MBR:\...\PHYSICALDRIVE0

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

MBR:...PHYSICALDRIVE0

Post by Qaytu on Fri Aug 19, 2011 10:01 pm

I can only start in safe mode. I'm running Vista 2nd update. I was running avast 5 when the scan picked up this rootkit virus. Here are the OTL and extras texts, also the aswMBR text.
_________
OTL Extras logfile created on: 8/13/2011 11:00:27 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\dummy\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 81.46% Memory free
2.16 Gb Paging File | 1.94 Gb Available in Paging File | 89.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 55.80 Gb Free Space | 25.05% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.53 Gb Free Space | 35.33% Space Free | Partition Type: NTFS

Computer Name: JOYCE-PC | User Name: dummy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3731821497-1863557417-350186197-1001]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EB27AC-24E6-4F7E-BEA2-6F73537DF84D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{079DA964-225A-43E4-93BB-B65133AC839F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{168B8360-B228-483D-8600-947717636C47}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{186FBE03-BDF2-41D1-95C9-6A511CED26FE}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{1DF635C1-187F-4ADB-9265-A4926B4DE20F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2054BF37-22A4-4C7C-BFFF-EB4CB2BB082E}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{2D0DF968-39FA-47A1-8733-6AB9CB9A1C96}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{5875486D-ADCB-4136-BB4A-BEC9C2585115}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{596B81AE-1645-4401-8024-F70FAA557305}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{62BBE71C-73B4-429F-9BB4-440FC74144B7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{6776A08F-221C-4935-BA9A-FAA700D546B6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6A5406E2-EBBF-4F87-8751-32EE2D76616A}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{80B4C7DA-CE48-4EC3-8A9D-EC09E3E16FEE}" = lport=2178 | protocol=6 | dir=in | app=system |
"{812641CE-E0D2-42D6-8709-6881581B25AC}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{970412A7-EE29-4E4D-B7E1-FF95F8B9D388}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{9BA664CB-3F3D-4CFA-B434-A19B335928AD}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{B2EA9E6A-3878-47DF-9FB3-FAF4668F1F03}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B96FFD81-237B-495C-87FF-4CB7C19170C6}" = rport=2178 | protocol=6 | dir=out | app=system |
"{FF2DD0DA-16F5-4455-9587-A14374CB03EF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014F8A22-CE7F-499E-BCB9-57BB669FFD4A}" = protocol=6 | dir=in | app=c:\users\ethan!\desktop\trywow.exe |
"{02791285-D961-4EBB-9E30-F584D45A2202}" = protocol=6 | dir=in | app=c:\program files\bfgclient\bfgclient.exe |
"{0ABD1915-6627-403E-A5D6-66253926081C}" = protocol=17 | dir=in | app=c:\program files\bfgclient\bfgprocess.exe |
"{0DD01FB4-6A2E-4D9E-8481-ACB67F1140C6}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{112F719D-FC66-4EE1-B09B-7BA9575A83A4}" = protocol=17 | dir=in | app=c:\users\debi!!\appdata\local\temp\wmpscnfg.exe |
"{1AB1EAF3-8E46-4466-85BE-336EF2F10FE6}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{21083DA9-C628-418C-B49E-7FB18A0F2369}" = protocol=6 | dir=in | app=c:\users\debi!!\appdata\local\temp\nvvscv.exe |
"{2B0E4EC6-30B5-4CC8-BB78-C24AEC663266}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{3465BEB3-3D56-4DFA-BDE1-31482078A0D9}" = protocol=17 | dir=in | app=e:\ravenhearst_en.exe |
"{35C0A966-D908-4BE6-96CC-7A3914E552C2}" = protocol=6 | dir=in | app=e:\ravenhearst_en.exe |
"{3627E63F-91AB-40BD-B07E-13CAD63E990B}" = protocol=17 | dir=in | app=c:\users\ethan!\desktop\trywow.exe |
"{3C8F36C2-7101-45CE-9C17-D22468EA8F52}" = protocol=6 | dir=in | app=c:\users\debi!!\appdata\local\temp\wmpscnfg.exe |
"{3F604EBF-A50D-48AC-8261-D21C5EA4677C}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{464475BB-7526-4C54-9820-108376FCE2FE}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{4855DE68-82EB-4190-9C24-96EAA4FF3574}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{48EEAF7C-CEBB-4713-81DD-ACAE44986001}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{4DA67A1D-68D1-42D8-B230-C191986E50B2}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{527867F9-D766-4A17-90D7-F07775F11B80}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{5F9AC933-139D-4C29-A014-57A9BCE625DA}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{611ACD0A-C6A4-48AD-8276-05DE2F52F464}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{7C616388-42B7-48CC-8CA3-7AA3AB06C383}" = protocol=6 | dir=in | app=c:\windows\system32\wercon.exe |
"{7EE6E32C-406E-4492-9CE2-B73894242405}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{80A17717-6007-490D-A201-DB40D189A878}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{81B470E0-E1C9-497B-8736-B9C22CFE39B2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{82B571A5-C9CF-4A1D-9C61-EC8BF779700F}" = protocol=17 | dir=in | app=c:\users\debi!!\appdata\local\temp\nvvscv.exe |
"{8CFABF60-EF2B-4E8A-9995-4CF844571CD0}" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{9BD3A751-3F4E-4068-A9B4-D1217898F493}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{9ED94F92-8848-4BFB-8B2D-8D47991EF3D9}" = protocol=17 | dir=in | app=c:\program files\bfgclient\bfggameservices.exe |
"{A5EAE059-798D-46EE-868C-E74DCB40D5E3}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{ABEE3B27-FF12-4E94-9FA1-BC02FB4503B3}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{ADC25442-7AC3-4801-9429-BD257139CE7E}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe |
"{B6858DB1-58E8-408D-B3EF-01316158FAA8}" = protocol=6 | dir=in | app=c:\program files\bfgclient\bfgprocess.exe |
"{BA482BE8-6F17-4580-9DEA-AFB34E794237}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{BFFDCD7A-5457-414A-847C-852C46F1C57A}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{C5B0E0F1-64F5-4103-B87C-BD503A590DD4}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{C7F59A8E-1023-482D-90F2-673EFE9A1B3D}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{CD8F569D-8510-4A69-9325-3B6874152CFE}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{D4C54C4C-C178-4C2A-B445-F71BCEBE3B08}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{D7912B64-A4D0-4BF9-9702-7C6A7FDAAB93}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D7C43FEA-0875-4ADC-BAF1-385E2E5A6D02}" = protocol=6 | dir=out | app=system |
"{E30EC8A2-8789-40E7-BC1E-7F5FE153D3E0}" = protocol=17 | dir=in | app=c:\program files\bfgclient\bfgclient.exe |
"{EB735D33-FDD7-49FE-A7D8-A0D928636EE0}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{F1DB4E70-0882-49D0-8DEB-56EC8E4A8800}" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{F209C1A4-E119-4F81-9A1A-FAD1BF8B4569}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{F81D17C5-8692-4283-992C-1B7D75D804C2}" = protocol=17 | dir=in | app=c:\windows\system32\wercon.exe |
"{FCD733CF-CD32-47B0-8C9E-0D59792DCC82}" = protocol=6 | dir=in | app=c:\program files\bfgclient\bfggameservices.exe |
"TCP Query User{28A56EDD-A2BD-4A8A-9CB1-2E023AF0E6E1}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{9BBA9B99-A202-4C92-A76A-9B6CD10A449A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A0475727-8B76-49FA-A9EB-176A7B233391}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe |
"TCP Query User{A86B132D-E4F4-43AA-BBBF-84D29785AECA}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{EF23B7DE-BB94-423D-8B9E-140328C22C14}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{2907FA5D-B046-4726-80F4-7E3CB6434058}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe |
"UDP Query User{D46FE928-7BCE-46D1-9B5E-CC74FE7150C2}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{E36CFC14-1C12-4EB7-BCDB-0C11D8CB22E2}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{F49022B7-F1CB-4C4D-AD64-5B253B425D72}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F79E9878-7514-4C98-B1CB-2259116ED0E1}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.2.79
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4A4E6B2-D45F-4EB1-8C3A-6EB8D45A31C9}" = ClientTools
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Action Replay DSi Code Manager_is1" = Action Replay DSi Code Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"ArtistScope Plugin IE4.2.0.3" = ArtistScope Plugin IE
"Ask Toolbar_is1" = Ask Toolbar
"avast" = avast! Free Antivirus
"BfgBar" = Big Fish Games Toolbar 2.0
"BFGC" = Big Fish Games: Game Manager
"CCleaner" = CCleaner
"Chuzzle Deluxe 1.0" = Chuzzle Deluxe 1.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"conduitEngine" = Conduit Engine
"eGames GameButler" = eGames GameButler
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hoyle Puzzle & Board Games 2009" = Hoyle Puzzle & Board Games 2009
"IObit Security 360_is1" = IObit Security 360
"isoHunt Toolbar" = isoHunt Toolbar
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Standard)
"Live Billiards 2" = Live Billiards 2
"Magic Encyclopedia Moon Light 1.00" = Magic Encyclopedia Moon Light 1.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NetSight" = Nielsen
"OpenAL" = OpenAL
"Origin" = Origin
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"RollerCoaster Tycoon Setup" = Roll
"Search Guard Plus" = Search Guard Plus (My Web Tattoo)
"Search Guard Plus Updater" = Search Guard Plus Updater (My Web Tattoo)
"Silent Package Run-Time Sample" = EPSON PictureMate User's Guide
"Smart Defrag 2_is1" = Smart Defrag 2
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)
"Unlocker" = Unlocker 1.9.0
"uTorrent" = µTorrent
"VIVAGplayer" = VIVA MEDIA GAME CENTER
"Voodoo Whisperer - Curse of a Legend" = Voodoo Whisperer - Curse of a Legend
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

__________________________
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-12 11:19:55
-----------------------------
11:19:55.458 OS Version: Windows 6.0.6002 Service Pack 2
11:19:55.458 Number of processors: 1 586 0x1601
11:19:55.458 ComputerName: JOYCE-PC UserName: dummy
11:19:56.050 Initialize success
11:20:02.602 AVAST engine defs: 11081200
11:20:10.699 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:20:10.699 Disk 0 Vendor: ST3250310AS 3.ADA Size: 238418MB BusType: 3
11:20:12.727 Disk 0 MBR read successfully
11:20:12.727 Disk 0 MBR scan
11:20:12.742 Disk 0 Windows VISTA default MBR code
11:20:12.758 Disk 0 scanning sectors +488278016
11:20:12.836 Disk 0 scanning C:\Windows\system32\drivers
11:20:23.865 Service scanning
11:20:24.286 Service flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys **HIDDEN**
11:20:25.020 Modules scanning
11:20:30.043 Disk 0 trace - called modules:
11:20:30.074 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
11:20:30.090 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x849194b0]
11:20:30.604 3 CLASSPNP.SYS[87ba78b3] -> nt!IofCallDriver -> [0x83a2a898]
11:20:30.604 5 acpi.sys[8068f6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83e49528]
11:20:31.431 AVAST engine scan C:\Windows
11:20:35.425 AVAST engine scan C:\Windows\system32
11:22:05.858 File: C:\Windows\system32\odbcbcpp.dll **INFECTED** Win32:Malware-gen
11:22:07.215 File: C:\Windows\system32\olecli322.dll **INFECTED** Win32:Malware-gen
11:22:20.116 File: C:\Windows\system32\schedsvcc.dll **INFECTED** Win32:Malware-gen
11:22:58.071 AVAST engine scan C:\Windows\system32\drivers
11:23:15.543 AVAST engine scan C:\Users\dummy
11:24:00.440 AVAST engine scan C:\ProgramData
11:29:02.612 Scan finished successfully
11:33:56.282 Disk 0 MBR has been saved successfully to "C:\Users\dummy\Desktop\MBR.dat"
11:33:56.282 The log file has been saved successfully to "C:\Users\dummy\Desktop\aswMBR.txt"


OTL logfile created on: 8/13/2011 11:00:27 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\dummy\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 81.46% Memory free
2.16 Gb Paging File | 1.94 Gb Available in Paging File | 89.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 55.80 Gb Free Space | 25.05% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.53 Gb Free Space | 35.33% Space Free | Partition Type: NTFS

Computer Name: JOYCE-PC | User Name: dummy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/13 22:56:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\dummy\Desktop\OTL.com
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/08/13 22:56:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\dummy\Desktop\OTL.com
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (avast! Antivirus)
SRV - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/05/22 09:58:23 | 000,266,240 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\CSHelper.exe -- (CSHelper)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/03/19 15:07:54 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/18 15:04:08 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 16:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/13 22:14:30 | 000,278,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/01/13 22:14:30 | 000,025,416 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/06/17 09:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 09:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/29 01:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 11:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 17:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2001/05/07 03:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2011/08/12 00:18:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (isoHunt Toolbar) - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Big Fish Games Toolbar) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (isoHunt Toolbar) - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Big Fish Games Toolbar) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (isoHunt Toolbar) - {A6E4A4EB-D169-4E99-8988-250FCBAFE767} - C:\Program Files\isoHunt\tbiso1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast5] File not found
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SmartDefragBootTime.exe) - C:\Windows\System32\SmartDefragBootTime.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^debi!!^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7249907A.lnk - - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: conhost - hkey= - key= - File not found
MsConfig - StartUpReg: DellSupportCenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: dscactivate - hkey= - key= - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
MsConfig - StartUpReg: NeroCheck - hkey= - key= - File not found
MsConfig - StartUpReg: NielsenOnline - hkey= - key= - File not found
MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: UnlockerAssistant - hkey= - key= - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: SupportSoft RemoteAssist - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/08/13 22:55:22 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\dummy\Desktop\OTL.com
[2011/08/13 02:45:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/13 02:45:25 | 000,000,000 | ---D | C] -- C:\Users\dummy\AppData\Local\temp
[2011/08/13 02:44:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/13 02:08:40 | 000,061,440 | ---- | C] ( ) -- C:\Users\dummy\Desktop\VEW.exe
[2011/08/12 12:07:18 | 004,170,159 | R--- | C] (Swearware) -- C:\Users\dummy\Desktop\ComboFix.exe
[2011/08/12 04:58:02 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\dummy\Desktop\aswMBR.exe
[2011/08/12 04:55:22 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\dummy\Desktop\ATF_Cleaner.exe
[2011/08/12 04:29:55 | 178,215,952 | ---- | C] (AVG Technologies) -- C:\Users\dummy\Desktop\avg_free_x86_all_2011_1392a3812.exe
[2011/08/12 00:07:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/12 00:07:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/12 00:07:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/12 00:07:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/12 00:07:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/05 02:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/08/05 02:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/08/04 17:46:46 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011/08/04 17:46:46 | 000,456,144 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011/08/04 17:46:46 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011/08/04 17:46:46 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011/08/04 17:46:44 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011/08/04 17:46:44 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011/08/04 17:46:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011/08/04 17:46:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011/08/04 17:46:44 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011/08/04 17:46:44 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011/08/04 17:46:42 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011/08/04 17:46:42 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011/08/03 00:19:03 | 000,000,000 | ---D | C] -- C:\Users\dummy\AppData\Roaming\Hoyle FaceCreator
[2011/08/03 00:19:02 | 000,000,000 | ---D | C] -- C:\Users\dummy\AppData\Roaming\Hoyle Puzzle and Board Games
[2011/07/30 03:32:38 | 000,000,000 | ---D | C] -- C:\Users\dummy\AppData\Roaming\AVG10
[2011/07/30 03:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/07/30 03:30:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/07/30 03:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/07/29 22:58:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/07/29 22:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/07/25 10:56:15 | 000,000,000 | ---D | C] -- C:\Users\dummy\AppData\Roaming\Vogat Interactive
[2011/07/18 18:57:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/07/15 00:35:04 | 000,036,864 | ---- | C] (TOSHIBA/MEI) -- C:\Windows\System32\SDDEVMGR.dll
[2011/07/15 00:35:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
[2011/07/15 00:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Panasonic
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/13 22:56:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\dummy\Desktop\OTL.com
[2011/08/13 22:04:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/13 22:04:10 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/08/13 22:02:33 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/13 09:32:41 | 000,000,680 | ---- | M] () -- C:\Users\dummy\AppData\Local\d3d9caps.dat
[2011/08/13 02:08:40 | 000,061,440 | ---- | M] ( ) -- C:\Users\dummy\Desktop\VEW.exe
[2011/08/13 02:05:35 | 000,060,184 | ---- | M] () -- C:\Users\dummy\Desktop\bluescreenview.zip
[2011/08/12 12:07:21 | 004,170,159 | R--- | M] (Swearware) -- C:\Users\dummy\Desktop\ComboFix.exe
[2011/08/12 11:33:56 | 000,000,512 | ---- | M] () -- C:\Users\dummy\Desktop\MBR.dat
[2011/08/12 04:58:13 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\dummy\Desktop\aswMBR.exe
[2011/08/12 04:56:40 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\dummy\Desktop\ATF_Cleaner.exe
[2011/08/12 04:33:02 | 126,978,706 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/08/12 04:29:56 | 178,215,952 | ---- | M] (AVG Technologies) -- C:\Users\dummy\Desktop\avg_free_x86_all_2011_1392a3812.exe
[2011/08/12 00:18:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/08/11 23:22:04 | 000,594,698 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/11 23:22:04 | 000,100,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/05 07:07:28 | 000,006,472 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/08/04 17:46:46 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011/08/04 17:46:46 | 000,456,144 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011/08/04 17:46:46 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011/08/04 17:46:46 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011/08/04 17:46:44 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011/08/04 17:46:44 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011/08/04 17:46:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011/08/04 17:46:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011/08/04 17:46:44 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011/08/04 17:46:44 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011/08/04 17:46:42 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011/08/04 17:46:42 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011/07/30 19:14:39 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/30 10:34:12 | 000,354,150 | ---- | M] () -- C:\Users\dummy\AppData\Local\census.cache
[2011/07/30 10:34:06 | 000,188,155 | ---- | M] () -- C:\Users\dummy\AppData\Local\ars.cache
[2011/07/30 05:18:45 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Users\dummy\Desktop\HousecallLauncher.exe
[2011/07/25 02:53:50 | 000,000,552 | ---- | M] () -- C:\Users\dummy\AppData\Local\d3d8caps.dat
[2011/07/24 23:27:02 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\cgscfs.sys
[2011/07/24 22:12:35 | 000,004,740 | ---- | M] () -- C:\Users\dummy\AppData\Roaming\F9E4.B29
[2011/07/24 04:35:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/24 04:35:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/24 01:29:58 | 000,000,632 | RHS- | M] () -- C:\Users\dummy\ntuser.pol
[2011/07/20 05:12:31 | 000,866,304 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2011/07/20 05:04:57 | 001,690,624 | RH-- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2011/07/15 00:35:04 | 000,000,745 | ---- | M] () -- C:\Users\Public\Desktop\SDFormatter V2.0.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

The rest of the log will be in the next post.
Thanx!

Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Fri Aug 19, 2011 10:03 pm

Here is the rest of the OTL log.

========== Files Created - No Company Name ==========

[2011/08/13 02:05:35 | 000,060,184 | ---- | C] () -- C:\Users\dummy\Desktop\bluescreenview.zip
[2011/08/12 11:33:56 | 000,000,512 | ---- | C] () -- C:\Users\dummy\Desktop\MBR.dat
[2011/08/12 00:07:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/12 00:07:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/12 00:07:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/12 00:07:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/12 00:07:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/05 08:42:58 | 126,978,706 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/08/05 02:51:50 | 000,006,472 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/07/30 05:28:02 | 000,354,150 | ---- | C] () -- C:\Users\dummy\AppData\Local\census.cache
[2011/07/30 05:27:56 | 000,188,155 | ---- | C] () -- C:\Users\dummy\AppData\Local\ars.cache
[2011/07/25 02:53:50 | 000,000,552 | ---- | C] () -- C:\Users\dummy\AppData\Local\d3d8caps.dat
[2011/07/24 23:27:02 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\cgscfs.sys
[2011/07/24 04:36:03 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/07/20 04:47:10 | 001,690,624 | RH-- | C] () -- C:\Users\Public\Documents\ESBK.mbb
[2011/07/20 04:47:10 | 000,866,304 | R--- | C] () -- C:\Users\Public\Documents\ESBK.mb
[2011/07/15 00:35:04 | 000,000,745 | ---- | C] () -- C:\Users\Public\Desktop\SDFormatter V2.0.lnk
[2011/07/08 03:30:34 | 000,004,608 | ---- | C] () -- C:\Users\dummy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/10 22:16:12 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2011/05/09 11:37:00 | 000,004,740 | ---- | C] () -- C:\Users\dummy\AppData\Roaming\F9E4.B29
[2011/05/06 23:43:52 | 000,011,026 | -HS- | C] () -- C:\ProgramData\go2n3m44mx5oqb8kpjht117f671t8u8u0jpxv8j6414k8x2
[2011/05/03 16:48:47 | 000,000,680 | ---- | C] () -- C:\Users\dummy\AppData\Local\d3d9caps.dat
[2011/05/03 16:48:16 | 000,000,036 | ---- | C] () -- C:\Users\dummy\AppData\Local\housecall.guid.cache
[2011/05/03 13:15:21 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/05/03 13:15:21 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/04/09 13:38:06 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~22470408r
[2011/04/09 13:38:05 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~22470408
[2011/04/09 13:38:01 | 000,000,336 | -H-- | C] () -- C:\ProgramData\22470408
[2011/04/08 04:02:53 | 000,012,416 | -HS- | C] () -- C:\ProgramData\2935481361
[2011/04/08 03:59:45 | 000,012,404 | -HS- | C] () -- C:\ProgramData\ve3k80q6ia
[2011/04/07 06:55:18 | 000,011,400 | -HS- | C] () -- C:\ProgramData\325cq8r6ceko405fg
[2011/03/27 01:41:01 | 000,011,936 | -HS- | C] () -- C:\ProgramData\106v50l53jpe0d87ue1i
[2011/03/23 03:58:47 | 000,010,572 | -HS- | C] () -- C:\ProgramData\fb22xu425vb5fp54wy6lyr05k7ql7026w3vc55a2845p1
[2010/10/28 17:40:57 | 000,000,227 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/10/28 17:40:56 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2010/08/31 16:50:28 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010/08/31 16:50:28 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010/08/31 16:50:28 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010/05/22 09:58:23 | 000,266,240 | ---- | C] () -- C:\Windows\System32\CSHelper.exe
[2010/04/19 22:09:40 | 000,003,330 | -HS- | C] () -- C:\ProgramData\22k5paIc
[2010/03/18 20:44:11 | 000,000,473 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/02/23 21:57:59 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/02/08 06:04:27 | 000,000,044 | -H-- | C] () -- C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
[2010/01/28 06:09:29 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/01/13 22:14:30 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010/01/13 22:14:30 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/12/21 05:58:30 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2009/11/20 08:10:48 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/11/19 10:05:41 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dxdiaag.exe
[2009/11/04 04:31:43 | 000,000,000 | ---- | C] () -- C:\Windows\LiveBilliards.INI
[2009/10/21 05:20:38 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2009/08/14 12:32:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/14 12:32:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/05 19:31:38 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/26 17:52:58 | 000,055,954 | ---- | C] () -- C:\Windows\War3Unin.dat
[2008/10/15 16:36:13 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/16 00:56:10 | 000,023,040 | ---- | C] () -- C:\Windows\System32\PopWait.exe
[2008/09/05 22:49:59 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008/09/05 22:49:59 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/09/04 19:29:18 | 000,000,026 | ---- | C] () -- C:\Windows\popcinfo.dat
[2008/07/18 17:32:08 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/07/18 17:32:08 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/07/18 17:32:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/07/18 17:32:08 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/02/11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 20:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 20:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 20:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/02/03 16:37:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 05:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:44:53 | 000,266,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:51 | 000,040,960 | ---- | C] () -- C:\Windows\System32\clleanmgr.exe
[2006/11/02 03:33:01 | 000,594,698 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,100,766 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/10/07 17:07:38 | 000,011,376 | R--- | C] () -- C:\Windows\System32\drivers\SECDRV.SYS
[2001/07/13 07:04:00 | 000,373,248 | ---- | C] () -- C:\Windows\EyeCand3.INI

