Windows Logon UI error still there after running MBAM

[MOTOAM]

My HP laptop got infected with a Trojan (False Security Alert). I could not see the user interface, no taskbar just Windows background screen. I ran MBAM but it apparently did not remove it completely. I cannot access any antivirus websites directly (I'm sending this from another computer.) I downloaded the latest version of MBAM (August 3)and renamed it. It ran in safemode and found more malware. I ran Root Repeal (again renamed) it detects a hidden service

(Service Name: UACd.sys

Image Path: C:\WINDOWS\system32\drivers\UACljaowktaru.sys)

but can't wipe the file (says it Can't find the file on the disk). I tried to install AVIRA but it can't complete the setup process.

On startup I get an error: Windows Logon UI which I can't seem to get rid of. Been working on this for over a week now. Obviously, I need some expert help. Thank you in advance.

Following are Hijack This log, Root Repeal log and MBAM log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:06:14 PM, on 8/8/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b

O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')

O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1249709823359

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--

End of file - 6793 bytes

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/08/08 12:52

Program Version: Version 1.3.3.0

Windows Version: Windows XP Media Center Edition SP2

==================================================

Drivers

-------------------

Name: 1394BUS.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS

Address: 0xF762C000 Size: 53248 File Visible: - Signed: Yes

Status: -

Name: ACPI.sys

Image Path: ACPI.sys

Address: 0xF75BD000 Size: 187776 File Visible: - Signed: Yes

Status: -

Name: ACPI_HAL

Image Path: \Driver\ACPI_HAL

Address: 0x804D7000 Size: 2252800 File Visible: - Signed: Yes

Status: -

Name: ACPIEC.sys

Image Path: ACPIEC.sys

Address: 0xF7A28000 Size: 11648 File Visible: - Signed: Yes

Status: -

Name: aliide.sys

Image Path: aliide.sys

Address: 0xF7B14000 Size: 5248 File Visible: - Signed: Yes

Status: -

Name: atapi.sys

Image Path: atapi.sys

Address: 0xF7531000 Size: 95360 File Visible: - Signed: Yes

Status: -

Name: BATTC.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS

Address: 0xF7A24000 Size: 16384 File Visible: - Signed: Yes

Status: -

Name: Beep.SYS

Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS

Address: 0xF7B66000 Size: 4224 File Visible: - Signed: Yes

Status: -

Name: BOOTVID.dll

Image Path: C:\WINDOWS\system32\BOOTVID.dll

Address: 0xF7A1C000 Size: 12288 File Visible: - Signed: Yes

Status: -

Name: cdrom.sys

Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Address: 0xF76CC000 Size: 49536 File Visible: - Signed: Yes

