Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

atapi.sys trojan and searchclick8.com redirect


  • Please log in to reply
7 replies to this topic

#1 7less7

7less7

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Its easy to find me
  • Local time:05:12 AM

Posted 28 January 2010 - 05:38 PM

Hi, I would say I am a above average Windows user and generally can resolve issues on my own. Or if I'm stumped I google my problem and get it resolved. And most topics refer to BleepingComputer.com....so here I am.
Here is my situation...about a week or so ago I kept getting warnings about McAfee has removed apati.sys trojan or whatever and it popped up like 10 times. So I went into the quarantined files and tried to remove it several times. Upon restart I got the "blue screen of death" and the file that was corrupt was "atapi.sys". So I reparied windows (I have XP Home Edition" and it seemed fine. Then I went into my McAfee (comcast edition) and the file is still there. Then later as I was using google I was getting redirected to searchclick8.com and its crap. Figured out that my Internet Protocol (TCP/IP) settings were hacked or whatever and the "Use the following DNA server addresses" were checked with whatever numbers they were...I unchecked them and used the "Obtain DNS server address automatically".
That is the best I can come up with an explanation of my problem. As I type this my quarantined items I have in McAfee are:

FILE NAME DETECTION NAMES

atapi.sys patched-SYSFile.a
atapi.sys.new patched-SYSFile.a
buyenayo.dll Vundo.gen.w
kewajifu.dll Vundo.gen.w
logibeja.dll Vundo.gen.w
pomijowu.dll Vundo.gen.w
razadupe.dll Vundo.gen.w

I tried using TendMicroHouseCall but for some reason its not letting me open it or download it successfully, I have used it numerous times in the past successfully.
Also when I got my Comcast internet when I moved, it came with this (Comcast Security McAfee) and it seemed better than the free AVG I was using. This has been the worst problem with my computer since Ive own this. (Toshiba Satellite A-105)
I dont want to remove the quarantined files for fear of windows crashing again and sitting through 4 hrs of repairing windows again.
HELP! Thank you for your time, sorry if Im lacking information, but thats all I can come up with right now.
blink.gif

Edited by Amazing Andrew, 28 January 2010 - 09:33 PM.
Mod Edit: Moved to more appropriate forum - AA


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:12 AM

Posted 28 January 2010 - 09:39 PM

Hello 7less7 and :thumbsup: to BleepingComputer.

Let's see if we can get a little bit more info.

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

~Blade


In your next reply, please include the following:
GMER log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 7less7

7less7
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Its easy to find me
  • Local time:05:12 AM

Posted 29 January 2010 - 02:05 AM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-28 23:51:46
Windows 5.1.2600 Service Pack 3
Running: ouq2on1c.exe; Driver: C:\DOCUME~1\Jenifer\LOCALS~1\Temp\pgldypow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA806878A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA8068821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA8068738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA806874C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA8068835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA8068861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xA80688CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xA80688B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA80687CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA80688FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA806880D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA8068710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA8068724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA806879E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xA8068937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA80688A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xA806888D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA806884B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA8068923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA806890F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA8068776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA8068762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA8068877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA80687F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA80688E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA80687E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA80687B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP A80687B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568D59 5 Bytes JMP A8068811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F1 7 Bytes JMP A8068891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056CDC0 5 Bytes JMP A806878E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DC01 5 Bytes JMP A8068766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8057065D 5 Bytes JMP A8068825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80570A6D 7 Bytes JMP A806893B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 7 Bytes JMP A80688D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805717C7 5 Bytes JMP A8068714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571CB1 7 Bytes JMP A80687A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80572889 7 Bytes JMP A806887B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805736E6 5 Bytes JMP A80687E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573B61 7 Bytes JMP A80687CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC60 7 Bytes JMP A8068750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805822E0 5 Bytes JMP A80687FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058A1BD 5 Bytes JMP A8068728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058A68D 5 Bytes JMP A80688FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 8059066B 7 Bytes JMP A80688BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D50 7 Bytes JMP A8068865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 805952BE 7 Bytes JMP A8068839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B135A 5 Bytes JMP A806873C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062DCDF 5 Bytes JMP A806877A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064D9FA 7 Bytes JMP A80688E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E320 7 Bytes JMP A80688A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E79E 7 Bytes JMP A806884F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064EC91 5 Bytes JMP A8068913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F0FA 5 Bytes JMP A8068927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xB9105EBF]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0007008E
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0007007D
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070062
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070FA5
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0007003D
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F57
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070F74
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00070F21
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700BA
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 000700D5
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00070FC0
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 0007009F
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 0007002C
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00070011
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00070F3C
.text C:\WINDOWS\system32\services.exe[848] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00060025
.text C:\WINDOWS\system32\services.exe[848] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00060F8D
.text C:\WINDOWS\system32\services.exe[848] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00060FD4
.text C:\WINDOWS\system32\services.exe[848] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[848] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00060FA8
.text C:\WINDOWS\system32\services.exe[848] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[848] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0006004A
.text C:\WINDOWS\system32\services.exe[848] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00060FB9
.text C:\WINDOWS\system32\services.exe[848] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050055
.text C:\WINDOWS\system32\services.exe[848] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FD4
.text C:\WINDOWS\system32\services.exe[848] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050029
.text C:\WINDOWS\system32\services.exe[848] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[848] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050044
.text C:\WINDOWS\system32\services.exe[848] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[848] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0106000A
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01060F8D
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01060078
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01060F9E
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01060051
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01060FD4
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01060F55
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0106009D
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010600BF
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010600AE
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 010600D0
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01060FAF
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01060FEF
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01060F72
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01060040
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01060025
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 01060F3A
.text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00FF0FCD
.text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00FF0043
.text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00FF0FDE
.text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00FF0F86
.text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00FF0FA1
.text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [1F, 89]
.text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00FF0FBC
.text C:\WINDOWS\system32\lsass.exe[860] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FE0064
.text C:\WINDOWS\system32\lsass.exe[860] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FE0053
.text C:\WINDOWS\system32\lsass.exe[860] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FE001D
.text C:\WINDOWS\system32\lsass.exe[860] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\lsass.exe[860] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FE0038
.text C:\WINDOWS\system32\lsass.exe[860] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FE000C
.text C:\WINDOWS\system32\lsass.exe[860] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FC0000
.text C:\WINDOWS\system32\lsass.exe[860] wininet.dll!InternetOpenW 771BAF29 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\lsass.exe[860] wininet.dll!InternetOpenA 771C578E 5 Bytes JMP 00FD000A
.text C:\WINDOWS\system32\lsass.exe[860] wininet.dll!InternetOpenUrlA 771C5A5A 5 Bytes JMP 00FD001B
.text C:\WINDOWS\system32\lsass.exe[860] wininet.dll!InternetOpenUrlW 771D5B72 5 Bytes JMP 00FD002C
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02460000
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02460F3F
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02460F5A
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02460F6B
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02460F7C
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02460FA8
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02460F1D
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02460F2E
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02460EE7
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02460F02
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 02460ED6
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02460F97
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02460FE5
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 0246004F
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02460FB9
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02460FCA
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02460080
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02450022
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 02450F9B
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02450011
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 02450FDB
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02450FAC
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02450000
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 02450044
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02450033
.text C:\WINDOWS\system32\svchost.exe[1024] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF0049
.text C:\WINDOWS\system32\svchost.exe[1024] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0038
.text C:\WINDOWS\system32\svchost.exe[1024] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0FC8
.text C:\WINDOWS\system32\svchost.exe[1024] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[1024] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF0027
.text C:\WINDOWS\system32\svchost.exe[1024] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF000C
.text C:\WINDOWS\system32\svchost.exe[1024] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A70000
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A70F7E
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A7007D
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A70FAF
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A7006C
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A70040
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A7009A
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A70F52
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A70F12
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A700B5
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00A70F01
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00A7005B
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00A70011
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00A70F63
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00A70FD4
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00A70FE5
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00A70F37
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00A60047
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00A60F9B
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00A60036
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00A60011
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00A60FC0
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00A60000
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00A60FD1
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [C6, 88]
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00A60058
.text C:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A50F81
.text C:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A50F9C
.text C:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A50FC1
.text C:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A50FEF
.text C:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A5000C
.text C:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A50FD2
.text C:\WINDOWS\system32\svchost.exe[1120] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A40000
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03530000
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03530087
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03530076
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03530F9C
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03530FB9
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03530051
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03530F5C
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03530F6D
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03530F1F
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03530F3A
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 035300D3
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 03530FCA
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0353001B
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 03530098
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 03530FDB
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 0353002C
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 03530F4B
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 03520FCD
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 03520FA1
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 03520FDE
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 03520FEF
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 03520FB2
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 0352000A
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 03520054
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 03520039
.text C:\WINDOWS\System32\svchost.exe[1244] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03510033
.text C:\WINDOWS\System32\svchost.exe[1244] msvcrt.dll!system 77C293C7 5 Bytes JMP 03510018
.text C:\WINDOWS\System32\svchost.exe[1244] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 03510FC3
.text C:\WINDOWS\System32\svchost.exe[1244] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03510FEF
.text C:\WINDOWS\System32\svchost.exe[1244] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 03510FA8
.text C:\WINDOWS\System32\svchost.exe[1244] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03510FDE
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!socket 71AB4211 5 Bytes JMP 030F000A
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetOpenW 771BAF29 5 Bytes JMP 03100FD4
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetOpenA 771C578E 5 Bytes JMP 03100FEF
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetOpenUrlA 771C5A5A 5 Bytes JMP 03100FC3
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetOpenUrlW 771D5B72 5 Bytes JMP 0310000A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0065005D
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00650F72
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0065004C
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650F83
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650F9E
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00650F3C
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00650078
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006500BA
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006500A9
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00650F06
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0065002F
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00650F57
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00650FAF
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00650FD4
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00650F2B
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00640FC3
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00640F72
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00640FD4
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00640F8D
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00640FE5
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00640FA8
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [84, 88]
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0064002F
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00630FB2
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!system 77C293C7 5 Bytes JMP 0063003D
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00630011
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0063002C
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0094000A
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0094007F
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0094006E
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00940F94
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00940051
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00940FCA
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00940F6F
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009400AB
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00940F32
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00940F43
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00940F21
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00940FAF
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00940FEF
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 0094009A
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00940040
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00940025
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00940F54
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00930FCA
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0093004A
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00930025
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00930F8D
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00930FA8
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [B3, 88] {MOV BL, 0x88}
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00930FB9
.text C:\WINDOWS\system32\svchost.exe[1620] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920FAB
.text C:\WINDOWS\system32\svchost.exe[1620] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920036
.text C:\WINDOWS\system32\svchost.exe[1620] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FD7
.text C:\WINDOWS\system32\svchost.exe[1620] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[1620] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FC6
.text C:\WINDOWS\system32\svchost.exe[1620] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920011
.text C:\WINDOWS\system32\svchost.exe[1620] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1756] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1756] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D0000A
.text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D00082
.text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D00F83
.text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D00F9E
.text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D00FAF
.text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D00FDB
.text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D000A7
.text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D00F55
.text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D000EE
.text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D000DD
.text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D00F44
.text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D00FCA
.text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D00025
.text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D00F72
.text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D00047
.text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D00036
.text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D000B8
.text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CF002C
.text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CF0F9E
.text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CF001B
.text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CF0FE5
.text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CF0FAF
.text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CF0000
.text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00CF0047
.text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CF0FC0
.text C:\WINDOWS\system32\svchost.exe[1836] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CE0FBC
.text C:\WINDOWS\system32\svchost.exe[1836] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CE0FD7
.text C:\WINDOWS\system32\svchost.exe[1836] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CE002C
.text C:\WINDOWS\system32\svchost.exe[1836] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\svchost.exe[1836] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CE003D
.text C:\WINDOWS\system32\svchost.exe[1836] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CE0011
.text C:\WINDOWS\system32\svchost.exe[1836] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A70000
.text C:\WINDOWS\system32\svchost.exe[1836] WININET.dll!InternetOpenW 771BAF29 5 Bytes JMP 00CD0FE5
.text C:\WINDOWS\system32\svchost.exe[1836] WININET.dll!InternetOpenA 771C578E 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\svchost.exe[1836] WININET.dll!InternetOpenUrlA 771C5A5A 5 Bytes JMP 00CD0FCA
.text C:\WINDOWS\system32\svchost.exe[1836] WININET.dll!InternetOpenUrlW 771D5B72 5 Bytes JMP 00CD0FAD
.text C:\WINDOWS\Explorer.EXE[1988] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02330000
.text C:\WINDOWS\Explorer.EXE[1988] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02330F97
.text C:\WINDOWS\Explorer.EXE[1988] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02330FB2
.text C:\WINDOWS\Explorer.EXE[1988] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02330080
.text C:\WINDOWS\Explorer.EXE[1988] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02330065
.text C:\WINDOWS\Explorer.EXE[1988] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02330FCD
.text C:\WINDOWS\Explorer.EXE[1988] kernel32.dll!GetStartupInfoW 7C801E54 1 Byte [E9]
.text C:\WINDOWS\Explorer.EXE[1988] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02330F58
.text C:\WINDOWS\Explorer.EXE[1988] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02330F69
.text C:\WINDOWS\Explorer.EXE[1988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 023300BB
.text C:\WINDOWS\Explorer.EXE[1988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02330F2C
.text C:\WINDOWS\Explorer.EXE[1988] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 023300CC
.text C:\WINDOWS\Explorer.EXE[1988] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02330054
.text C:\WINDOWS\Explorer.EXE[1988] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02330FEF
.text C:\WINDOWS\Explorer.EXE[1988] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02330F86
.text C:\WINDOWS\Explorer.EXE[1988] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02330FDE
.text C:\WINDOWS\Explorer.EXE[1988] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 0233002F
.text C:\WINDOWS\Explorer.EXE[1988] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02330F3D
.text C:\WINDOWS\Explorer.EXE[1988] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 022F0051
.text C:\WINDOWS\Explorer.EXE[1988] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 022F0F9E
.text C:\WINDOWS\Explorer.EXE[1988] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 022F002C
.text C:\WINDOWS\Explorer.EXE[1988] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 022F001B
.text C:\WINDOWS\Explorer.EXE[1988] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 022F0FAF
.text C:\WINDOWS\Explorer.EXE[1988] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 022F0000
.text C:\WINDOWS\Explorer.EXE[1988] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 022F0FCA
.text C:\WINDOWS\Explorer.EXE[1988] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [4F, 8A]
.text C:\WINDOWS\Explorer.EXE[1988] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 022F0FE5
.text C:\WINDOWS\Explorer.EXE[1988] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 022E0FA8
.text C:\WINDOWS\Explorer.EXE[1988] msvcrt.dll!system 77C293C7 5 Bytes JMP 022E0FC3
.text C:\WINDOWS\Explorer.EXE[1988] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 022E0029
.text C:\WINDOWS\Explorer.EXE[1988] msvcrt.dll!_open 77C2F566 5 Bytes JMP 022E0FEF
.text C:\WINDOWS\Explorer.EXE[1988] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 022E0FD4
.text C:\WINDOWS\Explorer.EXE[1988] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 022E000C
.text C:\WINDOWS\Explorer.EXE[1988] WININET.dll!InternetOpenW 771BAF29 5 Bytes JMP 0227001B
.text C:\WINDOWS\Explorer.EXE[1988] WININET.dll!InternetOpenA 771C578E 5 Bytes JMP 0227000A
.text C:\WINDOWS\Explorer.EXE[1988] WININET.dll!InternetOpenUrlA 771C5A5A 5 Bytes JMP 0227002C
.text C:\WINDOWS\Explorer.EXE[1988] WININET.dll!InternetOpenUrlW 771D5B72 5 Bytes JMP 02270049
.text C:\WINDOWS\Explorer.EXE[1988] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01880FEF
.text C:\WINDOWS\system32\wuauclt.exe[2484] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\wuauclt.exe[2484] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0069
.text C:\WINDOWS\system32\wuauclt.exe[2484] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0058
.text C:\WINDOWS\system32\wuauclt.exe[2484] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0F7E
.text C:\WINDOWS\system32\wuauclt.exe[2484] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0FA5
.text C:\WINDOWS\system32\wuauclt.exe[2484] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FC0
.text C:\WINDOWS\system32\wuauclt.exe[2484] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0090
.text C:\WINDOWS\system32\wuauclt.exe[2484] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F48
.text C:\WINDOWS\system32\wuauclt.exe[2484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B00D0
.text C:\WINDOWS\system32\wuauclt.exe[2484] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00AB
.text C:\WINDOWS\system32\wuauclt.exe[2484] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001B0F12
.text C:\WINDOWS\system32\wuauclt.exe[2484] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001B0047
.text C:\WINDOWS\system32\wuauclt.exe[2484] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\system32\wuauclt.exe[2484] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001B0F59
.text C:\WINDOWS\system32\wuauclt.exe[2484] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001B002C
.text C:\WINDOWS\system32\wuauclt.exe[2484] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001B001B
.text C:\WINDOWS\system32\wuauclt.exe[2484] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001B0F2D
.text C:\WINDOWS\system32\wuauclt.exe[2484] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A003A
.text C:\WINDOWS\system32\wuauclt.exe[2484] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0029
.text C:\WINDOWS\system32\wuauclt.exe[2484] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FC3
.text C:\WINDOWS\system32\wuauclt.exe[2484] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2484] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0018
.text C:\WINDOWS\system32\wuauclt.exe[2484] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0FDE
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 002B0047
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 002B002C
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 002B001B
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 002B0FAF
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 002B0000
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 002B0FCA
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [4B, 88]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 002B0FDB
.text C:\WINDOWS\system32\svchost.exe[2504] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[2504] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC0F55
.text C:\WINDOWS\system32\svchost.exe[2504] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC0F66
.text C:\WINDOWS\system32\svchost.exe[2504] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC0F8D
.text C:\WINDOWS\system32\svchost.exe[2504] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC0F9E
.text C:\WINDOWS\system32\svchost.exe[2504] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0040
.text C:\WINDOWS\system32\svchost.exe[2504] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC0F22
.text C:\WINDOWS\system32\svchost.exe[2504] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC0F33
.text C:\WINDOWS\system32\svchost.exe[2504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC0F11
.text C:\WINDOWS\system32\svchost.exe[2504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC00A0
.text C:\WINDOWS\system32\svchost.exe[2504] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00BC00C5
.text C:\WINDOWS\system32\svchost.exe[2504] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00BC0FAF
.text C:\WINDOWS\system32\svchost.exe[2504] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BC0FD4
.text C:\WINDOWS\system32\svchost.exe[2504] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00BC0F44
.text C:\WINDOWS\system32\svchost.exe[2504] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00BC0025
.text C:\WINDOWS\system32\svchost.exe[2504] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\svchost.exe[2504] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00BC0085
.text C:\WINDOWS\system32\svchost.exe[2504] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BB0FD4
.text C:\WINDOWS\system32\svchost.exe[2504] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BB0F94
.text C:\WINDOWS\system32\svchost.exe[2504] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\system32\svchost.exe[2504] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BB001B
.text C:\WINDOWS\system32\svchost.exe[2504] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BB0051
.text C:\WINDOWS\system32\svchost.exe[2504] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[2504] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00BB0FAF
.text C:\WINDOWS\system32\svchost.exe[2504] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [DB, 88]
.text C:\WINDOWS\system32\svchost.exe[2504] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BB0036
.text C:\WINDOWS\system32\svchost.exe[2504] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BA0FB9
.text C:\WINDOWS\system32\svchost.exe[2504] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BA004E
.text C:\WINDOWS\system32\svchost.exe[2504] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BA0022
.text C:\WINDOWS\system32\svchost.exe[2504] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\svchost.exe[2504] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BA0033
.text C:\WINDOWS\system32\svchost.exe[2504] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BA0011
.text C:\WINDOWS\system32\SearchIndexer.exe[3968] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:12 AM