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/08/12 04:58:13 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\dummy\Desktop\aswMBR.exe
[2011/08/12 04:56:40 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\dummy\Desktop\ATF_Cleaner.exe
[2011/08/12 04:29:56 | 178,215,952 | ---- | M] (AVG Technologies) -- C:\Users\dummy\Desktop\avg_free_x86_all_2011_1392a3812.exe
[2011/08/12 12:07:21 | 004,170,159 | R--- | M] (Swearware) -- C:\Users\dummy\Desktop\ComboFix.exe
[2011/07/30 05:18:45 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Users\dummy\Desktop\HousecallLauncher.exe
[2011/08/13 02:08:40 | 000,061,440 | ---- | M] ( ) -- C:\Users\dummy\Desktop\VEW.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/08/13 22:04:10 | 268,435,456 | -HS- | M] () Unable to obtain MD5 -- C:\Windows\system32\temppf.sys

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2011/05/03 10:42:49 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2010/11/19 23:14:24 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/01/10 12:41:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Adventure Chronicles
[2011/05/03 10:42:50 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2009/02/18 00:15:08 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2011/02/04 09:37:32 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2011/05/03 10:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/08/22 16:08:55 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2011/05/03 10:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\AskBarDis
[2011/07/30 03:30:12 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2011/05/03 10:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\Bejeweled 3
[2011/05/03 10:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\BFG
[2011/05/03 10:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\BfgBar
[2011/05/03 10:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\bfgclient
[2011/05/03 10:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/05/03 10:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/07/12 12:02:46 | 000,000,000 | ---D | M] -- C:\Program Files\Celeris
[2008/07/18 15:04:08 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2011/08/13 02:41:20 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/07/19 06:24:55 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2011/07/03 14:26:10 | 000,000,000 | ---D | M] -- C:\Program Files\ConduitEngine
[2008/07/18 09:37:59 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/09/19 20:08:19 | 000,000,000 | ---D | M] -- C:\Program Files\Cryo Interactive Entertainment
[2008/07/18 14:52:16 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/12/29 17:29:34 | 000,000,000 | ---D | M] -- C:\Program Files\Datel
[2008/07/18 15:09:26 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/07/18 15:01:35 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2011/02/28 19:12:38 | 000,000,000 | -H-D | M] -- C:\Program Files\Diablo II
[2011/05/03 10:42:58 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2010/01/24 23:31:14 | 000,000,000 | -H-D | M] -- C:\Program Files\directx
[2011/05/03 10:42:58 | 000,000,000 | ---D | M] -- C:\Program Files\Dream Chronicles - The Chosen Child
[2010/01/28 00:40:04 | 000,000,000 | ---D | M] -- C:\Program Files\eGames
[2011/06/17 01:48:00 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/11/17 06:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\epson
[2011/07/03 04:39:29 | 000,000,000 | ---D | M] -- C:\Program Files\Free YouTube Downloader
[2011/08/10 00:33:52 | 000,000,000 | ---D | M] -- C:\Program Files\Games
[2011/07/03 14:26:10 | 000,000,000 | ---D | M] -- C:\Program Files\Ganymede
[2011/07/05 23:34:46 | 000,000,000 | ---D | M] -- C:\Program Files\Golden Trails 2 The Lost Legacy
[2010/01/31 21:18:12 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/05/03 10:43:00 | 000,000,000 | ---D | M] -- C:\Program Files\Green Moon
[2011/07/03 14:26:11 | 000,000,000 | ---D | M] -- C:\Program Files\Hoyle Puzzle & Board Games 2009
[2011/07/15 00:35:03 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/07/18 14:51:14 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/05/09 12:17:48 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/05/10 22:46:05 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2011/07/03 14:26:11 | 000,000,000 | ---D | M] -- C:\Program Files\isoHunt
[2009/05/25 17:25:26 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2010/10/17 23:46:57 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/05/03 10:43:07 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2009/08/22 16:07:40 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2009/11/10 04:38:30 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2011/07/24 23:10:51 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/03 10:43:08 | 000,000,000 | ---D | M] -- C:\Program Files\Marooned
[2010/02/01 20:36:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2011/05/03 10:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2008/07/18 14:55:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/05/03 10:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2011/05/03 10:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/07/18 14:55:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/05/03 10:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Diagnostic Tool
[2011/05/03 10:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2006/11/02 05:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/12/05 09:03:58 | 000,000,000 | -H-D | M] -- C:\Program Files\MSXML 4.0
[2010/01/19 14:01:47 | 000,000,000 | -H-D | M] -- C:\Program Files\My Downloaded Games
[2011/05/03 10:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2011/05/03 10:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\Nightmare Adventure - Witchs Prison
[2011/05/03 10:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\OpenAL
[2011/06/17 01:48:14 | 000,000,000 | ---D | M] -- C:\Program Files\Origin
[2009/12/06 04:13:24 | 000,000,000 | ---D | M] -- C:\Program Files\OXXOGames
[2011/07/15 00:35:04 | 000,000,000 | ---D | M] -- C:\Program Files\Panasonic
[2010/04/10 01:04:14 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2011/05/03 10:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/09/21 00:26:36 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2011/05/03 10:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\RealArcade
[2006/11/02 05:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/07/19 05:32:26 | 000,000,000 | -H-D | M] -- C:\Program Files\ReflexiveArcade
[2011/05/03 10:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2011/05/03 10:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\Secret Mission - The Forgotten Island
[2010/07/30 09:18:24 | 000,000,000 | -H-D | M] -- C:\Program Files\Snark Busters Welcome to the Club
File not found -- C:\Program Files\Sultan of Persia
[2011/08/12 03:23:49 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/07/09 01:10:03 | 000,000,000 | -H-D | M] -- C:\Program Files\Telltale Games
[2011/05/03 10:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\Trapped - The Abduction
[2009/02/02 17:52:02 | 000,000,000 | ---D | M] -- C:\Program Files\Ubi Soft
[2006/11/02 05:58:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/05/03 13:36:25 | 000,000,000 | ---D | M] -- C:\Program Files\Unlocker
[2011/05/03 10:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2011/05/03 10:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\Viva Media Game Center
[2011/05/05 02:17:31 | 000,000,000 | ---D | M] -- C:\Program Files\Voodoo Whisperer - Curse of a Legend
[2010/04/24 09:42:16 | 000,000,000 | ---D | M] -- C:\Program Files\VSO
[2011/07/15 20:28:23 | 000,000,000 | ---D | M] -- C:\Program Files\Warcraft III
[2011/05/03 10:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/10/13 20:38:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2011/05/03 10:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/04/08 07:48:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2011/05/03 10:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2011/05/03 10:40:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2011/05/10 09:02:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2011/05/03 10:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/11/19 10:13:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2011/05/03 10:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/11/18 04:56:59 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/12/30 04:24:27 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo! Games


< MD5 for: AGP440.SYS >
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 19:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 19:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: DISK.SYS >
[2009/04/10 23:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/10 23:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/10 23:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/20 19:32:45 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/20 19:32:45 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 02:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTOR.SYS >
[2007/04/26 03:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R154092\iastor.sys
[2007/04/26 03:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/04/26 03:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/04/26 03:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 19:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 19:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 19:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 19:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-03 21:32:52

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/20 19:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/20 19:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/20 19:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/20 19:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/20 19:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/20 19:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:33611CFB
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:03DF2E8E
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:65929158
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:4FE42FFC
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:43157EDE
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:88B0DDFD
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:7158CB97
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5E5122BD
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:0310A379
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:6D94BA26
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:6C13E971
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:506E1E25
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:3DA71AE7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:398D29B6
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PBPUV9VK9V89VMRV5V4REABYEKLPH9E48E2R0T5PL34DBWFLM3TLVVVVVVVVVVJVK
@Alternate Data Stream - 247 bytes -> C:\ProgramData\TEMP:378824DE
@Alternate Data Stream - 242 bytes -> C:\ProgramData\TEMP:852F2262
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:697DDE2B
@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:DE875C30
@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:E2CFA9CD
@Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:397D67BA
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:9FD757A9
@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:943971F5
@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:561B1D2B
@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:18DEBC51
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:70B67720
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:DA5888A7
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:65521523
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:587F3582
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:47B543D8
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:6EE919A7
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:359B5EAB
@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:37F92FC5
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:C144EBE0
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:E3892B6D
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:C946DB94
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:C3A4217C
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:37C5B4CA
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:FEF90995
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:71612023
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:AA6C7C38
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:8D4852A2
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:6F863BC7
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:F073D52C
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:9E76E7F3
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:700B9342
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:5E85021E
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:42EF7FC8
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:33E12B7A
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:05487299
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:D373CB5C
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:058A7351
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:FB65A4AA
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:F854B030
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:DC21D414
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D41E806D
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:CEDA49F4
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:97AD6135
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0E22C5DB
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:ED86E7AC
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:72739815
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:40DB6D00
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0C9C1FE0
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E7B4296D
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C49A5AD1
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C2F24DB5
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:9F36615A
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:65B8AF94
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:60EA2068
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:2495D97A
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0479E312
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:7FEAB9B8
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:4AA3DAA3
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:250A84D5
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:DDA2D0EB
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:DCC862FF
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:9F222B60
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:80F63EC3
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:50F94E7B
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:367F03D2
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:349CACE5
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0F38B460
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F1D9186A
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:C40E212B
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9BFAA502
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:3D0C4F47
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:1E3035E2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:16EC8A23
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:0EC7A545
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:DC0B1070
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D3DFEDE1
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:B4FDEF97
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:AE8D9000
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:9CD61266
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:7BFAAE70
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:62197B73
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5520ED93
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:52C24010
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:1E6E20D4
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:F8F070C2
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:F5D81BA1
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E39052E1
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:CDC1B76E
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:CC228581
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:B2CB0E61
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:B1BFD26C
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:59ABA9C6
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:32A82570
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:1E3397DC
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:0803A95E
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E3C56885
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:C3CB23B4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:ACBFC561
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A72132CC
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:7FCB9D0D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4D551822
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:FC5AE643
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C3A1351B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C10635F6
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:A752D3DB
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:341C1FBD
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:13EF4AF6
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:FDAF118C
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F24AD862
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:EC94F18F
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:898109B4
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:8396B0AE
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:737160C1
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6F0B6A5A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:4DDE401B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:31426EDF
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:1170D6E4
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:EA10407C
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E894A3ED
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E411AA0D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A26AC9FC
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:6B05AF40
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:689AB7E9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:49DB5ACF
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:3C75E5BE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:04CE8640
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:FE4E15B1
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:ED2D63E4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E8A39657
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D53344E0
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4D9D205F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4735EB3F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:322C7029
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:04F67B3D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:8101D728
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:42A3BDD7
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:17927369
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:115FA012
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D197DC80
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B4980368
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:93B0BB6F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5A27D490
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:447AD91E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:41DAF48E
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:D3168CCE
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:CC0D80AD
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C186F20B
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9B9085E9
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:90C12AC3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8B430BE3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:715EDF9F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:62AC0CCE
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:07A0D262
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:F0E0213B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:DB77E2C4
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:BD8C785E
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:703CE963
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:5BC73C48
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:48977386
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:35D692B0
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2BC498A4
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:26FBC1F9
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:11201333
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:073341D1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E732B44B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DD04902E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D6255023
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:CF2C26D2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:CD346A22
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:BFAF71E0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B0456F0C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A76A1B1B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:7C819E94
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:7B52659E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:687D1056
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5E413CD6
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5795E8B2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:12FE8709
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:09B77012
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:FAF6860A
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:EEB25EAE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B9F6BE51
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:8DCF53BE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:51EFAA18
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:478FEFC3
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:3D36932D
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:195E2CF2
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FED25C29
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1FCF7DE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9C3AAD57
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:98982C88
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:92610EA3
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:78B923B2
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6A0A47E7
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:50636E35
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:3F9A3DFF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:F5F91AE1
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:ECE19DD1
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B77C5DEF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B64F7263
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:93C48025
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:725A4A66
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:62B9E014
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:615B50FC
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:541F9F51
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2C678471
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:19823AC6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:FFEECAB4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F45F3031
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F25B38E8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F0C1FF18
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A4E7D25F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:988216DA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:57B2B96C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1477B2F8
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D390A6A7
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8DF68137
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:68EF6203
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:59C113EC
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:4B1195DD
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:48C1DDAA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:22313216
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0FA1EAA7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E8CB831A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E55CE2D1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D3930F74
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:CEF2A14E
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C5E2BAEE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B30D9A49
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:74F3CA70
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:73D86CD1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:69C58877
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:5947273C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:F7763364
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DC85983B
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D48500F8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C1ECC69C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:90A2BDE4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:8F248747
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:54CB420C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:437B9941
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:41B89F80
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:405D842B
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:133CC4C3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:12D2EB9C
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FC2D8A6F
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E736CE6B
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:AC4DECA9
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:A5F155F1
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8ACA54F1
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:870649A4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:814692DF
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:3D6B89CE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:3BAE765B
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1C90EF4F
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1B7E2022
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:17844542
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:15606AA7
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0DCCEC7C
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0AC32449
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E8C44CB4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:DE47A3DA
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D0BB00BB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C92A6B45
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:370E4EFB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:2B1EA607
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:26A148EB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:1CF2F47C
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:F1DEA771
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:D0668210
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A57500CB
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8B3A123D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7B626525
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:53C0A7FF
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:18EE7F24
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:1898E06D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:05DCA64A
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D941299B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:B688AC76
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:98DFF516
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:81B5B293
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6FC375B1
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6C99C213
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2652902F
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0B210DD3
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BFD53918
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:996104FC
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8CCA8DB4
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:583D44CB
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:51F17BB8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:27B25A27
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2361E235
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2342AE46
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:34EFF1F2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:2C22C34B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:EB12FF2B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DB4C77AD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:2C250258
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1CB4A530
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1B389835
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:FEAEBBCA
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:57176330
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:08EA7FD1
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:774A0E14
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:517B507A
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:2F8138B7
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E5294695
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:D7DA89B1
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B845F669
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:A58B27C9
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:A37A44E3
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:7C60A173
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:5F95AE81
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:938EC881
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:20685A31
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D8C96088
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E690114B
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:B6FD7157
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:8BB2EC84
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:1DEE6B65
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:D8228ABB
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:CFF21EA7
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:95970EA3
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:10D98D98
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:026B76F2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:CD9109D4
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:69AF9D20
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:315B4A13
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:AAF55C17
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:9C012695
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8D9EB6DC
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:49951DEB
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:43CFCEB7
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:B47F9D81
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:97C4F81F
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:F52A6209
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:E51234A9
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:C07A6A6B
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:0664ADFC
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A7DA2BCD
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:6444B424
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:5E9B629B
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:38BFF11F
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:F74C32B0
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:5070F1A6

< End of report >

Hopefully someone can help.
Thanx!

Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Dr Jay on Sat Aug 20, 2011 5:24 pm

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Sun Aug 21, 2011 6:41 pm

ComboFix 11-08-21.01 - dummy 08/21/2011 11:26:48.1.1 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2036.1669 [GMT -7:00]
Running from: c:\users\dummy\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-07-21 to 2011-08-21 )))))))))))))))))))))))))))))))
.
.
2011-08-21 18:34 . 2011-08-21 18:34 -------- d-----w- c:\users\Ethan!\AppData\Local\temp
2011-08-21 18:34 . 2011-08-21 18:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-21 18:34 . 2011-08-21 18:34 -------- d-----w- c:\users\dummy\AppData\Local\temp
2011-08-21 18:34 . 2011-08-21 18:34 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-08-21 18:34 . 2011-08-21 18:34 -------- d-----w- c:\users\debi!!\AppData\Local\temp
2011-08-05 09:48 . 2011-08-05 14:25 -------- d-----w- c:\programdata\STOPzilla!
2011-08-05 09:48 . 2011-08-05 09:48 -------- d-----w- c:\program files\Common Files\iS3
2011-08-05 00:46 . 2011-08-05 00:46 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-08-05 00:46 . 2011-08-05 00:46 456144 ----a-r- c:\windows\system32\SZBase5.dll
2011-08-05 00:46 . 2011-08-05 00:46 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-08-05 00:46 . 2011-08-05 00:46 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-08-05 00:46 . 2011-08-05 00:46 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-08-05 00:46 . 2011-08-05 00:46 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-08-05 00:46 . 2011-08-05 00:46 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-08-05 00:46 . 2011-08-05 00:46 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-08-05 00:46 . 2011-08-05 00:46 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-08-05 00:46 . 2011-08-05 00:46 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-08-05 00:46 . 2011-08-05 00:46 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-08-05 00:46 . 2011-08-05 00:46 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-08-03 07:19 . 2011-08-21 13:54 -------- d-----w- c:\users\dummy\AppData\Roaming\Hoyle FaceCreator
2011-08-03 07:19 . 2011-08-21 13:55 -------- d-----w- c:\users\dummy\AppData\Roaming\Hoyle Puzzle and Board Games
2011-07-30 10:32 . 2011-07-30 10:32 -------- d-----w- c:\users\dummy\AppData\Roaming\AVG10
2011-07-30 10:30 . 2011-08-12 11:33 -------- d-----w- c:\windows\system32\drivers\AVG
2011-07-30 10:30 . 2011-07-30 10:31 -------- d-----w- c:\programdata\AVG10
2011-07-30 10:30 . 2011-07-30 10:30 -------- d-----w- c:\program files\AVG
2011-07-30 05:58 . 2011-07-30 05:58 -------- d--h--w- c:\programdata\Common Files
2011-07-30 05:58 . 2011-08-12 11:34 -------- d-----w- c:\programdata\MFAData
2011-07-25 17:56 . 2011-07-25 17:56 -------- d-----w- c:\users\dummy\AppData\Roaming\Vogat Interactive
2011-07-25 13:40 . 2011-07-25 13:40 -------- d-----w- c:\users\debi!!\AppData\Roaming\SUPERAntiSpyware.com
2011-07-25 06:27 . 2011-07-25 06:27 54016 ----a-w- c:\windows\system32\drivers\cgscfs.sys
2011-07-24 15:31 . 2011-07-24 15:31 -------- d-----w- c:\users\debi!!\AppData\Roaming\Looking_Glass_Lane_Gude
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 22:12 . 2011-07-07 22:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-07 19:36 . 2010-05-12 23:48 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-07-07 19:36 . 2010-05-12 23:48 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-07-07 02:52 . 2010-03-11 05:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52 . 2010-03-11 05:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-17 08:42 . 2011-06-17 07:34 1324 ----a-w- c:\windows\system32\ealregsnapshot1.reg
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a6e4a4eb-d169-4e99-8988-250fcbafe767}"= "c:\program files\isoHunt\tbiso1.dll" [2010-05-12 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-18 00:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-03 18:16 175400 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
2010-05-12 16:39 2515552 ----a-w- c:\program files\isoHunt\tbiso1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 279944]
"{a6e4a4eb-d169-4e99-8988-250fcbafe767}"= "c:\program files\isoHunt\tbiso1.dll" [2010-05-12 2515552]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A6E4A4EB-D169-4E99-8988-250FCBAFE767}"= "c:\program files\isoHunt\tbiso1.dll" [2010-05-12 2515552]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-03 175400]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 279944]
.
[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
c:\program files\Alwil Software\Avast5\ashShell.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-12 1280344]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-07 1047656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-18 22:04 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKLM\~\startupfolder\C:^Users^debi!!^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7249907A.lnk]
path=c:\users\debi!!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7249907A.lnk
backup=c:\windows\pss\7249907A.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 07:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 12:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\conhost]
c:\program files\Internet Explorer\conhost.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 18:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NielsenOnline]
c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 16:56 124200 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-17 14:22 4907008 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 21:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3731821497-1863557417-350186197-1001]
"EnableNotificationsRef"=dword:00000001
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-05-22 266240]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-12 312152]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 04:18]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 04:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: microsoft.com\support
Trusted Zone: microsoft.com\update
TCP: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
TCP: Interfaces\{43D50626-08A0-4A24-B741-20D9B51DC7DF}: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-08-21 11:34
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UnlockerDriver5]
"ImagePath"="\??\c:\program files\Unlocker\UnlockerDriver5.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(700)
c:\windows\system32\igfxsrvc.dll
.
Completion time: 2011-08-21 11:37:05
ComboFix-quarantined-files.txt 2011-08-21 18:37
ComboFix2.txt 2011-08-13 09:45
ComboFix3.txt 2011-08-12 19:20
ComboFix4.txt 2011-08-12 07:20
.
Pre-Run: 59,385,589,760 bytes free
Post-Run: 59,348,746,240 bytes free
.
- - End Of File - - B8EF6A72C0FFBDB3111B6896C8BF7E4F



Thanx alot for getting back to me!! Hooray!

Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Dr Jay on Mon Aug 22, 2011 8:36 pm

Hi again. Please do these steps in order.

1. Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


2. Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

3. Please visit this webpage for instructions for downloading and running SUPERAntiSpyware (SAS) to scan and remove malware from your computer:

[You must be registered and logged in to see this link.]

Post the log from SUPERAntiSpyware when you've accomplished that.

4. Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


5. Post the following in your next reply:
  • MBAM log
  • SAS log
  • ESET log

And, please tell me how your computer is doing.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Tue Aug 23, 2011 4:53 pm

Here are the logs.

Malwarebytes' Anti-Malware 1.51.1.1800
[You must be registered and logged in to see this link.]

Database version: 7544

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005

8/23/2011 5:46:05 AM
mbam-log-2011-08-23 (05-46-05).txt

Scan type: Full scan (C:\|)
Objects scanned: 370645
Time elapsed: 45 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 08/23/2011 at 06:41 AM

Application Version : 4.56.1000

Core Rules Database Version : 7591
Trace Rules Database Version: 5403

Scan type : Complete Scan
Total Scan Time : 00:39:57

Memory items scanned : 315
Memory threats detected : 0
Registry items scanned : 9405
Registry threats detected : 0
File items scanned : 27912
File threats detected : 8

Adware.Tracking Cookie
C:\Users\dummy\AppData\Roaming\Microsoft\Windows\Cookies\dummy@lfstmedia[2].txt
C:\Users\dummy\AppData\Roaming\Microsoft\Windows\Cookies\dummy@collective-media[1].txt
C:\Users\dummy\AppData\Roaming\Microsoft\Windows\Cookies\dummy@ads.bleepingcomputer[2].txt
C:\Users\dummy\AppData\Roaming\Microsoft\Windows\Cookies\dummy@ad.yieldmanager[2].txt
C:\Users\dummy\AppData\Roaming\Microsoft\Windows\Cookies\dummy@media6degrees[2].txt
C:\Users\dummy\AppData\Roaming\Microsoft\Windows\Cookies\dummy@statcounter[1].txt
C:\Users\dummy\AppData\Roaming\Microsoft\Windows\Cookies\dummy@content.yieldmanager[1].txt
C:\Users\dummy\AppData\Roaming\Microsoft\Windows\Cookies\dummy@invitemedia[2].txt


C:\Qoobox\Quarantine\C\Program Files\Fast Browser Search\ie3sh.exe.vir probably a variant of Win32/BHO.OCS trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Fast Browser Search\IE\FBStoolbar.exe.vir a variant of Win32/BHO.OCS trojan deleted - quarantined
C:\Tools\unlocker1.9.0.exe Win32/Adware.ADON application deleted - quarantined
C:\Users\debi!!\Desktop\game torrents\House_M.D\House M.D\li-games-silent-2.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\Users\debi!!\Desktop\rar games\FreeYouTubeDownloaderSetup.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\Users\debi!!\Desktop\Tools\unlocker1.9.0.exe Win32/Adware.ADON application deleted - quarantined
C:\Users\debi!!\Downloads\duplicate-file-detective-3.0.1.69.exe a variant of Win32/Agent.QHQ trojan deleted - quarantined
C:\Users\debi!!\Downloads\Empress of the Deep - The Darkest Secret.exe a variant of Win32/Agent.RRG trojan cleaned by deleting - quarantined
C:\Users\debi!!\Downloads\Reincarnations 3 - Back to Reality BETA.exe a variant of Win32/TrojanDropper.Small.NMF trojan cleaned by deleting - quarantined
C:\Users\debi!!\Downloads\Twisted Land - Shadow Town\Twisted Land - Shadow Town.exe Win32/Delf.PQO trojan deleted - quarantined
C:\Windows\System32\clleanmgr.exe Win32/BHO.ODE trojan cleaned by deleting - quarantined
C:\Windows\System32\dxdiaag.exe Win32/BHO.ODE trojan cleaned by deleting - quarantined
C:\Windows\System32\odbcbcpp.dll Win32/BHO.ODE trojan cleaned by deleting - quarantined
C:\Windows\System32\olecli322.dll Win32/BHO.ODE trojan cleaned by deleting - quarantined
C:\Windows\System32\schedsvcc.dll Win32/BHO.ODE trojan cleaned by deleting - quarantined
Smile

Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Tue Aug 23, 2011 5:03 pm

The startup on my computer is a little faster but I still can't start Windows normally. The BSoD message is still the same. :sad:

Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Dr Jay on Tue Aug 23, 2011 8:51 pm

Save these instructions so you can have access to them while in Safe Mode.

