveVectoredContinueHandler, RemoveVectoredExceptionHandler, ReplaceFile, ReplaceFileA, ReplaceFileW, ReplacePartitionUnit, RequestDeviceWakeup, RequestWakeupLatency, ResetEvent, ResetWriteWatch, RestoreLastError, ResumeThread, RtlCaptureContext, RtlCaptureStackBackTrace, RtlFillMemory, RtlMoveMemory, RtlUnwind, RtlZeroMemory, ScrollConsoleScreenBufferA, ScrollConsoleScreenBufferW, SearchPathA, SearchPathW, SetCalendarInfoA, SetCalendarInfoW, SetClientTimeZoneInformation, SetComPlusPackageInstallStatus, SetCommBreak, SetCommConfig, SetCommMask, SetCommState, SetCommTimeouts, SetComputerNameA, SetComputerNameExA, SetComputerNameExW, SetComputerNameW, SetConsoleActiveScreenBuffer, SetConsoleCP, SetConsoleCtrlHandler, SetConsoleCursor, SetConsoleCursorInfo, SetConsoleCursorMode, SetConsoleCursorPosition, SetConsoleDisplayMode, SetConsoleFont, SetConsoleHardwareState, SetConsoleHistoryInfo, SetConsoleIcon, SetConsoleInputExeNameA, SetConsoleInputExeNameW, SetConsoleKeyShortcuts, SetConsoleLocalEUDC, SetConsoleMaximumWindowSize, SetConsoleMenuClose, SetConsoleMode, SetConsoleNlsMode, SetConsoleNumberOfCommandsA, SetConsoleNumberOfCommandsW, SetConsoleOS2OemFormat, SetConsoleOutputCP, SetConsolePalette, SetConsoleScreenBufferInfoEx, SetConsoleScreenBufferSize, SetConsoleTextAttribute, SetConsoleTitleA, SetConsoleTitleW, SetConsoleWindowInfo, SetCriticalSectionSpinCount, SetCurrentConsoleFontEx, SetCurrentDirectoryA, SetCurrentDirectoryW, SetDefaultCommConfigA, SetDefaultCommConfigW, SetDllDirectoryA, SetDllDirectoryW, SetDynamicTimeZoneInformation, SetEndOfFile, SetEnvironmentStringsA, SetEnvironmentStringsW, SetEnvironmentVariableA, SetEnvironmentVariableW, SetErrorMode, SetEvent, SetEventWhenCallbackReturns, SetFileApisToANSI, SetFileApisToOEM, SetFileAttributesA, SetFileAttributesTransactedA, SetFileAttributesTransactedW, SetFileAttributesW, SetFileBandwidthReservation, SetFileCompletionNotificationModes, SetFileInformationByHandle, SetFileIoOverlappedRange, SetFilePointer, SetFilePointerEx, SetFileShortNameA, SetFileShortNameW, SetFileTime, SetFileValidData, SetFirmwareEnvironmentVariableA, SetFirmwareEnvironmentVariableW, SetHandleContext, SetHandleCount, SetHandleInformation, SetInformationJobObject, SetLastConsoleEventActive, SetLastError, SetLocalPrimaryComputerNameA, SetLocalPrimaryComputerNameW, SetLocalTime, SetLocaleInfoA, SetLocaleInfoW, SetMailslotInfo, SetMessageWaitingIndicator, SetNamedPipeAttribute, SetNamedPipeHandleState, SetPriorityClass, SetProcessAffinityMask, SetProcessAffinityUpdateMode, SetProcessDEPPolicy, SetProcessPriorityBoost, SetProcessShutdownParameters, SetProcessWorkingSetSize, SetProcessWorkingSetSizeEx, SetSearchPathMode, SetStdHandle, SetStdHandleEx, SetSystemFileCacheSize, SetSystemPowerState, SetSystemTime, SetSystemTimeAdjustment, SetTapeParameters, SetTapePosition, SetTermsrvAppInstallMode, SetThreadAffinityMask, SetThreadContext, SetThreadExecutionState, SetThreadIdealProcessor, SetThreadLocale, SetThreadPreferredUILanguages, SetThreadPriority, SetThreadPriorityBoost, SetThreadStackGuarantee, SetThreadUILanguage, SetThreadpoolThreadMaximum, SetThreadpoolThreadMinimum, SetThreadpoolTimer, SetThreadpoolWait, SetTimeZoneInformation, SetTimerQueueTimer, SetUnhandledExceptionFilter, SetUserGeoID, SetVDMCurrentDirectories, SetVolumeLabelA, SetVolumeLabelW, SetVolumeMountPointA, SetVolumeMountPointW, SetWaitableTimer, SetupComm, ShowConsoleCursor, SignalObjectAndWait, SizeofResource, Sleep, SleepConditionVariableCS, SleepConditionVariableSRW, SleepEx, StartThreadpoolIo, SubmitThreadpoolWork, SuspendThread, SwitchToFiber, SwitchToThread, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, TerminateJobObject, TerminateProcess, TerminateThread, TermsrvAppInstallMode, Thread32First, Thread32Next, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, Toolhelp32ReadProcessMemory, TransactNamedPipe, TransmitCommChar, TryEnterCriticalSection, TrySubmitThreadpoolCallback, TzSpecificLocalTimeToSystemTime, UTRegister, UTUnRegister, UnhandledExceptionFilter, UnlockFile, UnlockFileEx, UnmapViewOfFile, UnregisterApplicationRecoveryCallback, UnregisterApplicationRestart, UnregisterConsoleIME, UnregisterWait, UnregisterWaitEx, UpdateCalendarDayOfWeek, UpdateProcThreadAttribute, UpdateResourceA, UpdateResourceW, VDMConsoleOperation, VDMOperationStarted, VerLanguageNameA, VerLanguageNameW, VerSetConditionMask, VerifyConsoleIoHandle, VerifyScripts, VerifyVersionInfoA, VerifyVersionInfoW, VirtualAlloc, VirtualAllocEx, VirtualAllocExNuma, VirtualFree, VirtualFreeEx, VirtualLock, VirtualProtect, VirtualProtectEx, VirtualQuery, VirtualQueryEx, VirtualUnlock, WTSGetActiveConsoleSessionId, WaitCommEvent, WaitForDebugEvent, WaitForMultipleObjects, WaitForMultipleObjectsEx, WaitForSingleObject, WaitForSingleObjectEx, WaitForThreadpoolIoCallbacks, WaitForThreadpoolTimerCallbacks, WaitForThreadpoolWaitCallbacks, WaitForThreadpoolWorkCallbacks, WaitNamedPipeA, WaitNamedPipeW, WakeAllConditionVariable, WakeConditionVariable, WerGetFlags, WerRegisterFile, WerRegisterMemoryBlock, WerSetFlags, WerUnregisterFile, WerUnregisterMemoryBlock, WerpCleanupMessageMapping, WerpInitiateRemoteRecovery, WerpNotifyLoadStringResource, WerpNotifyLoadStringResourceEx, WerpNotifyUseStringResource, WerpStringLookup, WideCharToMultiByte, WinExec, Wow64DisableWow64FsRedirection, Wow64EnableWow64FsRedirection, Wow64GetThreadContext, Wow64RevertWow64FsRedirection, Wow64SetThreadContext, Wow64SuspendThread, WriteConsoleA, WriteConsoleInputA, WriteConsoleInputVDMA, WriteConsoleInputVDMW, WriteConsoleInputW, WriteConsoleOutputA, WriteConsoleOutputAttribute, WriteConsoleOutputCharacterA, WriteConsoleOutputCharacterW, WriteConsoleOutputW, WriteConsoleW, WriteFile, WriteFileEx, WriteFileGather, WritePrivateProfileSectionA, WritePrivateProfileSectionW, WritePrivateProfileStringA, WritePrivateProfileStringW, WritePrivateProfileStructA, WritePrivateProfileStructW, WriteProcessMemory, WriteProfileSectionA, WriteProfileSectionW, WriteProfileStringA, WriteProfileStringW, WriteTapemark, ZombifyActCtx, _hread, _hwrite, _lclose, _lcreat, _llseek, _lopen, _lread, _lwrite, lstrcat, lstrcatA, lstrcatW, lstrcmp, lstrcmpA, lstrcmpW, lstrcmpi, lstrcmpiA, lstrcmpiW, lstrcpy, lstrcpyA, lstrcpyW, lstrcpyn, lstrcpynA, lstrcpynW, lstrlen, lstrlenA, lstrlenW
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (42.6%)
Win32 EXE PECompact compressed (generic) (20.7%)
Win32 Executable MS Visual C++ (generic) (18.8%)
Win 9x/ME Control Panel applet (7.7%)
Win32 Executable Generic (4.2%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: © Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows NT BASE API Client DLL
original name: kernel32
internal name: kernel32
file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