Posted 29 January 2010 - 02:31 AM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

IMPORTANT!!! - when you save the file, rename it to something random, such as bubbles.exe This must be done before beginning the download!

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

~Blade


In your next reply, please include the following:
Malwarebytes log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 7less7

7less7
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Its easy to find me
  • Local time:05:12 AM

Posted 29 January 2010 - 03:45 AM

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

1/29/2010 1:44:28 AM
mbam-log-2010-01-29 (01-44-28).txt

Scan type: Quick Scan
Objects scanned: 119946
Time elapsed: 12 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 79
Registry Values Infected: 9
Registry Data Items Infected: 4
Folders Infected: 17
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cooltoolbar.iebarlogic (Adware.Adssite) -> Quarantined and

deleted successfully.
HKEY_CLASSES_ROOT\cooltoolbar.iebarlogic.1 (Adware.Adssite) -> Quarantined and

deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.ShopperReports) -> Quarantined

and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.ShopperReports) -> Quarantined

and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.ShopperReports) ->

Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.ShopperReports) ->

Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.ShopperReports) ->

Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.ShopperReports) ->

Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.ShopperReports) ->

Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.ShopperReports) ->

Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.ShopperReports) ->

Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.ShopperReports) ->

Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc}

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{48dc6ffb-64d7-42e8-949d-8ef2641eb73a}

(Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff}

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb}

(Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0}

(Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe}

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082}

(Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{41c29b07-6f91-4966-91be-2e2841643c83}

(Adware.Adssite) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3}

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465}

(Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc}

(Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842}

(Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee}

(Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116}

(Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e}

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer

Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet

Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279c3

8-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and

deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2ba1c22

6-ec1b-4471-a65f-d0688ac6ee3a} (Adware.SmartShopper) -> Quarantined and

deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{41c29b0

7-6f91-4966-91be-2e2841643c83} (Adware.Adssite) -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf

1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea

1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea

9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea

b-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d

2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2556054

0-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201f

b-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2

c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff0510

4-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c900b40

0-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9c8a568

e-4201-478a-8536-526cf371d2e2} (Trojan.BHO) -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ab71e94

e-3dc4-41eb-bbd5-31e82c9fd1d4} (Trojan.BHO) -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e

2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and

deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8f

e-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and

deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8f

e-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and

deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9c8a

568e-4201-478a-8536-526cf371d2e2} (Trojan.BHO) -> Quarantined and deleted

successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution

Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) ->

Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet

Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2}

(Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet

Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3}

(Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low

Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481}

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low

Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7}

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low

Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907}

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low

Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127}

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low

Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7}

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low

Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da}

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet

Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) ->

Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{

1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and

deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6c

ec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted

successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af

26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted

successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4

dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted

successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6c

ec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted

successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af

26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted

successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4

dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\SOFTWARE\Adssite ToolBar (Adware.Adssite) -> Quarantined and

deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ErrorRepairTool (Rogue.ErrorRepairTool) ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and

deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorRepairTool (Rogue.ErrorRepairTool) ->

Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) ->

Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) ->

Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined

and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low

Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and

deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined

and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\{10f3e8bd-257a-4702-a2f5-dc02055b068c} (Trojan.BHO) ->

Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{10f3e8bd-257a-4702-a2f5-dc02055b068c} (Trojan.BHO) ->

Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet

Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2}

(Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet

Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3}

(Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet

Explorer\Toolbar\WebBrowser\{98279c38-de4b-4bcf-93c9-8ec26069d6f4}

(Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet

Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b}

(Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet

Explorer\Toolbar\{41c29b07-6f91-4966-91be-2e2841643c83} (Adware.Adssite) ->

Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WIN

DOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet

Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\errorrepairtoo

l (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid

(Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify

(Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted

successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify

(Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted

successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify

(Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted

successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad:

(C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good:

(Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Jenifer\Application Data\Adssite Advanced Toolbar

(Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jenifer\Application Data\ErrorRepairTool

(Rogue.ErrorRepairTool) -> Delete on reboot.
C:\Documents and Settings\Jenifer\Application Data\ErrorRepairTool\Logs

(Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jenifer\Application Data\ErrorRepairTool\QuarantineW

(Rogue.ErrorRepairTool) -> Delete on reboot.
C:\Documents and Settings\Jenifer\Application

Data\ErrorRepairTool\QuarantineW\2009-01-24 00-05-050 (Rogue.ErrorRepairTool)

-> Delete on reboot.
C:\Documents and Settings\Jenifer\Application

Data\ErrorRepairTool\QuarantineW\2009-01-24 00-05-050 (Rogue.ErrorRepairTool)

-> Files: 449 -> Delete on reboot.
C:\Documents and Settings\Jenifer\Application Data\FunWebProducts

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jenifer\Application Data\FunWebProducts\Data

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jenifer\Application Data\FunWebProducts\Data\Jenifer

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted

successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and

deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined

and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined

and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge

(Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iDlo01 (Trojan.Downloader) -> Quarantined and deleted

successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted

successfully.
C:\Documents and Settings\All Users\Application Data\Wyyo (Adware.Zwangi) ->

Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\hatugepe.dll (Trojan.Vundo.H) -> Quarantined and deleted

successfully.
C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and

deleted successfully.
C:\Documents and Settings\Jenifer\Application Data\Adssite Advanced

Toolbar\advertbuttons.xml (Adware.AdRotator) -> Quarantined and deleted

successfully.
C:\Documents and Settings\Jenifer\Application Data\Adssite Advanced

Toolbar\selected.xml (Adware.AdRotator) -> Quarantined and deleted

successfully.
C:\Documents and Settings\Jenifer\Application Data\ErrorRepairTool\resultsw.db

(Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jenifer\Application

Data\ErrorRepairTool\Logs\2009-01-24 00-02-240.log (Rogue.ErrorRepairTool) ->

Quarantined and deleted successfully.
C:\Documents and Settings\Jenifer\Application

Data\FunWebProducts\Data\Jenifer\avatar.dat (Adware.MyWebSearch) ->

Quarantined and deleted successfully.
C:\Documents and Settings\Jenifer\Application

Data\FunWebProducts\Data\Jenifer\outfit.dat (Adware.MyWebSearch) ->

Quarantined and deleted successfully.
C:\Documents and Settings\Jenifer\Application

Data\FunWebProducts\Data\Jenifer\zbucks.dat (Adware.MyWebSearch) ->

Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) ->

Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) ->

Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) ->

Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) ->

Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak

(Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) ->

Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start

Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk

(Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start

Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk

(Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start

Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.MarketScore) ->

Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted

successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted

successfully.
C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and

deleted successfully.

#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:12 AM

Posted 30 January 2010 - 02:40 AM

Please install RootRepeal
Note: Vista users ,, right click on desktop icon and select "Run as Administrator."Disconnect from the Internet or physically unplug your Internet cable connection.
Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
Temporarily disable your anti-virus and real-time anti-spyware protection.
After starting the scan, do not use the computer until the scan has completed.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • Extract RootRepeal.exe from the zip archive.
  • Open Posted Image on your desktop.
  • At the top of the window, click Settings, then Options.
  • Click the Ssdt & Shadow Ssdt Tab.
  • Make sure the box next to "Only display hooked functions." is checked.
  • Click the "X" in the top right corner of the Settings window to close it.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
~Blade


In your next reply, please include the following:
RootRepeal Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 7less7

7less7
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Its easy to find me
  • Local time:05:12 AM

Posted 30 January 2010 - 03:27 AM

Had an error message when I ran it wich is below...also couldnt run all seven at the same time...had to execute them manually...
hope I did ok...

ERROR LOG
01:01:31: Error - invalid PE image found!
01:01:31: Error - invalid PE image found!

DRIVER LOG
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/30 00:56
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xF7627000 Size: 57344 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7508000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2188928 File Visible: - Signed: -
Status: -

Name: ACPIEC.sys
Image Path: ACPIEC.sys
Address: 0xF78A3000 Size: 11648 File Visible: - Signed: -
Status: -

Name: AegisP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Address: 0xF7923000 Size: 15968 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA7830000 Size: 138112 File Visible: - Signed: -
Status: -

Name: AGRSM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AGRSM.sys
Address: 0xA81D3000 Size: 1122592 File Visible: - Signed: -
Status: -

Name: ASCTRM.SYS
Image Path: C:\WINDOWS\System32\Drivers\ASCTRM.SYS
Address: 0xA0CAA000 Size: 7488 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF74A2000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7A5D000 Size: 3072 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xF789F000 Size: 16384 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7A03000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7897000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xA1269000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xBA013000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7667000 Size: 53248 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Address: 0xF792B000 Size: 13952 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xF789B000 Size: 10240 File Visible: - Signed: -
Status: -

Name: csiidecoder_kern_i386.sys
Image Path: C:\WINDOWS\system32\DRIVERS\csiidecoder_kern_i386.sys
Address: 0xBA771000 Size: 36864 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF7657000 Size: 36352 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBA791000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA002A000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xA2645000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xA104F000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xA5EBD000 Size: 4096 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xA0042000 Size: 143744 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF76D7000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF7867000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7A01000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF74BA000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xF77F7000 Size: 21120 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806EE000 Size: 81152 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB98FE000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xA8F07000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xA8CE5000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xA830A000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0x9F297000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xBA033000 Size: 52480 File Visible: - Signed: -
Status: -

Name: ialmdd5.DLL
Image Path: C:\WINDOWS\System32\ialmdd5.DLL
Address: 0xBFA36000 Size: 909312 File Visible: - Signed: -
Status: -

Name: ialmdev5.DLL
Image Path: C:\WINDOWS\System32\ialmdev5.DLL
Address: 0xBFA05000 Size: 200704 File Visible: - Signed: -
Status: -

Name: ialmdnt5.dll
Image Path: C:\WINDOWS\System32\ialmdnt5.dll
Address: 0xBF9E3000 Size: 139264 File Visible: - Signed: -
Status: -

Name: ialmnt5.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
Address: 0xB993A000 Size: 1050016 File Visible: - Signed: -
Status: -

Name: ialmrnt5.dll
Image Path: C:\WINDOWS\System32\ialmrnt5.dll
Address: 0xBF9D5000 Size: 57344 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xBA023000 Size: 42112 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xBA751000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipfltdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Address: 0xB9FA3000 Size: 32896 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA773C000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA78FA000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF7607000 Size: 37248 File Visible: - Signed: -
Status: -

Name: iwca.sys
Image Path: C:\WINDOWS\system32\DRIVERS\iwca.sys
Address: 0xB923D000 Size: 249856 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF77DF000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7987000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0x9E65C000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB927A000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF783E000 Size: 92288 File Visible: - Signed: -
Status: -