Please click [You must be registered and logged in to see this link.] to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.
  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)
Leave the rest of the settings as they appear as default.
  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be neutralized then choose the delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Wed Aug 24, 2011 10:20 pm

Status: Deleted (events: 16)
8/23/2011 4:49:19 PM Deleted Trojan program Trojan.Win32.Koblu.bsz C:\Documents and Settings\debi!!\Desktop\game torrents\Big Fish Games - Trapped The Abduction - PreCrack-no.exe High
8/23/2011 4:49:19 PM Deleted Trojan program Trojan.Win32.Koblu.bsz C:\Documents and Settings\debi!!\Desktop\game torrents\Big Fish Games - Trapped The Abduction - PreCrack-no.exe//svchost.exe High
8/23/2011 4:48:54 PM Deleted Trojan program Trojan.Win32.VB.yxt C:\Documents and Settings\debi!!\Desktop\game torrents\Marooned-no\Marooned.exe High
8/23/2011 4:48:54 PM Deleted Trojan program Trojan.Win32.VB.yxt C:\Documents and Settings\debi!!\Desktop\game torrents\Marooned-no\Marooned.exe//openfile.exe High
8/23/2011 4:52:56 PM Deleted Trojan program Backdoor.Win32.VB.lac C:\Documents and Settings\debi!!\Desktop\rar games\Allora_and_the_Broken_Portal_BETA.rar High
8/23/2011 4:52:56 PM Deleted Trojan program Backdoor.Win32.VB.lac C:\Documents and Settings\debi!!\Desktop\rar games\Allora_and_the_Broken_Portal_BETA.rar//Allora and the Broken Portal BETA/Security.dll High
8/23/2011 6:16:49 PM Deleted Trojan program Trojan.Win32.Vilsel.ajcm C:\Documents and Settings\debi!!\Downloads\Twisted Land - Shadow Town.rar High
8/23/2011 6:16:49 PM Deleted Trojan program Trojan.Win32.Vilsel.ajcm C:\Documents and Settings\debi!!\Downloads\Twisted Land - Shadow Town.rar//Twisted Land - Shadow Town.exe High
8/23/2011 6:16:49 PM Deleted Trojan program Trojan.Win32.Vilsel.ajcm C:\Documents and Settings\debi!!\Downloads\Twisted Land - Shadow Town.rar//Twisted Land - Shadow Town.exe//data0002 High
8/23/2011 6:17:08 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\debi!!\Downloads\Magic Encyclopedia Moon Light\Magic Encyclopedia Moon Light.exe High
8/23/2011 6:17:08 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\debi!!\Downloads\Magic Encyclopedia Moon Light\Magic Encyclopedia Moon Light.exe//data0016.res High
8/23/2011 6:17:08 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\debi!!\Downloads\Magic Encyclopedia Moon Light\Magic Encyclopedia Moon Light.exe//data0016.res//Magic_Encyclopedia_Moon_Light.exe High
8/23/2011 6:17:08 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\debi!!\Downloads\Magic Encyclopedia Moon Light\Magic Encyclopedia Moon Light.exe//data0000.cab High
8/23/2011 6:41:22 PM Deleted Trojan program Trojan.Win32.Buzus.aafw C:\Program Files\Real\RealPlayer\library\Dr. Monocle's Optical Experiment (New Hidden Object Game)\Dr Monocles.exe High
8/23/2011 6:41:22 PM Deleted Trojan program Trojan.Win32.Buzus.aafw C:\Program Files\Real\RealPlayer\library\Dr. Monocle's Optical Experiment (New Hidden Object Game)\Dr Monocles.exe//lu.07.10.exe High
8/23/2011 6:41:22 PM Deleted Trojan program Trojan.Win32.Buzus.aafw C:\Program Files\Real\RealPlayer\library\Dr. Monocle's Optical Experiment (New Hidden Object Game)\Dr Monocles.exe//xxxl.15.10.exe High

Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Dr Jay on Fri Aug 26, 2011 12:38 am

Your computer has keygens/cracks, which is a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware," which is a form of spyware or viruses or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.

Other than that, any other issues?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Fri Aug 26, 2011 8:27 am

How would I go about getting rid of those things? Also I can still only start in safe mode. When I try to start Windows normally I get BSoD. The stop message is 0x0000008E (0xC0000005, 0x81E7C7EF, 0x803EC644, 0x00000000). Lastly, did all the scans that were done find and get rid of the MBR:\...\PHYSICALDRIVE0 rootkit virus?

Thank you very much for the help you have given me. I really appreciate it! Thank You!

Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Dr Jay on Fri Aug 26, 2011 12:24 pm

As far as I know, that bad stuff is now gone.

However, there are a couple of scans to be run real quick, if you suspect your MBR is infected, despite the MBR log above being clean...

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.



Please download Stealth MBR Rootkit Detector by GMER from [You must be registered and logged in to see this link.], and save to your Desktop.
  • Double-click mbr.exe to start the program.
  • When done scanning, it will save a log on the Desktop called mbr.log.
  • Please post the contents of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Fri Aug 26, 2011 4:33 pm

Here are the next two logs you asked for.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 530
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 109):
0x81C18000 \SystemRoot\system32\ntkrnlpa.exe
0x81FD1000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80484000 \SystemRoot\system32\PSHED.dll
0x80495000 \SystemRoot\system32\BOOTVID.dll
0x8049D000 \SystemRoot\system32\CLFS.SYS
0x804DE000 \SystemRoot\system32\CI.dll
0x80603000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80674000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80682000 \SystemRoot\system32\drivers\acpi.sys
0x806C8000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D1000 \SystemRoot\system32\drivers\msisadrv.sys
0x806D9000 \SystemRoot\system32\drivers\pci.sys
0x80700000 \SystemRoot\System32\drivers\partmgr.sys
0x8070F000 \SystemRoot\system32\drivers\volmgr.sys
0x8071E000 \SystemRoot\System32\drivers\volmgrx.sys
0x80768000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8076F000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8077D000 \SystemRoot\system32\drivers\pciide.sys
0x80784000 \SystemRoot\System32\drivers\mountmgr.sys
0x80794000 \SystemRoot\system32\drivers\atapi.sys
0x8079C000 \SystemRoot\system32\drivers\ataport.SYS
0x807BA000 \SystemRoot\system32\drivers\fltmgr.sys
0x807EC000 \SystemRoot\system32\drivers\fileinfo.sys
0x805BE000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8220C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8227D000 \SystemRoot\system32\drivers\ndis.sys
0x82388000 \SystemRoot\system32\drivers\msrpc.sys
0x823B3000 \SystemRoot\system32\drivers\NETIO.SYS
0x87806000 \SystemRoot\System32\drivers\tcpip.sys
0x878F0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87A04000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87B14000 \SystemRoot\system32\drivers\volsnap.sys
0x87B55000 \SystemRoot\System32\Drivers\SmartDefragDriver.sys
0x87B5C000 \SystemRoot\System32\Drivers\mup.sys
0x87B6B000 \SystemRoot\System32\drivers\ecache.sys
0x87B92000 \SystemRoot\system32\drivers\disk.sys
0x87BA3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87BC4000 \SystemRoot\system32\drivers\crcdisk.sys
0x87BED000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8790B000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87914000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x8794F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8795A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87998000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B006000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B093000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8B09E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B0B6000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B0E5000 \SystemRoot\system32\DRIVERS\storport.sys
0x8B126000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B131000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B148000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B153000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8B176000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B185000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B199000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8B1AE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B1BE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B1C9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B1D4000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8B1D6000 \SystemRoot\system32\DRIVERS\ks.sys
0x879A7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x879B1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x879BE000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x823EE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x879F3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x805C7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x87BF8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8B000000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x82200000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x805D7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x87B4D000 \SystemRoot\System32\Drivers\Null.SYS
0x805E0000 \SystemRoot\System32\Drivers\Beep.SYS
0x805E7000 \SystemRoot\System32\drivers\vga.sys
0x8B200000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B221000 \SystemRoot\System32\drivers\watchdog.sys
0x8B22D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B235000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B240000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B24E000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8B257000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B26D000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B281000 \SystemRoot\system32\drivers\afd.sys
0x8B2C9000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8B2FB000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8B304000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8B31A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B328000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8B364000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8B36E000 \SystemRoot\System32\Drivers\dfsc.sys
0x8B385000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x91870000 \SystemRoot\System32\win32k.sys
0x8B38D000 \SystemRoot\System32\drivers\Dxapi.sys
0x91A80000 \SystemRoot\System32\drivers\dxg.sys
0x91AB0000 \SystemRoot\System32\TSDDD.dll
0x91B30000 \SystemRoot\System32\framebuf.dll
0x8B397000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B3A4000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8B3AF000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8B3B7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8B3D0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x87BCD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9360B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x93644000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9365C000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x93666000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77D40000 \Windows\System32\ntdll.dll

Processes (total 26):
0 System Idle Process
4 System
368 C:\Windows\System32\smss.exe
436 csrss.exe
472 csrss.exe
480 C:\Windows\System32\wininit.exe
508 C:\Windows\System32\winlogon.exe
556 C:\Windows\System32\services.exe
568 C:\Windows\System32\lsass.exe
576 C:\Windows\System32\lsm.exe
732 C:\Windows\System32\svchost.exe
792 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\svchost.exe
1564 C:\Windows\explorer.exe
280 C:\Windows\System32\wbem\unsecapp.exe
412 WmiPrvSE.exe
4512 C:\Program Files\IObit\IObit Security 360\is360.exe
4540 C:\Program Files\IObit\IObit Security 360\is360tray.exe
3004 C:\Program Files\Internet Explorer\iexplore.exe
1736 C:\Users\dummy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83000000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03000000 (NTFS)

PhysicalDrive0 Model Number: ST3250310AS, Rev: 3.ADA

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1C02D1F61A8850FE57BB59AB7B44BD44A699A619


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [You must be registered and logged in to see this link.]
Windows 6.0.6002 Disk: ST3250310AS rev.3.ADA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Dr Jay on Fri Aug 26, 2011 7:40 pm

Run MBRCheck.exe
  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter your choice: enter 2 and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter 1 for Windows XP, and then press Enter.
  • When asked Do you want to fix the MBR code? type in YES and press enter
  • Restart your PC.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Fri Aug 26, 2011 10:39 pm

No disrespect, I'm just curious. Why Windows XP MBR codes when I have Vista?

Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Fri Aug 26, 2011 11:51 pm

This is the log after I did the MBR fix.


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 530
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 109):
0x81C38000 \SystemRoot\system32\ntkrnlpa.exe
0x81C05000 \SystemRoot\system32\hal.dll
0x80406000 \SystemRoot\system32\kdcom.dll
0x8040D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047D000 \SystemRoot\system32\PSHED.dll
0x8048E000 \SystemRoot\system32\BOOTVID.dll
0x80496000 \SystemRoot\system32\CLFS.SYS
0x804D7000 \SystemRoot\system32\CI.dll
0x80607000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80678000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80686000 \SystemRoot\system32\drivers\acpi.sys
0x806CC000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D5000 \SystemRoot\system32\drivers\msisadrv.sys
0x806DD000 \SystemRoot\system32\drivers\pci.sys
0x80704000 \SystemRoot\System32\drivers\partmgr.sys
0x80713000 \SystemRoot\system32\drivers\volmgr.sys
0x80722000 \SystemRoot\System32\drivers\volmgrx.sys
0x8076C000 \SystemRoot\system32\DRIVERS\intelide.sys
0x80773000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x80781000 \SystemRoot\system32\drivers\pciide.sys
0x80788000 \SystemRoot\System32\drivers\mountmgr.sys
0x80798000 \SystemRoot\system32\drivers\atapi.sys
0x807A0000 \SystemRoot\system32\drivers\ataport.SYS
0x807BE000 \SystemRoot\system32\drivers\fltmgr.sys
0x807F0000 \SystemRoot\system32\drivers\fileinfo.sys
0x805B7000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82207000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82278000 \SystemRoot\system32\drivers\ndis.sys
0x82383000 \SystemRoot\system32\drivers\msrpc.sys
0x823AE000 \SystemRoot\system32\drivers\NETIO.SYS
0x87805000 \SystemRoot\System32\drivers\tcpip.sys
0x878EF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87A02000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87B12000 \SystemRoot\system32\drivers\volsnap.sys
0x87B53000 \SystemRoot\System32\Drivers\SmartDefragDriver.sys
0x87B5A000 \SystemRoot\System32\Drivers\mup.sys
0x87B69000 \SystemRoot\System32\drivers\ecache.sys
0x87B90000 \SystemRoot\system32\drivers\disk.sys
0x87BA1000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87BC2000 \SystemRoot\system32\drivers\crcdisk.sys
0x87BEB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87BF6000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8790A000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x87945000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x87950000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8798E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8AE0C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8AE99000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8AEA4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8AEBC000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8AEEB000 \SystemRoot\system32\DRIVERS\storport.sys
0x8AF2C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8AF37000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8AF4E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8AF59000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AF7C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AF8B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AF9F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8AFB4000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8AFC4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8AFCF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8AFDA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8799D000 \SystemRoot\system32\DRIVERS\ks.sys
0x8AFDC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8AFE6000 \SystemRoot\system32\DRIVERS\umbus.sys
0x879C7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x823E9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8AFF3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x805C0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8AE00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8AE07000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x805D0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x805D9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x87B4B000 \SystemRoot\System32\Drivers\Null.SYS
0x82200000 \SystemRoot\System32\Drivers\Beep.SYS
0x805E2000 \SystemRoot\System32\drivers\vga.sys
0x8B006000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B027000 \SystemRoot\System32\drivers\watchdog.sys
0x8B033000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B03B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B046000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B054000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8B05D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B073000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B087000 \SystemRoot\system32\drivers\afd.sys
0x8B0CF000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8B101000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8B10A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8B120000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B12E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8B16A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8B174000 \SystemRoot\System32\Drivers\dfsc.sys
0x8B18B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x91640000 \SystemRoot\System32\win32k.sys
0x8B193000 \SystemRoot\System32\drivers\Dxapi.sys
0x91850000 \SystemRoot\System32\drivers\dxg.sys
0x91880000 \SystemRoot\System32\TSDDD.dll
0x91900000 \SystemRoot\System32\framebuf.dll
0x8B19D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B1AA000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8B1B5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8B1BD000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8B1D6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x87BCB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x93804000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9383D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x93855000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x9385F000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77740000 \Windows\System32\ntdll.dll

Processes (total 24):
0 System Idle Process
4 System
368 C:\Windows\System32\smss.exe
436 csrss.exe
472 csrss.exe
480 C:\Windows\System32\wininit.exe
508 C:\Windows\System32\winlogon.exe
556 C:\Windows\System32\services.exe
568 C:\Windows\System32\lsass.exe
576 C:\Windows\System32\lsm.exe
732 C:\Windows\System32\svchost.exe
792 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\svchost.exe
1384 C:\Windows\explorer.exe
1904 C:\Windows\System32\wbem\unsecapp.exe
1148 WmiPrvSE.exe
1860 C:\Program Files\Internet Explorer\iexplore.exe
1768 C:\Users\dummy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83000000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03000000 (NTFS)

PhysicalDrive0 Model Number: ST3250310AS, Rev: 3.ADA

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1C02D1F61A8850FE57BB59AB7B44BD44A699A619


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!



Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Dr Jay on Sat Aug 27, 2011 10:30 pm

Try the MBR fix once more as stated above and post a new log, please.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Sun Aug 28, 2011 5:20 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 530
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 109):
0x81C4E000 \SystemRoot\system32\ntkrnlpa.exe
0x81C1B000 \SystemRoot\system32\hal.dll
0x8040A000 \SystemRoot\system32\kdcom.dll
0x80411000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80481000 \SystemRoot\system32\PSHED.dll
0x80492000 \SystemRoot\system32\BOOTVID.dll
0x8049A000 \SystemRoot\system32\CLFS.SYS
0x804DB000 \SystemRoot\system32\CI.dll
0x80608000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80679000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80687000 \SystemRoot\system32\drivers\acpi.sys
0x806CD000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D6000 \SystemRoot\system32\drivers\msisadrv.sys
0x806DE000 \SystemRoot\system32\drivers\pci.sys
0x80705000 \SystemRoot\System32\drivers\partmgr.sys
0x80714000 \SystemRoot\system32\drivers\volmgr.sys
0x80723000 \SystemRoot\System32\drivers\volmgrx.sys
0x8076D000 \SystemRoot\system32\DRIVERS\intelide.sys
0x80774000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x80782000 \SystemRoot\system32\drivers\pciide.sys
0x80789000 \SystemRoot\System32\drivers\mountmgr.sys
0x80799000 \SystemRoot\system32\drivers\atapi.sys
0x807A1000 \SystemRoot\system32\drivers\ataport.SYS
0x807BF000 \SystemRoot\system32\drivers\fltmgr.sys
0x805BB000 \SystemRoot\system32\drivers\fileinfo.sys
0x807F1000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8220A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8227B000 \SystemRoot\system32\drivers\ndis.sys
0x82386000 \SystemRoot\system32\drivers\msrpc.sys
0x823B1000 \SystemRoot\system32\drivers\NETIO.SYS
0x87807000 \SystemRoot\System32\drivers\tcpip.sys
0x878F1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87A0C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87B1C000 \SystemRoot\system32\drivers\volsnap.sys
0x87B5D000 \SystemRoot\System32\Drivers\SmartDefragDriver.sys
0x87B64000 \SystemRoot\System32\Drivers\mup.sys
0x87B73000 \SystemRoot\System32\drivers\ecache.sys
0x87B9A000 \SystemRoot\system32\drivers\disk.sys
0x87BAB000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87BCC000 \SystemRoot\system32\drivers\crcdisk.sys
0x87BF5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87A00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8790C000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x87947000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x87952000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87990000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8AE05000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8AE92000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8AE9D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8AEB5000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8AEE4000 \SystemRoot\system32\DRIVERS\storport.sys
0x8AF25000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8AF30000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8AF47000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8AF52000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AF75000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AF84000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AF98000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8AFAD000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8AFBD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8AFC8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8AFD3000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8AFD5000 \SystemRoot\system32\DRIVERS\ks.sys
0x8799F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x879A9000 \SystemRoot\system32\DRIVERS\umbus.sys
0x879B6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x879EB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x823EC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x805CB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x87B55000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8AE00000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x823F5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x82200000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x87800000 \SystemRoot\System32\Drivers\Null.SYS
0x80600000 \SystemRoot\System32\Drivers\Beep.SYS
0x805DB000 \SystemRoot\System32\drivers\vga.sys
0x8B006000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B027000 \SystemRoot\System32\drivers\watchdog.sys
0x8B033000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B03B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B046000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B054000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8B05D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B073000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B087000 \SystemRoot\system32\drivers\afd.sys
0x8B0CF000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8B101000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8B10A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8B120000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B12E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8B16A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8B174000 \SystemRoot\System32\Drivers\dfsc.sys
0x8B18B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x916F0000 \SystemRoot\System32\win32k.sys
0x8B193000 \SystemRoot\System32\drivers\Dxapi.sys
0x91900000 \SystemRoot\System32\drivers\dxg.sys
0x91930000 \SystemRoot\System32\TSDDD.dll
0x919B0000 \SystemRoot\System32\framebuf.dll
0x8B19D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B1AA000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8B1B5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8B1BD000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8B1D6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x87BD5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9360F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x93648000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x93660000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x9366A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77510000 \Windows\System32\ntdll.dll

Processes (total 23):
0 System Idle Process
4 System
368 C:\Windows\System32\smss.exe
436 csrss.exe
472 csrss.exe
480 C:\Windows\System32\wininit.exe
508 C:\Windows\System32\winlogon.exe
556 C:\Windows\System32\services.exe
568 C:\Windows\System32\lsass.exe
576 C:\Windows\System32\lsm.exe
732 C:\Windows\System32\svchost.exe
792 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\svchost.exe
1640 C:\Windows\explorer.exe
468 C:\Windows\System32\wbem\unsecapp.exe
940 WmiPrvSE.exe
1780 C:\Users\dummy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83000000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03000000 (NTFS)

PhysicalDrive0 Model Number: ST3250310AS, Rev: 3.ADA

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1C02D1F61A8850FE57BB59AB7B44BD44A699A619


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!

Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Dr Jay on Sun Aug 28, 2011 11:48 pm

Download [You must be registered and logged in to see this link.] to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: [You must be registered and logged in to see this link.]
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press Enter
  • Open a Notepad and press CTRL V
  • Post the output back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Mon Aug 29, 2011 6:44 am

Bootkit Remover
(c) 2009 eSage Lab
[You must be registered and logged in to see this link.]

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 2 (build 600
2), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`83000000
Boot sector MD5 is: d026fa10f7a4253b255e05f63e8ef364

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix


Done;
Press any key to quit...


Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Dr Jay on Wed Aug 31, 2011 10:26 am

Please open Notepad and enter in the following:
@echo off
start remover.exe fix \.\PhysicalDrive0
exit
Then, click File > Save as...
Save as remove.bat to the same location as remover.exe.
Choose Save as type... All Files.
Click Save.

Then, exit Notepad.

Double-click on remove.bat.