Status: -

Name: CLASSPNP.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

Address: 0xF766C000 Size: 53248 File Visible: - Signed: Yes

Status: -

Name: compbatt.sys

Image Path: compbatt.sys

Address: 0xF7A20000 Size: 9344 File Visible: - Signed: Yes

Status: -

Name: cpqbttn.sys

Image Path: C:\WINDOWS\system32\DRIVERS\cpqbttn.sys

Address: 0xF7AC0000 Size: 9344 File Visible: - Signed: Yes

Status: -

Name: disk.sys

Image Path: disk.sys

Address: 0xF765C000 Size: 36352 File Visible: - Signed: Yes

Status: -

Name: dmio.sys

Image Path: dmio.sys

Address: 0xF7549000 Size: 153344 File Visible: - Signed: Yes

Status: -

Name: dmload.sys

Image Path: dmload.sys

Address: 0xF7B16000 Size: 5888 File Visible: - Signed: Yes

Status: -

Name: dump_iaStor.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys

Address: 0xBAD53000 Size: 876544 File Visible: No Signed: No

Status: -

Name: Dxapi.sys

Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys

Address: 0xBAEE0000 Size: 12288 File Visible: - Signed: Yes

Status: -

Name: dxg.sys

Image Path: C:\WINDOWS\System32\drivers\dxg.sys

Address: 0xBF9C1000 Size: 73728 File Visible: - Signed: Yes

Status: -

Name: dxgthk.sys

Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys

Address: 0xF7C7B000 Size: 4096 File Visible: - Signed: Yes

Status: -

Name: Fastfat.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS

Address: 0xBAE29000 Size: 143360 File Visible: - Signed: Yes

Status: -

Name: fltMgr.sys

Image Path: fltMgr.sys

Address: 0xF743C000 Size: 124800 File Visible: - Signed: Yes

Status: -

Name: framebuf.dll

Image Path: C:\WINDOWS\System32\framebuf.dll

Address: 0xBFF50000 Size: 12288 File Visible: - Signed: Yes

Status: -

Name: Fs_Rec.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS

Address: 0xF7B62000 Size: 7936 File Visible: - Signed: Yes

Status: -

Name: ftdisk.sys

Image Path: ftdisk.sys

Address: 0xF756F000 Size: 125056 File Visible: - Signed: Yes

Status: -

Name: hal.dll

Image Path: C:\WINDOWS\system32\hal.dll

Address: 0x806FD000 Size: 134272 File Visible: - Signed: Yes

Status: -

Name: HDAudBus.sys

Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

Address: 0xBAFAB000 Size: 151552 File Visible: - Signed: Yes

Status: -

Name: HIDCLASS.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS

Address: 0xF769C000 Size: 36864 File Visible: - Signed: Yes

Status: -

Name: HIDPARSE.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS

Address: 0xF7994000 Size: 28672 File Visible: - Signed: Yes

Status: -

Name: i2omgmt.SYS

Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS

Address: 0xF7B5E000 Size: 8192 File Visible: - Signed: Yes

Status: -

Name: i8042prt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys

Address: 0xF76AC000 Size: 52736 File Visible: - Signed: Yes

Status: -

Name: iaStor.sys

Image Path: iaStor.sys

Address: 0xF745B000 Size: 874240 File Visible: - Signed: Yes

Status: -

Name: imapi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys

Address: 0xF76BC000 Size: 41856 File Visible: - Signed: Yes

Status: -

Name: intelide.sys

Image Path: intelide.sys

Address: 0xF7B10000 Size: 5504 File Visible: - Signed: Yes

Status: -

Name: isapnp.sys

Image Path: isapnp.sys

Address: 0xF760C000 Size: 35840 File Visible: - Signed: Yes

Status: -

Name: kbdclass.sys

Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys

Address: 0xF78CC000 Size: 24576 File Visible: - Signed: Yes

Status: -

Name: kbdhid.sys

Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys

Address: 0xF7B04000 Size: 14848 File Visible: - Signed: Yes

Status: -

Name: KDCOM.DLL

Image Path: C:\WINDOWS\system32\KDCOM.DLL

Address: 0xF7B0C000 Size: 8192 File Visible: - Signed: Yes

Status: -

Name: ks.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys

Address: 0xBAF35000 Size: 143360 File Visible: - Signed: Yes

Status: -

Name: KSecDD.sys

Image Path: KSecDD.sys

Address: 0xF7413000 Size: 92032 File Visible: - Signed: Yes

Status: -

Name: mouclass.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys

Address: 0xF790C000 Size: 23040 File Visible: - Signed: Yes

Status: -

Name: MountMgr.sys

Image Path: MountMgr.sys

Address: 0xF763C000 Size: 42240 File Visible: - Signed: Yes

Status: -

Name: Msfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS

Address: 0xF78EC000 Size: 19072 File Visible: - Signed: Yes

Status: -

Name: mssmbios.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys

Address: 0xF7AFC000 Size: 15488 File Visible: - Signed: Yes

Status: -

Name: Mup.sys

Image Path: Mup.sys

Address: 0xF733E000 Size: 107904 File Visible: - Signed: Yes

Status: -

Name: NDIS.sys

Image Path: NDIS.sys

Address: 0xF7359000 Size: 182528 File Visible: - Signed: Yes

Status: -

Name: Npfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS

Address: 0xF78FC000 Size: 30848 File Visible: - Signed: Yes

Status: -

Name: Ntfs.sys

Image Path: Ntfs.sys

Address: 0xF7386000 Size: 574592 File Visible: - Signed: Yes

Status: -

Name: ntoskrnl.exe

Image Path: C:\WINDOWS\system32\ntoskrnl.exe

Address: 0x804D7000 Size: 2252800 File Visible: - Signed: Yes

Status: -

Name: Null.SYS

Image Path: C:\WINDOWS\System32\Drivers\Null.SYS

Address: 0xF7C4B000 Size: 2944 File Visible: - Signed: Yes

Status: -

Name: ohci1394.sys

Image Path: ohci1394.sys

Address: 0xF761C000 Size: 61056 File Visible: - Signed: Yes

Status: -

Name: OPRGHDLR.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS

Address: 0xF7BD5000 Size: 4096 File Visible: - Signed: Yes

Status: -

Name: PartMgr.sys

Image Path: PartMgr.sys

Address: 0xF7894000 Size: 18688 File Visible: - Signed: Yes

Status: -

Name: pci.sys

Image Path: pci.sys

Address: 0xF75AC000 Size: 68224 File Visible: - Signed: Yes

Status: -

Name: pciide.sys

Image Path: pciide.sys

Address: 0xF7BD4000 Size: 3328 File Visible: - Signed: Yes

Status: -

Name: PCIIDEX.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

Address: 0xF788C000 Size: 28672 File Visible: - Signed: Yes

Status: -

Name: pcmcia.sys

Image Path: pcmcia.sys

Address: 0xF758E000 Size: 119936 File Visible: - Signed: Yes

Status: -

Name: PnpManager

Image Path: \Driver\PnpManager

Address: 0x804D7000 Size: 2252800 File Visible: - Signed: Yes

Status: -

Name: PxHelp20.sys

Image Path: PxHelp20.sys

Address: 0xF789C000 Size: 20000 File Visible: - Signed: No

Status: -

Name: RAW

Image Path: \FileSystem\RAW

Address: 0x804D7000 Size: 2252800 File Visible: - Signed: Yes

Status: -

Name: rdpdr.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys

Address: 0xBAF04000 Size: 196864 File Visible: - Signed: Yes

Status: -

Name: redbook.sys

Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys

Address: 0xF76DC000 Size: 57344 File Visible: - Signed: Yes

Status: -

Name: repealroot.bat.sys

Image Path: C:\WINDOWS\system32\drivers\repealroot.bat.sys

Address: 0xBA9AB000 Size: 49152 File Visible: No Signed: No

Status: -

Name: Serial.sys

Image Path: Serial.sys

Address: 0xF767C000 Size: 64896 File Visible: - Signed: Yes

Status: -

Name: sr.sys

Image Path: sr.sys

Address: 0xF742A000 Size: 73472 File Visible: - Signed: Yes

Status: -

Name: swenum.sys

Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys

Address: 0xF7B58000 Size: 4352 File Visible: - Signed: Yes

Status: -

Name: SynTP.sys

Image Path: C:\WINDOWS\system32\DRIVERS\SynTP.sys

Address: 0xBAF58000 Size: 192736 File Visible: - Signed: Yes

Status: -

Name: termdd.sys

Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys

Address: 0xF76EC000 Size: 40704 File Visible: - Signed: Yes

Status: -

Name: update.sys

Image Path: C:\WINDOWS\system32\DRIVERS\update.sys

Address: 0xBAEA8000 Size: 209408 File Visible: - Signed: Yes

Status: -

Name: USBD.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS

Address: 0xF7B52000 Size: 8192 File Visible: - Signed: Yes

Status: -

Name: usbehci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Address: 0xF7A0C000 Size: 26624 File Visible: - Signed: Yes

Status: -

Name: usbhub.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys

Address: 0xF76FC000 Size: 57600 File Visible: - Signed: Yes

Status: -

Name: USBPORT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS

Address: 0xBAF88000 Size: 143360 File Visible: - Signed: Yes

Status: -

Name: usbuhci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys

Address: 0xF79DC000 Size: 20480 File Visible: - Signed: Yes

Status: -

Name: vga.sys

Image Path: C:\WINDOWS\System32\drivers\vga.sys

Address: 0xF78C4000 Size: 20992 File Visible: - Signed: Yes

Status: -

Name: viaide.sys

Image Path: viaide.sys

Address: 0xF7B12000 Size: 5376 File Visible: - Signed: Yes

Status: -

Name: VIDEOPRT.SYS

Image Path: C:\WINDOWS\System32\drivers\VIDEOPRT.SYS

Address: 0xBAE6C000 Size: 81920 File Visible: - Signed: Yes

Status: -

Name: VolSnap.sys

Image Path: VolSnap.sys

Address: 0xF764C000 Size: 52352 File Visible: - Signed: Yes

Status: -

Name: watchdog.sys

Image Path: C:\WINDOWS\System32\watchdog.sys

Address: 0xF79E4000 Size: 20480 File Visible: - Signed: Yes

Status: -

Name: Win32k

Image Path: \Driver\Win32k

Address: 0xBF800000 Size: 1839104 File Visible: - Signed: Yes

Status: -

Name: win32k.sys

Image Path: C:\WINDOWS\System32\win32k.sys

Address: 0xBF800000 Size: 1839104 File Visible: - Signed: Yes

Status: -

Name: wmiacpi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

Address: 0xF7AC8000 Size: 8832 File Visible: - Signed: Yes

Status: -

Name: WMILIB.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS

Address: 0xF7B0E000 Size: 8192 File Visible: - Signed: Yes

Status: -

Name: WMIxWDM

Image Path: \Driver\WMIxWDM

Address: 0x804D7000 Size: 2252800 File Visible: - Signed: Yes

Status: -

Hidden/Locked Files

-------------------

Path: C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a

Status: Locked to the Windows API!