Name: LMImirr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\LMImirr.sys
Address: 0xF7A57000 Size: 3200 File Visible: - Signed: -
Status: -

Name: LMIRfsDriver.sys
Image Path: C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
Address: 0xF7887000 Size: 39168 File Visible: - Signed: -
Status: -

Name: meiudf.sys
Image Path: C:\WINDOWS\System32\Drivers\meiudf.sys
Address: 0xA7996000 Size: 102112 File Visible: - Signed: -
Status: -

Name: mfeavfk.sys
Image Path: C:\WINDOWS\system32\drivers\mfeavfk.sys
Address: 0x9F25D000 Size: 73088 File Visible: - Signed: -
Status: -

Name: mfebopk.sys
Image Path: C:\WINDOWS\system32\drivers\mfebopk.sys
Address: 0xA5AF4000 Size: 28544 File Visible: - Signed: -
Status: -

Name: mfehidk.sys
Image Path: C:\WINDOWS\system32\drivers\mfehidk.sys
Address: 0xA7762000 Size: 207936 File Visible: - Signed: -
Status: -

Name: mferkdk.sys
Image Path: C:\WINDOWS\system32\drivers\mferkdk.sys
Address: 0xF77D7000 Size: 27520 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7A05000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xB9A43000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF77E7000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xA8306000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7637000 Size: 42368 File Visible: - Signed: -
Status: -

Name: Mpfp.sys
Image Path: C:\WINDOWS\System32\Drivers\Mpfp.sys
Address: 0xA787A000 Size: 159744 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0x9FEBD000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA7795000 Size: 456576 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF77AF000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF75A6000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBAFE8000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF7A35000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NBSMI.sys
Image Path: C:\WINDOWS\system32\DRIVERS\NBSMI.sys
Address: 0xF79DD000 Size: 4864 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF795A000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xBAFF8000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA1073000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB9226000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7576000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF76A7000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA7852000 Size: 162816 File Visible: - Signed: -
Status: -

Name: netdevio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netdevio.sys
Address: 0xA106F000 Size: 12032 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7797000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7B52000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2188928 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xA8C92000 Size: 2944 File Visible: - Signed: -
Status: -

Name: NWADIenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
Address: 0xB9183000 Size: 212992 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF7617000 Size: 61696 File Visible: - Signed: -
Status: -

Name: OPRGHDLR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Address: 0xF7A50000 Size: 4096 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF770F000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF74F7000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7A4F000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF7707000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pcmcia.sys
Image Path: pcmcia.sys
Address: 0xF74D9000 Size: 120192 File Visible: - Signed: -
Status: -

Name: pfc.sys
Image Path: C:\WINDOWS\system32\drivers\pfc.sys
Address: 0xF77EF000 Size: 21248 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2188928 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xA8380000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB9215000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF77C7000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7677000 Size: 35712 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF7943000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF76F7000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF75C6000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF75B6000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF77CF000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2188928 File Visible: - Signed: -
Status: -

Name: rcsq.sys
Image Path: rcsq.sys
Address: 0xF75F7000 Size: 54016 File Visible: No Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA7805000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7A07000 Size: 4224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xBA003000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9F105000 Size: 49152 File Visible: No Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xA83A4000 Size: 4190208 File Visible: - Signed: -
Status: -

Name: s24trans.sys
Image Path: C:\WINDOWS\system32\DRIVERS\s24trans.sys
Address: 0xBAD73000 Size: 10432 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\system32\drivers\SCSIPORT.SYS
Address: 0xF7458000 Size: 98304 File Visible: - Signed: -
Status: -

Name: sdbus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\sdbus.sys
Address: 0xB9499000 Size: 79232 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF7855000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0x9FDF3000 Size: 334848 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF79DB000 Size: 4352 File Visible: - Signed: -
Status: -

Name: SynTP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\SynTP.sys
Address: 0xB9460000 Size: 231424 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA8F67000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tbiosdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
Address: 0xBAFE4000 Size: 9472 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA78A1000 Size: 361344 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF77B7000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF7596000 Size: 40704 File Visible: - Signed: -
Status: -

Name: tifm21.sys
Image Path: C:\WINDOWS\system32\drivers\tifm21.sys
Address: 0xB94AD000 Size: 162560 File Visible: - Signed: -
Status: -

Name: tsxt_kern_i386.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tsxt_kern_i386.sys
Address: 0xB9A83000 Size: 32768 File Visible: - Signed: -
Status: -

Name: Tvs.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Tvs.sys
Address: 0xBA781000 Size: 43264 File Visible: - Signed: -
Status: -

Name: Udfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Udfs.SYS
Address: 0xA7985000 Size: 66048 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB91B7000 Size: 384768 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF79D3000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF7737000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xB9FD3000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB98DA000 Size: 147456 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xA8CED000 Size: 26368 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF772F000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF779F000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB9926000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7647000 Size: 52352 File Visible: - Signed: -
Status: -

Name: w29n51.sys
Image Path: C:\WINDOWS\system32\DRIVERS\w29n51.sys
Address: 0xB94D5000 Size: 3289088 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF76E7000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xA0C62000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0x9FB0E000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7989000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2188928 File Visible: - Signed: -
Status: -

Name: wowhd_kern_i386.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wowhd_kern_i386.sys
Address: 0xB9A5B000 Size: 28672 File Visible: - Signed: -
Status: -

Name: ws2ifsl.sys
Image Path: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xBAFFC000 Size: 12032 File Visible: - Signed: -
Status: -

Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xF782B000 Size: 76544 File Visible: - Signed: -
Status: -

PROCESSESS LOG
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/30 01:05
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Processes
-------------------
Path: System
PID: 4 Status: -

Path: C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
PID: 184 Status: -

Path: C:\WINDOWS\system32\igfxpers.exe
PID: 316 Status: -

Path: C:\WINDOWS\system32\LEXBCES.EXE
PID: 344 Status: -

Path: C:\WINDOWS\system32\spoolsv.exe
PID: 360 Status: -

Path: C:\WINDOWS\system32\LEXPPS.EXE
PID: 380 Status: -

Path: C:\Program Files\McAfee\MPF\MpfSrv.exe
PID: 552 Status: -

Path: C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PID: 572 Status: -

Path: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 584 Status: -

Path: C:\WINDOWS\system32\RAMASST.exe
PID: 592 Status: -

Path: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 600 Status: -

Path: C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PID: 632 Status: -

Path: C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PID: 644 Status: -

Path: C:\WINDOWS\system32\DVDRAMSV.exe
PID: 704 Status: -

Path: C:\WINDOWS\system32\smss.exe
PID: 728 Status: -

Path: C:\WINDOWS\system32\hkcmd.exe
PID: 768 Status: -

Path: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 772 Status: -

Path: C:\WINDOWS\system32\csrss.exe
PID: 784 Status: -

Path: C:\WINDOWS\system32\winlogon.exe
PID: 808 Status: -

Path: C:\WINDOWS\system32\services.exe
PID: 852 Status: -

Path: C:\WINDOWS\system32\lsass.exe
PID: 888 Status: -

Path: C:\Documents and Settings\Jenifer\Desktop\RootRepeal.exe
PID: 932 Status: -

Path: C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
PID: 1004 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1032 Status: -

Path: C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
PID: 1076 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1136 Status: -

Path: C:\WINDOWS\system32\igfxsrvc.exe
PID: 1220 Status: -

Path: C:\WINDOWS\system32\alg.exe
PID: 1228 Status: -

Path: C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PID: 1232 Status: -

Path: C:\Program Files\iTunes\iTunes.exe
PID: 1248 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1256 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1292 Status: -

Path: C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PID: 1360 Status: -

Path: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PID: 1408 Status: -

Path: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PID: 1456 Status: -

Path: C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PID: 1500 Status: -

Path: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PID: 1552 Status: -

Path: C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PID: 1568 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1616 Status: -

Path: C:\WINDOWS\system32\igfxtray.exe
PID: 1756 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1760 Status: -

Path: C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
PID: 1788 Status: -

Path: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PID: 1812 Status: -

Path: C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
PID: 1856 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1916 Status: -

Path: C:\WINDOWS\explorer.exe
PID: 1940 Status: -

Path: C:\Program Files\ltmoh\ltmoh.exe
PID: 2024 Status: -

Path: C:\WINDOWS\agrsmmsg.exe
PID: 2036 Status: -

Path: C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PID: 2056 Status: -

Path: C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PID: 2084 Status: -

Path: C:\WINDOWS\system32\ctfmon.exe
PID: 2340 Status: -

Path: C:\Program Files\Viewpoint\Common\ViewpointService.exe
PID: 2432 Status: -

Path: C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PID: 2468 Status: -

Path: C:\WINDOWS\system32\TPSMain.exe
PID: 2528 Status: -

Path: C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PID: 2536 Status: -

Path: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PID: 2612 Status: -

Path: C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PID: 2632 Status: -

Path: C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
PID: 2640 Status: -

Path: C:\Program Files\Search Settings\SearchSettings.exe
PID: 2684 Status: -

Path: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
PID: 2744 Status: -

Path: C:\WINDOWS\system32\searchindexer.exe
PID: 2756 Status: -

Path: C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PID: 2936 Status: -

Path: C:\WINDOWS\system32\TPSBattM.exe
PID: 2976 Status: -

Path: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PID: 2984 Status: -

Path: C:\Program Files\Common Files\Java\Java Update\jusched.exe
PID: 3020 Status: -

Path: C:\Program Files\iTunes\iTunesHelper.exe
PID: 3100 Status: -

Path: C:\Program Files\McAfee.com\Agent\mcagent.exe
PID: 3168 Status: -

Path: C:\WINDOWS\RTHDCPL.exe
PID: 3176 Status: -

Path: C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
PID: 3260 Status: -

Path: C:\WINDOWS\system32\wuauclt.exe
PID: 3276 Status: -

Path: C:\WINDOWS\system32\rundll32.exe
PID: 3532 Status: -

Path: C:\Program Files\iPod\bin\iPodService.exe
PID: 3644 Status: -

Path: C:\Program Files\DNA\btdna.exe
PID: 3792 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 4988 Status: -

SSDT LOG
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/30 01:05
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

SSDT
-------------------
#: 000 Function Name: NtAcceptConnectPort
Status: Not hooked