Please re-run remover.exe and post a new log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Thu Sep 01, 2011 5:10 am

.\debug.cpp(238) : Debug log started at 01.09.2011 - 05:05:46
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : [You must be registered and logged in to see this link.]
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 2 (build 6002), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x81c35000 0x003b9000 "\SystemRoot\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x81c02000 0x00033000 "\SystemRoot\system32\hal.dll"
.\debug.cpp(256) : 0x80407000 0x00007000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x8040e000 0x00070000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x8047e000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x8048f000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x80497000 0x00041000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x804d8000 0x000e0000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x8060c000 0x00071000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x8067d000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x8068b000 0x00046000 "\SystemRoot\system32\drivers\acpi.sys"
.\debug.cpp(256) : 0x806d1000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
.\debug.cpp(256) : 0x806da000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys"
.\debug.cpp(256) : 0x806e2000 0x00027000 "\SystemRoot\system32\drivers\pci.sys"
.\debug.cpp(256) : 0x80709000 0x0000f000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x80718000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys"
.\debug.cpp(256) : 0x80727000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x80771000 0x00007000 "\SystemRoot\system32\DRIVERS\intelide.sys"
.\debug.cpp(256) : 0x80778000 0x0000e000 "\SystemRoot\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0x80786000 0x00007000 "\SystemRoot\system32\drivers\pciide.sys"
.\debug.cpp(256) : 0x8078d000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x8079d000 0x00008000 "\SystemRoot\system32\drivers\atapi.sys"
.\debug.cpp(256) : 0x807a5000 0x0001e000 "\SystemRoot\system32\drivers\ataport.SYS"
.\debug.cpp(256) : 0x807c3000 0x00032000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x805b8000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x807f5000 0x00009000 "\SystemRoot\System32\Drivers\PxHelp20.sys"
.\debug.cpp(256) : 0x82203000 0x00071000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x82274000 0x0010b000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x8237f000 0x0002b000 "\SystemRoot\system32\drivers\msrpc.sys"
.\debug.cpp(256) : 0x823aa000 0x0003b000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x8780a000 0x000ea000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x878f4000 0x0001b000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x87a0d000 0x00110000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x87b1d000 0x00039000 "\SystemRoot\system32\drivers\volsnap.sys"
.\debug.cpp(256) : 0x87b5e000 0x00007000 "\SystemRoot\System32\Drivers\SmartDefragDriver.sys"
.\debug.cpp(256) : 0x87b65000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x87b74000 0x00027000 "\SystemRoot\System32\drivers\ecache.sys"
.\debug.cpp(256) : 0x87b9b000 0x00011000 "\SystemRoot\system32\drivers\disk.sys"
.\debug.cpp(256) : 0x87bac000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS"
.\debug.cpp(256) : 0x87bcd000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys"
.\debug.cpp(256) : 0x87a00000 0x0000b000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x87bf6000 0x00009000 "\SystemRoot\system32\DRIVERS\tunmp.sys"
.\debug.cpp(256) : 0x8790f000 0x0003b000 "\SystemRoot\system32\DRIVERS\e1e6032.sys"
.\debug.cpp(256) : 0x8794a000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0x87955000 0x0003e000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x87993000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x8ae00000 0x0008d000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0x8ae8d000 0x0000b000 "\SystemRoot\system32\DRIVERS\fdc.sys"
.\debug.cpp(256) : 0x8ae98000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x8aeb0000 0x0002f000 "\SystemRoot\system32\DRIVERS\msiscsi.sys"
.\debug.cpp(256) : 0x8aedf000 0x00041000 "\SystemRoot\system32\DRIVERS\storport.sys"
.\debug.cpp(256) : 0x8af20000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x8af2b000 0x00017000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x8af42000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x8af4d000 0x00023000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x8af70000 0x0000f000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x8af7f000 0x00014000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x8af93000 0x00015000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x8afa8000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x8afb8000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x8afc3000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x8afce000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x8afd0000 0x0002a000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0x879a2000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x879ac000 0x0000d000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x879b9000 0x00035000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x879ee000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x87800000 0x00009000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0x823e5000 0x00010000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0x87b56000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x8affa000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x823f5000 0x00009000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0x80600000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0x805c8000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x805cf000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x805d6000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x8b20e000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x8b22f000 0x0000c000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x8b23b000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x8b243000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x8b24e000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x8b25c000 0x00009000 "\SystemRoot\System32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0x8b265000 0x00016000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x8b27b000 0x00014000 "\SystemRoot\system32\DRIVERS\smb.sys"
.\debug.cpp(256) : 0x8b28f000 0x00048000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x8b2d7000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x8b309000 0x00009000 "\SystemRoot\system32\drivers\ws2ifsl.sys"
.\debug.cpp(256) : 0x8b312000 0x00016000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x8b328000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x8b336000 0x0003c000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x8b372000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x8b37c000 0x00017000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x8b393000 0x00008000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0x91630000 0x00202000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x8b39b000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x91840000 0x00017000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0x91870000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x918f0000 0x00008000 "\SystemRoot\System32\framebuf.dll"
.\debug.cpp(256) : 0x8b3a5000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x8b3b2000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
.\debug.cpp(256) : 0x8b3bd000 0x00008000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0x8b3c5000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0x8b3de000 0x00015000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0x87bd6000 0x0001f000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0x93601000 0x00039000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0x9363a000 0x00018000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0x93652000 0x0000a000 "\SystemRoot\system32\DRIVERS\flpydisk.sys"
.\debug.cpp(256) : 0x9365c000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys"
.\debug.cpp(256) : 0x77d80000 0x00127000 "\Windows\System32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_413C&PID_2105#5&2beb6c46&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{6939eb09-54e7-11dd-bb3a-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&39bfd449&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&179223db&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&715777&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E34CD445-D9B5-45AC-8C30-61A9E6C9AE11}"
.\debug.cpp(400) : Destination "\Device\NDMP12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{368ABA44-F30B-4B9B-B006-B5A2DB131DBF}"
.\debug.cpp(400) : Destination "\Device\NDMP13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature10000000Offset283000000Length37B2100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2935&SUBSYS_020D1028&REV_02#3&2411e6fe&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomPLDS_DVD+-RW_DH-16A6S___________________YD11____#5&384a886&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&3#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000045"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0"
.\debug.cpp(400) : Destination "\Device\Tun0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{601A5F35-E01E-4A22-A307-3541312908BA}"
.\debug.cpp(400) : Destination "\Device\NDMP11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
.\debug.cpp(400) : Destination "\Device\RaidPort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2936&SUBSYS_020D1028&REV_02#3&2411e6fe&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C00C#6&18bc8808&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000062"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{6939eb0c-54e7-11dd-bb3a-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_10C0&SUBSYS_020D1028&REV_02#3&2411e6fe&0&C8#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&a57e816&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2937&SUBSYS_020D1028&REV_02#3&2411e6fe&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature10000000Offset3000000Length280000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{43D50626-08A0-4A24-B741-20D9B51DC7DF}"
.\debug.cpp(400) : Destination "\Device\NDMP6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C00C#5&ec9b327&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&2eb13f0&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\FloppyPDO0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&39bfd449&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SmartDefragDevice"
.\debug.cpp(400) : Destination "\Device\SmartDefragDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) : Destination "\Device\Psched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&1c8e8b0d&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293C&SUBSYS_020D1028&REV_02#3&2411e6fe&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomPLDS_DVD+-RW_DH-16A6S___________________YD11____#5&384a886&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&1c8e8b0d&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293A&SUBSYS_020D1028&REV_02#3&2411e6fe&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\00000041"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000042"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2938&SUBSYS_020D1028&REV_02#3&2411e6fe&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000003a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_413C&PID_2105#6&317302eb&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000061"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2939&SUBSYS_020D1028&REV_02#3&2411e6fe&0&D2#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) : Destination "\Device\USBFDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{059AADCD-DBEE-4EFE-8B16-95D461FD49E3}"
.\debug.cpp(400) : Destination "\Device\NDMP1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
.\debug.cpp(400) : Destination "\Device\USBFDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1e8ef8fa&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) : Destination "\clfs"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD7"
.\debug.cpp(400) : Destination "\Device\USBFDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C00C#6&18bc8808&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000062"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{b3c86208-d456-11e0-9aa8-001d0992b6b4}"
.\debug.cpp(400) : Destination "\Device\Floppy0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature10000000Offset7E00Length2F08E00#{7f108a28-9833-4b3b-b780-2c6b5fa5c062}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{6939eb08-54e7-11dd-bb3a-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) : Destination "\Device\PartmgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) : Destination "\Device\Nsi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_10C0&SUBSYS_020D1028&REV_02#3&2411e6fe&0&C8#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{850EA409-FC82-49A7-9DEB-BABC66146CA7}"
.\debug.cpp(400) : Destination "\Device\NDMP7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_413C&PID_2105#6&317302eb&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000061"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) : Destination "\Device\NXTIPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1BF750B1-526C-4A92-AB43-3E98014FEAAB}"
.\debug.cpp(400) : Destination "\Device\NDMP4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NDMP9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) : Destination "\Device\WFP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&2eb13f0&0&0#{53f56311-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\FloppyPDO0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\A:"
.\debug.cpp(400) : Destination "\Device\Floppy0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&3#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000004a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&24cde621&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskST3250310AS_____________________________3.ADA___#5&163e592b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\INTELPRO_{43D50626-08A0-4A24-B741-20D9B51DC7DF}"
.\debug.cpp(400) : Destination "\Device\INTELPRO_{43D50626-08A0-4A24-B741-20D9B51DC7DF}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) : Destination "\Device\NDMP8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) : Destination "\Device\MPS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1864D492-6A40-4724-8E18-1BD485915190}"
.\debug.cpp(400) : Destination "\Device\NDMP2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C2DDE639-5711-4A78-AC2A-A0C408C51DC0}"
.\debug.cpp(400) : Destination "\Device\NDMP3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) : Destination "\Device\NDMP10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&39e334e0&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3977ee9f&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) : Destination "\Device\SstpDrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{401CAE3D-D892-4C15-9E1B-481BC03D183E}"
.\debug.cpp(400) : Destination "\Device\NDMP5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) : Destination "\Device\WfpAle"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2934&SUBSYS_020D1028&REV_02#3&2411e6fe&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&14fdf0fc&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`83000000
.\boot_cleaner.cpp(276) : Boot sector MD5 is: d026fa10f7a4253b255e05f63e8ef364
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 232 GB \\.\PhysicalDrive0 Unknown boot code
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1118) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1120) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1121) : remover.exe dump [output_file]
.\boot_cleaner.cpp(1125) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1126) : remover.exe fix
.\boot_cleaner.cpp(1129) :
.\boot_cleaner.cpp(1151) : Done;

I hope this is what you want

Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Dr Jay on Thu Sep 01, 2011 11:15 am

Now, please re-run MBRCheck and post a new log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Sat Sep 03, 2011 9:10 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 530
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 109):
0x81C4D000 \SystemRoot\system32\ntkrnlpa.exe
0x81C1A000 \SystemRoot\system32\hal.dll
0x8040F000 \SystemRoot\system32\kdcom.dll
0x80416000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80486000 \SystemRoot\system32\PSHED.dll
0x80497000 \SystemRoot\system32\BOOTVID.dll
0x8049F000 \SystemRoot\system32\CLFS.SYS
0x804E0000 \SystemRoot\system32\CI.dll
0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80671000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8067F000 \SystemRoot\system32\drivers\acpi.sys
0x806C5000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806CE000 \SystemRoot\system32\drivers\msisadrv.sys
0x806D6000 \SystemRoot\system32\drivers\pci.sys
0x806FD000 \SystemRoot\System32\drivers\partmgr.sys
0x8070C000 \SystemRoot\system32\drivers\volmgr.sys
0x8071B000 \SystemRoot\System32\drivers\volmgrx.sys
0x80765000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8076C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8077A000 \SystemRoot\system32\drivers\pciide.sys
0x80781000 \SystemRoot\System32\drivers\mountmgr.sys
0x80791000 \SystemRoot\system32\drivers\atapi.sys
0x80799000 \SystemRoot\system32\drivers\ataport.SYS
0x807B7000 \SystemRoot\system32\drivers\fltmgr.sys
0x807E9000 \SystemRoot\system32\drivers\fileinfo.sys
0x805C0000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8220F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82280000 \SystemRoot\system32\drivers\ndis.sys
0x8238B000 \SystemRoot\system32\drivers\msrpc.sys
0x823B6000 \SystemRoot\system32\drivers\NETIO.SYS
0x87806000 \SystemRoot\System32\drivers\tcpip.sys
0x878F0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87A09000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87B19000 \SystemRoot\system32\drivers\volsnap.sys
0x87B5A000 \SystemRoot\System32\Drivers\SmartDefragDriver.sys
0x87B61000 \SystemRoot\System32\Drivers\mup.sys
0x87B70000 \SystemRoot\System32\drivers\ecache.sys
0x87B97000 \SystemRoot\system32\drivers\disk.sys
0x87BA8000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87BC9000 \SystemRoot\system32\drivers\crcdisk.sys
0x87BF2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87A00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8790B000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x87946000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x87951000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8798F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8AE07000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8AE94000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8AE9F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8AEB7000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8AEE6000 \SystemRoot\system32\DRIVERS\storport.sys
0x8AF27000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8AF32000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8AF49000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8AF54000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AF77000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AF86000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AF9A000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8AFAF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8AFBF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8AFCA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8AFD5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8799E000 \SystemRoot\system32\DRIVERS\ks.sys
0x8AFD7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8AFE1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x879C8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8AFEE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x823F1000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x805C9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8AE00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x87B52000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x82200000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x805D9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x807F9000 \SystemRoot\System32\Drivers\Null.SYS
0x805E2000 \SystemRoot\System32\Drivers\Beep.SYS
0x805E9000 \SystemRoot\System32\drivers\vga.sys
0x8B20A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B22B000 \SystemRoot\System32\drivers\watchdog.sys
0x8B237000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B23F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B24A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B258000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8B261000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B277000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B28B000 \SystemRoot\system32\drivers\afd.sys
0x8B2D3000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8B305000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8B30E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8B324000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B332000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8B36E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8B378000 \SystemRoot\System32\Drivers\dfsc.sys
0x8B38F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x91880000 \SystemRoot\System32\win32k.sys
0x8B397000 \SystemRoot\System32\drivers\Dxapi.sys
0x91A90000 \SystemRoot\System32\drivers\dxg.sys
0x91AC0000 \SystemRoot\System32\TSDDD.dll
0x91B40000 \SystemRoot\System32\framebuf.dll
0x8B3A1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B3AE000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8B3B9000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8B3C1000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8B3DA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x87BD2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x93801000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9383A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x93852000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x9385C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77BD0000 \Windows\System32\ntdll.dll

Processes (total 23):
0 System Idle Process
4 System
368 C:\Windows\System32\smss.exe
436 csrss.exe
472 csrss.exe
480 C:\Windows\System32\wininit.exe
508 C:\Windows\System32\winlogon.exe
556 C:\Windows\System32\services.exe
568 C:\Windows\System32\lsass.exe
576 C:\Windows\System32\lsm.exe
732 C:\Windows\System32\svchost.exe
792 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\svchost.exe
1576 C:\Windows\explorer.exe
284 C:\Windows\System32\wbem\unsecapp.exe
412 WmiPrvSE.exe
1568 C:\Users\dummy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83000000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03000000 (NTFS)

PhysicalDrive0 Model Number: ST3250310AS, Rev: 3.ADA

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1C02D1F61A8850FE57BB59AB7B44BD44A699A619


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Dr Jay on Mon Sep 05, 2011 11:22 am

Follow this tutorial to fix the MBR manually...

[You must be registered and logged in to see this link.]

See the section: Fix MBR in Vista.

Once done, post a new MBRCheck log, please.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Mon Sep 12, 2011 11:25 pm

Sorry it took so long. I had to learn how to download and burn the iso image file.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 530
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 109):
0x81C1C000 \SystemRoot\system32\ntkrnlpa.exe
0x81FD5000 \SystemRoot\system32\hal.dll
0x80409000 \SystemRoot\system32\kdcom.dll
0x80410000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80480000 \SystemRoot\system32\PSHED.dll
0x80491000 \SystemRoot\system32\BOOTVID.dll
0x80499000 \SystemRoot\system32\CLFS.SYS
0x804DA000 \SystemRoot\system32\CI.dll
0x8060D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068C000 \SystemRoot\system32\drivers\acpi.sys
0x806D2000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DB000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E3000 \SystemRoot\system32\drivers\pci.sys
0x8070A000 \SystemRoot\System32\drivers\partmgr.sys
0x80719000 \SystemRoot\system32\drivers\volmgr.sys
0x80728000 \SystemRoot\System32\drivers\volmgrx.sys
0x80772000 \SystemRoot\system32\DRIVERS\intelide.sys
0x80779000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x80787000 \SystemRoot\system32\drivers\pciide.sys
0x8078E000 \SystemRoot\System32\drivers\mountmgr.sys
0x8079E000 \SystemRoot\system32\drivers\atapi.sys
0x807A6000 \SystemRoot\system32\drivers\ataport.SYS
0x807C4000 \SystemRoot\system32\drivers\fltmgr.sys
0x805BA000 \SystemRoot\system32\drivers\fileinfo.sys
0x807F6000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82206000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82277000 \SystemRoot\system32\drivers\ndis.sys
0x82382000 \SystemRoot\system32\drivers\msrpc.sys
0x823AD000 \SystemRoot\system32\drivers\NETIO.SYS
0x87807000 \SystemRoot\System32\drivers\tcpip.sys
0x878F1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87A05000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87B15000 \SystemRoot\system32\drivers\volsnap.sys
0x87B56000 \SystemRoot\System32\Drivers\SmartDefragDriver.sys
0x87B5D000 \SystemRoot\System32\Drivers\mup.sys
0x87B6C000 \SystemRoot\System32\drivers\ecache.sys
0x87B93000 \SystemRoot\system32\drivers\disk.sys
0x87BA4000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87BC5000 \SystemRoot\system32\drivers\crcdisk.sys
0x87BEE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8790C000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87915000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x87950000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8795B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87999000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8AE0E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8AE9B000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8AEA6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8AEBE000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8AEED000 \SystemRoot\system32\DRIVERS\storport.sys
0x8AF2E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8AF39000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8AF50000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8AF5B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AF7E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AF8D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AFA1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8AFB6000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8AFC6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8AFD1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8AFDC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x879A8000 \SystemRoot\system32\DRIVERS\ks.sys
0x8AFDE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8AFE8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x805CA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x879D2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8AFF5000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x879E3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8AE00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8AE07000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x879F3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x823E8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x87BF9000 \SystemRoot\System32\Drivers\Null.SYS
0x87B4E000 \SystemRoot\System32\Drivers\Beep.SYS
0x823F1000 \SystemRoot\System32\drivers\vga.sys
0x8B00D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B02E000 \SystemRoot\System32\drivers\watchdog.sys
0x8B03A000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B042000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B04D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B05B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8B064000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B07A000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B08E000 \SystemRoot\system32\drivers\afd.sys
0x8B0D6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8B108000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8B111000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8B127000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B135000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8B171000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8B17B000 \SystemRoot\System32\Drivers\dfsc.sys
0x91400000 \SystemRoot\System32\win32k.sys
0x8B19A000 \SystemRoot\System32\drivers\Dxapi.sys
0x91610000 \SystemRoot\System32\drivers\dxg.sys
0x91640000 \SystemRoot\System32\TSDDD.dll
0x916C0000 \SystemRoot\System32\framebuf.dll
0x8B1A4000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B1B1000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8B1BC000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8B1C4000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8B1DD000 \SystemRoot\System32\drivers\mpsdrv.sys
0x87BCE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x93806000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9383F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x93857000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x93869000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x93871000 \SystemRoot\system32\DRIVERS\udfs.sys
0x77820000 \Windows\System32\ntdll.dll

Processes (total 23):
0 System Idle Process
4 System
348 C:\Windows\System32\smss.exe
416 csrss.exe
452 csrss.exe
460 C:\Windows\System32\wininit.exe
488 C:\Windows\System32\winlogon.exe
536 C:\Windows\System32\services.exe
548 C:\Windows\System32\lsass.exe
556 C:\Windows\System32\lsm.exe
712 C:\Windows\System32\svchost.exe
772 C:\Windows\System32\svchost.exe
856 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\svchost.exe
1652 C:\Windows\explorer.exe
396 C:\Windows\System32\wbem\unsecapp.exe
720 WmiPrvSE.exe
1376 C:\Users\dummy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83000000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03000000 (NTFS)

PhysicalDrive0 Model Number: ST3250310AS, Rev: 3.ADA

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Well, it looks like it is now reading the Windows Vista MBR code Right On!
That being the case could you help with my BSoD? Stop message: 0x0000008E (0xC000005, 0x81E46BDC, 0x8B71691C, 0x00000000).

Not only do I not know what the letters mean I don't know how to go about fixing them. Since I can only run in Safe mode, every setting that is changed returns to the default when system is restarted. Getting Windows to start normally is now impossible. The BSoD happens on the user login page. This started about 2 weeks ago, along with memory dumps every time. I've tried changing the dump file settings and taking ownership of same.When I restart the comp. all the settings return to default settings. Which means I have no dump files again.
I really hope you can help anyway. I would love to be able to give you dump file information, but I don't have any.
Thank you for trying to help me keep what little sanity I have left!!









Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Dr Jay on Wed Sep 14, 2011 11:45 am

Was the BSOD happening while the MBR was infected?

After fixing the MBR, did it continue happening?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Thu Sep 15, 2011 11:26 pm

Yes to both questions. It seems to be independent of the MBR infection.

Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Dr Jay on Fri Sep 16, 2011 12:20 pm

-1. Run MEMTEST for 5 passes: [You must be registered and logged in to see this link.]
-2. Run System File Checker, Start > type in sfc /scannow and hit Enter

Let me know the results of it.

Note: it's important to run MEMTEST for 5 passes, because sometimes only one or two passes won't spot the issue.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Sat Sep 17, 2011 6:45 am

Got 5 passes from MemTest. The scannow program scanned and then the window just closed. I'm not sure if this was because it didn't find anything, but I figured you would know.
Thanx!!

Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Dr Jay on Sat Sep 17, 2011 10:46 am

Please download the latest version of Kaspersky GetSystemInfo (GSI) from [You must be registered and logged in to see this link.] and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.



Set the slider to Maximum.



IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.




On the General tab, make sure all of the boxes are checked.




On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.



Click Create Report to run it.


It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to [You must be registered and logged in to see this link.] If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Tue Sep 20, 2011 12:26 am

[You must be registered and logged in to see this link.]

Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Dr Jay on Tue Sep 20, 2011 4:12 pm

How many antivirus programs do you have currently running?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Tue Sep 20, 2011 10:09 pm

IOBit Security 360. I had been running avast and then I thought I uninstalled it. Found out it was still in the registry as a start up program. I used IOBit uninstaller to get rid of the rest of the program in the registry. I think that is all Let me think . Once the problems are fixed, I will run avgfree edition.

Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Dr Jay on Wed Sep 21, 2011 2:23 pm

What ones have you installed in the past? Please list all, no matter if they are still installed...


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Thu Sep 22, 2011 6:46 am

Windows security, which quit running awhile ago. Avast 4, upgraded to Avast5 (hate it!). Downloaded AVG free and tried to install it in safe mode. It loaded but only partially. Uninstalled it. IOBit Security 360.

I believe that is all No way!

Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Dr Jay on Fri Sep 23, 2011 1:46 pm

Windows security, which quit running awhile ago.
Windows security? Do you mean Windows Defender? Microsoft Security Essentials? Which one?

Answer that, then we will have to completely remove all of those AV programs...


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Sat Sep 24, 2011 7:43 am

Just Windows Defender.

Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Dr Jay on Mon Sep 26, 2011 2:04 pm

Follow this page to remove all security applications you've had: [You must be registered and logged in to see this link.]

Let me know when done...


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Tue Sep 27, 2011 4:20 am

Its done I think

Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Dr Jay on Wed Sep 28, 2011 1:50 pm

How is the computer running after that?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Sat Oct 01, 2011 2:47 am

It made no difference. Still starting in safe mode after getting BSoD trying to start normally.

Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Dr Jay on Sat Oct 01, 2011 2:36 pm

Please download [You must be registered and logged in to see this link.] by DragonMaster Jay and save it to your Desktop.
  • Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  • Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  • Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Mon Oct 03, 2011 1:44 am

SpiderKill by DragonMaster Jay


Microsoft Windows [Version 6.0.6002]

********************Drivers list********************


Volume in drive C is OS
Volume Serial Number is FAD5-45CE

Directory of C:\Windows\System32\Drivers

09/26/2011 09:16 PM .
09/26/2011 09:16 PM ..
07/18/2008 05:26 PM 4,782 1028_Dell_INS_530.mrk
11/02/2006 01:55 AM 53,376 1394bus.sys
04/10/2009 11:32 PM 265,688 acpi.sys
01/20/2008 07:32 PM 422,968 adp94xx.sys
01/20/2008 07:32 PM 300,600 adpahci.sys
01/20/2008 07:32 PM 101,432 adpu160m.sys
01/20/2008 07:32 PM 149,560 adpu320.sys
04/10/2009 09:47 PM 273,920 afd.sys
01/20/2008 07:32 PM 56,376 AGP440.sys
01/20/2008 07:32 PM 17,464 aliide.sys
01/20/2008 07:32 PM 57,400 AMDAGP.SYS
01/20/2008 07:32 PM 17,976 amdide.sys
01/20/2008 07:32 PM 41,472 amdk7.sys
01/20/2008 07:32 PM 44,032 amdk8.sys
01/20/2008 07:32 PM 79,416 arc.sys
01/20/2008 07:32 PM 79,928 arcsas.sys
01/20/2008 07:33 PM 17,408 asyncmac.sys
04/10/2009 11:32 PM 19,944 atapi.sys
04/10/2009 11:32 PM 109,032 ataport.sys
11/02/2006 12:36 AM 2,028,032 atikmdag.sys
10/01/2006 02:10 PM 328,162 ativcaxx.cpa
10/01/2006 02:10 PM 929 ativcaxx.vp
10/01/2006 02:10 PM 2,096 ativokxx.vp
10/01/2006 02:10 PM 2,096 ativpkxx.vp
10/15/2006 02:11 PM 34,656 ativvpxx.vp
01/13/2010 10:14 PM 278,984 atksgt.sys
01/20/2008 07:32 PM 28,216 battc.sys
01/20/2008 07:32 PM 12,288 bdasup.sys
01/20/2008 07:33 PM 6,144 beep.sys
01/20/2008 07:32 PM 45,568 blbdrive.sys
01/20/2008 07:33 PM 69,632 bowser.sys
11/02/2006 01:24 AM 13,568 BrFiltLo.sys
11/02/2006 01:24 AM 5,248 BrFiltUp.sys
04/10/2009 10:42 PM 93,696 bridge.sys
11/02/2006 01:25 AM 71,808 BrSerId.sys
11/02/2006 01:24 AM 62,336 BrSerWdm.sys
11/02/2006 01:24 AM 12,160 BrUsbMdm.sys
11/02/2006 01:24 AM 11,904 BrUsbSer.sys
11/02/2006 01:55 AM 39,936 bthmodem.sys
01/20/2008 07:33 PM 70,144 cdfs.sys
10/17/2007 12:00 AM 9,072 cdr4_xp.sys
10/17/2007 12:00 AM 9,200 cdralw2k.sys
04/10/2009 09:39 PM 67,072 cdrom.sys
07/24/2011 11:27 PM 54,016 cgscfs.sys
01/20/2008 07:32 PM 35,328 circlass.sys
04/10/2009 11:32 PM 125,928 Classpnp.sys
01/20/2008 07:32 PM 19,000 cmdide.sys
01/20/2008 07:32 PM 20,792 compbatt.sys
04/10/2009 11:32 PM 35,304 crashdmp.sys
01/20/2008 07:32 PM 24,632 crcdisk.sys
01/20/2008 07:32 PM 40,960 crusoe.sys
09/29/2006 12:14 PM 144,360 del1028.cty
04/10/2009 09:14 PM 75,264 dfsc.sys
04/10/2009 11:32 PM 53,736 disk.sys
04/10/2009 09:39 PM 19,456 Diskdump.sys
11/02/2006 02:50 AM 71,272 djsvs.sys
01/20/2008 07:32 PM 130,048 drmk.sys
01/20/2008 07:32 PM 5,632 drmkaud.sys
04/10/2009 11:32 PM 27,624 Dumpata.sys
01/20/2008 07:34 PM 13,312 dxapi.sys
04/10/2009 09:23 PM 76,288 dxg.sys
09/24/2009 06:27 PM 634,880 dxgkrnl.sys
04/29/2007 01:42 AM 228,224 e1e6032.sys
01/20/2008 07:32 PM 118,784 E1G60I32.sys
04/10/2009 11:32 PM 141,288 ecache.sys
01/20/2008 07:32 PM 342,584 elxstor.sys
05/11/2010 08:02 AM en-US
01/20/2008 07:32 PM 6,656 errdev.sys
08/12/2011 12:18 AM etc
04/10/2009 09:13 PM 136,704 exfat.sys
04/10/2009 09:13 PM 142,848 fastfat.sys
01/20/2008 07:32 PM 25,088 fdc.sys
01/20/2008 07:33 PM 58,936 fileinfo.sys
01/20/2008 07:34 PM 27,648 filetrace.sys
01/20/2008 07:32 PM 20,480 flpydisk.sys
04/10/2009 11:32 PM 190,424 fltMgr.sys
01/20/2008 07:33 PM 12,800 fs_rec.sys
04/10/2009 11:32 PM 99,816 FWPKCLNT.SYS
01/20/2008 07:32 PM 61,496 GAGP30KX.SYS
09/18/2006 02:26 PM 3,440,660 gm.dls
09/18/2006 02:26 PM 646 gmreadme.txt
04/10/2009 09:42 PM 561,152 hdaudbus.sys
11/02/2006 01:55 AM 29,184 hidbth.sys
04/10/2009 09:42 PM 39,424 hidclass.sys
11/02/2006 01:55 AM 21,504 hidir.sys
01/20/2008 07:32 PM 25,472 hidparse.sys
04/10/2009 09:42 PM 12,800 hidusb.sys
01/20/2008 07:32 PM 40,504 HpCISSs.sys
10/18/2006 11:08 AM 258,048 HSXHWBS2.sys
10/18/2006 11:08 AM 659,968 HSX_CNXT.sys
10/18/2006 11:09 AM 986,624 HSX_DPV.sys
11/03/2009 12:41 PM 411,648 http.sys
01/20/2008 07:32 PM 19,000 i2omgmt.sys
01/20/2008 07:32 PM 30,264 i2omp.sys
01/20/2008 07:32 PM 54,784 i8042prt.sys
04/26/2007 03:41 AM 304,920 iaStor.sys
01/20/2008 07:32 PM 235,064 iaStorV.sys
02/11/2008 08:36 PM 2,302,976 igdkmd32.sys
11/02/2006 02:50 AM 41,576 iirsp.sys
01/20/2008 07:32 PM 17,976 intelide.sys
01/20/2008 07:32 PM 41,472 intelppm.sys
01/20/2008 07:34 PM 47,616 ipfltdrv.sys
01/20/2008 07:32 PM 64,512 IPMIDrv.sys
01/20/2008 07:34 PM 100,864 ipnat.sys
03/09/2007 03:04 PM 31,072 iqvw32.sys
01/20/2008 07:34 PM 95,744 irda.sys
01/20/2008 07:33 PM 13,312 irenum.sys
12/07/2009 05:59 PM 61,328 is3srv.sys
01/20/2008 07:32 PM 49,720 isapnp.sys
11/02/2006 02:50 AM 35,944 iteatapi.sys
11/02/2006 02:50 AM 35,944 iteraid.sys
01/20/2008 07:32 PM 35,384 kbdclass.sys
04/10/2009 09:38 PM 17,408 kbdhid.sys
08/05/2011 07:07 AM 6,472 kgpcpy.cfg
04/10/2009 09:38 PM 149,504 ks.sys
06/15/2009 04:15 PM 439,864 ksecdd.sys
06/17/2009 09:56 AM 35,472 LHidFilt.Sys
01/13/2010 10:14 PM 25,416 lirsgt.sys
01/20/2008 07:34 PM 47,104 lltdio.sys
06/17/2009 09:56 AM 37,392 LMouFilt.Sys
01/20/2008 07:32 PM 96,312 lsi_fc.sys
01/20/2008 07:32 PM 89,656 lsi_sas.sys
01/20/2008 07:32 PM 96,312 lsi_scsi.sys
01/20/2008 07:34 PM 84,480 luafv.sys
06/17/2009 09:56 AM 28,560 LUsbFilt.sys
07/06/2011 07:52 PM 22,712 mbam.sys
07/06/2011 07:52 PM 41,272 mbamswissarmy.sys
01/20/2008 07:34 PM 18,944 mcd.sys
06/19/2006 02:26 PM 12,672 mdmxsdk.sys
01/20/2008 07:32 PM 31,288 megasas.sys
01/20/2008 07:32 PM 386,616 MegaSR.sys
01/20/2008 07:34 PM 31,744 modem.sys
01/20/2008 07:32 PM 41,984 monitor.sys
01/20/2008 07:32 PM 34,360 mouclass.sys
01/20/2008 07:32 PM 15,872 mouhid.sys
01/20/2008 07:33 PM 57,400 mountmgr.sys
01/20/2008 07:32 PM 105,016 mpio.sys
01/20/2008 07:34 PM 64,000 mpsdrv.sys
11/02/2006 02:49 AM 33,384 Mraid35x.sys
04/10/2009 09:14 PM 114,688 mrxdav.sys
12/04/2009 08:56 AM 105,984 mrxsmb.sys
12/04/2009 08:56 AM 212,992 mrxsmb10.sys
04/10/2009 09:14 PM 79,360 mrxsmb20.sys
01/20/2008 07:32 PM 28,728 msahci.sys
01/20/2008 07:32 PM 94,776 msdsm.sys
01/20/2008 07:33 PM 22,528 msfs.sys
07/14/2009 10:45 AM 3

MsftWdf_Kernel_01009_Inbox_Critical.Wdf
01/20/2008 07:32 PM 16,440 msisadrv.sys
04/10/2009 11:32 PM 180,712 msiscsi.sys
01/20/2008 07:34 PM 8,192 mskssrv.sys
01/20/2008 07:34 PM 5,888 mspclock.sys
01/20/2008 07:34 PM 5,504 mspqm.sys
04/10/2009 11:32 PM 161,752 msrpc.sys
01/20/2008 07:32 PM 31,288 mssmbios.sys
01/20/2008 07:34 PM 6,016 mstee.sys
04/10/2009 11:32 PM 48,104 mup.sys
04/10/2009 11:32 PM 527,848 ndis.sys
01/20/2008 07:34 PM 20,992 ndistapi.sys
01/20/2008 07:34 PM 16,896 ndisuio.sys
04/10/2009 09:46 PM 121,344 ndiswan.sys
01/20/2008 07:34 PM 49,664 ndproxy.sys
01/20/2008 07:34 PM 35,840 netbios.sys
04/10/2009 09:45 PM 185,856 netbt.sys
04/10/2009 11:32 PM 223,208 netio.sys
11/02/2006 02:50 AM 45,160 nfrd960.sys
04/10/2009 09:14 PM 35,328 npfs.sys
01/20/2008 07:34 PM 16,384 nsiproxy.sys
04/10/2009 11:32 PM 1,083,880 ntfs.sys
11/02/2006 12:36 AM 20,608 ntrigdigi.sys
01/20/2008 07:33 PM 4,608 null.sys
01/20/2008 07:32 PM 102,968 nvraid.sys
01/20/2008 07:32 PM 45,112 nvstor.sys
01/20/2008 07:32 PM 109,112 NV_AGP.SYS
04/10/2009 09:43 PM 148,480 nwifi.sys
11/02/2006 01:55 AM 62,080 ohci1394.sys
04/10/2009 09:45 PM 72,192 pacer.sys
11/02/2006 01:51 AM 79,360 parport.sys
04/10/2009 11:32 PM 54,248 partmgr.sys
11/02/2006 01:51 AM 8,704 parvdm.sys
04/10/2009 11:32 PM 149,480 pci.sys
04/10/2009 11:32 PM 14,312 pciide.sys
04/10/2009 11:32 PM 43,496 pciidex.sys
11/02/2006 02:51 AM 167,528 pcmcia.sys
02/23/2010 12:17 PM 47,360 pcouffin.sys
11/02/2006 02:04 AM 878,080 PEAuth.sys
04/10/2009 09:42 PM 167,936 portcls.sys
01/20/2008 07:32 PM 40,960 processr.sys
11/14/2007 01:00 AM 43,840 pxhelp20.sys
01/20/2008 07:32 PM 1,122,360 ql2300.sys
11/02/2006 02:50 AM 106,088 ql40xx.sys
01/20/2008 07:32 PM 31,232 qwavedrv.sys
01/20/2008 07:34 PM 11,776 rasacd.sys
01/20/2008 07:34 PM 76,288 rasl2tp.sys
04/10/2009 09:46 PM 41,472 raspppoe.sys
01/20/2008 07:34 PM 62,976 raspptp.sys
04/10/2009 09:46 PM 69,120 rassstp.sys
04/10/2009 09:14 PM 225,280 rdbss.sys
01/20/2008 07:33 PM 6,144 RDPCDD.sys
01/20/2008 07:32 PM 248,832 rdpdr.sys
01/20/2008 07:34 PM 6,144 RDPENCDD.sys
04/10/2009 09:51 PM 180,736 rdpwd.sys
04/10/2009 09:45 PM 113,664 rmcast.sys
04/10/2009 09:46 PM 33,280 RNDISMP.sys
01/20/2008 07:34 PM 8,192 rootmdm.sys
01/20/2008 07:34 PM 60,416 rspndr.sys
01/24/2008 11:06 AM 2,054,872 RTKVHDA.sys
11/02/2006 02:50 AM 76,392 sbp2port.sys
01/20/2008 07:33 PM 142,904 scsiport.sys
11/01/2006 11:37 PM 20,480 secdrv.sys
11/02/2006 01:51 AM 17,920 serenum.sys
11/02/2006 01:51 AM 83,456 serial.sys
01/20/2008 07:32 PM 19,968 sermouse.sys
01/20/2008 07:32 PM 13,312 sffdisk.sys
01/20/2008 07:32 PM 12,288 sffp_mmc.sys
01/20/2008 07:32 PM 11,776 sffp_sd.sys
01/20/2008 07:32 PM 13,312 sfloppy.sys
01/20/2008 07:32 PM 55,864 SISAGP.SYS
01/20/2008 07:32 PM 41,016 sisraid2.sys
01/20/2008 07:32 PM 74,808 sisraid4.sys
02/23/2011 04:52 PM 16,184 SmartDefragDriver.sys
04/10/2009 09:45 PM 66,560 smb.sys
01/20/2008 07:34 PM 17,408 smclib.sys
01/20/2008 07:33 PM 21,048 spldr.sys
04/10/2009 07:52 PM 684,032 spsys.sys
12/11/2009 04:43 AM 302,080 srv.sys
09/14/2009 02:29 AM 144,896 srv2.sys
12/11/2009 04:43 AM 98,816 srvnet.sys
04/10/2009 11:32 PM 122,344 Storport.sys
04/10/2009 09:42 PM 52,992 stream.sys
01/20/2008 07:32 PM 15,288 swenum.sys
11/02/2006 02:50 AM 35,944 symc8xx.sys
11/02/2006 02:49 AM 31,848 sym_hi.sys
11/02/2006 02:50 AM 34,920 sym_u3.sys
12/07/2009 05:59 PM 61,328 SZKG.sys
05/12/2010 06:01 PM 59,280 SZKGFS.sys
01/20/2008 07:34 PM 24,576 tape.sys
12/08/2009 01:01 PM 904,776 tcpip.sys
12/08/2009 10:26 AM 30,720 tcpipreg.sys
01/20/2008 07:33 PM 20,992 tdi.sys
01/20/2008 07:33 PM 17,920 tdpipe.sys
01/20/2008 07:33 PM 29,184 tdtcp.sys
04/10/2009 09:45 PM 72,192 tdx.sys
04/10/2009 11:32 PM 53,224 termdd.sys
01/20/2008 07:34 PM 23,552 tssecsrv.sys
01/20/2008 07:34 PM 15,360 TUNMP.SYS
01/20/2008 07:34 PM 23,040 tunnel.sys
01/20/2008 07:32 PM 59,448 UAGP35.SYS
04/10/2009 09:13 PM 226,816 udfs.sys
01/20/2008 07:32 PM 60,984 ULIAGPKX.SYS
01/20/2008 07:32 PM 238,648 uliahci.sys
11/02/2006 02:50 AM 98,408 ulsata.sys
01/20/2008 07:32 PM 115,816 ulsata2.sys
01/20/2008 07:32 PM 34,816 umbus.sys
11/19/2009 10:14 AM UMDF
01/20/2008 07:33 PM 7,680 umpass.sys
04/10/2009 09:46 PM 15,872 usb8023.sys
12/14/2010 07:51 PM 41,984 usbaapl.sys
04/10/2009 09:42 PM 25,856 USBCAMD.sys
04/10/2009 09:42 PM 25,856 USBCAMD2.sys
01/20/2008 07:32 PM 73,216 usbccgp.sys
11/02/2006 01:55 AM 68,608 usbcir.sys
01/20/2008 07:32 PM 5,888 usbd.sys
04/10/2009 09:42 PM 39,936 usbehci.sys
04/10/2009 09:43 PM 196,096 usbhub.sys
05/07/2001 03:56 AM 19,805 usbio.sys
11/02/2006 01:55 AM 19,456 usbohci.sys
04/10/2009 09:42 PM 226,304 usbport.sys
01/20/2008 07:32 PM 18,944 usbprint.sys
04/10/2009 09:42 PM 65,536 USBSTOR.SYS
01/20/2008 07:32 PM 23,552 usbuhci.sys
01/20/2008 07:34 PM 25,088 vga.sys
01/20/2008 07:32 PM 26,112 vgapnp.sys
01/20/2008 07:32 PM 56,888 VIAAGP.SYS
01/20/2008 07:32 PM 41,472 viac7.sys
01/20/2008 07:32 PM 20,024 viaide.sys
01/20/2008 07:33 PM 110,080 videoprt.sys
01/20/2008 07:32 PM 52,792 volmgr.sys
04/10/2009 11:33 PM 292,840 volmgrx.sys
04/10/2009 11:32 PM 226,280 volsnap.sys
01/20/2008 07:32 PM 130,616 vsmraid.sys
11/02/2006 01:52 AM 20,608 wacompen.sys
01/20/2008 07:34 PM 62,464 wanarp.sys
04/10/2009 09:22 PM 33,280 watchdog.sys
01/20/2008 07:32 PM 22,072 wd.sys
07/14/2009 10:45 AM 445,008 Wdf01000.sys
07/14/2009 10:45 AM 38,480 WdfLdr.sys
01/20/2008 07:32 PM 11,264 wmiacpi.sys
01/20/2008 07:33 PM 17,976 wmilib.sys
01/20/2008 07:32 PM 39,936 WpdUsb.sys
01/20/2008 07:34 PM 15,872 ws2ifsl.sys
01/20/2008 07:34 PM 51,200 WUDFPf.sys
01/20/2008 07:34 PM 83,328 WUDFRd.sys
08/04/2006 05:39 PM 386,560 XAudio.exe
08/04/2006 05:39 PM 8,192 XAudio.sys
291 File(s) 38,492,299 bytes

Directory of C:\Windows\System32\Drivers\en-US

05/11/2010 08:02 AM .
05/11/2010 08:02 AM ..
11/02/2006 05:38 AM 9,728 acpi.sys.mui
11/02/2006 05:38 AM 8,704 afd.sys.mui
11/02/2006 05:39 AM 3,072 AGP440.sys.mui
11/02/2006 05:39 AM 3,072 AMDAGP.SYS.mui
11/02/2006 05:38 AM 2,560 amdide.sys.mui
11/02/2006 05:38 AM 14,848 amdk7.sys.mui
11/02/2006 05:38 AM 14,848 amdk8.sys.mui
11/02/2006 05:38 AM 3,072 ati2mpad.sys.mui
11/02/2006 05:39 AM 3,584 ati2mtag.sys.mui
11/02/2006 05:38 AM 3,072 atikmdag.sys.mui
01/20/2008 07:35 PM 5,120 b57nd60x.sys.mui
11/02/2006 05:38 AM 7,680 battc.sys.mui
11/02/2006 05:38 AM 5,120 bcm4sbxp.sys.mui
11/02/2006 05:38 AM 2,560 BrParwdm.sys.mui
11/02/2006 05:38 AM 10,240 BrSerId.sys.mui
11/02/2006 05:38 AM 5,120 bthpan.sys.mui
04/10/2009 11:22 PM 8,192 bthport.sys.mui
11/02/2006 05:39 AM 3,072 cmbp0wdm.sys.mui
11/02/2006 05:38 AM 14,848 crusoe.sys.mui
11/02/2006 05:39 AM 3,072 cxbp0wdm.sys.mui
11/02/2006 05:38 AM 3,072 Dot4usb.sys.mui
10/08/2009 04:12 PM 4,096 dxgkrnl.sys.mui
11/02/2006 05:38 AM 5,120 e100b325.sys.mui
01/20/2008 07:35 PM 19,968 e1e6032.sys.mui
01/20/2008 07:35 PM 16,896 E1G60I32.sys.mui
11/02/2006 05:38 AM 5,120 fltmgr.sys.mui
11/02/2006 05:38 AM 3,072 GAGP30KX.SYS.mui
11/02/2006 05:39 AM 3,584 gpr400.sys.mui
11/02/2006 05:39 AM 4,096 grserial.sys.mui
04/10/2009 11:24 PM 4,096 hdaudbus.sys.mui
11/02/2006 05:38 AM 3,584 hidbth.sys.mui
11/03/2009 02:46 PM 36,864 http.sys.mui
11/02/2006 05:38 AM 10,752 i8042prt.sys.mui
11/02/2006 05:38 AM 14,848 intelppm.sys.mui
11/02/2006 05:38 AM 6,144 IPMIDrv.sys.mui
11/02/2006 05:38 AM 4,096 ipnat.sys.mui
11/02/2006 05:39 AM 4,096 isapnp.sys.mui
11/02/2006 05:38 AM 4,608 kbdclass.sys.mui
11/02/2006 05:38 AM 3,072 kbdhid.sys.mui
11/02/2006 05:38 AM 9,728 ltmdmnt.sys.mui
01/20/2008 07:35 PM 6,656 luafv.sys.mui
11/02/2006 05:38 AM 4,096 modem.sys.mui
11/02/2006 05:38 AM 4,608 mouclass.sys.mui
11/02/2006 05:38 AM 3,072 mouhid.sys.mui
01/20/2008 07:35 PM 20,480 mpio.sys.mui
11/02/2006 05:38 AM 4,096 msdsm.sys.mui
11/02/2006 05:39 AM 3,584 mssmbios.sys.mui
11/02/2006 05:38 AM 65,536 ntfs.sys.mui
11/02/2006 05:38 AM 4,096 ntrigdigi.sys.mui
11/02/2006 05:39 AM 5,120 nv4_mini.sys.mui
11/02/2006 05:39 AM 3,072 NV_AGP.SYS.mui
11/02/2006 05:38 AM 12,288 ohci1394.sys.mui
11/02/2006 05:38 AM 3,584 pacer.sys.mui
11/02/2006 05:38 AM 4,096 parport.sys.mui
11/02/2006 05:38 AM 3,072 parvdm.sys.mui
11/02/2006 05:39 AM 8,704 pci.sys.mui
11/02/2006 05:38 AM 4,608 pcmcia.sys.mui
11/02/2006 05:39 AM 3,072 pnpmem.sys.mui
11/02/2006 05:38 AM 14,848 processr.sys.mui
11/02/2006 05:39 AM 4,096 pscr.sys.mui
11/02/2006 05:39 AM 3,072 qwavedrv.sys.mui
11/02/2006 05:38 AM 3,584 RNDISMP.sys.mui
11/02/2006 05:39 AM 3,584 rndismpx.sys.mui
11/02/2006 05:39 AM 4,096 scmstcs.sys.mui
11/02/2006 05:39 AM 4,096 SCR111.sys.mui
11/02/2006 05:39 AM 3,584 scsiport.sys.mui
11/02/2006 05:38 AM 10,752 serial.sys.mui
11/02/2006 05:38 AM 5,632 sermouse.sys.mui
11/02/2006 05:38 AM 3,072 serscan.sys.mui
11/02/2006 05:39 AM 3,072 SISAGP.SYS.mui
11/02/2006 05:38 AM 3,072 srv.sys.mui
11/02/2006 05:39 AM 3,072 stcusb.sys.mui
01/20/2008 07:35 PM 5,120 tpm.sys.mui
11/02/2006 05:38 AM 3,072 UAGP35.SYS.mui
11/02/2006 05:39 AM 3,072 ULIAGPKX.SYS.mui
11/02/2006 05:38 AM 3,584 umbus.sys.mui
11/02/2006 05:39 AM 3,072 VIAAGP.SYS.mui
11/02/2006 05:38 AM 14,848 viac7.sys.mui
01/20/2008 07:35 PM 32,768 volsnap.sys.mui
11/02/2006 05:39 AM 4,608 wacompen.sys.mui
11/02/2006 05:38 AM 2,560 wd.sys.mui
07/14/2009 10:52 AM 2,560 wdf01000.sys.mui
11/02/2006 05:38 AM 5,632 yk60x86.sys.mui
83 File(s) 612,864 bytes

Directory of C:\Windows\System32\Drivers\etc

08/12/2011 12:18 AM .
08/12/2011 12:18 AM ..
08/12/2011 12:18 AM 27 hosts
09/18/2006 02:41 PM 3,683 lmhosts.sam
09/18/2006 02:41 PM 407 networks
09/18/2006 02:41 PM 1,358 protocol
09/18/2006 02:41 PM 17,244 services
5 File(s) 22,719 bytes

Directory of C:\Windows\System32\Drivers\UMDF

11/19/2009 10:14 AM .
11/19/2009 10:14 AM ..
11/19/2009 10:13 AM en-US
09/30/2009 06:01 PM 227,840 WpdFs.dll
04/10/2009 11:28 PM 664,576 WpdMtpDr.dll
2 File(s) 892,416 bytes

Directory of C:\Windows\System32\Drivers\UMDF\en-US

11/19/2009 10:13 AM .
11/19/2009 10:13 AM ..
09/30/2009 06:08 PM 3,072 wpdmtpdr.dll.mui
1 File(s) 3,072 bytes

Total Files Listed:
382 File(s) 40,023,370 bytes
14 Dir(s) 93,716,373,504 bytes free


***********************Hidden Drivers********************
Volume in drive C is OS
Volume Serial Number is FAD5-45CE

Directory of C:\Windows\System32\Drivers

05/11/2010 03:54 AM 0

MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
11/10/2009 04:40 AM 0

Msft_Kernel_LHidFilt_01005.Wdf
11/10/2009 04:40 AM 0

Msft_Kernel_LMouFilt_01005.Wdf
11/10/2009 04:40 AM 0

Msft_Kernel_LUsbFilt_01005.Wdf
05/11/2010 03:54 AM 0

Msft_Kernel_nnfwdk_01009.Wdf
11/09/2009 09:27 PM 0

Msft_User_WpdFs_01_00_00.Wdf
11/19/2009 10:12 AM 0

Msft_User_WpdFs_01_07_00.Wdf
08/22/2009 04:14 PM 0

Msft_User_WpdMtpDr_01_00_00.Wdf
8 File(s) 0 bytes
0 Dir(s) 93,716,381,696 bytes free