Processes

-------------------

PathSystem

PID: 4 Status: -

PathC:\WINDOWS\system32\smss.exe

PID: 168 Status: -

PathC:\WINDOWS\system32\csrss.exe

PID: 216 Status: -

PathC:\WINDOWS\system32\winlogon.exe

PID: 240 Status: -

PathC:\WINDOWS\system32\services.exe

PID: 284 Status: -

PathC:\WINDOWS\system32\lsass.exe

PID: 296 Status: -

PathC:\WINDOWS\system32\svchost.exe

PID: 448 Status: -

PathC:\WINDOWS\system32\svchost.exe

PID: 492 Status: -

PathC:\WINDOWS\system32\svchost.exe

PID: 560 Status: -

PathC:\WINDOWS\explorer.exe

PID: 772 Status: -

PathC:\WINDOWS\system32\igfxsrvc.exe

PID: 840 Status: -

PathC:\RootRepeal\repealroot.bat.exe

PID: 900 Status: -

SSDT

-------------------

#: 000 Function Name: NtAcceptConnectPort

Status: Not hooked

#: 001 Function Name: NtAccessCheck

Status: Not hooked

#: 002 Function Name: NtAccessCheckAndAuditAlarm

Status: Not hooked

#: 003 Function Name: NtAccessCheckByType

Status: Not hooked

#: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm

Status: Not hooked

#: 005 Function Name: NtAccessCheckByTypeResultList

Status: Not hooked

#: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm

Status: Not hooked

#: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle

Status: Not hooked

#: 008 Function Name: NtAddAtom

Status: Not hooked

#: 009 Function Name: NtAddBootEntry

Status: Not hooked

#: 010 Function Name: NtAdjustGroupsToken

Status: Not hooked

#: 011 Function Name: NtAdjustPrivilegesToken

Status: Not hooked

#: 012 Function Name: NtAlertResumeThread

Status: Not hooked

#: 013 Function Name: NtAlertThread

Status: Not hooked

#: 014 Function Name: NtAllocateLocallyUniqueId

Status: Not hooked

#: 015 Function Name: NtAllocateUserPhysicalPages

Status: Not hooked

#: 016 Function Name: NtAllocateUuids

Status: Not hooked

#: 017 Function Name: NtAllocateVirtualMemory

Status: Not hooked

#: 018 Function Name: NtAreMappedFilesTheSame

Status: Not hooked

#: 019 Function Name: NtAssignProcessToJobObject

Status: Not hooked

#: 020 Function Name: NtCallbackReturn

Status: Not hooked

#: 021 Function Name: NtCancelDeviceWakeupRequest

Status: Not hooked

#: 022 Function Name: NtCancelIoFile

Status: Not hooked

#: 023 Function Name: NtCancelTimer

Status: Not hooked

#: 024 Function Name: NtClearEvent

Status: Not hooked

#: 025 Function Name: NtClose

Status: Not hooked

#: 026 Function Name: NtCloseObjectAuditAlarm

Status: Not hooked

#: 027 Function Name: NtCompactKeys

Status: Not hooked

#: 028 Function Name: NtCompareTokens

Status: Not hooked

#: 029 Function Name: NtCompleteConnectPort

Status: Not hooked

#: 030 Function Name: NtCompressKey

Status: Not hooked

#: 031 Function Name: NtConnectPort

Status: Not hooked

#: 032 Function Name: NtContinue

Status: Not hooked

#: 033 Function Name: NtCreateDebugObject

Status: Not hooked

#: 034 Function Name: NtCreateDirectoryObject

Status: Not hooked

#: 035 Function Name: NtCreateEvent

Status: Not hooked

#: 036 Function Name: NtCreateEventPair

Status: Not hooked

#: 037 Function Name: NtCreateFile

Status: Not hooked

#: 038 Function Name: NtCreateIoCompletion

Status: Not hooked

#: 039 Function Name: NtCreateJobObject

Status: Not hooked

#: 040 Function Name: NtCreateJobSet

Status: Not hooked

#: 041 Function Name: NtCreateKey

Status: Not hooked

#: 042 Function Name: NtCreateMailslotFile

Status: Not hooked

#: 043 Function Name: NtCreateMutant

Status: Not hooked

#: 044 Function Name: NtCreateNamedPipeFile

Status: Not hooked

#: 045 Function Name: NtCreatePagingFile

Status: Not hooked

#: 046 Function Name: NtCreatePort

Status: Not hooked

#: 047 Function Name: NtCreateProcess

Status: Not hooked

#: 048 Function Name: NtCreateProcessEx

Status: Not hooked

#: 049 Function Name: NtCreateProfile

Status: Not hooked

#: 050 Function Name: NtCreateSection

Status: Not hooked

#: 051 Function Name: NtCreateSemaphore

Status: Not hooked

#: 052 Function Name: NtCreateSymbolicLinkObject

Status: Not hooked

#: 053 Function Name: NtCreateThread

Status: Not hooked

#: 054 Function Name: NtCreateTimer

Status: Not hooked

#: 055 Function Name: NtCreateToken

Status: Not hooked

#: 056 Function Name: NtCreateWaitablePort

Status: Not hooked

#: 057 Function Name: NtDebugActiveProcess

Status: Not hooked

#: 058 Function Name: NtDebugContinue

Status: Not hooked

#: 059 Function Name: NtDelayExecution

Status: Not hooked

#: 060 Function Name: NtDeleteAtom

Status: Not hooked

#: 061 Function Name: NtDeleteBootEntry

Status: Not hooked

#: 062 Function Name: NtDeleteFile

Status: Not hooked

#: 063 Function Name: NtDeleteKey

Status: Not hooked

#: 064 Function Name: NtDeleteObjectAuditAlarm

Status: Not hooked

#: 065 Function Name: NtDeleteValueKey

Status: Not hooked

#: 066 Function Name: NtDeviceIoControlFile

Status: Not hooked

#: 067 Function Name: NtDisplayString

Status: Not hooked

#: 068 Function Name: NtDuplicateObject

Status: Not hooked

#: 069 Function Name: NtDuplicateToken

Status: Not hooked

#: 070 Function Name: NtEnumerateBootEntries

Status: Not hooked

#: 071 Function Name: NtEnumerateKey

Status: Not hooked

#: 072 Function Name: NtEnumerateSystemEnvironmentValuesEx

Status: Not hooked

#: 073 Function Name: NtEnumerateValueKey

Status: Not hooked

#: 074 Function Name: NtExtendSection

Status: Not hooked

#: 075 Function Name: NtFilterToken

Status: Not hooked

#: 076 Function Name: NtFindAtom

Status: Not hooked

#: 077 Function Name: NtFlushBuffersFile

Status: Not hooked

#: 078 Function Name: NtFlushInstructionCache

Status: Not hooked

#: 079 Function Name: NtFlushKey

Status: Not hooked

#: 080 Function Name: NtFlushVirtualMemory

Status: Not hooked

#: 081 Function Name: NtFlushWriteBuffer

Status: Not hooked

#: 082 Function Name: NtFreeUserPhysicalPages

Status: Not hooked

#: 083 Function Name: NtFreeVirtualMemory

Status: Not hooked

#: 084 Function Name: NtFsControlFile

Status: Not hooked

#: 085 Function Name: NtGetContextThread

Status: Not hooked

#: 086 Function Name: NtGetDevicePowerState

Status: Not hooked

#: 087 Function Name: NtGetPlugPlayEvent

Status: Not hooked

#: 088 Function Name: NtGetWriteWatch

Status: Not hooked

#: 089 Function Name: NtImpersonateAnonymousToken

Status: Not hooked

#: 090 Function Name: NtImpersonateClientOfPort

Status: Not hooked

#: 091 Function Name: NtImpersonateThread

Status: Not hooked

#: 092 Function Name: NtInitializeRegistry

Status: Not hooked

#: 093 Function Name: NtInitiatePowerAction

Status: Not hooked

#: 094 Function Name: NtIsProcessInJob

Status: Not hooked

#: 095 Function Name: NtIsSystemResumeAutomatic

Status: Not hooked

#: 096 Function Name: NtListenPort

Status: Not hooked

#: 097 Function Name: NtLoadDriver

Status: Not hooked

#: 098 Function Name: NtLoadKey

Status: Not hooked

#: 099 Function Name: NtLoadKey2

Status: Not hooked

#: 100 Function Name: NtLockFile

Status: Not hooked

#: 101 Function Name: NtLockProductActivationKeys

Status: Not hooked

#: 102 Function Name: NtLockRegistryKey

Status: Not hooked

#: 103 Function Name: NtLockVirtualMemory

Status: Not hooked

#: 104 Function Name: NtMakePermanentObject

Status: Not hooked

#: 105 Function Name: NtMakeTemporaryObject

Status: Not hooked

#: 106 Function Name: NtMapUserPhysicalPages

Status: Not hooked

#: 107 Function Name: NtMapUserPhysicalPagesScatter

Status: Not hooked

#: 108 Function Name: NtMapViewOfSection

Status: Not hooked

#: 109 Function Name: NtModifyBootEntry

Status: Not hooked

#: 110 Function Name: NtNotifyChangeDirectoryFile

Status: Not hooked

#: 111 Function Name: NtNotifyChangeKey

Status: Not hooked

#: 112 Function Name: NtNotifyChangeMultipleKeys

Status: Not hooked

#: 113 Function Name: NtOpenDirectoryObject

Status: Not hooked

#: 114 Function Name: NtOpenEvent

Status: Not hooked

#: 115 Function Name: NtOpenEventPair

Status: Not hooked

#: 116 Function Name: NtOpenFile

Status: Not hooked

#: 117 Function Name: NtOpenIoCompletion

Status: Not hooked

#: 118 Function Name: NtOpenJobObject

Status: Not hooked

#: 119 Function Name: NtOpenKey

Status: Not hooked

#: 120 Function Name: NtOpenMutant

Status: Not hooked

#: 121 Function Name: NtOpenObjectAuditAlarm

Status: Not hooked

#: 122 Function Name: NtOpenProcess

Status: Not hooked

#: 123 Function Name: NtOpenProcessToken

Status: Not hooked

#: 124 Function Name: NtOpenProcessTokenEx

Status: Not hooked

#: 125 Function Name: NtOpenSection

Status: Not hooked

#: 126 Function Name: NtOpenSemaphore

Status: Not hooked

#: 127 Function Name: NtOpenSymbolicLinkObject

Status: Not hooked

#: 128 Function Name: NtOpenThread

Status: Not hooked

#: 129 Function Name: NtOpenThreadToken

Status: Not hooked

#: 130 Function Name: NtOpenThreadTokenEx