#: 001 Function Name: NtAccessCheck
Status: Not hooked

#: 002 Function Name: NtAccessCheckAndAuditAlarm
Status: Not hooked

#: 003 Function Name: NtAccessCheckByType
Status: Not hooked

#: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm
Status: Not hooked

#: 005 Function Name: NtAccessCheckByTypeResultList
Status: Not hooked

#: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm
Status: Not hooked

#: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
Status: Not hooked

#: 008 Function Name: NtAddAtom
Status: Not hooked

#: 009 Function Name: NtAddBootEntry
Status: Not hooked

#: 010 Function Name: NtAdjustGroupsToken
Status: Not hooked

#: 011 Function Name: NtAdjustPrivilegesToken
Status: Not hooked

#: 012 Function Name: NtAlertResumeThread
Status: Not hooked

#: 013 Function Name: NtAlertThread
Status: Not hooked

#: 014 Function Name: NtAllocateLocallyUniqueId
Status: Not hooked

#: 015 Function Name: NtAllocateUserPhysicalPages
Status: Not hooked

#: 016 Function Name: NtAllocateUuids
Status: Not hooked

#: 017 Function Name: NtAllocateVirtualMemory
Status: Not hooked

#: 018 Function Name: NtAreMappedFilesTheSame
Status: Not hooked

#: 019 Function Name: NtAssignProcessToJobObject
Status: Not hooked

#: 020 Function Name: NtCallbackReturn
Status: Not hooked

#: 021 Function Name: NtCancelDeviceWakeupRequest
Status: Not hooked

#: 022 Function Name: NtCancelIoFile
Status: Not hooked

#: 023 Function Name: NtCancelTimer
Status: Not hooked

#: 024 Function Name: NtClearEvent
Status: Not hooked

#: 025 Function Name: NtClose
Status: Not hooked

#: 026 Function Name: NtCloseObjectAuditAlarm
Status: Not hooked

#: 027 Function Name: NtCompactKeys
Status: Not hooked

#: 028 Function Name: NtCompareTokens
Status: Not hooked

#: 029 Function Name: NtCompleteConnectPort
Status: Not hooked

#: 030 Function Name: NtCompressKey
Status: Not hooked

#: 031 Function Name: NtConnectPort
Status: Not hooked

#: 032 Function Name: NtContinue
Status: Not hooked

#: 033 Function Name: NtCreateDebugObject
Status: Not hooked

#: 034 Function Name: NtCreateDirectoryObject
Status: Not hooked

#: 035 Function Name: NtCreateEvent
Status: Not hooked

#: 036 Function Name: NtCreateEventPair
Status: Not hooked

#: 037 Function Name: NtCreateFile
Status: Not hooked

#: 038 Function Name: NtCreateIoCompletion
Status: Not hooked

#: 039 Function Name: NtCreateJobObject
Status: Not hooked

#: 040 Function Name: NtCreateJobSet
Status: Not hooked

#: 041 Function Name: NtCreateKey
Status: Not hooked

#: 042 Function Name: NtCreateMailslotFile
Status: Not hooked

#: 043 Function Name: NtCreateMutant
Status: Not hooked

#: 044 Function Name: NtCreateNamedPipeFile
Status: Not hooked

#: 045 Function Name: NtCreatePagingFile
Status: Not hooked

#: 046 Function Name: NtCreatePort
Status: Not hooked

#: 047 Function Name: NtCreateProcess
Status: Not hooked

#: 048 Function Name: NtCreateProcessEx
Status: Not hooked

#: 049 Function Name: NtCreateProfile
Status: Not hooked

#: 050 Function Name: NtCreateSection
Status: Not hooked

#: 051 Function Name: NtCreateSemaphore
Status: Not hooked

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Not hooked

#: 053 Function Name: NtCreateThread
Status: Not hooked

#: 054 Function Name: NtCreateTimer
Status: Not hooked

#: 055 Function Name: NtCreateToken
Status: Not hooked

#: 056 Function Name: NtCreateWaitablePort
Status: Not hooked

#: 057 Function Name: NtDebugActiveProcess
Status: Not hooked

#: 058 Function Name: NtDebugContinue
Status: Not hooked

#: 059 Function Name: NtDelayExecution
Status: Not hooked

#: 060 Function Name: NtDeleteAtom
Status: Not hooked

#: 061 Function Name: NtDeleteBootEntry
Status: Not hooked

#: 062 Function Name: NtDeleteFile
Status: Not hooked

#: 063 Function Name: NtDeleteKey
Status: Not hooked

#: 064 Function Name: NtDeleteObjectAuditAlarm
Status: Not hooked

#: 065 Function Name: NtDeleteValueKey
Status: Not hooked

#: 066 Function Name: NtDeviceIoControlFile
Status: Not hooked

#: 067 Function Name: NtDisplayString
Status: Not hooked

#: 068 Function Name: NtDuplicateObject
Status: Not hooked

#: 069 Function Name: NtDuplicateToken
Status: Not hooked

#: 070 Function Name: NtEnumerateBootEntries
Status: Not hooked

#: 071 Function Name: NtEnumerateKey
Status: Not hooked

#: 072 Function Name: NtEnumerateSystemEnvironmentValuesEx
Status: Not hooked

#: 073 Function Name: NtEnumerateValueKey
Status: Not hooked

#: 074 Function Name: NtExtendSection
Status: Not hooked

#: 075 Function Name: NtFilterToken
Status: Not hooked

#: 076 Function Name: NtFindAtom
Status: Not hooked

#: 077 Function Name: NtFlushBuffersFile
Status: Not hooked

#: 078 Function Name: NtFlushInstructionCache
Status: Not hooked

#: 079 Function Name: NtFlushKey
Status: Not hooked

#: 080 Function Name: NtFlushVirtualMemory
Status: Not hooked

#: 081 Function Name: NtFlushWriteBuffer
Status: Not hooked

#: 082 Function Name: NtFreeUserPhysicalPages
Status: Not hooked

#: 083 Function Name: NtFreeVirtualMemory
Status: Not hooked

#: 084 Function Name: NtFsControlFile
Status: Not hooked

#: 085 Function Name: NtGetContextThread
Status: Not hooked

#: 086 Function Name: NtGetDevicePowerState
Status: Not hooked

#: 087 Function Name: NtGetPlugPlayEvent
Status: Not hooked

#: 088 Function Name: NtGetWriteWatch
Status: Not hooked

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Not hooked

#: 090 Function Name: NtImpersonateClientOfPort
Status: Not hooked

#: 091 Function Name: NtImpersonateThread
Status: Not hooked

#: 092 Function Name: NtInitializeRegistry
Status: Not hooked

#: 093 Function Name: NtInitiatePowerAction
Status: Not hooked

#: 094 Function Name: NtIsProcessInJob
Status: Not hooked

#: 095 Function Name: NtIsSystemResumeAutomatic
Status: Not hooked

#: 096 Function Name: NtListenPort
Status: Not hooked

#: 097 Function Name: NtLoadDriver
Status: Not hooked

#: 098 Function Name: NtLoadKey
Status: Not hooked

#: 099 Function Name: NtLoadKey2
Status: Not hooked

#: 100 Function Name: NtLockFile
Status: Not hooked

#: 101 Function Name: NtLockProductActivationKeys
Status: Not hooked

#: 102 Function Name: NtLockRegistryKey
Status: Not hooked

#: 103 Function Name: NtLockVirtualMemory
Status: Not hooked

#: 104 Function Name: NtMakePermanentObject
Status: Not hooked

#: 105 Function Name: NtMakeTemporaryObject
Status: Not hooked

#: 106 Function Name: NtMapUserPhysicalPages
Status: Not hooked

#: 107 Function Name: NtMapUserPhysicalPagesScatter
Status: Not hooked

#: 108 Function Name: NtMapViewOfSection
Status: Not hooked

#: 109 Function Name: NtModifyBootEntry
Status: Not hooked

#: 110 Function Name: NtNotifyChangeDirectoryFile
Status: Not hooked

#: 111 Function Name: NtNotifyChangeKey
Status: Not hooked

#: 112 Function Name: NtNotifyChangeMultipleKeys
Status: Not hooked

#: 113 Function Name: NtOpenDirectoryObject
Status: Not hooked

#: 114 Function Name: NtOpenEvent
Status: Not hooked

#: 115 Function Name: NtOpenEventPair
Status: Not hooked

#: 116 Function Name: NtOpenFile
Status: Not hooked

#: 117 Function Name: NtOpenIoCompletion
Status: Not hooked

#: 118 Function Name: NtOpenJobObject
Status: Not hooked

#: 119 Function Name: NtOpenKey
Status: Not hooked

#: 120 Function Name: NtOpenMutant
Status: Not hooked

#: 121 Function Name: NtOpenObjectAuditAlarm
Status: Not hooked

#: 122 Function Name: NtOpenProcess
Status: Not hooked

#: 123 Function Name: NtOpenProcessToken
Status: Not hooked

#: 124 Function Name: NtOpenProcessTokenEx
Status: Not hooked

#: 125 Function Name: NtOpenSection
Status: Not hooked

#: 126 Function Name: NtOpenSemaphore
Status: Not hooked

#: 127 Function Name: NtOpenSymbolicLinkObject
Status: Not hooked

#: 128 Function Name: NtOpenThread
Status: Not hooked

#: 129 Function Name: NtOpenThreadToken
Status: Not hooked

#: 130 Function Name: NtOpenThreadTokenEx
Status: Not hooked

#: 131 Function Name: NtOpenTimer
Status: Not hooked

#: 132 Function Name: NtPlugPlayControl
Status: Not hooked

#: 133 Function Name: NtPowerInformation
Status: Not hooked

#: 134 Function Name: NtPrivilegeCheck
Status: Not hooked

#: 135 Function Name: NtPrivilegeObjectAuditAlarm
Status: Not hooked

#: 136 Function Name: NtPrivilegedServiceAuditAlarm
Status: Not hooked

#: 137 Function Name: NtProtectVirtualMemory
Status: Not hooked

#: 138 Function Name: NtPulseEvent
Status: Not hooked

#: 139 Function Name: NtQueryAttributesFile
Status: Not hooked

#: 140 Function Name: NtQueryBootEntryOrder
Status: Not hooked

#: 141 Function Name: NtQueryBootOptions
Status: Not hooked

#: 142 Function Name: NtQueryDebugFilterState
Status: Not hooked

#: 143 Function Name: NtQueryDefaultLocale
Status: Not hooked

#: 144 Function Name: NtQueryDefaultUILanguage
Status: Not hooked

#: 145 Function Name: NtQueryDirectoryFile
Status: Not hooked

#: 146 Function Name: NtQueryDirectoryObject
Status: Not hooked

#: 147 Function Name: NtQueryEaFile
Status: Not hooked

#: 148 Function Name: NtQueryEvent
Status: Not hooked

#: 149 Function Name: NtQueryFullAttributesFile
Status: Not hooked

#: 150 Function Name: NtQueryInformationAtom
Status: Not hooked

#: 151 Function Name: NtQueryInformationFile
Status: Not hooked

#: 152 Function Name: NtQueryInformationJobObject
Status: Not hooked

#: 153 Function Name: NtQueryInformationPort
Status: Not hooked

#: 154 Function Name: NtQueryInformationProcess
Status: Not hooked

#: 155 Function Name: NtQueryInformationThread
Status: Not hooked

#: 156 Function Name: NtQueryInformationToken
Status: Not hooked

#: 157 Function Name: NtQueryInstallUILanguage
Status: Not hooked

#: 158 Function Name: NtQueryIntervalProfile
Status: Not hooked

#: 159 Function Name: NtQueryIoCompletion
Status: Not hooked

#: 160 Function Name: NtQueryKey
Status: Not hooked

#: 161 Function Name: NtQueryMultipleValueKey
Status: Not hooked

#: 162 Function Name: NtQueryMutant
Status: Not hooked

#: 163 Function Name: NtQueryObject
Status: Not hooked

#: 164 Function Name: NtQueryOpenSubKeys
Status: Not hooked

#: 165 Function Name: NtQueryPerformanceCounter
Status: Not hooked

#: 166 Function Name: NtQueryQuotaInformationFile
Status: Not hooked

#: 167 Function Name: NtQuerySection
Status: Not hooked

#: 168 Function Name: NtQuerySecurityObject
Status: Not hooked

#: 169 Function Name: NtQuerySemaphore
Status: Not hooked

#: 170 Function Name: NtQuerySymbolicLinkObject
Status: Not hooked

#: 171 Function Name: NtQuerySystemEnvironmentValue
Status: Not hooked

#: 172 Function Name: NtQuerySystemEnvironmentValueEx
Status: Not hooked

#: 173 Function Name: NtQuerySystemInformation
Status: Not hooked

#: 174 Function Name: NtQuerySystemTime
Status: Not hooked

#: 175 Function Name: NtQueryTimer
Status: Not hooked

#: 176 Function Name: NtQueryTimerResolution
Status: Not hooked

#: 177 Function Name: NtQueryValueKey
Status: Not hooked

#: 178 Function Name: NtQueryVirtualMemory
Status: Not hooked

#: 179 Function Name: NtQueryVolumeInformationFile
Status: Not hooked

#: 180 Function Name: NtQueueApcThread
Status: Not hooked

#: 181 Function Name: NtRaiseException
Status: Not hooked

#: 182 Function Name: NtRaiseHardError
Status: Not hooked

#: 183 Function Name: NtReadFile
Status: Not hooked

#: 184 Function Name: NtReadFileScatter
Status: Not hooked

#: 185 Function Name: NtReadRequestData
Status: Not hooked

#: 186 Function Name: NtReadVirtualMemory
Status: Not hooked

#: 187 Function Name: NtRegisterThreadTerminatePort
Status: Not hooked

#: 188 Function Name: NtReleaseMutant
Status: Not hooked

#: 189 Function Name: NtReleaseSemaphore
Status: Not hooked

#: 190 Function Name: NtRemoveIoCompletion
Status: Not hooked

#: 191 Function Name: NtRemoveProcessDebug
Status: Not hooked

#: 192 Function Name: NtRenameKey
Status: Not hooked

#: 193 Function Name: NtReplaceKey
Status: Not hooked

#: 194 Function Name: NtReplyPort
Status: Not hooked

#: 195 Function Name: NtReplyWaitReceivePort
Status: Not hooked

#: 196 Function Name: NtReplyWaitReceivePortEx
Status: Not hooked

#: 197 Function Name: NtReplyWaitReplyPort
Status: Not hooked

#: 198 Function Name: NtRequestDeviceWakeup
Status: Not hooked

#: 199 Function Name: NtRequestPort
Status: Not hooked

#: 200 Function Name: NtRequestWaitReplyPort
Status: Not hooked

#: 201 Function Name: NtRequestWakeupLatency
Status: Not hooked

#: 202 Function Name: NtResetEvent
Status: Not hooked

#: 203 Function Name: NtResetWriteWatch
Status: Not hooked

#: 204 Function Name: NtRestoreKey
Status: Not hooked

#: 205 Function Name: NtResumeProcess
Status: Not hooked

#: 206 Function Name: NtResumeThread
Status: Not hooked

#: 207 Function Name: NtSaveKey
Status: Not hooked

#: 208 Function Name: NtSaveKeyEx
Status: Not hooked

#: 209 Function Name: NtSaveMergedKeys
Status: Not hooked

#: 210 Function Name: NtSecureConnectPort
Status: Not hooked

#: 211 Function Name: NtSetBootEntryOrder
Status: Not hooked

#: 212 Function Name: NtSetBootOptions
Status: Not hooked

#: 213 Function Name: NtSetContextThread
Status: Not hooked

#: 214 Function Name: NtSetDebugFilterState
Status: Not hooked

#: 215 Function Name: NtSetDefaultHardErrorPort
Status: Not hooked

#: 216 Function Name: NtSetDefaultLocale
Status: Not hooked

#: 217 Function Name: NtSetDefaultUILanguage
Status: Not hooked

#: 218 Function Name: NtSetEaFile
Status: Not hooked

#: 219 Function Name: NtSetEvent
Status: Not hooked

#: 220 Function Name: NtSetEventBoostPriority
Status: Not hooked

#: 221 Function Name: NtSetHighEventPair
Status: Not hooked

#: 222 Function Name: NtSetHighWaitLowEventPair
Status: Not hooked

#: 223 Function Name: NtSetInformationDebugObject
Status: Not hooked

#: 224 Function Name: NtSetInformationFile
Status: Not hooked

#: 225 Function Name: NtSetInformationJobObject
Status: Not hooked

#: 226 Function Name: NtSetInformationKey
Status: Not hooked

#: 227 Function Name: NtSetInformationObject
Status: Not hooked

#: 228 Function Name: NtSetInformationProcess
Status: Not hooked

#: 229 Function Name: NtSetInformationThread
Status: Not hooked

#: 230 Function Name: NtSetInformationToken
Status: Not hooked

#: 231 Function Name: NtSetIntervalProfile
Status: Not hooked

#: 232 Function Name: NtSetIoCompletion
Status: Not hooked

#: 233 Function Name: NtSetLdtEntries
Status: Not hooked

#: 234 Function Name: NtSetLowEventPair
Status: Not hooked

#: 235 Function Name: NtSetLowWaitHighEventPair
Status: Not hooked

#: 236 Function Name: NtSetQuotaInformationFile
Status: Not hooked

#: 237 Function Name: NtSetSecurityObject
Status: Not hooked

#: 238 Function Name: NtSetSystemEnvironmentValue
Status: Not hooked

#: 239 Function Name: NtSetSystemEnvironmentValueEx
Status: Not hooked

#: 240 Function Name: NtSetSystemInformation
Status: Not hooked

#: 241 Function Name: NtSetSystemPowerState
Status: Not hooked

#: 242 Function Name: NtSetSystemTime
Status: Not hooked

#: 243 Function Name: NtSetThreadExecutionState
Status: Not hooked

#: 244 Function Name: NtSetTimer
Status: Not hooked

#: 245 Function Name: NtSetTimerResolution
Status: Not hooked

#: 246 Function Name: NtSetUuidSeed
Status: Not hooked

#: 247 Function Name: NtSetValueKey
Status: Not hooked

#: 248 Function Name: NtSetVolumeInformationFile
Status: Not hooked

#: 249 Function Name: NtShutdownSystem
Status: Not hooked

#: 250 Function Name: NtSignalAndWaitForSingleObject
Status: Not hooked

#: 251 Function Name: NtStartProfile
Status: Not hooked

#: 252 Function Name: NtStopProfile
Status: Not hooked

#: 253 Function Name: NtSuspendProcess
Status: Not hooked

#: 254 Function Name: NtSuspendThread
Status: Not hooked

#: 255 Function Name: NtSystemDebugControl
Status: Not hooked

#: 256 Function Name: NtTerminateJobObject
Status: Not hooked

#: 257 Function Name: NtTerminateProcess
Status: Not hooked

#: 258 Function Name: NtTerminateThread
Status: Not hooked

#: 259 Function Name: NtTestAlert
Status: Not hooked

#: 260 Function Name: NtTraceEvent
Status: Not hooked

#: 261 Function Name: NtTranslateFilePath
Status: Not hooked

#: 262 Function Name: NtUnloadDriver
Status: Not hooked

#: 263 Function Name: NtUnloadKey
Status: Not hooked

#: 264 Function Name: NtUnloadKeyEx
Status: Not hooked

#: 265 Function Name: NtUnlockFile
Status: Not hooked

#: 266 Function Name: NtUnlockVirtualMemory
Status: Not hooked

#: 267 Function Name: NtUnmapViewOfSection
Status: Not hooked

#: 268 Function Name: NtVdmControl
Status: Not hooked

#: 269 Function Name: NtWaitForDebugEvent
Status: Not hooked

#: 270 Function Name: NtWaitForMultipleObjects
Status: Not hooked

#: 271 Function Name: NtWaitForSingleObject
Status: Not hooked

#: 272 Function Name: NtWaitHighEventPair
Status: Not hooked

#: 273 Function Name: NtWaitLowEventPair
Status: Not hooked

#: 274 Function Name: NtWriteFile
Status: Not hooked

#: 275 Function Name: NtWriteFileGather
Status: Not hooked

#: 276 Function Name: NtWriteRequestData
Status: Not hooked

#: 277 Function Name: NtWriteVirtualMemory
Status: Not hooked

#: 278 Function Name: NtYieldExecution
Status: Not hooked

#: 279 Function Name: NtCreateKeyedEvent
Status: Not hooked

#: 280 Function Name: NtOpenKeyedEvent
Status: Not hooked

#: 281 Function Name: NtReleaseKeyedEvent
Status: Not hooked

#: 282 Function Name: NtWaitForKeyedEvent
Status: Not hooked

#: 283 Function Name: NtQueryPortInformationProcess
Status: Not hooked

STEALTH LOG
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/30 01:05
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Stealth Objects
-------------------