*********************Processes*******************


PROCESS PID PRIO PATH
smss.exe 348 Normal C:\Windows\System32

\smss.exe
csrss.exe 416 Normal C:\Windows\system32

\csrss.exe
csrss.exe 452 Normal C:\Windows\system32

\csrss.exe
wininit.exe 460 High C:\Windows\system32

\wininit.exe
winlogon.exe 488 High C:\Windows\system32

\winlogon.exe
services.exe 536 Normal C:\Windows\system32

\services.exe
lsass.exe 548 Normal C:\Windows\system32

\lsass.exe
lsm.exe 556 Normal C:\Windows\system32\lsm.exe
svchost.exe 712 Normal C:\Windows\system32

\svchost.exe
svchost.exe 772 Normal C:\Windows\system32

\svchost.exe
svchost.exe 860 Normal C:\Windows\System32

\svchost.exe
svchost.exe 884 Normal C:\Windows\system32

\svchost.exe
svchost.exe 908 Normal C:\Windows\System32

\svchost.exe
svchost.exe 956 Normal C:\Windows\system32

\svchost.exe
svchost.exe 976 Normal C:\Windows\system32

\svchost.exe
svchost.exe 1052 Normal C:\Windows\system32

\svchost.exe
svchost.exe 1232 Normal C:\Windows\system32

\svchost.exe
Explorer.EXE 1600 Normal C:\Windows\Explorer.EXE
unsecapp.exe 404 Normal C:\Windows\system32

\wbem\unsecapp.exe
wmiprvse.exe 984 Normal C:\Windows\system32

\wbem\wmiprvse.exe
cmd.exe 1648 Normal C:\Windows\system32\cmd.exe
processes.exe 220 Normal

C:\Users\dummy\Desktop\SpiderKill\SpiderKill\processes.exe


*********************Modules of explorer.exe and

svchost.exe*******************
Module information for 'Explorer.EXE'(1600)
MODULE BASE SIZE PATH
Explorer.EXE 510000 2936832 C:\Windows\Explorer.EXE

6.0.6000.16386 (vista_rtm.061101-2205) Windows

Explorer
ntdll.dll 77170000 1208320 C:\Windows\system32

\ntdll.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) NT Layer DLL
kernel32.dll 77090000 901120 C:\Windows\system32

\kernel32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows NT BASE API Client DLL
ADVAPI32.dll 75c60000 811008 C:\Windows\system32

\ADVAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Advanced Windows 32 Base API
RPCRT4.dll 76010000 798720 C:\Windows\system32

\RPCRT4.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Remote Procedure Call Runtime
GDI32.dll 77040000 307200 C:\Windows\system32

\GDI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

GDI Client DLL
USER32.dll 75d30000 643072 C:\Windows\system32

\USER32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Multi-User Windows USER API Client DLL
msvcrt.dll 762d0000 696320 C:\Windows\system32

\msvcrt.dll 7.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows NT CRT DLL
SHLWAPI.dll 77360000 364544 C:\Windows\system32

\SHLWAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Shell Light-weight Utility Library
SHELL32.dll 764b0000 11599872 C:\Windows\system32

\SHELL32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Shell Common Dll
ole32.dll 75a30000 1331200 C:\Windows\system32

\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft OLE for Windows
OLEAUT32.dll 75e80000 577536 C:\Windows\system32

\OLEAUT32.dll 6.0.6002.18005 6.0.6002.18005
SHDOCVW.dll 73850000 1081344 C:\Windows\system32

\SHDOCVW.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Shell Doc Object and Control Library
UxTheme.dll 74b30000 258048 C:\Windows\system32

\UxTheme.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft UxTheme Library
POWRPROF.dll 74f30000 106496 C:\Windows\system32

\POWRPROF.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Power Profile Helper DLL
dwmapi.dll 73f20000 49152 C:\Windows\system32

\dwmapi.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Microsoft Desktop Window Manager API
gdiplus.dll 741e0000 1748992

C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf

1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll

5.2.6002.18005 (lh_sp2rtm.090410-1830) Microsoft GDI+
slc.dll 75290000 237568 C:\Windows\system32\slc.dll

6.0.6002.18005 (lh_sp2rtm.090410-1830) Software

Licensing Client Dll
PROPSYS.dll 74120000 765952 C:\Windows\system32

\PROPSYS.dll 7.00.6002.18005 (lh_sp2rtm.090410-

1830) Microsoft Property System
BROWSEUI.dll 73700000 1335296 C:\Windows\system32

\BROWSEUI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Shell Browser UI Library
IMM32.dll 75f10000 122880 C:\Windows\system32

\IMM32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Multi-User Windows IMM32 API Client DLL
MSCTF.dll 75b90000 819200 C:\Windows\system32

\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205)

MSCTF Server DLL
DUser.dll 74aa0000 196608 C:\Windows\system32

\DUser.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows DirectUser Engine
LPK.DLL 75b80000 36864 C:\Windows\system32\LPK.DLL

6.0.6002.18051 (vistasp2_gdr.090615-0258)

Language Pack
USP10.dll 76fc0000 512000 C:\Windows\system32

\USP10.dll 1.0626.6002.18005 (lh_sp2rtm.090410-

1830) Uniscribe Unicode script processor
comctl32.dll 74830000 1695744

C:\Windows\WinSxS\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de

0\comctl32.dll 5.82 (longhorn_rtm.080118-1840) Common

Controls Library
WindowsCodecs.dll 73600000 999424 C:\Windows\system32

\WindowsCodecs.dll 7.0.6002.18107

(vistasp2_gdr_win7ip_dgt(wmbla).090924-1550) Microsoft

Windows Codecs Library
apphelp.dll 73bb0000 180224 C:\Windows\system32

\apphelp.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Application Compatibility Client Library
CLBCatQ.DLL 772d0000 540672 C:\Windows\system32

\CLBCatQ.DLL 2001.12.6931.18000

(longhorn_rtm.080118-1840) COM+ Configuration Catalog
EhStorShell.dll 73580000 126976 C:\Windows\system32

\EhStorShell.dll 5.2.3790.1830 Windows Enhanced

Storage Shell Extension
IconCodecService.dll 735e0000 24576 C:\Windows\system32

\IconCodecService.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Converts a PNG part of the icon to a legacy bmp icon
rsaenh.dll 74e70000 241664 C:\Windows\system32

\rsaenh.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Microsoft Enhanced Cryptographic Provider
timedate.cpl 733c0000 729088 C:\Windows\system32

\timedate.cpl 6.0.6001.18000 (longhorn_rtm.080118-

1840) Time Date Control Panel Applet
ATL.DLL 74b10000 81920 C:\Windows\system32\ATL.DLL

3.05.2284 ATL Module for Windows XP

(Unicode)
NETAPI32.dll 75520000 483328 C:\Windows\system32

\NETAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Net Win32 API DLL
PSAPI.DLL 759d0000 28672 C:\Windows\system32

\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Process Status Helper
OLEACC.dll 73f80000 249856 C:\Windows\system32

\OLEACC.dll 7.0.6002.18155

(vistasp2_gdr_win7ip_uia(wmbla).091008-1406) Active

Accessibility Core Component
WINBRAND.dll 74d90000 880640 C:\Windows\system32

\WINBRAND.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Branding Resources
USERENV.dll 75890000 122880 C:\Windows\system32

\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Userenv
Secur32.dll 75870000 81920 C:\Windows\system32

\Secur32.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) Security Support Provider Interface
shacct.dll 74390000 90112 C:\Windows\System32

\shacct.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Shell Accounts Classes
SAMLIB.dll 75490000 69632 C:\Windows\System32

\SAMLIB.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

SAM Library DLL
msshsq.dll 73350000 245760 C:\Windows\System32

\msshsq.dll 7.00.6002.18005 (lh_sp2rtm.090410-

1830) Structured Query
NaturalLanguage6.dll 731b0000 815104 C:\Windows\System32

\NaturalLanguage6.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Natural Language Development Platform 6
CRYPT32.dll 752f0000 991232 C:\Windows\System32

\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Crypto API32
MSASN1.dll 75470000 73728 C:\Windows\System32

\MSASN1.dll 6.0.6002.18106 (vistasp2_gdr.090903-

2340) ASN.1 Runtime APIs
NLSData0009.dll 72790000 4886528 C:\Windows\System32

\NLSData0009.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Microsoft English Natural Language Server Data and Code
NLSLexicons0009.dll 72500000 2650112 C:\Windows\System32

\NLSLexicons0009.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Microsoft English Natural Language Server Data and Code
authui.dll 74540000 1998848 C:\Windows\system32

\authui.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Authentication UI
MSIMG32.dll 74d00000 20480 C:\Windows\system32

\MSIMG32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

GDIEXT Client DLL
LINKINFO.dll 749d0000 36864 C:\Windows\system32

\LINKINFO.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Volume Tracking
ieframe.dll 71f30000 6094848 C:\Windows\system32

\ieframe.dll 7.00.6000.16386 (vista_rtm.061101-

2205) Internet Explorer
iertutil.dll 759e0000 282624 C:\Windows\system32

\iertutil.dll 7.00.6002.18005 (lh_sp2rtm.090410-

1830) Run time utility for Internet Explorer
WININET.dll 75f30000 856064 C:\Windows\system32

\WININET.dll 7.00.6000.16386 (vista_rtm.061101-

2205) Internet Extensions for Win32
Normaliz.dll 773c0000 12288 C:\Windows\system32

\Normaliz.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Unicode Normalization DLL
WINMM.dll 73fc0000 204800 C:\Windows\system32

\WINMM.dll 6.0.6000.16386 (vista_rtm.061101-2205)

MCI API DLL
wdmaud.drv 73320000 192512 C:\Windows\system32

\wdmaud.drv 6.0.6000.16386 (vista_rtm.061101-2205)

Winmm audio system driver
ksuser.dll 740f0000 16384 C:\Windows\system32

\ksuser.dll 6.0.6000.16386 (vista_rtm.061101-2205)

User CSA Library
MMDevAPI.DLL 732f0000 163840 C:\Windows\system32

\MMDevAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

MMDevice API
AVRT.dll 74500000 28672 C:\Windows\system32

\AVRT.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Multimedia Realtime Runtime
ExplorerFrame.dll 744f0000 36864 C:\Windows\system32

\ExplorerFrame.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

ExplorerFrame
urlmon.dll 76380000 1220608 C:\Windows\system32

\urlmon.dll 7.00.6001.18000 (longhorn_rtm.080118-

1840) OLE32 Extensions for Win32
stobject.dll 73050000 598016 C:\Windows\system32

\stobject.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Systray shell service object
BatMeter.dll 72f90000 745472 C:\Windows\system32

\BatMeter.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Battery Meter Helper DLL
SETUPAPI.dll 76140000 1613824 C:\Windows\system32

\SETUPAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Setup API
WTSAPI32.dll 74c00000 40960 C:\Windows\system32

\WTSAPI32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Terminal Server SDK APIs
WINSTA.dll 75840000 151552 C:\Windows\system32

\WINSTA.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Winstation Library
FunctionDiscoveryFolder.dll 71d20000 2146304

C:\Windows\system32\FunctionDiscoveryFolder.dll

6.0.6002.18005 (lh_sp2rtm.090410-1830) Function Discovery

Folder
bthprops.cpl 72ee0000 667648 C:\Windows\system32

\bthprops.cpl 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Bluetooth Control Panel Applet
NTMARTA.DLL 74d10000 135168 C:\Windows\system32

\NTMARTA.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Windows NT MARTA provider
WLDAP32.dll 760f0000 299008 C:\Windows\system32

\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Win32 LDAP API DLL
WS2_32.dll 772a0000 184320 C:\Windows\system32

\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Socket 2.0 32-Bit DLL
NSI.dll 760e0000 24576 C:\Windows\system32\NSI.dll

6.0.6001.18000 (longhorn_rtm.080118-1840) NSI

User-mode interface DLL
ntshrui.dll 732a0000 303104 C:\Windows\system32

\ntshrui.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Shell extensions for sharing
cscapi.dll 744e0000 45056 C:\Windows\system32

\cscapi.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Offline Files Win32 API
es.dll 73110000 286720 C:\Windows\system32\es.dll

2001.12.6932.18005 (lh_sp2rtm.090410-1830) COM+
SndVolSSO.dll 72e80000 196608 C:\Windows\System32

\SndVolSSO.dll 6.0.6000.16386 (vista_rtm.061101-2205)

SCA Volume
msiltcfg.dll 744d0000 28672 C:\Windows\system32

\msiltcfg.dll 4.0.6000.16386 (vista_rtm.061101-2205)

Windows Installer Configuration API Stub
VERSION.dll 751c0000 32768 C:\Windows\system32

\VERSION.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Version Checking and File Installation Libraries
msi.dll 72c50000 2256896 C:\Windows\system32\msi.dll

4.5.6002.18005 Windows Installer
netshell.dll 71620000 3190784 C:\Windows\System32

\netshell.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Network Connections Shell
IPHLPAPI.DLL 753f0000 102400 C:\Windows\System32

\IPHLPAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

IP Helper API
dhcpcsvc.DLL 75210000 217088 C:\Windows\System32

\dhcpcsvc.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCP Client Service
DNSAPI.dll 754b0000 180224 C:\Windows\System32

\DNSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

DNS Client API DLL
WINNSI.DLL 752e0000 28672 C:\Windows\System32

\WINNSI.DLL 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Store Information RPC interface
dhcpcsvc6.DLL 751e0000 139264 C:\Windows\System32

\dhcpcsvc6.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCPv6 Client
nlaapi.dll 74c10000 61440 C:\Windows\System32

\nlaapi.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Location Awareness 2
pnidui.dll 71a80000 1830912 C:\Windows\system32

\pnidui.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Network System Icon
QUtil.dll 73280000 94208 C:\Windows\system32

\QUtil.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Quarantine Utilities
wevtapi.dll 75250000 262144 C:\Windows\system32

\wevtapi.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Eventing Consumption and Configuration API
wlanutil.dll 744c0000 24576 C:\Windows\system32

\wlanutil.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Wireless LAN 802.11 Utility DLL
igfxsrvc.dll 2f60000 69632 C:\Windows\system32

\igfxsrvc.dll 7.14.10.1437 igfxsrvc Module
WINTRUST.dll 74a00000 184320 C:\Windows\system32

\WINTRUST.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Microsoft Trust Verification APIs
imagehlp.dll 75e50000 167936 C:\Windows\system32

\imagehlp.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows NT Image Helper
npmproxy.dll 73ee0000 32768 C:\Windows\System32

\npmproxy.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Network List Manager Proxy
Wlanapi.dll 710c0000 73728 C:\Windows\system32

\Wlanapi.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows WLAN AutoConfig Client Side API DLL
OneX.DLL 708d0000 1556480 C:\Windows\system32

\OneX.DLL 6.0.6001.18000 (longhorn_rtm.080118-

1840) IEEE 802.1X supplicant library
eappprxy.dll 73980000 57344 C:\Windows\system32

\eappprxy.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Microsoft EAPHost Peer Client DLL
eappcfg.dll 71090000 147456 C:\Windows\system32

\eappcfg.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Eap Peer Config
bcrypt.dll 750f0000 282624 C:\Windows\system32

\bcrypt.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows Cryptographic Primitives Library
AltTab.dll 735f0000 53248 C:\Windows\System32

\AltTab.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Shell Alt Tab
wpdshserviceobj.dll 70fe0000 102400 C:\Windows\system32

\wpdshserviceobj.dll 6.0.6002.18112

(vistasp2_gdr_win7ip_wpd(wmbla).090930-1800) Windows Portable

Device Shell Service Object
PortableDeviceTypes.dll 708a0000 176128

C:\Windows\system32\PortableDeviceTypes.dll 6.0.6002.18112

(vistasp2_gdr_win7ip_wpd(wmbla).090930-1800) Windows Portable

Device (Parameter) Types Component
PortableDeviceApi.dll 70760000 352256 C:\Windows\system32

\PortableDeviceApi.dll 6.0.6002.18112

(vistasp2_gdr_win7ip_wpd(wmbla).090930-1800) Windows Portable

Device API Components
SXS.DLL 75780000 389120 C:\Windows\system32\SXS.DLL

6.0.6000.16386 (vista_rtm.061101-2205) Fusion

2.5
taskschd.dll 706c0000 368640 C:\Windows\system32

\taskschd.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Task Scheduler COM API
XmlLite.dll 74510000 192512 C:\Windows\system32

\XmlLite.dll 1.2.1009.0 Microsoft XmlLite

Library
mstask.dll 70680000 212992 C:\Windows\System32

\mstask.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Task Scheduler interface DLL
NTDSAPI.dll 75450000 98304 C:\Windows\System32

\NTDSAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Active Directory Domain Services API
COMDLG32.dll 75dd0000 471040 C:\Windows\system32

\COMDLG32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Common Dialogs DLL
srchadmin.dll 70570000 315392 C:\Windows\System32

\srchadmin.dll 7.00.6002.18005 (lh_sp2rtm.090410-

1830) Indexing Options
webcheck.dll 70640000 245760 C:\Windows\system32

\webcheck.dll 7.00.6000.16386 (vista_rtm.061101-

2205) Web Site Monitor
SyncCenter.dll 6fef0000 2211840 C:\Windows\System32

\SyncCenter.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft Sync Center
QAgent.dll 70840000 188416 C:\Windows\System32

\QAgent.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Quarantine Agent Proxy
fwpuclnt.dll 743b0000 614400 C:\Windows\System32

\fwpuclnt.dll 6.0.6000.16386 (vista_rtm.061101-2205)

FWP/IPsec User-Mode API
imapi2.dll 704b0000 393216 C:\Windows\system32

\imapi2.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Image Mastering API v2
wbemprox.dll 71930000 45056 C:\Windows\system32

\wbem\wbemprox.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

WMI
wbemcomn.dll 73be0000 372736 C:\Windows\system32

\wbemcomn.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) WMI
wbemsvc.dll 71080000 65536 C:\Windows\system32

\wbem\wbemsvc.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

WMI
fastprox.dll 70130000 626688 C:\Windows\system32

\wbem\fastprox.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

WMI Custom Marshaller
MLANG.dll 71580000 196608 C:\Windows\system32

\MLANG.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Multi Language Support DLL
actxprxy.dll 734c0000 339968 C:\Windows\System32

\actxprxy.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) ActiveX Interface Marshaling Library
UnlockerCOM.dll 10000000 28672 C:\Program

Files\Unlocker\UnlockerCOM.dll
mbamext.dll 739b0000 94208 C:\Program

Files\Malwarebytes' Anti-Malware\mbamext.dll 1.50.1.0000

Malwarebytes' Anti-Malware
SASCTXMN.DLL 26c0000 61440 C:\Program

Files\SUPERAntiSpyware\SASCTXMN.DLL 1, 0, 0, 1004

SUPERAntiSpyware Context Menu Extension
IS360Ext.dll 26d0000 36864 C:\Program

Files\IObit\IObit Security 360\IS360Ext.dll 1, 0, 1, 0

IS360Ext
syncui.dll 73550000 188416 C:\Windows\system32

\syncui.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Briefcase
SYNCENG.dll 739d0000 90112 C:\Windows\system32

\SYNCENG.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Briefcase Engine
ASCv4ExtMenu.dll 28a0000 143360 C:\Program

Files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll 1, 0, 1,

1 ASCv4ExtMenu Module
7-zip.dll 2c90000 81920 C:\Program Files\7-Zip\7-

zip.dll 4.65 7-Zip Shell Extension
MPR.dll 75430000 81920 C:\Windows\system32\MPR.dll

6.0.6000.16386 (vista_rtm.061101-2205) Multiple

Provider Router DLL
ntlanman.dll 715c0000 77824 C:\Windows\System32

\ntlanman.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft® Lan Manager
drprov.dll 72c40000 32768 C:\Windows\System32

\drprov.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft Terminal Server Network Provider
davclnt.dll 71560000 73728 C:\Windows\System32

\davclnt.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Web DAV Client DLL
zipfldr.dll 71190000 356352 C:\Windows\system32

\zipfldr.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Compressed (zipped) Folders
thumbcache.dll 71370000 90112 C:\Windows\system32

\thumbcache.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft Thumbnail Cache

Module information for 'svchost.exe'(712)
MODULE BASE SIZE PATH
svchost.exe 120000 32768 C:\Windows\system32

\svchost.exe 6.0.6000.16386 (vista_rtm.061101-2205)

Host Process for Windows Services
ntdll.dll 77170000 1208320 C:\Windows\system32

\ntdll.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) NT Layer DLL
kernel32.dll 77090000 901120 C:\Windows\system32

\kernel32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows NT BASE API Client DLL
msvcrt.dll 762d0000 696320 C:\Windows\system32

\msvcrt.dll 7.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows NT CRT DLL
ADVAPI32.dll 75c60000 811008 C:\Windows\system32

\ADVAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Advanced Windows 32 Base API
RPCRT4.dll 76010000 798720 C:\Windows\system32

\RPCRT4.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Remote Procedure Call Runtime
umpnpmgr.dll 74c90000 233472 c:\windows\system32

\umpnpmgr.dll 6.0.6000.16386 (vista_rtm.061101-2205)

User-mode Plug-and-Play Service
USER32.dll 75d30000 643072 C:\Windows\system32

\USER32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Multi-User Windows USER API Client DLL
GDI32.dll 77040000 307200 C:\Windows\system32

\GDI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

GDI Client DLL
USERENV.dll 75890000 122880 c:\windows\system32

\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Userenv
Secur32.dll 75870000 81920 c:\windows\system32

\Secur32.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) Security Support Provider Interface
IMM32.DLL 75f10000 122880 C:\Windows\system32

\IMM32.DLL 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Multi-User Windows IMM32 API Client DLL
MSCTF.dll 75b90000 819200 C:\Windows\system32

\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205)

MSCTF Server DLL
LPK.DLL 75b80000 36864 C:\Windows\system32\LPK.DLL

6.0.6002.18051 (vistasp2_gdr.090615-0258)

Language Pack
USP10.dll 76fc0000 512000 C:\Windows\system32

\USP10.dll 1.0626.6002.18005 (lh_sp2rtm.090410-

1830) Uniscribe Unicode script processor
POWRPROF.dll 74f30000 106496 C:\Windows\system32

\POWRPROF.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Power Profile Helper DLL
GPAPI.dll 74d70000 86016 C:\Windows\system32

\GPAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Group Policy Client API
slc.dll 75290000 237568 C:\Windows\system32\slc.dll

6.0.6002.18005 (lh_sp2rtm.090410-1830) Software

Licensing Client Dll
rpcss.dll 74b70000 565248 c:\windows\system32

\rpcss.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Distributed COM Services
WS2_32.dll 772a0000 184320 C:\Windows\system32

\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Socket 2.0 32-Bit DLL
NSI.dll 760e0000 24576 C:\Windows\system32\NSI.dll

6.0.6001.18000 (longhorn_rtm.080118-1840) NSI

User-mode interface DLL
FirewallAPI.dll 74c20000 417792 c:\windows\system32

\FirewallAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Firewall API
OLEAUT32.dll 75e80000 577536 C:\Windows\system32

\OLEAUT32.dll 6.0.6002.18005 6.0.6002.18005
ole32.dll 75a30000 1331200 C:\Windows\system32

\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft OLE for Windows
VERSION.dll 751c0000 32768 c:\windows\system32

\VERSION.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Version Checking and File Installation Libraries
CRYPT32.dll 752f0000 991232 C:\Windows\system32

\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Crypto API32
MSASN1.dll 75470000 73728 C:\Windows\system32

\MSASN1.dll 6.0.6002.18106 (vistasp2_gdr.090903-

2340) ASN.1 Runtime APIs
credssp.dll 751d0000 28672 C:\Windows\system32

\credssp.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) TS Single Sign On Security Package
schannel.dll 74ee0000 282624 C:\Windows\system32

\schannel.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) TLS / SSL Security Provider
NETAPI32.dll 75520000 483328 C:\Windows\system32

\NETAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Net Win32 API DLL
PSAPI.DLL 759d0000 28672 C:\Windows\system32

\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Process Status Helper
SETUPAPI.dll 76140000 1613824 C:\Windows\system32

\SETUPAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Setup API
CLBCatQ.DLL 772d0000 540672 C:\Windows\system32

\CLBCatQ.DLL 2001.12.6931.18000

(longhorn_rtm.080118-1840) COM+ Configuration Catalog
Cabinet.dll 73c80000 86016 C:\Windows\system32

\Cabinet.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Microsoft® Cabinet File API
WINSTA.dll 75840000 151552 C:\Windows\system32