Status: Not hooked

#: 131 Function Name: NtOpenTimer

Status: Not hooked

#: 132 Function Name: NtPlugPlayControl

Status: Not hooked

#: 133 Function Name: NtPowerInformation

Status: Not hooked

#: 134 Function Name: NtPrivilegeCheck

Status: Not hooked

#: 135 Function Name: NtPrivilegeObjectAuditAlarm

Status: Not hooked

#: 136 Function Name: NtPrivilegedServiceAuditAlarm

Status: Not hooked

#: 137 Function Name: NtProtectVirtualMemory

Status: Not hooked

#: 138 Function Name: NtPulseEvent

Status: Not hooked

#: 139 Function Name: NtQueryAttributesFile

Status: Not hooked

#: 140 Function Name: NtQueryBootEntryOrder

Status: Not hooked

#: 141 Function Name: NtQueryBootOptions

Status: Not hooked

#: 142 Function Name: NtQueryDebugFilterState

Status: Not hooked

#: 143 Function Name: NtQueryDefaultLocale

Status: Not hooked

#: 144 Function Name: NtQueryDefaultUILanguage

Status: Not hooked

#: 145 Function Name: NtQueryDirectoryFile

Status: Not hooked

#: 146 Function Name: NtQueryDirectoryObject

Status: Not hooked

#: 147 Function Name: NtQueryEaFile

Status: Not hooked

#: 148 Function Name: NtQueryEvent

Status: Not hooked

#: 149 Function Name: NtQueryFullAttributesFile

Status: Not hooked

#: 150 Function Name: NtQueryInformationAtom

Status: Not hooked

#: 151 Function Name: NtQueryInformationFile

Status: Not hooked

#: 152 Function Name: NtQueryInformationJobObject

Status: Not hooked

#: 153 Function Name: NtQueryInformationPort

Status: Not hooked

#: 154 Function Name: NtQueryInformationProcess

Status: Not hooked

#: 155 Function Name: NtQueryInformationThread

Status: Not hooked

#: 156 Function Name: NtQueryInformationToken

Status: Not hooked

#: 157 Function Name: NtQueryInstallUILanguage

Status: Not hooked

#: 158 Function Name: NtQueryIntervalProfile

Status: Not hooked

#: 159 Function Name: NtQueryIoCompletion

Status: Not hooked

#: 160 Function Name: NtQueryKey

Status: Not hooked

#: 161 Function Name: NtQueryMultipleValueKey

Status: Not hooked

#: 162 Function Name: NtQueryMutant

Status: Not hooked

#: 163 Function Name: NtQueryObject

Status: Not hooked

#: 164 Function Name: NtQueryOpenSubKeys

Status: Not hooked

#: 165 Function Name: NtQueryPerformanceCounter

Status: Not hooked

#: 166 Function Name: NtQueryQuotaInformationFile

Status: Not hooked

#: 167 Function Name: NtQuerySection

Status: Not hooked

#: 168 Function Name: NtQuerySecurityObject

Status: Not hooked

#: 169 Function Name: NtQuerySemaphore

Status: Not hooked

#: 170 Function Name: NtQuerySymbolicLinkObject

Status: Not hooked

#: 171 Function Name: NtQuerySystemEnvironmentValue

Status: Not hooked

#: 172 Function Name: NtQuerySystemEnvironmentValueEx

Status: Not hooked

#: 173 Function Name: NtQuerySystemInformation

Status: Not hooked

#: 174 Function Name: NtQuerySystemTime

Status: Not hooked

#: 175 Function Name: NtQueryTimer

Status: Not hooked

#: 176 Function Name: NtQueryTimerResolution

Status: Not hooked

#: 177 Function Name: NtQueryValueKey

Status: Not hooked

#: 178 Function Name: NtQueryVirtualMemory

Status: Not hooked

#: 179 Function Name: NtQueryVolumeInformationFile

Status: Not hooked

#: 180 Function Name: NtQueueApcThread

Status: Not hooked

#: 181 Function Name: NtRaiseException

Status: Not hooked

#: 182 Function Name: NtRaiseHardError

Status: Not hooked

#: 183 Function Name: NtReadFile

Status: Not hooked

#: 184 Function Name: NtReadFileScatter

Status: Not hooked

#: 185 Function Name: NtReadRequestData

Status: Not hooked

#: 186 Function Name: NtReadVirtualMemory

Status: Not hooked

#: 187 Function Name: NtRegisterThreadTerminatePort

Status: Not hooked

#: 188 Function Name: NtReleaseMutant

Status: Not hooked

#: 189 Function Name: NtReleaseSemaphore

Status: Not hooked

#: 190 Function Name: NtRemoveIoCompletion

Status: Not hooked

#: 191 Function Name: NtRemoveProcessDebug

Status: Not hooked

#: 192 Function Name: NtRenameKey

Status: Not hooked

#: 193 Function Name: NtReplaceKey

Status: Not hooked

#: 194 Function Name: NtReplyPort

Status: Not hooked

#: 195 Function Name: NtReplyWaitReceivePort

Status: Not hooked

#: 196 Function Name: NtReplyWaitReceivePortEx

Status: Not hooked

#: 197 Function Name: NtReplyWaitReplyPort

Status: Not hooked

#: 198 Function Name: NtRequestDeviceWakeup

Status: Not hooked

#: 199 Function Name: NtRequestPort

Status: Not hooked

#: 200 Function Name: NtRequestWaitReplyPort

Status: Not hooked

#: 201 Function Name: NtRequestWakeupLatency

Status: Not hooked

#: 202 Function Name: NtResetEvent

Status: Not hooked

#: 203 Function Name: NtResetWriteWatch

Status: Not hooked

#: 204 Function Name: NtRestoreKey

Status: Not hooked

#: 205 Function Name: NtResumeProcess

Status: Not hooked

#: 206 Function Name: NtResumeThread

Status: Not hooked

#: 207 Function Name: NtSaveKey

Status: Not hooked

#: 208 Function Name: NtSaveKeyEx

Status: Not hooked

#: 209 Function Name: NtSaveMergedKeys

Status: Not hooked

#: 210 Function Name: NtSecureConnectPort

Status: Not hooked

#: 211 Function Name: NtSetBootEntryOrder

Status: Not hooked

#: 212 Function Name: NtSetBootOptions

Status: Not hooked

#: 213 Function Name: NtSetContextThread

Status: Not hooked

#: 214 Function Name: NtSetDebugFilterState

Status: Not hooked

#: 215 Function Name: NtSetDefaultHardErrorPort

Status: Not hooked

#: 216 Function Name: NtSetDefaultLocale

Status: Not hooked

#: 217 Function Name: NtSetDefaultUILanguage

Status: Not hooked

#: 218 Function Name: NtSetEaFile

Status: Not hooked

#: 219 Function Name: NtSetEvent

Status: Not hooked

#: 220 Function Name: NtSetEventBoostPriority

Status: Not hooked

#: 221 Function Name: NtSetHighEventPair

Status: Not hooked

#: 222 Function Name: NtSetHighWaitLowEventPair

Status: Not hooked

#: 223 Function Name: NtSetInformationDebugObject

Status: Not hooked

#: 224 Function Name: NtSetInformationFile

Status: Not hooked

#: 225 Function Name: NtSetInformationJobObject

Status: Not hooked

#: 226 Function Name: NtSetInformationKey

Status: Not hooked

#: 227 Function Name: NtSetInformationObject

Status: Not hooked

#: 228 Function Name: NtSetInformationProcess

Status: Not hooked

#: 229 Function Name: NtSetInformationThread

Status: Not hooked

#: 230 Function Name: NtSetInformationToken

Status: Not hooked

#: 231 Function Name: NtSetIntervalProfile

Status: Not hooked

#: 232 Function Name: NtSetIoCompletion

Status: Not hooked

#: 233 Function Name: NtSetLdtEntries

Status: Not hooked

#: 234 Function Name: NtSetLowEventPair

Status: Not hooked

#: 235 Function Name: NtSetLowWaitHighEventPair

Status: Not hooked

#: 236 Function Name: NtSetQuotaInformationFile

Status: Not hooked

#: 237 Function Name: NtSetSecurityObject

Status: Not hooked

#: 238 Function Name: NtSetSystemEnvironmentValue

Status: Not hooked

#: 239 Function Name: NtSetSystemEnvironmentValueEx

Status: Not hooked

#: 240 Function Name: NtSetSystemInformation

Status: Not hooked

#: 241 Function Name: NtSetSystemPowerState

Status: Not hooked

#: 242 Function Name: NtSetSystemTime

Status: Not hooked

#: 243 Function Name: NtSetThreadExecutionState

Status: Not hooked

#: 244 Function Name: NtSetTimer

Status: Not hooked

#: 245 Function Name: NtSetTimerResolution

Status: Not hooked

#: 246 Function Name: NtSetUuidSeed

Status: Not hooked

#: 247 Function Name: NtSetValueKey

Status: Not hooked

#: 248 Function Name: NtSetVolumeInformationFile

Status: Not hooked

#: 249 Function Name: NtShutdownSystem

Status: Not hooked

#: 250 Function Name: NtSignalAndWaitForSingleObject

Status: Not hooked

#: 251 Function Name: NtStartProfile

Status: Not hooked

#: 252 Function Name: NtStopProfile

Status: Not hooked

#: 253 Function Name: NtSuspendProcess

Status: Not hooked

#: 254 Function Name: NtSuspendThread

Status: Not hooked

#: 255 Function Name: NtSystemDebugControl

Status: Not hooked

#: 256 Function Name: NtTerminateJobObject

Status: Not hooked

#: 257 Function Name: NtTerminateProcess

Status: Not hooked

#: 258 Function Name: NtTerminateThread

Status: Not hooked

#: 259 Function Name: NtTestAlert

Status: Not hooked

#: 260 Function Name: NtTraceEvent

Status: Not hooked

#: 261 Function Name: NtTranslateFilePath

Status: Not hooked

#: 262 Function Name: NtUnloadDriver

Status: Not hooked

#: 263 Function Name: NtUnloadKey

Status: Not hooked

#: 264 Function Name: NtUnloadKeyEx

Status: Not hooked

#: 265 Function Name: NtUnlockFile

Status: Not hooked

#: 266 Function Name: NtUnlockVirtualMemory

Status: Not hooked

#: 267 Function Name: NtUnmapViewOfSection

Status: Not hooked

#: 268 Function Name: NtVdmControl

Status: Not hooked

#: 269 Function Name: NtWaitForDebugEvent

Status: Not hooked