HIDDEN SERVICES LOG
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/30 01:05
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Hidden Services
-------------------

SHAWDOWSSTD LOG
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/30 01:06
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Shadow SSDT
-------------------
#: 000 Function Name: NtGdiAbortDoc
Status: Not hooked

#: 001 Function Name: NtGdiAbortPath
Status: Not hooked

#: 002 Function Name: NtGdiAddFontResourceW
Status: Not hooked

#: 003 Function Name: NtGdiAddRemoteFontToDC
Status: Not hooked

#: 004 Function Name: NtGdiAddFontMemResourceEx
Status: Not hooked

#: 005 Function Name: NtGdiRemoveMergeFont
Status: Not hooked

#: 006 Function Name: NtGdiAddRemoteMMInstanceToDC
Status: Not hooked

#: 007 Function Name: NtGdiAlphaBlend
Status: Not hooked

#: 008 Function Name: NtGdiAngleArc
Status: Not hooked

#: 009 Function Name: NtGdiAnyLinkedFonts
Status: Not hooked

#: 010 Function Name: NtGdiFontIsLinked
Status: Not hooked

#: 011 Function Name: NtGdiArcInternal
Status: Not hooked

#: 012 Function Name: NtGdiBeginPath
Status: Not hooked

#: 013 Function Name: NtGdiBitBlt
Status: Not hooked

#: 014 Function Name: NtGdiCancelDC
Status: Not hooked

#: 015 Function Name: NtGdiCheckBitmapBits
Status: Not hooked

#: 016 Function Name: NtGdiCloseFigure
Status: Not hooked

#: 017 Function Name: NtGdiClearBitmapAttributes
Status: Not hooked

#: 018 Function Name: NtGdiClearBrushAttributes
Status: Not hooked

#: 019 Function Name: NtGdiColorCorrectPalette
Status: Not hooked

#: 020 Function Name: NtGdiCombineRgn
Status: Not hooked

#: 021 Function Name: NtGdiCombineTransform
Status: Not hooked

#: 022 Function Name: NtGdiComputeXformCoefficients
Status: Not hooked

#: 023 Function Name: NtGdiConsoleTextOut
Status: Not hooked

#: 024 Function Name: NtGdiConvertMetafileRect
Status: Not hooked

#: 025 Function Name: NtGdiCreateBitmap
Status: Not hooked

#: 026 Function Name: NtGdiCreateClientObj
Status: Not hooked

#: 027 Function Name: NtGdiCreateColorSpace
Status: Not hooked

#: 028 Function Name: NtGdiCreateColorTransform
Status: Not hooked

#: 029 Function Name: NtGdiCreateCompatibleBitmap
Status: Not hooked

#: 030 Function Name: NtGdiCreateCompatibleDC
Status: Not hooked

#: 031 Function Name: NtGdiCreateDIBBrush
Status: Not hooked

#: 032 Function Name: NtGdiCreateDIBitmapInternal
Status: Not hooked

#: 033 Function Name: NtGdiCreateDIBSection
Status: Not hooked

#: 034 Function Name: NtGdiCreateEllipticRgn
Status: Not hooked

#: 035 Function Name: NtGdiCreateHalftonePalette
Status: Not hooked

#: 036 Function Name: NtGdiCreateHatchBrushInternal
Status: Not hooked

#: 037 Function Name: NtGdiCreateMetafileDC
Status: Not hooked

#: 038 Function Name: NtGdiCreatePaletteInternal
Status: Not hooked

#: 039 Function Name: NtGdiCreatePatternBrushInternal
Status: Not hooked

#: 040 Function Name: NtGdiCreatePen
Status: Not hooked

#: 041 Function Name: NtGdiCreateRectRgn
Status: Not hooked

#: 042 Function Name: NtGdiCreateRoundRectRgn
Status: Not hooked

#: 043 Function Name: NtGdiCreateServerMetaFile
Status: Not hooked

#: 044 Function Name: NtGdiCreateSolidBrush
Status: Not hooked

#: 045 Function Name: NtGdiD3dContextCreate
Status: Not hooked

#: 046 Function Name: NtGdiD3dContextDestroy
Status: Not hooked

#: 047 Function Name: NtGdiD3dContextDestroyAll
Status: Not hooked

#: 048 Function Name: NtGdiD3dValidateTextureStageState
Status: Not hooked

#: 049 Function Name: NtGdiD3dDrawPrimitives2
Status: Not hooked

#: 050 Function Name: NtGdiDdGetDriverState
Status: Not hooked

#: 051 Function Name: NtGdiDdAddAttachedSurface
Status: Not hooked

#: 052 Function Name: NtGdiDdAlphaBlt
Status: Not hooked

#: 053 Function Name: NtGdiDdAttachSurface
Status: Not hooked

#: 054 Function Name: NtGdiDdBeginMoCompFrame
Status: Not hooked

#: 055 Function Name: NtGdiDdBlt
Status: Not hooked

#: 056 Function Name: NtGdiDdCanCreateSurface
Status: Not hooked

#: 057 Function Name: NtGdiDdCanCreateD3DBuffer
Status: Not hooked

#: 058 Function Name: NtGdiDdColorControl
Status: Not hooked

#: 059 Function Name: NtGdiDdCreateDirectDrawObject
Status: Not hooked

#: 060 Function Name: NtGdiDdCreateSurface
Status: Not hooked

#: 061 Function Name: NtGdiDdCreateD3DBuffer
Status: Not hooked

#: 062 Function Name: NtGdiDdCreateMoComp
Status: Not hooked

#: 063 Function Name: NtGdiDdCreateSurfaceObject
Status: Not hooked

#: 064 Function Name: NtGdiDdDeleteDirectDrawObject
Status: Not hooked

#: 065 Function Name: NtGdiDdDeleteSurfaceObject
Status: Not hooked

#: 066 Function Name: NtGdiDdDestroyMoComp
Status: Not hooked

#: 067 Function Name: NtGdiDdDestroySurface
Status: Not hooked

#: 068 Function Name: NtGdiDdDestroyD3DBuffer
Status: Not hooked

#: 069 Function Name: NtGdiDdEndMoCompFrame
Status: Not hooked

#: 070 Function Name: NtGdiDdFlip
Status: Not hooked

#: 071 Function Name: NtGdiDdFlipToGDISurface
Status: Not hooked

#: 072 Function Name: NtGdiDdGetAvailDriverMemory
Status: Not hooked

#: 073 Function Name: NtGdiDdGetBltStatus
Status: Not hooked

#: 074 Function Name: NtGdiDdGetDC
Status: Not hooked

#: 075 Function Name: NtGdiDdGetDriverInfo
Status: Not hooked

#: 076 Function Name: NtGdiDdGetDxHandle
Status: Not hooked

#: 077 Function Name: NtGdiDdGetFlipStatus
Status: Not hooked

#: 078 Function Name: NtGdiDdGetInternalMoCompInfo
Status: Not hooked

#: 079 Function Name: NtGdiDdGetMoCompBuffInfo
Status: Not hooked

#: 080 Function Name: NtGdiDdGetMoCompGuids
Status: Not hooked

#: 081 Function Name: NtGdiDdGetMoCompFormats
Status: Not hooked

#: 082 Function Name: NtGdiDdGetScanLine
Status: Not hooked

#: 083 Function Name: NtGdiDdLock
Status: Not hooked

#: 084 Function Name: NtGdiDdLockD3D
Status: Not hooked

#: 085 Function Name: NtGdiDdQueryDirectDrawObject
Status: Not hooked

#: 086 Function Name: NtGdiDdQueryMoCompStatus
Status: Not hooked

#: 087 Function Name: NtGdiDdReenableDirectDrawObject
Status: Not hooked

#: 088 Function Name: NtGdiDdReleaseDC
Status: Not hooked

#: 089 Function Name: NtGdiDdRenderMoComp
Status: Not hooked

#: 090 Function Name: NtGdiDdResetVisrgn
Status: Not hooked

#: 091 Function Name: NtGdiDdSetColorKey
Status: Not hooked

#: 092 Function Name: NtGdiDdSetExclusiveMode
Status: Not hooked

#: 093 Function Name: NtGdiDdSetGammaRamp
Status: Not hooked

#: 094 Function Name: NtGdiDdCreateSurfaceEx
Status: Not hooked

#: 095 Function Name: NtGdiDdSetOverlayPosition
Status: Not hooked

#: 096 Function Name: NtGdiDdUnattachSurface
Status: Not hooked

#: 097 Function Name: NtGdiDdUnlock
Status: Not hooked

#: 098 Function Name: NtGdiDdUnlockD3D
Status: Not hooked

#: 099 Function Name: NtGdiDdUpdateOverlay
Status: Not hooked

#: 100 Function Name: NtGdiDdWaitForVerticalBlank
Status: Not hooked

#: 101 Function Name: NtGdiDvpCanCreateVideoPort
Status: Not hooked

#: 102 Function Name: NtGdiDvpColorControl
Status: Not hooked

#: 103 Function Name: NtGdiDvpCreateVideoPort
Status: Not hooked

#: 104 Function Name: NtGdiDvpDestroyVideoPort
Status: Not hooked

#: 105 Function Name: NtGdiDvpFlipVideoPort
Status: Not hooked

#: 106 Function Name: NtGdiDvpGetVideoPortBandwidth
Status: Not hooked

#: 107 Function Name: NtGdiDvpGetVideoPortField
Status: Not hooked

#: 108 Function Name: NtGdiDvpGetVideoPortFlipStatus
Status: Not hooked

#: 109 Function Name: NtGdiDvpGetVideoPortInputFormats
Status: Not hooked

#: 110 Function Name: NtGdiDvpGetVideoPortLine
Status: Not hooked

#: 111 Function Name: NtGdiDvpGetVideoPortOutputFormats
Status: Not hooked

#: 112 Function Name: NtGdiDvpGetVideoPortConnectInfo
Status: Not hooked

#: 113 Function Name: NtGdiDvpGetVideoSignalStatus
Status: Not hooked

#: 114 Function Name: NtGdiDvpUpdateVideoPort
Status: Not hooked

#: 115 Function Name: NtGdiDvpWaitForVideoPortSync
Status: Not hooked

#: 116 Function Name: NtGdiDvpAcquireNotification
Status: Not hooked

#: 117 Function Name: NtGdiDvpReleaseNotification
Status: Not hooked

#: 118 Function Name: NtGdiDxgGenericThunk
Status: Not hooked

#: 119 Function Name: NtGdiDeleteClientObj
Status: Not hooked

#: 120 Function Name: NtGdiDeleteColorSpace
Status: Not hooked

#: 121 Function Name: NtGdiDeleteColorTransform
Status: Not hooked

#: 122 Function Name: NtGdiDeleteObjectApp
Status: Not hooked

#: 123 Function Name: NtGdiDescribePixelFormat
Status: Not hooked

#: 124 Function Name: NtGdiGetPerBandInfo
Status: Not hooked

#: 125 Function Name: NtGdiDoBanding
Status: Not hooked

#: 126 Function Name: NtGdiDoPalette
Status: Not hooked

#: 127 Function Name: NtGdiDrawEscape
Status: Not hooked

#: 128 Function Name: NtGdiEllipse
Status: Not hooked

#: 129 Function Name: NtGdiEnableEudc
Status: Not hooked

#: 130 Function Name: NtGdiEndDoc
Status: Not hooked

#: 131 Function Name: NtGdiEndPage
Status: Not hooked

#: 132 Function Name: NtGdiEndPath
Status: Not hooked

#: 133 Function Name: NtGdiEnumFontChunk
Status: Not hooked

#: 134 Function Name: NtGdiEnumFontClose
Status: Not hooked

#: 135 Function Name: NtGdiEnumFontOpen
Status: Not hooked

#: 136 Function Name: NtGdiEnumObjects
Status: Not hooked

#: 137 Function Name: NtGdiEqualRgn
Status: Not hooked

#: 138 Function Name: NtGdiEudcLoadUnloadLink
Status: Not hooked

#: 139 Function Name: NtGdiExcludeClipRect
Status: Not hooked

#: 140 Function Name: NtGdiExtCreatePen
Status: Not hooked

#: 141 Function Name: NtGdiExtCreateRegion
Status: Not hooked

#: 142 Function Name: NtGdiExtEscape
Status: Not hooked

#: 143 Function Name: NtGdiExtFloodFill
Status: Not hooked

#: 144 Function Name: NtGdiExtGetObjectW
Status: Not hooked

#: 145 Function Name: NtGdiExtSelectClipRgn
Status: Not hooked

#: 146 Function Name: NtGdiExtTextOutW
Status: Not hooked

#: 147 Function Name: NtGdiFillPath
Status: Not hooked

#: 148 Function Name: NtGdiFillRgn
Status: Not hooked

#: 149 Function Name: NtGdiFlattenPath
Status: Not hooked

#: 150 Function Name: NtGdiFlushUserBatch
Status: Not hooked

#: 151 Function Name: NtGdiFlush
Status: Not hooked

#: 152 Function Name: NtGdiForceUFIMapping
Status: Not hooked

#: 153 Function Name: NtGdiFrameRgn
Status: Not hooked

#: 154 Function Name: NtGdiFullscreenControl
Status: Not hooked

#: 155 Function Name: NtGdiGetAndSetDCDword
Status: Not hooked

#: 156 Function Name: NtGdiGetAppClipBox
Status: Not hooked

#: 157 Function Name: NtGdiGetBitmapBits
Status: Not hooked

#: 158 Function Name: NtGdiGetBitmapDimension
Status: Not hooked

#: 159 Function Name: NtGdiGetBoundsRect
Status: Not hooked

#: 160 Function Name: NtGdiGetCharABCWidthsW
Status: Not hooked

#: 161 Function Name: NtGdiGetCharacterPlacementW
Status: Not hooked

#: 162 Function Name: NtGdiGetCharSet
Status: Not hooked

#: 163 Function Name: NtGdiGetCharWidthW
Status: Not hooked

#: 164 Function Name: NtGdiGetCharWidthInfo
Status: Not hooked

#: 165 Function Name: NtGdiGetColorAdjustment
Status: Not hooked

#: 166 Function Name: NtGdiGetColorSpaceforBitmap
Status: Not hooked

#: 167 Function Name: NtGdiGetDCDword
Status: Not hooked

#: 168 Function Name: NtGdiGetDCforBitmap
Status: Not hooked

#: 169 Function Name: NtGdiGetDCObject
Status: Not hooked

#: 170 Function Name: NtGdiGetDCPoint
Status: Not hooked

#: 171 Function Name: NtGdiGetDeviceCaps
Status: Not hooked

#: 172 Function Name: NtGdiGetDeviceGammaRamp
Status: Not hooked

#: 173 Function Name: NtGdiGetDeviceCapsAll
Status: Not hooked

#: 174 Function Name: NtGdiGetDIBitsInternal
Status: Not hooked

#: 175 Function Name: NtGdiGetETM
Status: Not hooked

#: 176 Function Name: NtGdiGetEudcTimeStampEx
Status: Not hooked

#: 177 Function Name: NtGdiGetFontData
Status: Not hooked

#: 178 Function Name: NtGdiGetFontResourceInfoInternalW
Status: Not hooked

#: 179 Function Name: NtGdiGetGlyphIndicesW
Status: Not hooked

#: 180 Function Name: NtGdiGetGlyphIndicesWInternal
Status: Not hooked

#: 181 Function Name: NtGdiGetGlyphOutline
Status: Not hooked

#: 182 Function Name: NtGdiGetKerningPairs
Status: Not hooked

#: 183 Function Name: NtGdiGetLinkedUFIs
Status: Not hooked

#: 184 Function Name: NtGdiGetMiterLimit
Status: Not hooked

#: 185 Function Name: NtGdiGetMonitorID
Status: Not hooked

#: 186 Function Name: NtGdiGetNearestColor
Status: Not hooked

#: 187 Function Name: NtGdiGetNearestPaletteIndex
Status: Not hooked

#: 188 Function Name: NtGdiGetObjectBitmapHandle