#6 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:04:35 PM

Posted 07 November 2009 - 11:12 AM

Hi
OK. well that's not what I wanted to see from VirusTotal. :(

Please do this.

Download RootRepeal from the following location and save it to your desktop.
  • Open RootRepeal on your desktop.
  • Click the ReportTab tab.
  • Click the Scan button.
  • Check all seven boxes
  • Push Ok
  • Check the box for your main system drive (Usually C: ), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the SaveReport. button.
Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#7 omghelpme

omghelpme
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 07 November 2009 - 11:58 AM

It's funny because i have tried using this repeal things before and it just crashed. Now it WORKS!
I have attached the .txt file with this post...

oh and i should mention that i have noticed my windows isnt activated even though i have activatecd it before. This must have oonly changed today because i have noticed the computer really slowing down.
And i have no sound whatsoever now either :/

Attached Files



#8 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:04:35 PM

Posted 07 November 2009 - 08:38 PM

Hi
OK I would like to try and get a on line scan.

Please do the following.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin


The rest are optional - if you want it to remove everything check "Select All".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Now the scan.

Please do an online scan with Kaspersky WebScanner

It's best to disable real time protection applications as they sometimes interfere with the scan.
Check this link for any applicable programs you may have.

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.
  • The program will launch and then begin downloading the latest definition files:
  • Under Scan on the left side.Click on My Computer
  • This will start the program and scan your system.
  • Click the “Scan Report” On the left side.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
  • Save the text file to your desktop.
  • Copy and paste that information in your next post.
Please post the Kaspersky results.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#9 omghelpme

omghelpme
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 08 November 2009 - 09:21 AM

i have tried the online scan and it was about 50% and crashed. My internet always does this since the virus. but I have used kaspersky before and it has never found anything.
I did use the ATF cleaner though and "Prefetch" was disabled (so i clicked the select all tab, and deselected history and it somehow selected the Prefetch not sure if it cleaned it though)

I am however worried that my computer has 29 days left to activate it. and somehow the product key is different from the one labled on my computer but i cant change it or activate it because i get a 0x800700D error?!

Also my sound wont work at all, and when in device manager no drivers are listed anymore?

#10 omghelpme

omghelpme
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 08 November 2009 - 11:30 AM

can i add that "plug and play" wont start in the services.

#11 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:04:35 PM

Posted 08 November 2009 - 11:35 AM

Hi
OK please try this on line scan. Run ATF Cleaner before doing the scan.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#12 omghelpme

omghelpme
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 08 November 2009 - 04:14 PM

i didnt see a send report button. But i did export a .txt file which i have attched to this post.

Attached Files



#13 omghelpme

omghelpme
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 08 November 2009 - 05:21 PM

ok update:

I have used malwarebytes and it has now worked. I'm not sure what has happened recently but im able to use a few programs that i wasnt able to use before.
i ran malwarebytes and it detected alot of trojans and such and removed them. i have attached the log with this post.

NOW! my main concern is that the plug and play service is not showing up anymore in the services screen. this will be because i have tried fixing it by removing it and reinstalling it. but i couldnt re-install it and have now deleted it. i want to know how to get that back. I do have registry backups but they dont work.

Another problem is that my computer is still not activated. and i cant activate it because i get an 0x800700D error.

Attached Files



#14 omghelpme

omghelpme
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 08 November 2009 - 07:48 PM

I really do feel my computer is beyond repair. without this plug and play service.
I followed this topic:

To delete a Service:
1. Click Start and type CMD in the start search box.
2. Right click on the CMD in the list and click on run as administrator.
3. Type in the following command in Command prompt.
sc delete PlugPlay, (to find the service name you can get into services.msc and
double click on the particular service)

To create Service:
1. Click Start/Run/regedit
2. Choose HKEY_LOCAL_MACHINE
3. Click File/Load Hive under display name you will find the name of the service.
4. Browse to *(See note below on this)* C:\Windows\Repair\. Double-click the file
called system.
5. Enter the word "test" (without the quotes) in the box and click OK.
6. Leave the registry editor open and open a command prompt and type in the following (this copies the keys to the proper locations):

a. "reg copy hklm\test\controlset001\services\PlugPlay hklm\system\currentcontrolset\services\PlugPlay /s /f"

b. Press ENTER

You should get "Operation completed successfully" or something similar as the
output after each command

Restart the computer and check the service is present again.
===============================

but i could only delete the plugplay and when i tried to find the C:\windows\repair\system
i couldnt locate it. there was no repair folder at all...

I would try re-installing windows but i dont have enough CD's or hard drive to back up 140GB worth of stuff....
BIG HELP NEEDED!

#15 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:04:35 PM

Posted 09 November 2009 - 01:05 AM

Hi
OK please do not do anymore to your computer unless told to do so.

Please remove any and all cracked or hacked software. Spyhunter is infected.

P2P - I see you have P2P software ( Limewire, BitTorrent uTorrent etc… ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them,

I will be posting as soon as I can.

maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users