\WINSTA.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Winstation Library
NTMARTA.DLL 74d10000 135168 C:\Windows\system32

\NTMARTA.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Windows NT MARTA provider
WLDAP32.dll 760f0000 299008 C:\Windows\system32

\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Win32 LDAP API DLL
SAMLIB.dll 75490000 69632 C:\Windows\system32

\SAMLIB.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

SAM Library DLL
WTSAPI32.dll 74c00000 40960 C:\Windows\system32

\WTSAPI32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Terminal Server SDK APIs
Module information for 'svchost.exe'(772)
MODULE BASE SIZE PATH
svchost.exe 120000 32768 C:\Windows\system32

\svchost.exe 6.0.6000.16386 (vista_rtm.061101-2205)

Host Process for Windows Services
ntdll.dll 77170000 1208320 C:\Windows\system32

\ntdll.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) NT Layer DLL
kernel32.dll 77090000 901120 C:\Windows\system32

\kernel32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows NT BASE API Client DLL
msvcrt.dll 762d0000 696320 C:\Windows\system32

\msvcrt.dll 7.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows NT CRT DLL
ADVAPI32.dll 75c60000 811008 C:\Windows\system32

\ADVAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Advanced Windows 32 Base API
RPCRT4.dll 76010000 798720 C:\Windows\system32

\RPCRT4.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Remote Procedure Call Runtime
rpcss.dll 74b70000 565248 c:\windows\system32

\rpcss.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Distributed COM Services
WS2_32.dll 772a0000 184320 C:\Windows\system32

\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Socket 2.0 32-Bit DLL
NSI.dll 760e0000 24576 C:\Windows\system32\NSI.dll

6.0.6001.18000 (longhorn_rtm.080118-1840) NSI

User-mode interface DLL
Secur32.dll 75870000 81920 c:\windows\system32

\Secur32.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) Security Support Provider Interface
FirewallAPI.dll 74c20000 417792 c:\windows\system32

\FirewallAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Firewall API
USER32.dll 75d30000 643072 C:\Windows\system32

\USER32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Multi-User Windows USER API Client DLL
GDI32.dll 77040000 307200 C:\Windows\system32

\GDI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

GDI Client DLL
OLEAUT32.dll 75e80000 577536 C:\Windows\system32

\OLEAUT32.dll 6.0.6002.18005 6.0.6002.18005
ole32.dll 75a30000 1331200 C:\Windows\system32

\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft OLE for Windows
VERSION.dll 751c0000 32768 c:\windows\system32

\VERSION.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Version Checking and File Installation Libraries
IMM32.DLL 75f10000 122880 C:\Windows\system32

\IMM32.DLL 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Multi-User Windows IMM32 API Client DLL
MSCTF.dll 75b90000 819200 C:\Windows\system32

\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205)

MSCTF Server DLL
LPK.DLL 75b80000 36864 C:\Windows\system32\LPK.DLL

6.0.6002.18051 (vistasp2_gdr.090615-0258)

Language Pack
USP10.dll 76fc0000 512000 C:\Windows\system32

\USP10.dll 1.0626.6002.18005 (lh_sp2rtm.090410-

1830) Uniscribe Unicode script processor
CRYPT32.dll 752f0000 991232 C:\Windows\system32

\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Crypto API32
MSASN1.dll 75470000 73728 C:\Windows\system32

\MSASN1.dll 6.0.6002.18106 (vistasp2_gdr.090903-

2340) ASN.1 Runtime APIs
USERENV.dll 75890000 122880 C:\Windows\system32

\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Userenv
credssp.dll 751d0000 28672 C:\Windows\system32

\credssp.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) TS Single Sign On Security Package
schannel.dll 74ee0000 282624 C:\Windows\system32

\schannel.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) TLS / SSL Security Provider
NETAPI32.dll 75520000 483328 C:\Windows\system32

\NETAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Net Win32 API DLL
PSAPI.DLL 759d0000 28672 C:\Windows\system32

\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Process Status Helper
rsaenh.dll 74e70000 241664 C:\Windows\system32

\rsaenh.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Microsoft Enhanced Cryptographic Provider
wpclsp.dll 74cd0000 81920 C:\Windows\system32

\wpclsp.dll 1.0.0.1 WPC LSP
SHELL32.dll 764b0000 11599872 C:\Windows\system32

\SHELL32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Shell Common Dll
SHLWAPI.dll 77360000 364544 C:\Windows\system32

\SHLWAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Shell Light-weight Utility Library
comctl32.dll 74830000 1695744

C:\Windows\WinSxS\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de

0\comctl32.dll 5.82 (longhorn_rtm.080118-1840) Common

Controls Library
mswsock.dll 74ff0000 241664 C:\Windows\system32

\mswsock.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft Windows Sockets 2.0 Service Provider
wshtcpip.dll 74cf0000 20480 C:\Windows\System32

\wshtcpip.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Winsock2 Helper DLL (TL/IPv4)
wship6.dll 751a0000 20480 C:\Windows\System32

\wship6.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Winsock2 Helper DLL (TL/IPv6)
fwpuclnt.dll 743b0000 614400 C:\Windows\system32

\fwpuclnt.dll 6.0.6000.16386 (vista_rtm.061101-2205)

FWP/IPsec User-Mode API
CLBCatQ.DLL 772d0000 540672 C:\Windows\system32

\CLBCatQ.DLL 2001.12.6931.18000

(longhorn_rtm.080118-1840) COM+ Configuration Catalog
Module information for 'svchost.exe'(860)
MODULE BASE SIZE PATH
svchost.exe 120000 32768 C:\Windows\System32

\svchost.exe 6.0.6000.16386 (vista_rtm.061101-2205)

Host Process for Windows Services
ntdll.dll 77170000 1208320 C:\Windows\system32

\ntdll.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) NT Layer DLL
kernel32.dll 77090000 901120 C:\Windows\system32

\kernel32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows NT BASE API Client DLL
msvcrt.dll 762d0000 696320 C:\Windows\system32

\msvcrt.dll 7.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows NT CRT DLL
ADVAPI32.dll 75c60000 811008 C:\Windows\system32

\ADVAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Advanced Windows 32 Base API
RPCRT4.dll 76010000 798720 C:\Windows\system32

\RPCRT4.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Remote Procedure Call Runtime
wevtsvc.dll 74730000 1032192 c:\windows\system32

\wevtsvc.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Event Logging Service
USERENV.dll 75890000 122880 c:\windows\system32

\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Userenv
Secur32.dll 75870000 81920 c:\windows\system32

\Secur32.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) Security Support Provider Interface
USER32.dll 75d30000 643072 C:\Windows\system32

\USER32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Multi-User Windows USER API Client DLL
GDI32.dll 77040000 307200 C:\Windows\system32

\GDI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

GDI Client DLL
VERSION.dll 751c0000 32768 c:\windows\system32

\VERSION.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Version Checking and File Installation Libraries
GPAPI.dll 74d70000 86016 c:\windows\system32

\GPAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Group Policy Client API
slc.dll 75290000 237568 c:\windows\system32\slc.dll

6.0.6002.18005 (lh_sp2rtm.090410-1830) Software

Licensing Client Dll
IMM32.DLL 75f10000 122880 C:\Windows\system32

\IMM32.DLL 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Multi-User Windows IMM32 API Client DLL
MSCTF.dll 75b90000 819200 C:\Windows\system32

\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205)

MSCTF Server DLL
LPK.DLL 75b80000 36864 C:\Windows\system32\LPK.DLL

6.0.6002.18051 (vistasp2_gdr.090615-0258)

Language Pack
USP10.dll 76fc0000 512000 C:\Windows\system32

\USP10.dll 1.0626.6002.18005 (lh_sp2rtm.090410-

1830) Uniscribe Unicode script processor
CRYPT32.dll 752f0000 991232 C:\Windows\System32

\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Crypto API32
MSASN1.dll 75470000 73728 C:\Windows\System32

\MSASN1.dll 6.0.6002.18106 (vistasp2_gdr.090903-

2340) ASN.1 Runtime APIs
credssp.dll 751d0000 28672 C:\Windows\System32

\credssp.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) TS Single Sign On Security Package
schannel.dll 74ee0000 282624 C:\Windows\system32

\schannel.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) TLS / SSL Security Provider
NETAPI32.dll 75520000 483328 C:\Windows\System32

\NETAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Net Win32 API DLL
PSAPI.DLL 759d0000 28672 C:\Windows\system32

\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Process Status Helper
WS2_32.dll 772a0000 184320 C:\Windows\system32

\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Socket 2.0 32-Bit DLL
NSI.dll 760e0000 24576 C:\Windows\system32\NSI.dll

6.0.6001.18000 (longhorn_rtm.080118-1840) NSI

User-mode interface DLL
mswsock.dll 74ff0000 241664 C:\Windows\system32

\mswsock.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft Windows Sockets 2.0 Service Provider

Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Mon Oct 03, 2011 1:45 am

wshtcpip.dll 74cf0000 20480 C:\Windows\System32

\wshtcpip.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Winsock2 Helper DLL (TL/IPv4)
wship6.dll 751a0000 20480 C:\Windows\System32

\wship6.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Winsock2 Helper DLL (TL/IPv6)
lmhsvc.dll 74b00000 32768 c:\windows\system32

\lmhsvc.dll 6.0.6000.16386 (vista_rtm.061101-2205)

TCPIP NetBios Transport Services DLL
IPHLPAPI.DLL 753f0000 102400 c:\windows\system32

\IPHLPAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

IP Helper API
dhcpcsvc.DLL 75210000 217088 c:\windows\system32

\dhcpcsvc.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCP Client Service
DNSAPI.dll 754b0000 180224 c:\windows\system32

\DNSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

DNS Client API DLL
WINNSI.DLL 752e0000 28672 c:\windows\system32

\WINNSI.DLL 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Store Information RPC interface
dhcpcsvc6.DLL 751e0000 139264 c:\windows\system32

\dhcpcsvc6.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCPv6 Client
Module information for 'svchost.exe'(884)
MODULE BASE SIZE PATH
svchost.exe 120000 32768 C:\Windows\system32

\svchost.exe 6.0.6000.16386 (vista_rtm.061101-2205)

Host Process for Windows Services
ntdll.dll 77170000 1208320 C:\Windows\system32

\ntdll.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) NT Layer DLL
kernel32.dll 77090000 901120 C:\Windows\system32

\kernel32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows NT BASE API Client DLL
msvcrt.dll 762d0000 696320 C:\Windows\system32

\msvcrt.dll 7.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows NT CRT DLL
ADVAPI32.dll 75c60000 811008 C:\Windows\system32

\ADVAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Advanced Windows 32 Base API
RPCRT4.dll 76010000 798720 C:\Windows\system32

\RPCRT4.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Remote Procedure Call Runtime
NTMARTA.DLL 74d10000 135168 C:\Windows\system32

\NTMARTA.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Windows NT MARTA provider
USER32.dll 75d30000 643072 C:\Windows\system32

\USER32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Multi-User Windows USER API Client DLL
GDI32.dll 77040000 307200 C:\Windows\system32

\GDI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

GDI Client DLL
WLDAP32.dll 760f0000 299008 C:\Windows\system32

\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Win32 LDAP API DLL
WS2_32.dll 772a0000 184320 C:\Windows\system32

\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Socket 2.0 32-Bit DLL
NSI.dll 760e0000 24576 C:\Windows\system32\NSI.dll

6.0.6001.18000 (longhorn_rtm.080118-1840) NSI

User-mode interface DLL
PSAPI.DLL 759d0000 28672 C:\Windows\system32

\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Process Status Helper
SAMLIB.dll 75490000 69632 C:\Windows\system32

\SAMLIB.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

SAM Library DLL
ole32.dll 75a30000 1331200 C:\Windows\system32

\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft OLE for Windows
IMM32.DLL 75f10000 122880 C:\Windows\system32

\IMM32.DLL 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Multi-User Windows IMM32 API Client DLL
MSCTF.dll 75b90000 819200 C:\Windows\system32

\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205)

MSCTF Server DLL
LPK.DLL 75b80000 36864 C:\Windows\system32\LPK.DLL

6.0.6002.18051 (vistasp2_gdr.090615-0258)

Language Pack
USP10.dll 76fc0000 512000 C:\Windows\system32

\USP10.dll 1.0626.6002.18005 (lh_sp2rtm.090410-

1830) Uniscribe Unicode script processor
profsvc.dll 74ad0000 167936 c:\windows\system32

\profsvc.dll 6.0.6000.16386 (vista_rtm.061101-2205)

ProfSvc
SYSNTFY.dll 757e0000 28672 c:\windows\system32

\SYSNTFY.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Notifications Dynamic Link Library
USERENV.dll 75890000 122880 c:\windows\system32

\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Userenv
Secur32.dll 75870000 81920 c:\windows\system32

\Secur32.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) Security Support Provider Interface
nlaapi.dll 74c10000 61440 c:\windows\system32

\nlaapi.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Location Awareness 2
IPHLPAPI.DLL 753f0000 102400 c:\windows\system32

\IPHLPAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

IP Helper API
dhcpcsvc.DLL 75210000 217088 c:\windows\system32

\dhcpcsvc.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCP Client Service
DNSAPI.dll 754b0000 180224 c:\windows\system32

\DNSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

DNS Client API DLL
WINNSI.DLL 752e0000 28672 c:\windows\system32

\WINNSI.DLL 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Store Information RPC interface
dhcpcsvc6.DLL 751e0000 139264 c:\windows\system32

\dhcpcsvc6.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCPv6 Client
ATL.DLL 74b10000 81920 c:\windows\system32\ATL.DLL

3.05.2284 ATL Module for Windows XP

(Unicode)
ikeext.dll 73e70000 454656 c:\windows\system32

\ikeext.dll 6.0.6000.16386 (vista_rtm.061101-2205)

IKE extension
AUTHZ.dll 75620000 90112 c:\windows\system32

\AUTHZ.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Authorization Framework
fwpuclnt.dll 743b0000 614400 c:\windows\system32

\fwpuclnt.dll 6.0.6000.16386 (vista_rtm.061101-2205)

FWP/IPsec User-Mode API
ncrypt.dll 75140000 217088 C:\Windows\system32

\ncrypt.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows cryptographic library
CRYPT32.dll 752f0000 991232 C:\Windows\system32

\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Crypto API32
MSASN1.dll 75470000 73728 C:\Windows\system32

\MSASN1.dll 6.0.6002.18106 (vistasp2_gdr.090903-

2340) ASN.1 Runtime APIs
BCRYPT.dll 750f0000 282624 C:\Windows\system32

\BCRYPT.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows Cryptographic Primitives Library
mswsock.dll 74ff0000 241664 C:\Windows\system32

\mswsock.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft Windows Sockets 2.0 Service Provider
wshtcpip.dll 74cf0000 20480 C:\Windows\System32

\wshtcpip.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Winsock2 Helper DLL (TL/IPv4)
wship6.dll 751a0000 20480 C:\Windows\System32

\wship6.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Winsock2 Helper DLL (TL/IPv6)
wpclsp.dll 74cd0000 81920 C:\Windows\system32

\wpclsp.dll 1.0.0.1 WPC LSP
NETAPI32.dll 75520000 483328 C:\Windows\system32

\NETAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Net Win32 API DLL
SHELL32.dll 764b0000 11599872 C:\Windows\system32

\SHELL32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Shell Common Dll
SHLWAPI.dll 77360000 364544 C:\Windows\system32

\SHLWAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Shell Light-weight Utility Library
comctl32.dll 74830000 1695744

C:\Windows\WinSxS\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de

0\comctl32.dll 5.82 (longhorn_rtm.080118-1840) Common

Controls Library
rsaenh.dll 74e70000 241664 C:\Windows\system32

\rsaenh.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Microsoft Enhanced Cryptographic Provider
wmisvc.dll 73c40000 172032 c:\windows\system32

\wbem\wmisvc.dll 6.0.6000.16386 (vista_rtm.061101-2205)

WMI
wbemcomn.dll 73be0000 372736 C:\Windows\system32

\wbemcomn.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) WMI
OLEAUT32.dll 75e80000 577536 C:\Windows\system32

\OLEAUT32.dll 6.0.6002.18005 6.0.6002.18005
CLBCatQ.DLL 772d0000 540672 C:\Windows\system32

\CLBCatQ.DLL 2001.12.6931.18000

(longhorn_rtm.080118-1840) COM+ Configuration Catalog
VSSAPI.DLL 73d00000 1093632 C:\Windows\system32

\VSSAPI.DLL 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Microsoft® Volume Shadow Copy Requestor/Writer Services API

DLL
vsstrace.dll 74100000 81920 C:\Windows\system32

\vsstrace.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Microsoft® Volume Shadow Copy Requestor/Writer tracing

DLL
XmlLite.dll 74510000 192512 C:\Windows\system32

\XmlLite.dll 1.2.1009.0 Microsoft XmlLite

Library
MPR.dll 75430000 81920 C:\Windows\system32\MPR.dll

6.0.6000.16386 (vista_rtm.061101-2205) Multiple

Provider Router DLL
SETUPAPI.dll 76140000 1613824 C:\Windows\system32

\SETUPAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Setup API
wbemcore.dll 6fcd0000 757760 C:\Windows\system32

\wbem\wbemcore.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Management Instrumentation
esscli.dll 70520000 274432 C:\Windows\system32

\wbem\esscli.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

WMI
FastProx.dll 70130000 626688 C:\Windows\system32

\wbem\FastProx.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

WMI Custom Marshaller
NTDSAPI.dll 75450000 98304 C:\Windows\system32

\NTDSAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Active Directory Domain Services API
wbemsvc.dll 71080000 65536 C:\Windows\system32

\wbem\wbemsvc.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

WMI
wmiutils.dll 73190000 94208 C:\Windows\system32

\wbem\wmiutils.dll 6.0.6000.16386 (vista_rtm.061101-2205)

WMI
repdrvfs.dll 719e0000 278528 C:\Windows\system32

\wbem\repdrvfs.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

WMI Repository Driver
wmiprvsd.dll 71000000 512000 C:\Windows\system32

\wbem\wmiprvsd.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

WMI
NCObjAPI.DLL 754e0000 61440 C:\Windows\system32

\NCObjAPI.DLL 6.0.6001.18000 (longhorn_rtm.080118-

1840)
wbemess.dll 71980000 356352 C:\Windows\system32

\wbem\wbemess.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

WMI
ncprov.dll 73990000 65536 C:\Windows\system32

\wbem\ncprov.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Non-COM WMI Event Provision APIs
wbemcons.dll 73970000 65536 C:\Windows\system32

\wbem\wbemcons.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) WMI Standard Event Consumers
WTSAPI32.dll 74c00000 40960 C:\Windows\system32

\WTSAPI32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Terminal Server SDK APIs
Module information for 'svchost.exe'(908)
MODULE BASE SIZE PATH
svchost.exe 120000 32768 C:\Windows\System32

\svchost.exe 6.0.6000.16386 (vista_rtm.061101-2205)

Host Process for Windows Services
ntdll.dll 77170000 1208320 C:\Windows\system32

\ntdll.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) NT Layer DLL
kernel32.dll 77090000 901120 C:\Windows\system32

\kernel32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows NT BASE API Client DLL
msvcrt.dll 762d0000 696320 C:\Windows\system32

\msvcrt.dll 7.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows NT CRT DLL
ADVAPI32.dll 75c60000 811008 C:\Windows\system32

\ADVAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Advanced Windows 32 Base API
RPCRT4.dll 76010000 798720 C:\Windows\system32

\RPCRT4.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Remote Procedure Call Runtime
NTMARTA.DLL 74d10000 135168 C:\Windows\System32

\NTMARTA.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Windows NT MARTA provider
USER32.dll 75d30000 643072 C:\Windows\system32

\USER32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Multi-User Windows USER API Client DLL
GDI32.dll 77040000 307200 C:\Windows\system32

\GDI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

GDI Client DLL
WLDAP32.dll 760f0000 299008 C:\Windows\system32

\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Win32 LDAP API DLL
WS2_32.dll 772a0000 184320 C:\Windows\system32

\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Socket 2.0 32-Bit DLL
NSI.dll 760e0000 24576 C:\Windows\system32\NSI.dll

6.0.6001.18000 (longhorn_rtm.080118-1840) NSI

User-mode interface DLL
PSAPI.DLL 759d0000 28672 C:\Windows\system32

\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Process Status Helper
SAMLIB.dll 75490000 69632 C:\Windows\System32

\SAMLIB.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

SAM Library DLL
ole32.dll 75a30000 1331200 C:\Windows\system32

\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft OLE for Windows
IMM32.DLL 75f10000 122880 C:\Windows\system32

\IMM32.DLL 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Multi-User Windows IMM32 API Client DLL
MSCTF.dll 75b90000 819200 C:\Windows\system32

\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205)

MSCTF Server DLL
LPK.DLL 75b80000 36864 C:\Windows\system32\LPK.DLL

6.0.6002.18051 (vistasp2_gdr.090615-0258)

Language Pack
USP10.dll 76fc0000 512000 C:\Windows\system32

\USP10.dll 1.0626.6002.18005 (lh_sp2rtm.090410-

1830) Uniscribe Unicode script processor
USERENV.dll 75890000 122880 c:\windows\system32

\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Userenv
Secur32.dll 75870000 81920 c:\windows\system32

\Secur32.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) Security Support Provider Interface
SETUPAPI.dll 76140000 1613824 C:\Windows\system32

\SETUPAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Setup API
OLEAUT32.dll 75e80000 577536 C:\Windows\system32

\OLEAUT32.dll 6.0.6002.18005 6.0.6002.18005
wudfsvc.dll 74a80000 65536 c:\windows\system32

\wudfsvc.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Driver Foundation - User-mode Driver Framework

Service
WUDFPlatform.dll 74a30000 196608 c:\windows\system32

\WUDFPlatform.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Driver Foundation - User-mode Platform Library
VERSION.dll 751c0000 32768 c:\windows\system32

\VERSION.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Version Checking and File Installation Libraries
wevtapi.dll 75250000 262144 c:\windows\system32

\wevtapi.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Eventing Consumption and Configuration API
WINTRUST.dll 74a00000 184320 C:\Windows\System32

\WINTRUST.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Microsoft Trust Verification APIs
CRYPT32.dll 752f0000 991232 C:\Windows\System32

\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Crypto API32
MSASN1.dll 75470000 73728 C:\Windows\System32

\MSASN1.dll 6.0.6002.18106 (vistasp2_gdr.090903-

2340) ASN.1 Runtime APIs
imagehlp.dll 75e50000 167936 C:\Windows\system32

\imagehlp.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows NT Image Helper
netman.dll 71a30000 286720 c:\windows\system32

\netman.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Network Connections Manager
RASAPI32.dll 71cd0000 303104 c:\windows\system32

\RASAPI32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Remote Access API
rasman.dll 71cb0000 81920 c:\windows\system32

\rasman.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Remote Access Connection Manager
NETAPI32.dll 75520000 483328 c:\windows\system32

\NETAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Net Win32 API DLL
TAPI32.dll 715e0000 200704 c:\windows\system32

\TAPI32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft® Windows(TM) Telephony API Client DLL
SHLWAPI.dll 77360000 364544 C:\Windows\system32

\SHLWAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Shell Light-weight Utility Library
rtutils.dll 73960000 49152 c:\windows\system32

\rtutils.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Routing Utilities
WINMM.dll 73fc0000 204800 c:\windows\system32

\WINMM.dll 6.0.6000.16386 (vista_rtm.061101-2205)

MCI API DLL
OLEACC.dll 73f80000 249856 c:\windows\system32

\OLEACC.dll 7.0.6002.18155

(vistasp2_gdr_win7ip_uia(wmbla).091008-1406) Active

Accessibility Core Component
SHELL32.dll 764b0000 11599872 C:\Windows\system32

\SHELL32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Shell Common Dll
WINNSI.DLL 752e0000 28672 c:\windows\system32

\WINNSI.DLL 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Store Information RPC interface
comctl32.dll 74830000 1695744

C:\Windows\WinSxS\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de

0\comctl32.dll 5.82 (longhorn_rtm.080118-1840) Common

Controls Library
CLBCatQ.DLL 772d0000 540672 C:\Windows\system32

\CLBCatQ.DLL 2001.12.6931.18000

(longhorn_rtm.080118-1840) COM+ Configuration Catalog
rsaenh.dll 74e70000 241664 C:\Windows\System32