Status: Not hooked

#: 189 Function Name: NtGdiGetOutlineTextMetricsInternalW
Status: Not hooked

#: 190 Function Name: NtGdiGetPath
Status: Not hooked

#: 191 Function Name: NtGdiGetPixel
Status: Not hooked

#: 192 Function Name: NtGdiGetRandomRgn
Status: Not hooked

#: 193 Function Name: NtGdiGetRasterizerCaps
Status: Not hooked

#: 194 Function Name: NtGdiGetRealizationInfo
Status: Not hooked

#: 195 Function Name: NtGdiGetRegionData
Status: Not hooked

#: 196 Function Name: NtGdiGetRgnBox
Status: Not hooked

#: 197 Function Name: NtGdiGetServerMetaFileBits
Status: Not hooked

#: 198 Function Name: NtGdiGetSpoolMessage
Status: Not hooked

#: 199 Function Name: NtGdiGetStats
Status: Not hooked

#: 200 Function Name: NtGdiGetStockObject
Status: Not hooked

#: 201 Function Name: NtGdiGetStringBitmapW
Status: Not hooked

#: 202 Function Name: NtGdiGetSystemPaletteUse
Status: Not hooked

#: 203 Function Name: NtGdiGetTextCharsetInfo
Status: Not hooked

#: 204 Function Name: NtGdiGetTextExtent
Status: Not hooked

#: 205 Function Name: NtGdiGetTextExtentExW
Status: Not hooked

#: 206 Function Name: NtGdiGetTextFaceW
Status: Not hooked

#: 207 Function Name: NtGdiGetTextMetricsW
Status: Not hooked

#: 208 Function Name: NtGdiGetTransform
Status: Not hooked

#: 209 Function Name: NtGdiGetUFI
Status: Not hooked

#: 210 Function Name: NtGdiGetEmbUFI
Status: Not hooked

#: 211 Function Name: NtGdiGetUFIPathname
Status: Not hooked

#: 212 Function Name: NtGdiGetEmbedFonts
Status: Not hooked

#: 213 Function Name: NtGdiChangeGhostFont
Status: Not hooked

#: 214 Function Name: NtGdiAddEmbFontToDC
Status: Not hooked

#: 215 Function Name: NtGdiGetFontUnicodeRanges
Status: Not hooked

#: 216 Function Name: NtGdiGetWidthTable
Status: Not hooked

#: 217 Function Name: NtGdiGradientFill
Status: Not hooked

#: 218 Function Name: NtGdiHfontCreate
Status: Not hooked

#: 219 Function Name: NtGdiIcmBrushInfo
Status: Not hooked

#: 220 Function Name: NtGdiInit
Status: Not hooked

#: 221 Function Name: NtGdiInitSpool
Status: Not hooked

#: 222 Function Name: NtGdiIntersectClipRect
Status: Not hooked

#: 223 Function Name: NtGdiInvertRgn
Status: Not hooked

#: 224 Function Name: NtGdiLineTo
Status: Not hooked

#: 225 Function Name: NtGdiMakeFontDir
Status: Not hooked

#: 226 Function Name: NtGdiMakeInfoDC
Status: Not hooked

#: 227 Function Name: NtGdiMaskBlt
Status: Not hooked

#: 228 Function Name: NtGdiModifyWorldTransform
Status: Not hooked

#: 229 Function Name: NtGdiMonoBitmap
Status: Not hooked

#: 230 Function Name: NtGdiMoveTo
Status: Not hooked

#: 231 Function Name: NtGdiOffsetClipRgn
Status: Not hooked

#: 232 Function Name: NtGdiOffsetRgn
Status: Not hooked

#: 233 Function Name: NtGdiOpenDCW
Status: Not hooked

#: 234 Function Name: NtGdiPatBlt
Status: Not hooked

#: 235 Function Name: NtGdiPolyPatBlt
Status: Not hooked

#: 236 Function Name: NtGdiPathToRegion
Status: Not hooked

#: 237 Function Name: NtGdiPlgBlt
Status: Not hooked

#: 238 Function Name: NtGdiPolyDraw
Status: Not hooked

#: 239 Function Name: NtGdiPolyPolyDraw
Status: Not hooked

#: 240 Function Name: NtGdiPolyTextOutW
Status: Not hooked

#: 241 Function Name: NtGdiPtInRegion
Status: Not hooked

#: 242 Function Name: NtGdiPtVisible
Status: Not hooked

#: 243 Function Name: NtGdiQueryFonts
Status: Not hooked

#: 244 Function Name: NtGdiQueryFontAssocInfo
Status: Not hooked

#: 245 Function Name: NtGdiRectangle
Status: Not hooked

#: 246 Function Name: NtGdiRectInRegion
Status: Not hooked

#: 247 Function Name: NtGdiRectVisible
Status: Not hooked

#: 248 Function Name: NtGdiRemoveFontResourceW
Status: Not hooked

#: 249 Function Name: NtGdiRemoveFontMemResourceEx
Status: Not hooked

#: 250 Function Name: NtGdiResetDC
Status: Not hooked

#: 251 Function Name: NtGdiResizePalette
Status: Not hooked

#: 252 Function Name: NtGdiRestoreDC
Status: Not hooked

#: 253 Function Name: NtGdiRoundRect
Status: Not hooked

#: 254 Function Name: NtGdiSaveDC
Status: Not hooked

#: 255 Function Name: NtGdiScaleViewportExtEx
Status: Not hooked

#: 256 Function Name: NtGdiScaleWindowExtEx
Status: Not hooked

#: 257 Function Name: NtGdiSelectBitmap
Status: Not hooked

#: 258 Function Name: NtGdiSelectBrush
Status: Not hooked

#: 259 Function Name: NtGdiSelectClipPath
Status: Not hooked

#: 260 Function Name: NtGdiSelectFont
Status: Not hooked

#: 261 Function Name: NtGdiSelectPen
Status: Not hooked

#: 262 Function Name: NtGdiSetBitmapAttributes
Status: Not hooked

#: 263 Function Name: NtGdiSetBitmapBits
Status: Not hooked

#: 264 Function Name: NtGdiSetBitmapDimension
Status: Not hooked

#: 265 Function Name: NtGdiSetBoundsRect
Status: Not hooked

#: 266 Function Name: NtGdiSetBrushAttributes
Status: Not hooked

#: 267 Function Name: NtGdiSetBrushOrg
Status: Not hooked

#: 268 Function Name: NtGdiSetColorAdjustment
Status: Not hooked

#: 269 Function Name: NtGdiSetColorSpace
Status: Not hooked

#: 270 Function Name: NtGdiSetDeviceGammaRamp
Status: Not hooked

#: 271 Function Name: NtGdiSetDIBitsToDeviceInternal
Status: Not hooked

#: 272 Function Name: NtGdiSetFontEnumeration
Status: Not hooked

#: 273 Function Name: NtGdiSetFontXform
Status: Not hooked

#: 274 Function Name: NtGdiSetIcmMode
Status: Not hooked

#: 275 Function Name: NtGdiSetLinkedUFIs
Status: Not hooked

#: 276 Function Name: NtGdiSetMagicColors
Status: Not hooked

#: 277 Function Name: NtGdiSetMetaRgn
Status: Not hooked

#: 278 Function Name: NtGdiSetMiterLimit
Status: Not hooked

#: 279 Function Name: NtGdiGetDeviceWidth
Status: Not hooked

#: 280 Function Name: NtGdiMirrorWindowOrg
Status: Not hooked

#: 281 Function Name: NtGdiSetLayout
Status: Not hooked

#: 282 Function Name: NtGdiSetPixel
Status: Not hooked

#: 283 Function Name: NtGdiSetPixelFormat
Status: Not hooked

#: 284 Function Name: NtGdiSetRectRgn
Status: Not hooked

#: 285 Function Name: NtGdiSetSystemPaletteUse
Status: Not hooked

#: 286 Function Name: NtGdiSetTextJustification
Status: Not hooked

#: 287 Function Name: NtGdiSetupPublicCFONT
Status: Not hooked

#: 288 Function Name: NtGdiSetVirtualResolution
Status: Not hooked

#: 289 Function Name: NtGdiSetSizeDevice
Status: Not hooked

#: 290 Function Name: NtGdiStartDoc
Status: Not hooked

#: 291 Function Name: NtGdiStartPage
Status: Not hooked

#: 292 Function Name: NtGdiStretchBlt
Status: Not hooked

#: 293 Function Name: NtGdiStretchDIBitsInternal
Status: Not hooked

#: 294 Function Name: NtGdiStrokeAndFillPath
Status: Not hooked

#: 295 Function Name: NtGdiStrokePath
Status: Not hooked

#: 296 Function Name: NtGdiSwapBuffers
Status: Not hooked

#: 297 Function Name: NtGdiTransformPoints
Status: Not hooked

#: 298 Function Name: NtGdiTransparentBlt
Status: Not hooked

#: 299 Function Name: NtGdiUnloadPrinterDriver
Status: Not hooked

#: 300 Function Name: NtGdiUnmapMemFont
Status: Not hooked

#: 301 Function Name: NtGdiUnrealizeObject
Status: Not hooked

#: 302 Function Name: NtGdiUpdateColors
Status: Not hooked

#: 303 Function Name: NtGdiWidenPath
Status: Not hooked

#: 304 Function Name: NtUserActivateKeyboardLayout
Status: Not hooked

#: 305 Function Name: NtUserAlterWindowStyle
Status: Not hooked

#: 306 Function Name: NtUserAssociateInputContext
Status: Not hooked

#: 307 Function Name: NtUserAttachThreadInput
Status: Not hooked

#: 308 Function Name: NtUserBeginPaint
Status: Not hooked

#: 309 Function Name: NtUserBitBltSysBmp
Status: Not hooked

#: 310 Function Name: NtUserBlockInput
Status: Not hooked

#: 311 Function Name: NtUserBuildHimcList
Status: Not hooked

#: 312 Function Name: NtUserBuildHwndList
Status: Not hooked

#: 313 Function Name: NtUserBuildNameList
Status: Not hooked

#: 314 Function Name: NtUserBuildPropList
Status: Not hooked

#: 315 Function Name: NtUserCallHwnd
Status: Not hooked

#: 316 Function Name: NtUserCallHwndLock
Status: Not hooked

#: 317 Function Name: NtUserCallHwndOpt
Status: Not hooked

#: 318 Function Name: NtUserCallHwndParam
Status: Not hooked

#: 319 Function Name: NtUserCallHwndParamLock
Status: Not hooked

#: 320 Function Name: NtUserCallMsgFilter
Status: Not hooked

#: 321 Function Name: NtUserCallNextHookEx
Status: Not hooked

#: 322 Function Name: NtUserCallNoParam
Status: Not hooked

#: 323 Function Name: NtUserCallOneParam
Status: Not hooked

#: 324 Function Name: NtUserCallTwoParam
Status: Not hooked

#: 325 Function Name: NtUserChangeClipboardChain
Status: Not hooked

#: 326 Function Name: NtUserChangeDisplaySettings
Status: Not hooked

#: 327 Function Name: NtUserCheckImeHotKey
Status: Not hooked

#: 328 Function Name: NtUserCheckMenuItem
Status: Not hooked

#: 329 Function Name: NtUserChildWindowFromPointEx
Status: Not hooked

#: 330 Function Name: NtUserClipCursor
Status: Not hooked

#: 331 Function Name: NtUserCloseClipboard
Status: Not hooked

#: 332 Function Name: NtUserCloseDesktop
Status: Not hooked

#: 333 Function Name: NtUserCloseWindowStation
Status: Not hooked

#: 334 Function Name: NtUserConsoleControl
Status: Not hooked

#: 335 Function Name: NtUserConvertMemHandle
Status: Not hooked

#: 336 Function Name: NtUserCopyAcceleratorTable
Status: Not hooked

#: 337 Function Name: NtUserCountClipboardFormats
Status: Not hooked

#: 338 Function Name: NtUserCreateAcceleratorTable
Status: Not hooked

#: 339 Function Name: NtUserCreateCaret
Status: Not hooked

#: 340 Function Name: NtUserCreateDesktop
Status: Not hooked

#: 341 Function Name: NtUserCreateInputContext
Status: Not hooked

#: 342 Function Name: NtUserCreateLocalMemHandle
Status: Not hooked

#: 343 Function Name: NtUserCreateWindowEx
Status: Not hooked

#: 344 Function Name: NtUserCreateWindowStation
Status: Not hooked

#: 345 Function Name: NtUserDdeGetQualityOfService
Status: Not hooked

#: 346 Function Name: NtUserDdeInitialize
Status: Not hooked

#: 347 Function Name: NtUserDdeSetQualityOfService
Status: Not hooked

#: 348 Function Name: NtUserDeferWindowPos
Status: Not hooked

#: 349 Function Name: NtUserDefSetText
Status: Not hooked

#: 350 Function Name: NtUserDeleteMenu
Status: Not hooked

#: 351 Function Name: NtUserDestroyAcceleratorTable
Status: Not hooked

#: 352 Function Name: NtUserDestroyCursor
Status: Not hooked

#: 353 Function Name: NtUserDestroyInputContext
Status: Not hooked

#: 354 Function Name: NtUserDestroyMenu
Status: Not hooked

#: 355 Function Name: NtUserDestroyWindow
Status: Not hooked

#: 356 Function Name: NtUserDisableThreadIme
Status: Not hooked

#: 357 Function Name: NtUserDispatchMessage
Status: Not hooked

#: 358 Function Name: NtUserDragDetect
Status: Not hooked

#: 359 Function Name: NtUserDragObject
Status: Not hooked

#: 360 Function Name: NtUserDrawAnimatedRects
Status: Not hooked

#: 361 Function Name: NtUserDrawCaption
Status: Not hooked

#: 362 Function Name: NtUserDrawCaptionTemp
Status: Not hooked

#: 363 Function Name: NtUserDrawIconEx
Status: Not hooked

#: 364 Function Name: NtUserDrawMenuBarTemp
Status: Not hooked

#: 365 Function Name: NtUserEmptyClipboard
Status: Not hooked

#: 366 Function Name: NtUserEnableMenuItem
Status: Not hooked

#: 367 Function Name: NtUserEnableScrollBar
Status: Not hooked

#: 368 Function Name: NtUserEndDeferWindowPosEx
Status: Not hooked

#: 369 Function Name: NtUserEndMenu
Status: Not hooked

#: 370 Function Name: NtUserEndPaint
Status: Not hooked

#: 371 Function Name: NtUserEnumDisplayDevices
Status: Not hooked

#: 372 Function Name: NtUserEnumDisplayMonitors
Status: Not hooked

#: 373 Function Name: NtUserEnumDisplaySettings
Status: Not hooked

#: 374 Function Name: NtUserEvent
Status: Not hooked

#: 375 Function Name: NtUserExcludeUpdateRgn
Status: Not hooked

#: 376 Function Name: NtUserFillWindow
Status: Not hooked

#: 377 Function Name: NtUserFindExistingCursorIcon
Status: Not hooked

#: 378 Function Name: NtUserFindWindowEx
Status: Not hooked

#: 379 Function Name: NtUserFlashWindowEx
Status: Not hooked

#: 380 Function Name: NtUserGetAltTabInfo
Status: Not hooked

#: 381 Function Name: NtUserGetAncestor
Status: Not hooked

#: 382 Function Name: NtUserGetAppImeLevel
Status: Not hooked

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Not hooked

#: 384 Function Name: NtUserGetAtomName
Status: Not hooked

#: 385 Function Name: NtUserGetCaretBlinkTime
Status: Not hooked

#: 386 Function Name: NtUserGetCaretPos
Status: Not hooked