#: 270 Function Name: NtWaitForMultipleObjects

Status: Not hooked

#: 271 Function Name: NtWaitForSingleObject

Status: Not hooked

#: 272 Function Name: NtWaitHighEventPair

Status: Not hooked

#: 273 Function Name: NtWaitLowEStealth Objects

-------------------

Hidden Services

-------------------

Service Name: UACd.sys

Image Path: C:\WINDOWS\system32\drivers\UACljaowktaru.sys

Shadow SSDT

-------------------

#: 000 Function Name: NtGdiAbortDoc

Status: Not hooked

#: 001 Function Name: NtGdiAbortPath

Status: Not hooked

#: 002 Function Name: NtGdiAddFontResourceW

Status: Not hooked

#: 003 Function Name: NtGdiAddRemoteFontToDC

Status: Not hooked

#: 004 Function Name: NtGdiAddFontMemResourceEx

Status: Not hooked

#: 005 Function Name: NtGdiRemoveMergeFont

Status: Not hooked

#: 006 Function Name: NtGdiAddRemoteMMInstanceToDC

Status: Not hooked

#: 007 Function Name: NtGdiAlphaBlend

Status: Not hooked

#: 008 Function Name: NtGdiAngleArc

Status: Not hooked

#: 009 Function Name: NtGdiAnyLinkedFonts

Status: Not hooked

#: 010 Function Name: NtGdiFontIsLinked

Status: Not hooked

#: 011 Function Name: NtGdiArcInternal

Status: Not hooked

#: 012 Function Name: NtGdiBeginPath

Status: Not hooked

#: 013 Function Name: NtGdiBitBlt

Status: Not hooked

#: 014 Function Name: NtGdiCancelDC

Status: Not hooked

#: 015 Function Name: NtGdiCheckBitmapBits

Status: Not hooked

#: 016 Function Name: NtGdiCloseFigure

Status: Not hooked

#: 017 Function Name: NtGdiClearBitmapAttributes

Status: Not hooked

#: 018 Function Name: NtGdiClearBrushAttributes

Status: Not hooked

#: 019 Function Name: NtGdiColorCorrectPalette

Status: Not hooked

#: 020 Function Name: NtGdiCombineRgn

Status: Not hooked

#: 021 Function Name: NtGdiCombineTransform

Status: Not hooked

#: 022 Function Name: NtGdiComputeXformCoefficients

Status: Not hooked

#: 023 Function Name: NtGdiConsoleTextOut

Status: Not hooked

#: 024 Function Name: NtGdiConvertMetafileRect

Status: Not hooked

#: 025 Function Name: NtGdiCreateBitmap

Status: Not hooked

#: 026 Function Name: NtGdiCreateClientObj

Status: Not hooked

#: 027 Function Name: NtGdiCreateColorSpace

Status: Not hooked

#: 028 Function Name: NtGdiCreateColorTransform

Status: Not hooked

#: 029 Function Name: NtGdiCreateCompatibleBitmap

Status: Not hooked

#: 030 Function Name: NtGdiCreateCompatibleDC

Status: Not hooked

#: 031 Function Name: NtGdiCreateDIBBrush

Status: Not hooked

#: 032 Function Name: NtGdiCreateDIBitmapInternal

Status: Not hooked

#: 033 Function Name: NtGdiCreateDIBSection

Status: Not hooked

#: 034 Function Name: NtGdiCreateEllipticRgn

Status: Not hooked

#: 035 Function Name: NtGdiCreateHalftonePalette

Status: Not hooked

#: 036 Function Name: NtGdiCreateHatchBrushInternal

Status: Not hooked

#: 037 Function Name: NtGdiCreateMetafileDC

Status: Not hooked

#: 038 Function Name: NtGdiCreatePaletteInternal

Status: Not hooked

#: 039 Function Name: NtGdiCreatePatternBrushInternal

Status: Not hooked

#: 040 Function Name: NtGdiCreatePen

Status: Not hooked

#: 041 Function Name: NtGdiCreateRectRgn

Status: Not hooked

#: 042 Function Name: NtGdiCreateRoundRectRgn

Status: Not hooked

#: 043 Function Name: NtGdiCreateServerMetaFile

Status: Not hooked

#: 044 Function Name: NtGdiCreateSolidBrush

Status: Not hooked

#: 045 Function Name: NtGdiD3dContextCreate

Status: Not hooked

#: 046 Function Name: NtGdiD3dContextDestroy

Status: Not hooked

#: 047 Function Name: NtGdiD3dContextDestroyAll

Status: Not hooked

#: 048 Function Name: NtGdiD3dValidateTextureStageState

Status: Not hooked

#: 049 Function Name: NtGdiD3dDrawPrimitives2

Status: Not hooked

#: 050 Function Name: NtGdiDdGetDriverState

Status: Not hooked

#: 051 Function Name: NtGdiDdAddAttachedSurface

Status: Not hooked

#: 052 Function Name: NtGdiDdAlphaBlt

Status: Not hooked

#: 053 Function Name: NtGdiDdAttachSurface

Status: Not hooked

#: 054 Function Name: NtGdiDdBeginMoCompFrame

Status: Not hooked

#: 055 Function Name: NtGdiDdBlt

Status: Not hooked

#: 056 Function Name: NtGdiDdCanCreateSurface

Status: Not hooked

#: 057 Function Name: NtGdiDdCanCreateD3DBuffer

Status: Not hooked

#: 058 Function Name: NtGdiDdColorControl

Status: Not hooked

#: 059 Function Name: NtGdiDdCreateDirectDrawObject

Status: Not hooked

#: 060 Function Name: NtGdiDdCreateSurface

Status: Not hooked

#: 061 Function Name: NtGdiDdCreateD3DBuffer

Status: Not hooked

#: 062 Function Name: NtGdiDdCreateMoComp

Status: Not hooked

#: 063 Function Name: NtGdiDdCreateSurfaceObject

Status: Not hooked

#: 064 Function Name: NtGdiDdDeleteDirectDrawObject

Status: Not hooked

#: 065 Function Name: NtGdiDdDeleteSurfaceObject

Status: Not hooked

#: 066 Function Name: NtGdiDdDestroyMoComp

Status: Not hooked

#: 067 Function Name: NtGdiDdDestroySurface

Status: Not hooked

#: 068 Function Name: NtGdiDdDestroyD3DBuffer

Status: Not hooked

#: 069 Function Name: NtGdiDdEndMoCompFrame

Status: Not hooked

#: 070 Function Name: NtGdiDdFlip

Status: Not hooked

#: 071 Function Name: NtGdiDdFlipToGDISurface

Status: Not hooked

#: 072 Function Name: NtGdiDdGetAvailDriverMemory

Status: Not hooked

#: 073 Function Name: NtGdiDdGetBltStatus

Status: Not hooked

#: 074 Function Name: NtGdiDdGetDC

Status: Not hooked

#: 075 Function Name: NtGdiDdGetDriverInfo

Status: Not hooked

#: 076 Function Name: NtGdiDdGetDxHandle

Status: Not hooked

#: 077 Function Name: NtGdiDdGetFlipStatus

Status: Not hooked

#: 078 Function Name: NtGdiDdGetInternalMoCompInfo

Status: Not hooked

#: 079 Function Name: NtGdiDdGetMoCompBuffInfo

Status: Not hooked

#: 080 Function Name: NtGdiDdGetMoCompGuids

Status: Not hooked

#: 081 Function Name: NtGdiDdGetMoCompFormats

Status: Not hooked

#: 082 Function Name: NtGdiDdGetScanLine

Status: Not hooked

#: 083 Function Name: NtGdiDdLock

Status: Not hooked

#: 084 Function Name: NtGdiDdLockD3D

Status: Not hooked

#: 085 Function Name: NtGdiDdQueryDirectDrawObject

Status: Not hooked

#: 086 Function Name: NtGdiDdQueryMoCompStatus

Status: Not hooked

#: 087 Function Name: NtGdiDdReenableDirectDrawObject

Status: Not hooked

#: 088 Function Name: NtGdiDdReleaseDC

Status: Not hooked

#: 089 Function Name: NtGdiDdRenderMoComp

Status: Not hooked

#: 090 Function Name: NtGdiDdResetVisrgn

Status: Not hooked

#: 091 Function Name: NtGdiDdSetColorKey

Status: Not hooked

#: 092 Function Name: NtGdiDdSetExclusiveMode

Status: Not hooked

#: 093 Function Name: NtGdiDdSetGammaRamp

Status: Not hooked

#: 094 Function Name: NtGdiDdCreateSurfaceEx

Status: Not hooked

#: 095 Function Name: NtGdiDdSetOverlayPosition

Status: Not hooked

#: 096 Function Name: NtGdiDdUnattachSurface

Status: Not hooked

#: 097 Function Name: NtGdiDdUnlock

Status: Not hooked

#: 098 Function Name: NtGdiDdUnlockD3D

Status: Not hooked

#: 099 Function Name: NtGdiDdUpdateOverlay

Status: Not hooked

#: 100 Function Name: NtGdiDdWaitForVerticalBlank

Status: Not hooked

#: 101 Function Name: NtGdiDvpCanCreateVideoPort

Status: Not hooked

#: 102 Function Name: NtGdiDvpColorControl

Status: Not hooked

#: 103 Function Name: NtGdiDvpCreateVideoPort

Status: Not hooked

#: 104 Function Name: NtGdiDvpDestroyVideoPort

Status: Not hooked

#: 105 Function Name: NtGdiDvpFlipVideoPort

Status: Not hooked

#: 106 Function Name: NtGdiDvpGetVideoPortBandwidth

Status: Not hooked

#: 107 Function Name: NtGdiDvpGetVideoPortField

Status: Not hooked

#: 108 Function Name: NtGdiDvpGetVideoPortFlipStatus

Status: Not hooked

#: 109 Function Name: NtGdiDvpGetVideoPortInputFormats

Status: Not hooked

#: 110 Function Name: NtGdiDvpGetVideoPortLine

Status: Not hooked

#: 111 Function Name: NtGdiDvpGetVideoPortOutputFormats

Status: Not hooked

#: 112 Function Name: NtGdiDvpGetVideoPortConnectInfo

Status: Not hooked

#: 113 Function Name: NtGdiDvpGetVideoSignalStatus

Status: Not hooked

#: 114 Function Name: NtGdiDvpUpdateVideoPort

Status: Not hooked

#: 115 Function Name: NtGdiDvpWaitForVideoPortSync

Status: Not hooked

#: 116 Function Name: NtGdiDvpAcquireNotification

Status: Not hooked

#: 117 Function Name: NtGdiDvpReleaseNotification

Status: Not hooked

#: 118 Function Name: NtGdiDxgGenericThunk

Status: Not hooked

#: 119 Function Name: NtGdiDeleteClientObj

Status: Not hooked

#: 120 Function Name: NtGdiDeleteColorSpace

Status: Not hooked

#: 121 Function Name: NtGdiDeleteColorTransform

Status: Not hooked

#: 122 Function Name: NtGdiDeleteObjectApp

Status: Not hooked

#: 123 Function Name: NtGdiDescribePixelFormat

Status: Not hooked

#: 124 Function Name: NtGdiGetPerBandInfo

Status: Not hooked

#: 125 Function Name: NtGdiDoBanding

Status: Not hooked

#: 126 Function Name: NtGdiDoPalette

Status: Not hooked

#: 127 Function Name: NtGdiDrawEscape

