Ntdll Error 0xc000007b Pls Help

J

Jay Bee Kay

New Member
Pls HELP ME ASAP!! this error been workin on my @ss for sum time now

first of all no its not just with one program so that "fix" of try re installing the program its not that

i searched google cnt find anything

the ntdll is stopping a few programs (the most important ones) from running


i found this AVZ Antiviral Toolkit and it gave me this results :

------------------------------------------------------------------
Attention !!! Database was last updated 2/8/2009 it is necessary to update the bases using automatic updates (File/Database update)
>>>> Danger - the avz.exe file is changed, check of its CRC by Trusted Objects Database failed
AVZ Antiviral Toolkit log; AVZ version is 4.30
Scanning started at 7/9/2009 4:13:15 AM
Database loaded: signatures - 209302, NN profile(s) - 2, microprograms of healing - 56, signature database released 08.02.2009 18:56
Heuristic microprograms loaded: 372
SPV microprograms loaded: 9
Digital signatures of system files loaded: 91560
Heuristic analyzer mode: Medium heuristics level
Healing mode: disabled
Windows version: 6.0.6000, ; AVZ is launched with administrator rights
System Restore: enabled
1. Searching for Rootkits and programs intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Function ntdll.dll:NtCreateFile (228) intercepted, method CodeHijack (method not defined)
Function ntdll.dll:NtCreateProcess (241) intercepted, method CodeHijack (method not defined)
Function ntdll.dll:NtCreateProcessEx (242) intercepted, method CodeHijack (method not defined)
Function ntdll.dll:NtCreateUserProcess (254) intercepted, method CodeHijack (method not defined)
Function ntdll.dll:NtDeviceIoControlFile (269) intercepted, method CodeHijack (method not defined)
Function ntdll.dll:NtOpenFile (340) intercepted, method CodeHijack (method not defined)
Function ntdll.dll:NtQueryInformationProcess (394) intercepted, method CodeHijack (method not defined)
Function ntdll.dll:ZwCreateFile (1431) intercepted, method CodeHijack (method not defined)
Function ntdll.dll:ZwCreateProcess (1444) intercepted, method CodeHijack (method not defined)
Function ntdll.dll:ZwCreateProcessEx (1445) intercepted, method CodeHijack (method not defined)
Function ntdll.dll:ZwCreateUserProcess (1457) intercepted, method CodeHijack (method not defined)
Function ntdll.dll:ZwDeviceIoControlFile (1471) intercepted, method CodeHijack (method not defined)
Function ntdll.dll:ZwOpenFile (1541) intercepted, method CodeHijack (method not defined)
Function ntdll.dll:ZwQueryInformationProcess (1595) intercepted, method CodeHijack (method not defined)
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=1278C0)
Kernel ntoskrnl.exe found in memory at address 82000000
SDT = 821278C0
KiST = 8205607C (398)
Functions checked: 398, intercepted: 0, restored: 0
1.3 Checking IDT and SYSENTER
Analysis for CPU 1
Analysis for CPU 2
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
Driver loaded successfully
1.5 Checking of IRP handlers
\FileSystem\ntfs[IRP_MJ_CREATE] = 85A171F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_CLOSE] = 85A171F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_WRITE] = 85A171F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_INFORMATION] = 85A171F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_INFORMATION] = 85A171F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_EA] = 85A171F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_EA] = 85A171F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_VOLUME_INFORMATION] = 85A171F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_VOLUME_INFORMATION] = 85A171F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_DIRECTORY_CONTROL] = 85A171F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_FILE_SYSTEM_CONTROL] = 85A171F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_DEVICE_CONTROL] = 85A171F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_LOCK_CONTROL] = 85A171F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_SECURITY] = 85A171F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_SECURITY] = 85A171F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_PNP] = 85A171F8 -> hook not defined
Checking - complete
2. Scanning memory
Number of processes found: 53
Number of modules loaded: 505
Scanning memory - complete
3. Scanning disks
F:\Program Files\Common Files\microsoft shared\ink\pipanel.exe >>> suspicion for Backdoor.Win32.Agent.px ( 07CD3C40 000ED0BE 0001F605 0028BBC5 28160)
Direct reading F:\Windows\System32\drivers\sptd.sys
F:\Windows\System32\wiawow32.sys >>> suspicion for Trojan-Clicker.Win32.Pamere.cc ( 0037591C 01BF58DB 00110A55 00086F7F 36864)
F:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\pipanel.exe >>> suspicion for Backdoor.Win32.Agent.px ( 07CD3C40 000ED0BE 0001F605 0028BBC5 28160)
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious programs
Checking disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-268)
>> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
>> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: terminal connections to the PC are allowed
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
>> Abnormal COM files association
>> Service termination timeout is out of admissible values
>> HDD autorun are allowed
>> Autorun from network drives are allowed
>> Removable media autorun are allowed
>> Invalid autorun item
Checking - complete
Files scanned: 43897, extracted from archives: 21808, malicious software found 0, suspicions - 3
Scanning finished at 7/9/2009 4:18:06 AM
Time of scanning: 00:04:52
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address VirusInfo conference
---------------------------------------------------------------------------------

I dnt knw what caused this problem but pls any help would be greatly appreciated
 

My Computer

System One

try typing sfc /scannow in an elevated command prompt (run with admin privelages) this will scan your dll library and replace any damamged / faulty one , you will need your operating system dvd
 

My Computer

System One

  • Manufacturer/Model
    Custom Build
    CPU
    Intel Q9550 @ 4Gig / Titan Fenir
    Motherboard
    XFX 780i
    Memory
    4GB OCZ PC2-8500C5 DDR2
    Graphics Card(s)
    Gainward GTX260/216 SLI
    Sound Card
    Creative X-FI Xtreme Gamer
    Monitor(s) Displays
    Dell UltraSharp 2209WA 22"
    Screen Resolution
    1680x1050
    Hard Drives
    western digital raptor 10000rpm sata
    PSU
    OCZ Modstream 700w
    Cooling
    Titan Fenir
    Keyboard
    Razer Reclusa
    Mouse
    Logitech G5 Gamer
    Internet Speed
    8mb
You must log in or register to reply here.
Back
Top