#: 387 Function Name: NtUserGetClassInfo
Status: Not hooked

#: 388 Function Name: NtUserGetClassName
Status: Not hooked

#: 389 Function Name: NtUserGetClipboardData
Status: Not hooked

#: 390 Function Name: NtUserGetClipboardFormatName
Status: Not hooked

#: 391 Function Name: NtUserGetClipboardOwner
Status: Not hooked

#: 392 Function Name: NtUserGetClipboardSequenceNumber
Status: Not hooked

#: 393 Function Name: NtUserGetClipboardViewer
Status: Not hooked

#: 394 Function Name: NtUserGetClipCursor
Status: Not hooked

#: 395 Function Name: NtUserGetComboBoxInfo
Status: Not hooked

#: 396 Function Name: NtUserGetControlBrush
Status: Not hooked

#: 397 Function Name: NtUserGetControlColor
Status: Not hooked

#: 398 Function Name: NtUserGetCPD
Status: Not hooked

#: 399 Function Name: NtUserGetCursorFrameInfo
Status: Not hooked

#: 400 Function Name: NtUserGetCursorInfo
Status: Not hooked

#: 401 Function Name: NtUserGetDC
Status: Not hooked

#: 402 Function Name: NtUserGetDCEx
Status: Not hooked

#: 403 Function Name: NtUserGetDoubleClickTime
Status: Not hooked

#: 404 Function Name: NtUserGetForegroundWindow
Status: Not hooked

#: 405 Function Name: NtUserGetGuiResources
Status: Not hooked

#: 406 Function Name: NtUserGetGUIThreadInfo
Status: Not hooked

#: 407 Function Name: NtUserGetIconInfo
Status: Not hooked

#: 408 Function Name: NtUserGetIconSize
Status: Not hooked

#: 409 Function Name: NtUserGetImeHotKey
Status: Not hooked

#: 410 Function Name: NtUserGetImeInfoEx
Status: Not hooked

#: 411 Function Name: NtUserGetInternalWindowPos
Status: Not hooked

#: 412 Function Name: NtUserGetKeyboardLayoutList
Status: Not hooked

#: 413 Function Name: NtUserGetKeyboardLayoutName
Status: Not hooked

#: 414 Function Name: NtUserGetKeyboardState
Status: Not hooked

#: 415 Function Name: NtUserGetKeyNameText
Status: Not hooked

#: 416 Function Name: NtUserGetKeyState
Status: Not hooked

#: 417 Function Name: NtUserGetListBoxInfo
Status: Not hooked

#: 418 Function Name: NtUserGetMenuBarInfo
Status: Not hooked

#: 419 Function Name: NtUserGetMenuIndex
Status: Not hooked

#: 420 Function Name: NtUserGetMenuItemRect
Status: Not hooked

#: 421 Function Name: NtUserGetMessage
Status: Not hooked

#: 422 Function Name: NtUserGetMouseMovePointsEx
Status: Not hooked

#: 423 Function Name: NtUserGetObjectInformation
Status: Not hooked

#: 424 Function Name: NtUserGetOpenClipboardWindow
Status: Not hooked

#: 425 Function Name: NtUserGetPriorityClipboardFormat
Status: Not hooked

#: 426 Function Name: NtUserGetProcessWindowStation
Status: Not hooked

#: 427 Function Name: NtUserGetRawInputBuffer
Status: Not hooked

#: 428 Function Name: NtUserGetRawInputData
Status: Not hooked

#: 429 Function Name: NtUserGetRawInputDeviceInfo
Status: Not hooked

#: 430 Function Name: NtUserGetRawInputDeviceList
Status: Not hooked

#: 431 Function Name: NtUserGetRegisteredRawInputDevices
Status: Not hooked

#: 432 Function Name: NtUserGetScrollBarInfo
Status: Not hooked

#: 433 Function Name: NtUserGetSystemMenu
Status: Not hooked

#: 434 Function Name: NtUserGetThreadDesktop
Status: Not hooked

#: 435 Function Name: NtUserGetThreadState
Status: Not hooked

#: 436 Function Name: NtUserGetTitleBarInfo
Status: Not hooked

#: 437 Function Name: NtUserGetUpdateRect
Status: Not hooked

#: 438 Function Name: NtUserGetUpdateRgn
Status: Not hooked

#: 439 Function Name: NtUserGetWindowDC
Status: Not hooked

#: 440 Function Name: NtUserGetWindowPlacement
Status: Not hooked

#: 441 Function Name: NtUserGetWOWClass
Status: Not hooked

#: 442 Function Name: NtUserHardErrorControl
Status: Not hooked

#: 443 Function Name: NtUserHideCaret
Status: Not hooked

#: 444 Function Name: NtUserHiliteMenuItem
Status: Not hooked

#: 445 Function Name: NtUserImpersonateDdeClientWindow
Status: Not hooked

#: 446 Function Name: NtUserInitialize
Status: Not hooked

#: 447 Function Name: NtUserInitializeClientPfnArrays
Status: Not hooked

#: 448 Function Name: NtUserInitTask
Status: Not hooked

#: 449 Function Name: NtUserInternalGetWindowText
Status: Not hooked

#: 450 Function Name: NtUserInvalidateRect
Status: Not hooked

#: 451 Function Name: NtUserInvalidateRgn
Status: Not hooked

#: 452 Function Name: NtUserIsClipboardFormatAvailable
Status: Not hooked

#: 453 Function Name: NtUserKillTimer
Status: Not hooked

#: 454 Function Name: NtUserLoadKeyboardLayoutEx
Status: Not hooked

#: 455 Function Name: NtUserLockWindowStation
Status: Not hooked

#: 456 Function Name: NtUserLockWindowUpdate
Status: Not hooked

#: 457 Function Name: NtUserLockWorkStation
Status: Not hooked

#: 458 Function Name: NtUserMapVirtualKeyEx
Status: Not hooked

#: 459 Function Name: NtUserMenuItemFromPoint
Status: Not hooked

#: 460 Function Name: NtUserMessageCall
Status: Not hooked

#: 461 Function Name: NtUserMinMaximize
Status: Not hooked

#: 462 Function Name: NtUserMNDragLeave
Status: Not hooked

#: 463 Function Name: NtUserMNDragOver
Status: Not hooked

#: 464 Function Name: NtUserModifyUserStartupInfoFlags
Status: Not hooked

#: 465 Function Name: NtUserMoveWindow
Status: Not hooked

#: 466 Function Name: NtUserNotifyIMEStatus
Status: Not hooked

#: 467 Function Name: NtUserNotifyProcessCreate
Status: Not hooked

#: 468 Function Name: NtUserNotifyWinEvent
Status: Not hooked

#: 469 Function Name: NtUserOpenClipboard
Status: Not hooked

#: 470 Function Name: NtUserOpenDesktop
Status: Not hooked

#: 471 Function Name: NtUserOpenInputDesktop
Status: Not hooked

#: 472 Function Name: NtUserOpenWindowStation
Status: Not hooked

#: 473 Function Name: NtUserPaintDesktop
Status: Not hooked

#: 474 Function Name: NtUserPeekMessage
Status: Not hooked

#: 475 Function Name: NtUserPostMessage
Status: Not hooked

#: 476 Function Name: NtUserPostThreadMessage
Status: Not hooked

#: 477 Function Name: NtUserPrintWindow
Status: Not hooked

#: 478 Function Name: NtUserProcessConnect
Status: Not hooked

#: 479 Function Name: NtUserQueryInformationThread
Status: Not hooked

#: 480 Function Name: NtUserQueryInputContext
Status: Not hooked

#: 481 Function Name: NtUserQuerySendMessage
Status: Not hooked

#: 482 Function Name: NtUserQueryUserCounters
Status: Not hooked

#: 483 Function Name: NtUserQueryWindow
Status: Not hooked

#: 484 Function Name: NtUserRealChildWindowFromPoint
Status: Not hooked

#: 485 Function Name: NtUserRealInternalGetMessage
Status: Not hooked

#: 486 Function Name: NtUserRealWaitMessageEx
Status: Not hooked

#: 487 Function Name: NtUserRedrawWindow
Status: Not hooked

#: 488 Function Name: NtUserRegisterClassExWOW
Status: Not hooked

#: 489 Function Name: NtUserRegisterUserApiHook
Status: Not hooked

#: 490 Function Name: NtUserRegisterHotKey
Status: Not hooked

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Not hooked

#: 492 Function Name: NtUserRegisterTasklist
Status: Not hooked

#: 493 Function Name: NtUserRegisterWindowMessage
Status: Not hooked

#: 494 Function Name: NtUserRemoveMenu
Status: Not hooked

#: 495 Function Name: NtUserRemoveProp
Status: Not hooked

#: 496 Function Name: NtUserResolveDesktop
Status: Not hooked

#: 497 Function Name: NtUserResolveDesktopForWOW
Status: Not hooked

#: 498 Function Name: NtUserSBGetParms
Status: Not hooked

#: 499 Function Name: NtUserScrollDC
Status: Not hooked

#: 500 Function Name: NtUserScrollWindowEx
Status: Not hooked

#: 501 Function Name: NtUserSelectPalette
Status: Not hooked

#: 502 Function Name: NtUserSendInput
Status: Not hooked

#: 503 Function Name: NtUserSetActiveWindow
Status: Not hooked

#: 504 Function Name: NtUserSetAppImeLevel
Status: Not hooked

#: 505 Function Name: NtUserSetCapture
Status: Not hooked

#: 506 Function Name: NtUserSetClassLong
Status: Not hooked

#: 507 Function Name: NtUserSetClassWord
Status: Not hooked

#: 508 Function Name: NtUserSetClipboardData
Status: Not hooked

#: 509 Function Name: NtUserSetClipboardViewer
Status: Not hooked

#: 510 Function Name: NtUserSetConsoleReserveKeys
Status: Not hooked

#: 511 Function Name: NtUserSetCursor
Status: Not hooked

#: 512 Function Name: NtUserSetCursorContents
Status: Not hooked

#: 513 Function Name: NtUserSetCursorIconData
Status: Not hooked

#: 514 Function Name: NtUserSetDbgTag
Status: Not hooked

#: 515 Function Name: NtUserSetFocus
Status: Not hooked

#: 516 Function Name: NtUserSetImeHotKey
Status: Not hooked

#: 517 Function Name: NtUserSetImeInfoEx
Status: Not hooked

#: 518 Function Name: NtUserSetImeOwnerWindow
Status: Not hooked

#: 519 Function Name: NtUserSetInformationProcess
Status: Not hooked

#: 520 Function Name: NtUserSetInformationThread
Status: Not hooked

#: 521 Function Name: NtUserSetInternalWindowPos
Status: Not hooked

#: 522 Function Name: NtUserSetKeyboardState
Status: Not hooked

#: 523 Function Name: NtUserSetLogonNotifyWindow
Status: Not hooked

#: 524 Function Name: NtUserSetMenu
Status: Not hooked

#: 525 Function Name: NtUserSetMenuContextHelpId
Status: Not hooked

#: 526 Function Name: NtUserSetMenuDefaultItem
Status: Not hooked

#: 527 Function Name: NtUserSetMenuFlagRtoL
Status: Not hooked

#: 528 Function Name: NtUserSetObjectInformation
Status: Not hooked

#: 529 Function Name: NtUserSetParent
Status: Not hooked

#: 530 Function Name: NtUserSetProcessWindowStation
Status: Not hooked

#: 531 Function Name: NtUserSetProp
Status: Not hooked

#: 532 Function Name: NtUserSetRipFlags
Status: Not hooked

#: 533 Function Name: NtUserSetScrollInfo
Status: Not hooked

#: 534 Function Name: NtUserSetShellWindowEx
Status: Not hooked

#: 535 Function Name: NtUserSetSysColors
Status: Not hooked

#: 536 Function Name: NtUserSetSystemCursor
Status: Not hooked

#: 537 Function Name: NtUserSetSystemMenu
Status: Not hooked

#: 538 Function Name: NtUserSetSystemTimer
Status: Not hooked

#: 539 Function Name: NtUserSetThreadDesktop
Status: Not hooked

#: 540 Function Name: NtUserSetThreadLayoutHandles
Status: Not hooked

#: 541 Function Name: NtUserSetThreadState
Status: Not hooked

#: 542 Function Name: NtUserSetTimer
Status: Not hooked

#: 543 Function Name: NtUserSetWindowFNID
Status: Not hooked

#: 544 Function Name: NtUserSetWindowLong
Status: Not hooked

#: 545 Function Name: NtUserSetWindowPlacement
Status: Not hooked

#: 546 Function Name: NtUserSetWindowPos
Status: Not hooked

#: 547 Function Name: NtUserSetWindowRgn
Status: Not hooked

#: 548 Function Name: NtUserSetWindowsHookAW
Status: Not hooked

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Not hooked

#: 550 Function Name: NtUserSetWindowStationUser
Status: Not hooked

#: 551 Function Name: NtUserSetWindowWord
Status: Not hooked

#: 552 Function Name: NtUserSetWinEventHook
Status: Not hooked

#: 553 Function Name: NtUserShowCaret
Status: Not hooked

#: 554 Function Name: NtUserShowScrollBar
Status: Not hooked

#: 555 Function Name: NtUserShowWindow
Status: Not hooked

#: 556 Function Name: NtUserShowWindowAsync
Status: Not hooked

#: 557 Function Name: NtUserSoundSentry
Status: Not hooked

#: 558 Function Name: NtUserSwitchDesktop
Status: Not hooked

#: 559 Function Name: NtUserSystemParametersInfo
Status: Not hooked

#: 560 Function Name: NtUserTestForInteractiveUser
Status: Not hooked

#: 561 Function Name: NtUserThunkedMenuInfo
Status: Not hooked

#: 562 Function Name: NtUserThunkedMenuItemInfo
Status: Not hooked

#: 563 Function Name: NtUserToUnicodeEx
Status: Not hooked

#: 564 Function Name: NtUserTrackMouseEvent
Status: Not hooked

#: 565 Function Name: NtUserTrackPopupMenuEx
Status: Not hooked

#: 566 Function Name: NtUserCalcMenuBar
Status: Not hooked

#: 567 Function Name: NtUserPaintMenuBar
Status: Not hooked

#: 568 Function Name: NtUserTranslateAccelerator
Status: Not hooked

#: 569 Function Name: NtUserTranslateMessage
Status: Not hooked

#: 570 Function Name: NtUserUnhookWindowsHookEx
Status: Not hooked

#: 571 Function Name: NtUserUnhookWinEvent
Status: Not hooked

#: 572 Function Name: NtUserUnloadKeyboardLayout
Status: Not hooked

#: 573 Function Name: NtUserUnlockWindowStation
Status: Not hooked

#: 574 Function Name: NtUserUnregisterClass
Status: Not hooked

#: 575 Function Name: NtUserUnregisterUserApiHook
Status: Not hooked

#: 576 Function Name: NtUserUnregisterHotKey
Status: Not hooked

#: 577 Function Name: NtUserUpdateInputContext
Status: Not hooked

#: 578 Function Name: NtUserUpdateInstance
Status: Not hooked