Status: Not hooked

#: 128 Function Name: NtGdiEllipse

Status: Not hooked

#: 129 Function Name: NtGdiEnableEudc

Status: Not hooked

#: 130 Function Name: NtGdiEndDoc

Status: Not hooked

#: 131 Function Name: NtGdiEndPage

Status: Not hooked

#: 132 Function Name: NtGdiEndPath

Status: Not hooked

#: 133 Function Name: NtGdiEnumFontChunk

Status: Not hooked

#: 134 Function Name: NtGdiEnumFontClose

Status: Not hooked

#: 135 Function Name: NtGdiEnumFontOpen

Status: Not hooked

#: 136 Function Name: NtGdiEnumObjects

Status: Not hooked

#: 137 Function Name: NtGdiEqualRgn

Status: Not hooked

#: 138 Function Name: NtGdiEudcLoadUnloadLink

Status: Not hooked

#: 139 Function Name: NtGdiExcludeClipRect

Status: Not hooked

#: 140 Function Name: NtGdiExtCreatePen

Status: Not hooked

#: 141 Function Name: NtGdiExtCreateRegion

Status: Not hooked

#: 142 Function Name: NtGdiExtEscape

Status: Not hooked

#: 143 Function Name: NtGdiExtFloodFill

Status: Not hooked

#: 144 Function Name: NtGdiExtGetObjectW

Status: Not hooked

#: 145 Function Name: NtGdiExtSelectClipRgn

Status: Not hooked

#: 146 Function Name: NtGdiExtTextOutW

Status: Not hooked

#: 147 Function Name: NtGdiFillPath

Status: Not hooked

#: 148 Function Name: NtGdiFillRgn

Status: Not hooked

#: 149 Function Name: NtGdiFlattenPath

Status: Not hooked

#: 150 Function Name: NtGdiFlushUserBatch

Status: Not hooked

#: 151 Function Name: NtGdiFlush

Status: Not hooked

#: 152 Function Name: NtGdiForceUFIMapping

Status: Not hooked

#: 153 Function Name: NtGdiFrameRgn

Status: Not hooked

#: 154 Function Name: NtGdiFullscreenControl

Status: Not hooked

#: 155 Function Name: NtGdiGetAndSetDCDword

Status: Not hooked

#: 156 Function Name: NtGdiGetAppClipBox

Status: Not hooked

#: 157 Function Name: NtGdiGetBitmapBits

Status: Not hooked

#: 158 Function Name: NtGdiGetBitmapDimension

Status: Not hooked

#: 159 Function Name: NtGdiGetBoundsRect

Status: Not hooked

#: 160 Function Name: NtGdiGetCharABCWidthsW

Status: Not hooked

#: 161 Function Name: NtGdiGetCharacterPlacementW

Status: Not hooked

#: 162 Function Name: NtGdiGetCharSet

Status: Not hooked

#: 163 Function Name: NtGdiGetCharWidthW

Status: Not hooked

#: 164 Function Name: NtGdiGetCharWidthInfo

Status: Not hooked

#: 165 Function Name: NtGdiGetColorAdjustment

Status: Not hooked

#: 166 Function Name: NtGdiGetColorSpaceforBitmap

Status: Not hooked

#: 167 Function Name: NtGdiGetDCDword

Status: Not hooked

#: 168 Function Name: NtGdiGetDCforBitmap

Status: Not hooked

#: 169 Function Name: NtGdiGetDCObject

Status: Not hooked

#: 170 Function Name: NtGdiGetDCPoint

Status: Not hooked

#: 171 Function Name: NtGdiGetDeviceCaps

Status: Not hooked

#: 172 Function Name: NtGdiGetDeviceGammaRamp

Status: Not hooked

#: 173 Function Name: NtGdiGetDeviceCapsAll

Status: Not hooked

#: 174 Function Name: NtGdiGetDIBitsInternal

Status: Not hooked

#: 175 Function Name: NtGdiGetETM

Status: Not hooked

#: 176 Function Name: NtGdiGetEudcTimeStampEx

Status: Not hooked

#: 177 Function Name: NtGdiGetFontData

Status: Not hooked

#: 178 Function Name: NtGdiGetFontResourceInfoInternalW

Status: Not hooked

#: 179 Function Name: NtGdiGetGlyphIndicesW

Status: Not hooked

#: 180 Function Name: NtGdiGetGlyphIndicesWInternal

Status: Not hooked

#: 181 Function Name: NtGdiGetGlyphOutline

Status: Not hooked

#: 182 Function Name: NtGdiGetKerningPairs

Status: Not hooked

#: 183 Function Name: NtGdiGetLinkedUFIs

Status: Not hooked

#: 184 Function Name: NtGdiGetMiterLimit

Status: Not hooked

#: 185 Function Name: NtGdiGetMonitorID

Status: Not hooked

#: 186 Function Name: NtGdiGetNearestColor

Status: Not hooked

#: 187 Function Name: NtGdiGetNearestPaletteIndex

Status: Not hooked

#: 188 Function Name: NtGdiGetObjectBitmapHandle

Status: Not hooked

#: 189 Function Name: NtGdiGetOutlineTextMetricsInternalW

Status: Not hooked

#: 190 Function Name: NtGdiGetPath

Status: Not hooked

#: 191 Function Name: NtGdiGetPixel

Status: Not hooked

#: 192 Function Name: NtGdiGetRandomRgn

Status: Not hooked

#: 193 Function Name: NtGdiGetRasterizerCaps

Status: Not hooked

#: 194 Function Name: NtGdiGetRealizationInfo

Status: Not hooked

#: 195 Function Name: NtGdiGetRegionData

Status: Not hooked

#: 196 Function Name: NtGdiGetRgnBox

Status: Not hooked

#: 197 Function Name: NtGdiGetServerMetaFileBits

Status: Not hooked

#: 198 Function Name: NtGdiGetSpoolMessage

Status: Not hooked

#: 199 Function Name: NtGdiGetStats

Status: Not hooked

#: 200 Function Name: NtGdiGetStockObject

Status: Not hooked

#: 201 Function Name: NtGdiGetStringBitmapW

Status: Not hooked

#: 202 Function Name: NtGdiGetSystemPaletteUse

Status: Not hooked

#: 203 Function Name: NtGdiGetTextCharsetInfo

Status: Not hooked

#: 204 Function Name: NtGdiGetTextExtent

Status: Not hooked

#: 205 Function Name: NtGdiGetTextExtentExW

Status: Not hooked

#: 206 Function Name: NtGdiGetTextFaceW

Status: Not hooked

#: 207 Function Name: NtGdiGetTextMetricsW

Status: Not hooked

#: 208 Function Name: NtGdiGetTransform

Status: Not hooked

#: 209 Function Name: NtGdiGetUFI

Status: Not hooked

#: 210 Function Name: NtGdiGetEmbUFI

Status: Not hooked

#: 211 Function Name: NtGdiGetUFIPathname

Status: Not hooked

#: 212 Function Name: NtGdiGetEmbedFonts

Status: Not hooked

#: 213 Function Name: NtGdiChangeGhostFont

Status: Not hooked

#: 214 Function Name: NtGdiAddEmbFontToDC

Status: Not hooked

#: 215 Function Name: NtGdiGetFontUnicodeRanges

Status: Not hooked

#: 216 Function Name: NtGdiGetWidthTable

Status: Not hooked

#: 217 Function Name: NtGdiGradientFill

Status: Not hooked

#: 218 Function Name: NtGdiHfontCreate

Status: Not hooked

#: 219 Function Name: NtGdiIcmBrushInfo

Status: Not hooked

#: 220 Function Name: NtGdiInit

Status: Not hooked

#: 221 Function Name: NtGdiInitSpool

Status: Not hooked

#: 222 Function Name: NtGdiIntersectClipRect

Status: Not hooked

#: 223 Function Name: NtGdiInvertRgn

Status: Not hooked

#: 224 Function Name: NtGdiLineTo

Status: Not hooked

#: 225 Function Name: NtGdiMakeFontDir

Status: Not hooked

#: 226 Function Name: NtGdiMakeInfoDC

Status: Not hooked

#: 227 Function Name: NtGdiMaskBlt

Status: Not hooked

#: 228 Function Name: NtGdiModifyWorldTransform

Status: Not hooked

#: 229 Function Name: NtGdiMonoBitmap

Status: Not hooked

#: 230 Function Name: NtGdiMoveTo

Status: Not hooked

#: 231 Function Name: NtGdiOffsetClipRgn

Status: Not hooked

#: 232 Function Name: NtGdiOffsetRgn

Status: Not hooked

#: 233 Function Name: NtGdiOpenDCW

Status: Not hooked

#: 234 Function Name: NtGdiPatBlt

Status: Not hooked

#: 235 Function Name: NtGdiPolyPatBlt

Status: Not hooked

#: 236 Function Name: NtGdiPathToRegion

Status: Not hooked

#: 237 Function Name: NtGdiPlgBlt

Status: Not hooked

#: 238 Function Name: NtGdiPolyDraw

Status: Not hooked

#: 239 Function Name: NtGdiPolyPolyDraw

Status: Not hooked

#: 240 Function Name: NtGdiPolyTextOutW

Status: Not hooked

#: 241 Function Name: NtGdiPtInRegion

Status: Not hooked

#: 242 Function Name: NtGdiPtVisible

Status: Not hooked

#: 243 Function Name: NtGdiQueryFonts

Status: Not hooked

#: 244 Function Name: NtGdiQueryFontAssocInfo

Status: Not hooked

#: 245 Function Name: NtGdiRectangle

Status: Not hooked

#: 246 Function Name: NtGdiRectInRegion

Status: Not hooked

#: 247 Function Name: NtGdiRectVisible

Status: Not hooked

#: 248 Function Name: NtGdiRemoveFontResourceW

Status: Not hooked

#: 249 Function Name: NtGdiRemoveFontMemResourceEx

Status: Not hooked

#: 250 Function Name: NtGdiResetDC

Status: Not hooked

#: 251 Function Name: NtGdiResizePalette

Status: Not hooked

#: 252 Function Name: NtGdiRestoreDC

Status: Not hooked

#: 253 Function Name: NtGdiRoundRect

Status: Not hooked

#: 254 Function Name: NtGdiSaveDC

Status: Not hooked

#: 255 Function Name: NtGdiScaleViewportExtEx

Status: Not hooked

#: 256 Function Name: NtGdiScaleWindowExtEx

Status: Not hooked

#: 257 Function Name: NtGdiSelectBitmap

Status: Not hooked

#: 258 Function Name: NtGdiSelectBrush

Status: Not hooked

#: 259 Function Name: NtGdiSelectClipPath

Status: Not hooked

#: 260 Function Name: NtGdiSelectFont

Status: Not hooked

#: 261 Function Name: NtGdiSelectPen

Status: Not hooked

#: 262 Function Name: NtGdiSetBitmapAttributes

Status: Not hooked

#: 263 Function Name: NtGdiSetBitmapBits

Status: Not hooked

#: 264 Function Name: NtGdiSetBitmapDimension

Status: Not hooked

#: 265 Function Name: NtGdiSetBoundsRect

Status: Not hooked

#: 266 Function Name: NtGdiSetBrushAttributes

Status: Not hooked

#: 267 Function Name: NtGdiSetBrushOrg

Status: Not hooked

#: 268 Function Name: NtGdiSetColorAdjustment

Status: Not hooked