#: 579 Function Name: NtUserUpdateLayeredWindow
Status: Not hooked

#: 580 Function Name: NtUserGetLayeredWindowAttributes
Status: Not hooked

#: 581 Function Name: NtUserSetLayeredWindowAttributes
Status: Not hooked

#: 582 Function Name: NtUserUpdatePerUserSystemParameters
Status: Not hooked

#: 583 Function Name: NtUserUserHandleGrantAccess
Status: Not hooked

#: 584 Function Name: NtUserValidateHandleSecure
Status: Not hooked

#: 585 Function Name: NtUserValidateRect
Status: Not hooked

#: 586 Function Name: NtUserValidateTimerCallback
Status: Not hooked

#: 587 Function Name: NtUserVkKeyScanEx
Status: Not hooked

#: 588 Function Name: NtUserWaitForInputIdle
Status: Not hooked

#: 589 Function Name: NtUserWaitForMsgAndEvent
Status: Not hooked

#: 590 Function Name: NtUserWaitMessage
Status: Not hooked

#: 591 Function Name: NtUserWin32PoolAllocationStats
Status: Not hooked

#: 592 Function Name: NtUserWindowFromPoint
Status: Not hooked

#: 593 Function Name: NtUserYieldTask
Status: Not hooked

#: 594 Function Name: NtUserRemoteConnect
Status: Not hooked

#: 595 Function Name: NtUserRemoteRedrawRectangle
Status: Not hooked

#: 596 Function Name: NtUserRemoteRedrawScreen
Status: Not hooked

#: 597 Function Name: NtUserRemoteStopScreenUpdates
Status: Not hooked

#: 598 Function Name: NtUserCtxDisplayIOCtl
Status: Not hooked

#: 599 Function Name: NtGdiEngAssociateSurface
Status: Not hooked

#: 600 Function Name: NtGdiEngCreateBitmap
Status: Not hooked

#: 601 Function Name: NtGdiEngCreateDeviceSurface
Status: Not hooked

#: 602 Function Name: NtGdiEngCreateDeviceBitmap
Status: Not hooked

#: 603 Function Name: NtGdiEngCreatePalette
Status: Not hooked

#: 604 Function Name: NtGdiEngComputeGlyphSet
Status: Not hooked

#: 605 Function Name: NtGdiEngCopyBits
Status: Not hooked

#: 606 Function Name: NtGdiEngDeletePalette
Status: Not hooked

#: 607 Function Name: NtGdiEngDeleteSurface
Status: Not hooked

#: 608 Function Name: NtGdiEngEraseSurface
Status: Not hooked

#: 609 Function Name: NtGdiEngUnlockSurface
Status: Not hooked

#: 610 Function Name: NtGdiEngLockSurface
Status: Not hooked

#: 611 Function Name: NtGdiEngBitBlt
Status: Not hooked

#: 612 Function Name: NtGdiEngStretchBlt
Status: Not hooked

#: 613 Function Name: NtGdiEngPlgBlt
Status: Not hooked

#: 614 Function Name: NtGdiEngMarkBandingSurface
Status: Not hooked

#: 615 Function Name: NtGdiEngStrokePath
Status: Not hooked

#: 616 Function Name: NtGdiEngFillPath
Status: Not hooked

#: 617 Function Name: NtGdiEngStrokeAndFillPath
Status: Not hooked

#: 618 Function Name: NtGdiEngPaint
Status: Not hooked

#: 619 Function Name: NtGdiEngLineTo
Status: Not hooked

#: 620 Function Name: NtGdiEngAlphaBlend
Status: Not hooked

#: 621 Function Name: NtGdiEngGradientFill
Status: Not hooked

#: 622 Function Name: NtGdiEngTransparentBlt
Status: Not hooked

#: 623 Function Name: NtGdiEngTextOut
Status: Not hooked

#: 624 Function Name: NtGdiEngStretchBltROP
Status: Not hooked

#: 625 Function Name: NtGdiXLATEOBJ_cGetPalette
Status: Not hooked

#: 626 Function Name: NtGdiXLATEOBJ_iXlate
Status: Not hooked

#: 627 Function Name: NtGdiXLATEOBJ_hGetColorTransform
Status: Not hooked

#: 628 Function Name: NtGdiCLIPOBJ_bEnum
Status: Not hooked

#: 629 Function Name: NtGdiCLIPOBJ_cEnumStart
Status: Not hooked

#: 630 Function Name: NtGdiCLIPOBJ_ppoGetPath
Status: Not hooked

#: 631 Function Name: NtGdiEngDeletePath
Status: Not hooked

#: 632 Function Name: NtGdiEngCreateClip
Status: Not hooked

#: 633 Function Name: NtGdiEngDeleteClip
Status: Not hooked

#: 634 Function Name: NtGdiBRUSHOBJ_ulGetBrushColor
Status: Not hooked

#: 635 Function Name: NtGdiBRUSHOBJ_pvAllocRbrush
Status: Not hooked

#: 636 Function Name: NtGdiBRUSHOBJ_pvGetRbrush
Status: Not hooked

#: 637 Function Name: NtGdiBRUSHOBJ_hGetColorTransform
Status: Not hooked

#: 638 Function Name: NtGdiXFORMOBJ_bApplyXform
Status: Not hooked

#: 639 Function Name: NtGdiXFORMOBJ_iGetXform
Status: Not hooked

#: 640 Function Name: NtGdiFONTOBJ_vGetInfo
Status: Not hooked

#: 641 Function Name: NtGdiFONTOBJ_pxoGetXform
Status: Not hooked

#: 642 Function Name: NtGdiFONTOBJ_cGetGlyphs
Status: Not hooked

#: 643 Function Name: NtGdiFONTOBJ_pifi
Status: Not hooked

#: 644 Function Name: NtGdiFONTOBJ_pfdg
Status: Not hooked

#: 645 Function Name: NtGdiFONTOBJ_pQueryGlyphAttrs
Status: Not hooked

#: 646 Function Name: NtGdiFONTOBJ_pvTrueTypeFontFile
Status: Not hooked

#: 647 Function Name: NtGdiFONTOBJ_cGetAllGlyphHandles
Status: Not hooked

#: 648 Function Name: NtGdiSTROBJ_bEnum
Status: Not hooked

#: 649 Function Name: NtGdiSTROBJ_bEnumPositionsOnly
Status: Not hooked

#: 650 Function Name: NtGdiSTROBJ_bGetAdvanceWidths
Status: Not hooked

#: 651 Function Name: NtGdiSTROBJ_vEnumStart
Status: Not hooked

#: 652 Function Name: NtGdiSTROBJ_dwGetCodePage
Status: Not hooked

#: 653 Function Name: NtGdiPATHOBJ_vGetBounds
Status: Not hooked

#: 654 Function Name: NtGdiPATHOBJ_bEnum
Status: Not hooked

#: 655 Function Name: NtGdiPATHOBJ_vEnumStart
Status: Not hooked

#: 656 Function Name: NtGdiPATHOBJ_vEnumStartClipLines
Status: Not hooked

#: 657 Function Name: NtGdiPATHOBJ_bEnumClipLines
Status: Not hooked

#: 658 Function Name: NtGdiGetDhpdev
Status: Not hooked

#: 659 Function Name: NtGdiEngCheckAbort
Status: Not hooked

#: 660 Function Name: NtGdiHT_Get8BPPFormatPalette
Status: Not hooked

#: 661 Function Name: NtGdiHT_Get8BPPMaskPalette
Status: Not hooked

#: 662 Function Name: NtGdiUpdateTransform
Status: Not hooked

#: 663 Function Name: NtGdiSetPUMPDOBJ
Status: Not hooked

#: 664 Function Name: NtGdiBRUSHOBJ_DeleteRbrush
Status: Not hooked

#: 665 Function Name: NtGdiUnmapMemFont
Status: Not hooked

#: 666 Function Name: NtGdiDrawStream
Status: Not hooked

FILES LOG
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/30 01:18
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\windows\temp\mcmsc_n4q0wjcyiqbmz4t
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_jltrxetmdp5y7kq
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcafee_lcbeonwlsu9t0oc
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\jenifer\local settings\temp\etilqs_aewhjsufworsyzkwnmls
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\all users\application data\mcafee\virusscan\quarantine\7da11d571c3b0.bup
Status: Allocation size mismatch (API: 61440, Raw: 0)

Path: c:\documents and settings\all users\application data\mcafee\virusscan\quarantine\7da11d436029c0.bup
Status: Allocation size mismatch (API: 90112, Raw: 16384)

Path: c:\documents and settings\all users\application data\mcafee\virusscan\quarantine\7da11d51e13a00.bup
Status: Allocation size mismatch (API: 49152, Raw: 0)

Path: c:\documents and settings\all users\application data\mcafee\virusscan\quarantine\7da11d51e331280.bup
Status: Allocation size mismatch (API: 49152, Raw: 0)

Path: c:\documents and settings\all users\application data\mcafee\virusscan\quarantine\7da11d51e83750.bup
Status: Allocation size mismatch (API: 49152, Raw: 0)

Path: c:\documents and settings\all users\application data\mcafee\virusscan\quarantine\7da11d5202e1380.bup
Status: Allocation size mismatch (API: 49152, Raw: 0)

Path: c:\documents and settings\all users\application data\mcafee\virusscan\quarantine\7da11d5739140.bup
Status: Allocation size mismatch (API: 94208, Raw: 16384)

Path: c:\documents and settings\all users\application data\mcafee\virusscan\quarantine\7da11d581e2610.bup
Status: Allocation size mismatch (API: 61440, Raw: 0)

Path: c:\documents and settings\all users\application data\mcafee\virusscan\quarantine\7da11d582010f0.bup
Status: Allocation size mismatch (API: 53248, Raw: 0)

Path: c:\documents and settings\all users\application data\mcafee\virusscan\quarantine\7da11d58201730.bup
Status: Allocation size mismatch (API: 94208, Raw: 16384)

Path: c:\documents and settings\all users\application data\mcafee\virusscan\quarantine\7da11d58202b40.bup
Status: Allocation size mismatch (API: 94208, Raw: 16384)

Path: c:\documents and settings\all users\application data\mcafee\virusscan\quarantine\7da11d58205b0.bup
Status: Allocation size mismatch (API: 61440, Raw: 0)

Path: c:\documents and settings\all users\application data\mcafee\virusscan\quarantine\7da11d58222200.bup
Status: Allocation size mismatch (API: 53248, Raw: 0)

Path: c:\documents and settings\all users\application data\mcafee\virusscan\quarantine\7da11d58222700.bup
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: c:\documents and settings\all users\application data\mcafee\virusscan\quarantine\7da11d58222a30.bup
Status: Allocation size mismatch (API: 36864, Raw: 0)

Path: c:\documents and settings\all users\application data\mcafee\virusscan\quarantine\7da11d58222df0.bup
Status: Allocation size mismatch (API: 36864, Raw: 0)

Path: c:\documents and settings\all users\application data\mcafee\virusscan\quarantine\7da11d58223110.bup
Status: Allocation size mismatch (API: 36864, Raw: 0)

Path: c:\documents and settings\all users\application data\mcafee\virusscan\quarantine\7da11d58223390.bup
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: c:\documents and settings\all users\application data\mcafee\virusscan\quarantine\7da11d58223610.bup
Status: Allocation size mismatch (API: 36864, Raw: 0)

Path: c:\documents and settings\all users\application data\mcafee\virusscan\quarantine\7da11d58223930.bup
Status: Allocation size mismatch (API: 53248, Raw: 0)

Path: c:\documents and settings\all users\application data\mcafee\virusscan\quarantine\7da11d58223cf0.bup
Status: Allocation size mismatch (API: 36864, Raw: 0)

Path: c:\documents and settings\all users\application data\mcafee\virusscan\quarantine\7da11d58232d0.bup
Status: Allocation size mismatch (API: 45056, Raw: 0)

Path: c:\documents and settings\all users\application data\mcafee\virusscan\quarantine\7da11d5823af0.bup
Status: Allocation size mismatch (API: 53248, Raw: 0)

Path: c:\documents and settings\all users\application data\mcafee\virusscan\quarantine\7da11d5833980.bup
Status: Allocation size mismatch (API: 90112, Raw: 16384)

Path: c:\documents and settings\all users\application data\mcafee\virusscan\quarantine\7da11d58f2550.bup
Status: Allocation size mismatch (API: 94208, Raw: 16384)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010018.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010001.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010002.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010003.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010004.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010005.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010006.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010007.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010008.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\0001000a.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\0001000b.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\0001000c.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\0001000e.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\0001000f.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

#8 7less7

7less7
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Its easy to find me
  • Local time:05:12 AM

Posted 30 January 2010 - 04:30 AM

Im retarded...
he is the correct scan report....also the same error message came up...

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/30 02:08
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA002A000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xA2645000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rcsq.sys
Image Path: rcsq.sys
Address: 0xF75F7000 Size: 54016 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9E747000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\0001001b.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010001.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010002.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010003.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010004.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010005.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010006.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010007.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

==EOF==




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users