#: 269 Function Name: NtGdiSetColorSpace

Status: Not hooked

#: 270 Function Name: NtGdiSetDeviceGammaRamp

Status: Not hooked

#: 271 Function Name: NtGdiSetDIBitsToDeviceInternal

Status: Not hooked

#: 272 Function Name: NtGdiSetFontEnumeration

Status: Not hooked

#: 273 Function Name: NtGdiSetFontXform

Status: Not hooked

#: 274 Function Name: NtGdiSetIcmMode

Status: Not hooked

#: 275 Function Name: NtGdiSetLinkedUFIs

Status: Not hooked

#: 276 Function Name: NtGdiSetMagicColors

Status: Not hooked

#: 277 Function Name: NtGdiSetMetaRgn

Status: Not hooked

#: 278 Function Name: NtGdiSetMiterLimit

Status: Not hooked

#: 279 Function Name: NtGdiGetDeviceWidth

Status: Not hooked

#: 280 Function Name: NtGdiMirrorWindowOrg

Status: Not hooked

#: 281 Function Name: NtGdiSetLayout

Status: Not hooked

#: 282 Function Name: NtGdiSetPixel

Status: Not hooked

#: 283 Function Name: NtGdiSetPixelFormat

Status: Not hooked

#: 284 Function Name: NtGdiSetRectRgn

Status: Not hooked

#: 285 Function Name: NtGdiSetSystemPaletteUse

Status: Not hooked

#: 286 Function Name: NtGdiSetTextJustification

Status: Not hooked

#: 287 Function Name: NtGdiSetupPublicCFONT

Status: Not hooked

#: 288 Function Name: NtGdiSetVirtualResolution

Status: Not hooked

#: 289 Function Name: NtGdiSetSizeDevice

Status: Not hooked

#: 290 Function Name: NtGdiStartDoc

Status: Not hooked

#: 291 Function Name: NtGdiStartPage

Status: Not hooked

#: 292 Function Name: NtGdiStretchBlt

Status: Not hooked

#: 293 Function Name: NtGdiStretchDIBitsInternal

Status: Not hooked

#: 294 Function Name: NtGdiStrokeAndFillPath

Status: Not hooked

#: 295 Function Name: NtGdiStrokePath

Status: Not hooked

#: 296 Function Name: NtGdiSwapBuffers

Status: Not hooked

#: 297 Function Name: NtGdiTransformPoints

Status: Not hooked

#: 298 Function Name: NtGdiTransparentBlt

Status: Not hooked

#: 299 Function Name: NtGdiUnloadPrinterDriver

Status: Not hooked

#: 300 Function Name: NtGdiUnmapMemFont

Status: Not hooked

#: 301 Function Name: NtGdiUnrealizeObject

Status: Not hooked

#: 302 Function Name: NtGdiUpdateColors

Status: Not hooked

#: 303 Function Name: NtGdiWidenPath

Status: Not hooked

#: 304 Function Name: NtUserActivateKeyboardLayout

Status: Not hooked

#: 305 Function Name: NtUserAlterWindowStyle

Status: Not hooked

#: 306 Function Name: NtUserAssociateInputContext

Status: Not hooked

#: 307 Function Name: NtUserAttachThreadInput

Status: Not hooked

#: 308 Function Name: NtUserBeginPaint

Status: Not hooked

#: 309 Function Name: NtUserBitBltSysBmp

Status: Not hooked

#: 310 Function Name: NtUserBlockInput

Status: Not hooked

#: 311 Function Name: NtUserBuildHimcList

Status: Not hooked

#: 312 Function Name: NtUserBuildHwndList

Status: Not hooked

#: 313 Function Name: NtUserBuildNameList

Status: Not hooked

#: 314 Function Name: NtUserBuildPropList

Status: Not hooked

#: 315 Function Name: NtUserCallHwnd

Status: Not hooked

#: 316 Function Name: NtUserCallHwndLock

Status: Not hooked

#: 317 Function Name: NtUserCallHwndOpt

Status: Not hooked

#: 318 Function Name: NtUserCallHwndParam

Status: Not hooked

#: 319 Function Name: NtUserCallHwndParamLock

Status: Not hooked

#: 320 Function Name: NtUserCallMsgFilter

Status: Not hooked

#: 321 Function Name: NtUserCallNextHookEx

Status: Not hooked

#: 322 Function Name: NtUserCallNoParam

Status: Not hooked

#: 323 Function Name: NtUserCallOneParam

Status: Not hooked

#: 324 Function Name: NtUserCallTwoParam

Status: Not hooked

#: 325 Function Name: NtUserChangeClipboardChain

Status: Not hooked

#: 326 Function Name: NtUserChangeDisplaySettings

Status: Not hooked

#: 327 Function Name: NtUserCheckImeHotKey

Status: Not hooked

#: 328 Function Name: NtUserCheckMenuItem

Status: Not hooked

#: 329 Function Name: NtUserChildWindowFromPointEx

Status: Not hooked

#: 330 Function Name: NtUserClipCursor

Status: Not hooked

#: 331 Function Name: NtUserCloseClipboard

Status: Not hooked

#: 332 Function Name: NtUserCloseDesktop

Status: Not hooked

#: 333 Function Name: NtUserCloseWindowStation

Status: Not hooked

#: 334 Function Name: NtUserConsoleControl

Status: Not hooked

#: 335 Function Name: NtUserConvertMemHandle

Status: Not hooked

#: 336 Function Name: NtUserCopyAcceleratorTable

Status: Not hooked

#: 337 Function Name: NtUserCountClipboardFormats

Status: Not hooked

#: 338 Function Name: NtUserCreateAcceleratorTable

Status: Not hooked

#: 339 Function Name: NtUserCreateCaret

Status: Not hooked

#: 340 Function Name: NtUserCreateDesktop

Status: Not hooked

#: 341 Function Name: NtUserCreateInputContext

Status: Not hooked

#: 342 Function Name: NtUserCreateLocalMemHandle

Status: Not hooked

#: 343 Function Name: NtUserCreateWindowEx

Status: Not hooked

#: 344 Function Name: NtUserCreateWindowStation

Status: Not hooked

#: 345 Function Name: NtUserDdeGetQualityOfService

Status: Not hooked

#: 346 Function Name: NtUserDdeInitialize

Status: Not hooked

#: 347 Function Name: NtUserDdeSetQualityOfService

Status: Not hooked

#: 348 Function Name: NtUserDeferWindowPos

Status: Not hooked

#: 349 Function Name: NtUserDefSetText

Status: Not hooked

#: 350 Function Name: NtUserDeleteMenu

Status: Not hooked

#: 351 Function Name: NtUserDestroyAcceleratorTable

Status: Not hooked

#: 352 Function Name: NtUserDestroyCursor

Status: Not hooked

#: 353 Function Name: NtUserDestroyInputContext

Status: Not hooked

#: 354 Function Name: NtUserDestroyMenu

Status: Not hooked

#: 355 Function Name: NtUserDestroyWindow

Status: Not hooked

#: 356 Function Name: NtUserDisableThreadIme

Status: Not hooked

#: 357 Function Name: NtUserDispatchMessage

Status: Not hooked

#: 358 Function Name: NtUserDragDetect

Status: Not hooked

#: 359 Function Name: NtUserDragObject

Status: Not hooked

#: 360 Function Name: NtUserDrawAnimatedRects

Status: Not hooked

#: 361 Function Name: NtUserDrawCaption

Status: Not hooked

#: 362 Function Name: NtUserDrawCaptionTemp

Status: Not hooked

#: 363 Function Name: NtUserDrawIconEx

Status: Not hooked

#: 364 Function Name: NtUserDrawMenuBarTemp

Status: Not hooked

#: 365 Function Name: NtUserEmptyClipboard

Status: Not hooked

#: 366 Function Name: NtUserEnableMenuItem

Status: Not hooked

#: 367 Function Name: NtUserEnableScrollBar

Status: Not hooked

#: 368 Function Name: NtUserEndDeferWindowPosEx

Status: Not hooked

#: 369 Function Name: NtUserEndMenu

Status: Not hooked

#: 370 Function Name: NtUserEndPaint

Status: Not hooked

#: 371 Function Name: NtUserEnumDisplayDevices

Status: Not hooked

#: 372 Function Name: NtUserEnumDisplayMonitors

Status: Not hooked

#: 373 Function Name: NtUserEnumDisplaySettings

Status: Not hooked

#: 374 Function Name: NtUserEvent

Status: Not hooked

#: 375 Function Name: NtUserExcludeUpdateRgn

Status: Not hooked

#: 376 Function Name: NtUserFillWindow

Status: Not hooked

#: 377 Function Name: NtUserFindExistingCursorIcon

Status: Not hooked

#: 378 Function Name: NtUserFindWindowEx

Status: Not hooked

#: 379 Function Name: NtUserFlashWindowEx

Status: Not hooked

#: 380 Function Name: NtUserGetAltTabInfo

Status: Not hooked

#: 381 Function Name: NtUserGetAncestor

Status: Not hooked

#: 382 Function Name: NtUserGetAppImeLevel

Status: Not hooked

#: 383 Function Name: NtUserGetAsyncKeyState

Status: Not hooked

#: 384 Function Name: NtUserGetAtomName

Status: Not hooked

#: 385 Function Name: NtUserGetCaretBlinkTime

Status: Not hooked

#: 386 Function Name: NtUserGetCaretPos

Status: Not hooked

#: 387 Function Name: NtUserGetClassInfo

Status: Not hooked

#: 388 Function Name: NtUserGetClassName

Status: Not hooked

#: 389 Function Name: NtUserGetClipboardData

Status: Not hooked

#: 390 Function Name: NtUserGetClipboardFormatName

Status: Not hooked

#: 391 Function Name: NtUserGetClipboardOwner

Status: Not hooked

#: 392 Function Name: NtUserGetClipboardSequenceNumber

Status: Not hooked

#: 393 Function Name: NtUserGetClipboardViewer

Status: Not hooked

#: 394 Function Name: NtUserGetClipCursor

Status: Not hooked

#: 395 Function Name: NtUserGetComboBoxInfo

Status: Not hooked

#: 396 Function Name: NtUserGetControlBrush

Status: Not hooked

#: 397 Function Name: NtUserGetControlColor

Status: Not hooked

#: 398 Function Name: NtUserGetCPD

Status: Not hooked

#: 399 Function Name: NtUserGetCursorFrameInfo

Status: Not hooked

#: 400 Function Name: NtUserGetCursorInfo

Status: Not hooked

#: 401 Function Name: NtUserGetDC

Status: Not hooked

#: 402 Function Name: NtUserGetDCEx

Status: Not hooked

#: 403 Function Name: NtUserGetDoubleClickTime

Status: Not hooked

#: 404 Function Name: NtUserGetForegroundWindow

Status: Not hooked

#: 405 Function Name: NtUserGetGuiResources

Status: Not hooked

#: 406 Function Name: NtUserGetGUIThreadInfo

Status: Not hooked

#: 407 Function Name: NtUserGetIconInfo

Status: Not hooked

#: 408 Function Name: NtUserGetIconSize

Status: Not hooked

#: 409 Function Name: NtUserGetImeHotKey

Status: Not hooked

#: 410 Function Name: NtUserGetImeInfoEx

Status: Not hooked

#: 411 Function Name: NtUserGetInternalWindowPos

Status: Not hooked

#: 412 Function Name: NtUserGetKeyboardLayoutList

Status: Not hooked

#: 413 Function Name: NtUserGetKeyboardLayoutName

Status: Not hooked

#: 414 Function Name: NtUserGetKeyboardState

Status: Not hooked

#: 415 Function Name: NtUserGetKeyNameText

Status: Not hooked

#: 416 Function Name: NtUserGetKeyState

Status: Not hooked

#: 417 Function Name: NtUserGetListBoxInfo

Status: Not hooked

#: 418 Function Name: NtUserGetMenuBarInfo

Status: Not hooked

#: 419 Function Name: NtUserGetMenuIndex

Status: Not hooked

#: 420 Function Name: NtUserGetMenuItemRect

Status: Not hooked

#: 421 Function Name: NtUserGetMessage

Status: Not hooked

#: 422 Function Name: NtUserGetMouseMovePointsEx

Status: Not hooked

#: 423 Function Name: NtUserGetObjectInformation

Status: Not hooked

#: 424 Function Name: NtUserGetOpenClipboardWindow

Status: Not hooked

#: 425 Function Name: NtUserGetPriorityClipboardFormat

Status: Not hooked

#: 426 Function Name: NtUserGetProcessWindowStation

Status: Not hooked

#: 427 Function Name: NtUserGetRawInputBuffer

Status: Not hooked

#: 428 Function Name: NtUserGetRawInputData

Status: Not hooked

#: 429 Function Name: NtUserGetRawInputDeviceInfo

Status: Not hooked

#: 430 Function Name: NtUserGetRawInputDeviceList

Status: Not hooked

#: 431 Function Name: NtUserGetRegisteredRawInputDevices

Status: Not hooked

#: 432 Function Name: NtUserGetScrollBarInfo

Status: Not hooked

#: 433 Function Name: NtUserGetSystemMenu

Status: Not hooked

#: 434 Function Name: NtUserGetThreadDesktop

Status: Not hooked

#: 435 Function Name: NtUserGetThreadState

Status: Not hooked

#: 436 Function Name: NtUserGetTitleBarInfo

Status: Not hooked

#: 437 Function Name: NtUserGetUpdateRect

Status: Not hooked

#: 438 Function Name: NtUserGetUpdateRgn

Status: Not hooked

#: 439 Function Name: NtUserGetWindowDC

Status: Not hooked

#: 440 Function Name: NtUserGetWindowPlacement

Status: Not hooked

#: 441 Function Name: NtUserGetWOWClass

Status: Not hooked

#: 442 Function Name: NtUserHardErrorControl

Status: Not hooked

#: 443 Function Name: NtUserHideCaret

Status: Not hooked

#: 444 Function Name: NtUserHiliteMenuItem

Status: Not hooked

#: 445 Function Name: NtUserImpersonateDdeClientWindow

Status: Not hooked

#: 446 Function Name: NtUserInitialize

Status: Not hooked

#: 447 Function Name: NtUserInitializeClientPfnArrays

Status: Not hooked

#: 448 Function Name: NtUserInitTask

Status: Not hooked

#: 449 Function Name: NtUserInternalGetWindowText

Status: Not hooked

#: 450 Function Name: NtUserInvalidateRect

Status: Not hooked

#: 451 Function Name: NtUserInvalidateRgn

Status: Not hooked

#: 452 Function Name: NtUserIsClipboardFormatAvailable

Status: Not hooked

#: 453 Function Name: NtUserKillTimer

Status: Not hooked

#: 454 Function Name: NtUserLoadKeyboardLayoutEx

Status: Not hooked

#: 455 Function Name: NtUserLockWindowStation

Status: Not hooked

#: 456 Function Name: NtUserLockWindowUpdate

Status: Not hooked

#: 457 Function Name: NtUserLockWorkStation

Status: Not hooked

#: 458 Function Name: NtUserMapVirtualKeyEx

Status: Not hooked

#: 459 Function Name: NtUserMenuItemFromPoint

Status: Not hooked

#: 460 Function Name: NtUserMessageCall

Status: Not hooked

#: 461 Function Name: NtUserMinMaximize

Status: Not hooked

#: 462 Function Name: NtUserMNDragLeave

Status: Not hooked

#: 463 Function Name: NtUserMNDragOver

Status: Not hooked

#: 464 Function Name: NtUserModifyUserStartupInfoFlags

Status: Not hooked

#: 465 Function Name: NtUserMoveWindow

Status: Not hooked

#: 466 Function Name: NtUserNotifyIMEStatus

Status: Not hooked

#: 467 Function Name: NtUserNotifyProcessCreate

Status: Not hooked

#: 468 Function Name: NtUserNotifyWinEvent

Status: Not hooked

#: 469 Function Name: NtUserOpenClipboard

Status: Not hooked

#: 470 Function Name: NtUserOpenDesktop

Status: Not hooked

#: 471 Function Name: NtUserOpenInputDesktop

Status: Not hooked

#: 472 Function Name: NtUserOpenWindowStation

Status: Not hooked

#: 473 Function Name: NtUserPaintDesktop

Status: Not hooked

#: 474 Function Name: NtUserPeekMessage

Status: Not hooked

#: 475 Function Name: NtUserPostMessage

Status: Not hooked

#: 476 Function Name: NtUserPostThreadMessage

Status: Not hooked

#: 477 Function Name: NtUserPrintWindow

Status: Not hooked

#: 478 Function Name: NtUserProcessConnect

Status: Not hooked

#: 479 Function Name: NtUserQueryInformationThread

Status: Not hooked

#: 480 Function Name: NtUserQueryInputContext

Status: Not hooked

#: 481 Function Name: NtUserQuerySendMessage

Status: Not hooked

#: 482 Function Name: NtUserQueryUserCounters

Status: Not hooked

#: 483 Function Name: NtUserQueryWindow

Status: Not hooked

#: 484 Function Name: NtUserRealChildWindowFromPoint

Status: Not hooked

#: 485 Function Name: NtUserRealInternalGetMessage

Status: Not hooked

#: 486 Function Name: NtUserRealWaitMessageEx

Status: Not hooked

Malwarebytes' Anti-Malware 1.40

Database version: 2551

Windows 5.1.2600 Service Pack 2 (Safe Mode)

8/8/2009 1:56:02 PM

mbam-log-2009-08-08 (13-56-02).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 243969

Time elapsed: 44 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

#: 487 Function Name: NtUserRedrawWindow

Status: Not hooked

#: 488 Function Name: NtUserRegisterClassExWOW

Status: Not hooked

#: 489 Function Name: NtUserRegisterUserApiHook

Status: Not hooked

#: 490 Function Name: NtUserRegisterHotKey

Status: Not hooked

#: 491 Function Name: NtUserRegisterRawInputDevices

Status: Not ho==EOF==

--------------------------------------------------------------------------------

[miekiemoes]

Hi,

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

1. If you are using Firefox, make sure that your download settings are as follows:
   
   • Tools->Options->Main tab
     
   • Set to "Always ask me where to Save the files".
     

[*]During the download, rename Combofix to Combo-Fix as follows:

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  

  -----------------------------------------------------------

  
  

• Close any open browsers.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

If you still cannot get this to run, try booting into Safe Mode, and run it there.

To boot into Safe Mode, tap F8 after BIOS, and just before the Windows logo appears. A list of options will appear, select "Safe Mode."

If this doesn't work either, try the same method (above method), but name Combofix.exe to iexplore.exe instead, or winlogon.exe..

This because It also happens in some cases that malware blocks EVERY process except for what is in its own whitelist, so this whitelist also includes system important processes such as iexplore.exe, explorer.exe, winlogon.exe...

[MOTOAM]

I can't get directly to the download sites (or here) from the affected computer so I downloaded the file (renaming as directed) to another computer. Then placed the file on a USB ram drive and copied to my desktop. When I run the exe file I get a warning:

!ALERT! It is not safe to continue

The contents of the ComboFix package have been compromised.

Please download a fresh copy from: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: You may be infected with a file patching virus 'virut'

Renaming Combo-Fix to iexplore.exe or winlogon.exe did not change the effect of trying to install.

Is this the result of not downloading directly to the desktop or another evil function of the infection?

[miekiemoes]

Hi,

Note: You may be infected with a file patching virus 'virut'

I really hope this isn't the case here.

Can you redownload it again and transfer it again? But when you download it via the other computer (good computer), please Disable your Antivirus.

Do the same on the infected computer before you transfer the file.

Then transfer the renamed Combofix file to the desktop and try to run it again. If you still get the same error, then it's indeed Virut (on top of the other nasty malware you are dealing with) and this means a format and reinstall unfortunately.

You may want to read this why:

Virut and other File infectors - Throwing in the Towel?

So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...

This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.

Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html

[miekiemoes]

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.