\rsaenh.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Microsoft Enhanced Cryptographic Provider
netshell.dll 71620000 3190784 C:\Windows\System32

\netshell.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Network Connections Shell
IPHLPAPI.DLL 753f0000 102400 C:\Windows\System32

\IPHLPAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

IP Helper API
dhcpcsvc.DLL 75210000 217088 C:\Windows\System32

\dhcpcsvc.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCP Client Service
DNSAPI.dll 754b0000 180224 C:\Windows\System32

\DNSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

DNS Client API DLL
dhcpcsvc6.DLL 751e0000 139264 C:\Windows\System32

\dhcpcsvc6.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCPv6 Client
nlaapi.dll 74c10000 61440 C:\Windows\System32

\nlaapi.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Location Awareness 2
RASDLG.dll 71480000 843776 C:\Windows\System32

\RASDLG.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Remote Access Common Dialog API
MPRAPI.dll 71160000 106496 C:\Windows\System32

\MPRAPI.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows NT MP Router Administration DLL
ACTIVEDS.dll 71120000 217088 C:\Windows\System32

\ACTIVEDS.dll 6.0.6000.16386 (vista_rtm.061101-2205)

ADs Router Layer DLL
adsldpc.dll 710e0000 208896 C:\Windows\System32

\adsldpc.dll 6.0.6000.16386 (vista_rtm.061101-2205)

ADs LDAP Provider C DLL
credui.dll 73390000 188416 C:\Windows\System32

\credui.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Credential Manager User Interface
ATL.DLL 74b10000 81920 C:\Windows\System32\ATL.DLL

3.05.2284 ATL Module for Windows XP

(Unicode)
slc.dll 75290000 237568 C:\Windows\System32\slc.dll

6.0.6002.18005 (lh_sp2rtm.090410-1830) Software

Licensing Client Dll
Module information for 'svchost.exe'(956)
MODULE BASE SIZE PATH
svchost.exe 120000 32768 C:\Windows\system32

\svchost.exe 6.0.6000.16386 (vista_rtm.061101-2205)

Host Process for Windows Services
ntdll.dll 77170000 1208320 C:\Windows\system32

\ntdll.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) NT Layer DLL
kernel32.dll 77090000 901120 C:\Windows\system32

\kernel32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows NT BASE API Client DLL
msvcrt.dll 762d0000 696320 C:\Windows\system32

\msvcrt.dll 7.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows NT CRT DLL
ADVAPI32.dll 75c60000 811008 C:\Windows\system32

\ADVAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Advanced Windows 32 Base API
RPCRT4.dll 76010000 798720 C:\Windows\system32

\RPCRT4.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Remote Procedure Call Runtime
NTMARTA.DLL 74d10000 135168 C:\Windows\system32

\NTMARTA.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Windows NT MARTA provider
USER32.dll 75d30000 643072 C:\Windows\system32

\USER32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Multi-User Windows USER API Client DLL
GDI32.dll 77040000 307200 C:\Windows\system32

\GDI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

GDI Client DLL
WLDAP32.dll 760f0000 299008 C:\Windows\system32

\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Win32 LDAP API DLL
WS2_32.dll 772a0000 184320 C:\Windows\system32

\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Socket 2.0 32-Bit DLL
NSI.dll 760e0000 24576 C:\Windows\system32\NSI.dll

6.0.6001.18000 (longhorn_rtm.080118-1840) NSI

User-mode interface DLL
PSAPI.DLL 759d0000 28672 C:\Windows\system32

\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Process Status Helper
SAMLIB.dll 75490000 69632 C:\Windows\system32

\SAMLIB.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

SAM Library DLL
ole32.dll 75a30000 1331200 C:\Windows\system32

\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft OLE for Windows
IMM32.DLL 75f10000 122880 C:\Windows\system32

\IMM32.DLL 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Multi-User Windows IMM32 API Client DLL
MSCTF.dll 75b90000 819200 C:\Windows\system32

\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205)

MSCTF Server DLL
LPK.DLL 75b80000 36864 C:\Windows\system32\LPK.DLL

6.0.6002.18051 (vistasp2_gdr.090615-0258)

Language Pack
USP10.dll 76fc0000 512000 C:\Windows\system32

\USP10.dll 1.0626.6002.18005 (lh_sp2rtm.090410-

1830) Uniscribe Unicode script processor
dnsrslvr.dll 749e0000 98304 c:\windows\system32

\dnsrslvr.dll 6.0.6000.16386 (vista_rtm.061101-2205)

DNS Caching Resolver Service
DNSAPI.dll 754b0000 180224 c:\windows\system32

\DNSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

DNS Client API DLL
dhcpcsvc.DLL 75210000 217088 c:\windows\system32

\dhcpcsvc.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCP Client Service
Secur32.dll 75870000 81920 c:\windows\system32

\Secur32.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) Security Support Provider Interface
WINNSI.DLL 752e0000 28672 c:\windows\system32

\WINNSI.DLL 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Store Information RPC interface
dhcpcsvc6.DLL 751e0000 139264 c:\windows\system32

\dhcpcsvc6.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCPv6 Client
IPHLPAPI.DLL 753f0000 102400 c:\windows\system32

\IPHLPAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

IP Helper API
mswsock.dll 74ff0000 241664 C:\Windows\system32

\mswsock.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft Windows Sockets 2.0 Service Provider
wship6.dll 751a0000 20480 C:\Windows\System32

\wship6.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Winsock2 Helper DLL (TL/IPv6)
wshtcpip.dll 74cf0000 20480 C:\Windows\System32

\wshtcpip.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Winsock2 Helper DLL (TL/IPv4)
cryptsvc.dll 73f50000 139264 c:\windows\system32

\cryptsvc.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Cryptographic Services
OLEAUT32.dll 75e80000 577536 C:\Windows\system32

\OLEAUT32.dll 6.0.6002.18005 6.0.6002.18005
VSSAPI.DLL 73d00000 1093632 c:\windows\system32

\VSSAPI.DLL 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Microsoft® Volume Shadow Copy Requestor/Writer Services API

DLL
ATL.DLL 74b10000 81920 c:\windows\system32\ATL.DLL

3.05.2284 ATL Module for Windows XP

(Unicode)
vsstrace.dll 74100000 81920 c:\windows\system32

\vsstrace.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Microsoft® Volume Shadow Copy Requestor/Writer tracing

DLL
AUTHZ.dll 75620000 90112 c:\windows\system32

\AUTHZ.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Authorization Framework
XmlLite.dll 74510000 192512 c:\windows\system32

\XmlLite.dll 1.2.1009.0 Microsoft XmlLite

Library
NETAPI32.dll 75520000 483328 c:\windows\system32

\NETAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Net Win32 API DLL
MPR.dll 75430000 81920 c:\windows\system32\MPR.dll

6.0.6000.16386 (vista_rtm.061101-2205) Multiple

Provider Router DLL
SETUPAPI.dll 76140000 1613824 C:\Windows\system32

\SETUPAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Setup API
CRYPT32.dll 752f0000 991232 c:\windows\system32

\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Crypto API32
MSASN1.dll 75470000 73728 c:\windows\system32

\MSASN1.dll 6.0.6002.18106 (vistasp2_gdr.090903-

2340) ASN.1 Runtime APIs
USERENV.dll 75890000 122880 c:\windows\system32

\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Userenv
nlasvc.dll 73ef0000 176128 c:\windows\system32

\nlasvc.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Network Location Awareness 2
wevtapi.dll 75250000 262144 c:\windows\system32

\wevtapi.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Eventing Consumption and Configuration API
ncsi.dll 73f30000 106496 c:\windows\system32

\ncsi.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Connectivity Status Indicator
WINHTTP.dll 73ca0000 393216 c:\windows\system32

\WINHTTP.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows HTTP Services
SHLWAPI.dll 77360000 364544 C:\Windows\system32

\SHLWAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Shell Light-weight Utility Library
WTSAPI32.dll 74c00000 40960 c:\windows\system32

\WTSAPI32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Terminal Server SDK APIs
bcrypt.dll 750f0000 282624 c:\windows\system32

\bcrypt.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows Cryptographic Primitives Library
CFGMGR32.dll 744b0000 32768 c:\windows\system32

\CFGMGR32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Configuration Manager Forwarder DLL
comctl32.dll 74830000 1695744

C:\Windows\WinSxS\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de

0\comctl32.dll 5.82 (longhorn_rtm.080118-1840) Common

Controls Library
credssp.dll 751d0000 28672 C:\Windows\system32

\credssp.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) TS Single Sign On Security Package
schannel.dll 74ee0000 282624 C:\Windows\system32

\schannel.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) TLS / SSL Security Provider
ssdpapi.dll 740b0000 49152 C:\Windows\system32

\ssdpapi.dll 6.0.6000.16386 (vista_rtm.061101-2205)

SSDP Client API DLL
WINSTA.dll 75840000 151552 C:\Windows\system32

\WINSTA.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Winstation Library
ESENT.dll 739f0000 1474560 C:\Windows\system32

\ESENT.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Extensible Storage Engine for Microsoft(R) Windows(R)
pnrpnsp.dll 730f0000 73728 C:\Windows\system32

\pnrpnsp.dll 6.0.6000.16386 (vista_rtm.061101-2205)

PNRP Name Space Provider
winrnr.dll 73ba0000 32768 C:\Windows\System32

\winrnr.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

LDAP RnR Provider DLL
mdnsNSP.dll 735a0000 151552 C:\Program

Files\Bonjour\mdnsNSP.dll 2.0.4.0 Bonjour

Namespace Provider
rasadhlp.dll 73c70000 24576 C:\Windows\system32

\rasadhlp.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Remote Access AutoDial Helper
SHELL32.dll 764b0000 11599872 C:\Windows\system32

\SHELL32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Shell Common Dll
CRYPTNET.dll 71960000 110592 C:\Windows\system32

\CRYPTNET.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Crypto Network Related API
SensApi.dll 73180000 24576 C:\Windows\system32

\SensApi.dll 6.0.6000.16386 (vista_rtm.061101-2205)

SENS Connectivity API DLL
Module information for 'svchost.exe'(976)
MODULE BASE SIZE PATH
svchost.exe 120000 32768 C:\Windows\system32

\svchost.exe 6.0.6000.16386 (vista_rtm.061101-2205)

Host Process for Windows Services
ntdll.dll 77170000 1208320 C:\Windows\system32

\ntdll.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) NT Layer DLL
kernel32.dll 77090000 901120 C:\Windows\system32

\kernel32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows NT BASE API Client DLL
msvcrt.dll 762d0000 696320 C:\Windows\system32

\msvcrt.dll 7.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows NT CRT DLL
ADVAPI32.dll 75c60000 811008 C:\Windows\system32

\ADVAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Advanced Windows 32 Base API
RPCRT4.dll 76010000 798720 C:\Windows\system32

\RPCRT4.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Remote Procedure Call Runtime
NTMARTA.DLL 74d10000 135168 C:\Windows\system32

\NTMARTA.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Windows NT MARTA provider
USER32.dll 75d30000 643072 C:\Windows\system32

\USER32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Multi-User Windows USER API Client DLL
GDI32.dll 77040000 307200 C:\Windows\system32

\GDI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

GDI Client DLL
WLDAP32.dll 760f0000 299008 C:\Windows\system32

\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Win32 LDAP API DLL
WS2_32.dll 772a0000 184320 C:\Windows\system32

\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Socket 2.0 32-Bit DLL
NSI.dll 760e0000 24576 C:\Windows\system32\NSI.dll

6.0.6001.18000 (longhorn_rtm.080118-1840) NSI

User-mode interface DLL
PSAPI.DLL 759d0000 28672 C:\Windows\system32

\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Process Status Helper
SAMLIB.dll 75490000 69632 C:\Windows\system32

\SAMLIB.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

SAM Library DLL
ole32.dll 75a30000 1331200 C:\Windows\system32

\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft OLE for Windows
IMM32.DLL 75f10000 122880 C:\Windows\system32

\IMM32.DLL 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Multi-User Windows IMM32 API Client DLL
MSCTF.dll 75b90000 819200 C:\Windows\system32

\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205)

MSCTF Server DLL
LPK.DLL 75b80000 36864 C:\Windows\system32\LPK.DLL

6.0.6002.18051 (vistasp2_gdr.090615-0258)

Language Pack
USP10.dll 76fc0000 512000 C:\Windows\system32

\USP10.dll 1.0626.6002.18005 (lh_sp2rtm.090410-

1830) Uniscribe Unicode script processor
nsisvc.dll 74a90000 32768 c:\windows\system32

\nsisvc.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Network Store Interface RPC server
secur32.dll 75870000 81920 C:\Windows\system32

\secur32.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) Security Support Provider Interface
CRYPT32.dll 752f0000 991232 C:\Windows\system32

\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Crypto API32
MSASN1.dll 75470000 73728 C:\Windows\system32

\MSASN1.dll 6.0.6002.18106 (vistasp2_gdr.090903-

2340) ASN.1 Runtime APIs
USERENV.dll 75890000 122880 C:\Windows\system32

\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Userenv
credssp.dll 751d0000 28672 C:\Windows\system32

\credssp.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) TS Single Sign On Security Package
schannel.dll 74ee0000 282624 C:\Windows\system32

\schannel.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) TLS / SSL Security Provider
NETAPI32.dll 75520000 483328 C:\Windows\system32

\NETAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Net Win32 API DLL
wkssvc.dll 740c0000 172032 c:\windows\system32

\wkssvc.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Workstation Service DLL
IPHLPAPI.DLL 753f0000 102400 c:\windows\system32

\IPHLPAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

IP Helper API
dhcpcsvc.DLL 75210000 217088 c:\windows\system32

\dhcpcsvc.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCP Client Service
DNSAPI.dll 754b0000 180224 c:\windows\system32

\DNSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

DNS Client API DLL
WINNSI.DLL 752e0000 28672 c:\windows\system32

\WINNSI.DLL 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Store Information RPC interface
dhcpcsvc6.DLL 751e0000 139264 c:\windows\system32

\dhcpcsvc6.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCPv6 Client
NTDSAPI.dll 75450000 98304 c:\windows\system32

\NTDSAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Active Directory Domain Services API
WINBRAND.dll 74d90000 880640 c:\windows\system32

\WINBRAND.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Branding Resources
netprofm.dll 73b60000 245760 c:\windows\system32

\netprofm.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network List Manager
OLEAUT32.dll 75e80000 577536 C:\Windows\system32

\OLEAUT32.dll 6.0.6002.18005 6.0.6002.18005
GPAPI.dll 74d70000 86016 c:\windows\system32

\GPAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Group Policy Client API
slc.dll 75290000 237568 c:\windows\system32\slc.dll

6.0.6002.18005 (lh_sp2rtm.090410-1830) Software

Licensing Client Dll
nlaapi.dll 74c10000 61440 c:\windows\system32

\nlaapi.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Location Awareness 2
rsaenh.dll 74e70000 241664 C:\Windows\system32

\rsaenh.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Microsoft Enhanced Cryptographic Provider
CLBCatQ.DLL 772d0000 540672 C:\Windows\system32

\CLBCatQ.DLL 2001.12.6931.18000

(longhorn_rtm.080118-1840) COM+ Configuration Catalog
npmproxy.dll 73ee0000 32768 C:\Windows\System32

\npmproxy.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Network List Manager Proxy
WINTRUST.dll 74a00000 184320 C:\Windows\system32

\WINTRUST.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Microsoft Trust Verification APIs
imagehlp.dll 75e50000 167936 C:\Windows\system32

\imagehlp.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows NT Image Helper
Module information for 'svchost.exe'(1052)
MODULE BASE SIZE PATH
svchost.exe 120000 32768 C:\Windows\system32

\svchost.exe 6.0.6000.16386 (vista_rtm.061101-2205)

Host Process for Windows Services
ntdll.dll 77170000 1208320 C:\Windows\system32

\ntdll.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) NT Layer DLL
kernel32.dll 77090000 901120 C:\Windows\system32

\kernel32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows NT BASE API Client DLL
msvcrt.dll 762d0000 696320 C:\Windows\system32

\msvcrt.dll 7.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows NT CRT DLL
ADVAPI32.dll 75c60000 811008 C:\Windows\system32

\ADVAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Advanced Windows 32 Base API
RPCRT4.dll 76010000 798720 C:\Windows\system32

\RPCRT4.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Remote Procedure Call Runtime
bfe.dll 74450000 348160 c:\windows\system32\bfe.dll

6.0.6001.18000 (longhorn_rtm.080118-1840) Base

Filtering Engine
AUTHZ.dll 75620000 90112 c:\windows\system32

\AUTHZ.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Authorization Framework
Secur32.dll 75870000 81920 c:\windows\system32

\Secur32.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) Security Support Provider Interface
USER32.dll 75d30000 643072 C:\Windows\system32

\USER32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Multi-User Windows USER API Client DLL
GDI32.dll 77040000 307200 C:\Windows\system32

\GDI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

GDI Client DLL
IMM32.DLL 75f10000 122880 C:\Windows\system32

\IMM32.DLL 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Multi-User Windows IMM32 API Client DLL
MSCTF.dll 75b90000 819200 C:\Windows\system32

\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205)

MSCTF Server DLL
LPK.DLL 75b80000 36864 C:\Windows\system32\LPK.DLL

6.0.6002.18051 (vistasp2_gdr.090615-0258)

Language Pack
USP10.dll 76fc0000 512000 C:\Windows\system32

\USP10.dll 1.0626.6002.18005 (lh_sp2rtm.090410-

1830) Uniscribe Unicode script processor
mpssvc.dll 74000000 417792 c:\windows\system32

\mpssvc.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Microsoft Protection Service
FirewallAPI.dll 74c20000 417792 c:\windows\system32

\FirewallAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Firewall API
OLEAUT32.dll 75e80000 577536 C:\Windows\system32

\OLEAUT32.dll 6.0.6002.18005 6.0.6002.18005
ole32.dll 75a30000 1331200 C:\Windows\system32

\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft OLE for Windows
VERSION.dll 751c0000 32768 c:\windows\system32

\VERSION.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Version Checking and File Installation Libraries
nlaapi.dll 74c10000 61440 c:\windows\system32

\nlaapi.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Location Awareness 2
IPHLPAPI.DLL 753f0000 102400 c:\windows\system32

\IPHLPAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

IP Helper API
dhcpcsvc.DLL 75210000 217088 c:\windows\system32

\dhcpcsvc.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCP Client Service
DNSAPI.dll 754b0000 180224 c:\windows\system32

\DNSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

DNS Client API DLL
WS2_32.dll 772a0000 184320 C:\Windows\system32

\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Socket 2.0 32-Bit DLL
NSI.dll 760e0000 24576 C:\Windows\system32\NSI.dll

6.0.6001.18000 (longhorn_rtm.080118-1840) NSI

User-mode interface DLL
WINNSI.DLL 752e0000 28672 c:\windows\system32

\WINNSI.DLL 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Store Information RPC interface
dhcpcsvc6.DLL 751e0000 139264 c:\windows\system32

\dhcpcsvc6.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCPv6 Client
CRYPT32.dll 752f0000 991232 c:\windows\system32

\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Crypto API32
MSASN1.dll 75470000 73728 c:\windows\system32

\MSASN1.dll 6.0.6002.18106 (vistasp2_gdr.090903-

2340) ASN.1 Runtime APIs
USERENV.dll 75890000 122880 c:\windows\system32

\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Userenv
bcrypt.dll 750f0000 282624 c:\windows\system32

\bcrypt.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows Cryptographic Primitives Library
WTSAPI32.dll 74c00000 40960 c:\windows\system32

\WTSAPI32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Terminal Server SDK APIs
SHLWAPI.dll 77360000 364544 C:\Windows\system32

\SHLWAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Shell Light-weight Utility Library
fwpuclnt.dll 743b0000 614400 c:\windows\system32

\fwpuclnt.dll 6.0.6000.16386 (vista_rtm.061101-2205)

FWP/IPsec User-Mode API
comctl32.dll 74830000 1695744

C:\Windows\WinSxS\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de

0\comctl32.dll 5.82 (longhorn_rtm.080118-1840) Common

Controls Library
credssp.dll 751d0000 28672 C:\Windows\system32

\credssp.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) TS Single Sign On Security Package
schannel.dll 74ee0000 282624 C:\Windows\system32

\schannel.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) TLS / SSL Security Provider
NETAPI32.dll 75520000 483328 C:\Windows\system32

\NETAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Net Win32 API DLL
PSAPI.DLL 759d0000 28672 C:\Windows\system32

\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Process Status Helper
GPAPI.dll 74d70000 86016 C:\Windows\system32

\GPAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Group Policy Client API
slc.dll 75290000 237568 C:\Windows\system32\slc.dll

6.0.6002.18005 (lh_sp2rtm.090410-1830) Software

Licensing Client Dll
wfapigp.dll 74a60000 32768 C:\Windows\system32

\wfapigp.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Firewall GPO Helper dll
ntmarta.dll 74d10000 135168 C:\Windows\system32

\ntmarta.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows NT MARTA provider
WLDAP32.dll 760f0000 299008 C:\Windows\system32

\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Win32 LDAP API DLL
SAMLIB.dll 75490000 69632 C:\Windows\system32

\SAMLIB.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

SAM Library DLL
wpclsp.dll 74cd0000 81920 C:\Windows\system32

\wpclsp.dll 1.0.0.1 WPC LSP
SHELL32.dll 764b0000 11599872 C:\Windows\system32

\SHELL32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Shell Common Dll
mswsock.dll 74ff0000 241664 C:\Windows\system32

\mswsock.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft Windows Sockets 2.0 Service Provider
wshtcpip.dll 74cf0000 20480 C:\Windows\System32

\wshtcpip.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Winsock2 Helper DLL (TL/IPv4)
wship6.dll 751a0000 20480 C:\Windows\System32

\wship6.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Winsock2 Helper DLL (TL/IPv6)
CLBCatQ.DLL 772d0000 540672 C:\Windows\system32

\CLBCatQ.DLL 2001.12.6931.18000

(longhorn_rtm.080118-1840) COM+ Configuration Catalog
rsaenh.dll 74e70000 241664 C:\Windows\system32

\rsaenh.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Microsoft Enhanced Cryptographic Provider
npmproxy.dll 73ee0000 32768 C:\Windows\System32

\npmproxy.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Network List Manager Proxy
Module information for 'svchost.exe'(1232)
MODULE BASE SIZE PATH
svchost.exe 120000 32768 C:\Windows\system32

\svchost.exe 6.0.6000.16386 (vista_rtm.061101-2205)

Host Process for Windows Services
ntdll.dll 77170000 1208320 C:\Windows\system32

\ntdll.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) NT Layer DLL
kernel32.dll 77090000 901120 C:\Windows\system32

\kernel32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows NT BASE API Client DLL
msvcrt.dll 762d0000 696320 C:\Windows\system32

\msvcrt.dll 7.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows NT CRT DLL
ADVAPI32.dll 75c60000 811008 C:\Windows\system32

\ADVAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Advanced Windows 32 Base API
RPCRT4.dll 76010000 798720 C:\Windows\system32

\RPCRT4.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Remote Procedure Call Runtime
ipsecsvc.dll 73e10000 372736 c:\windows\system32

\ipsecsvc.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows IPsec SPD Server DLL
AUTHZ.dll 75620000 90112 c:\windows\system32

\AUTHZ.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Authorization Framework
ole32.dll 75a30000 1331200 C:\Windows\system32

\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft OLE for Windows
GDI32.dll 77040000 307200 C:\Windows\system32

\GDI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

GDI Client DLL
USER32.dll 75d30000 643072 C:\Windows\system32

\USER32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Multi-User Windows USER API Client DLL
IPHLPAPI.DLL 753f0000 102400 c:\windows\system32

\IPHLPAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

IP Helper API
dhcpcsvc.DLL 75210000 217088 c:\windows\system32

\dhcpcsvc.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCP Client Service
DNSAPI.dll 754b0000 180224 c:\windows\system32

\DNSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

DNS Client API DLL
WS2_32.dll 772a0000 184320 C:\Windows\system32

\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Socket 2.0 32-Bit DLL
NSI.dll 760e0000 24576 C:\Windows\system32\NSI.dll

6.0.6001.18000 (longhorn_rtm.080118-1840) NSI

User-mode interface DLL
Secur32.dll 75870000 81920 c:\windows\system32

\Secur32.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) Security Support Provider Interface
WINNSI.DLL 752e0000 28672 c:\windows\system32

\WINNSI.DLL 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Store Information RPC interface
dhcpcsvc6.DLL 751e0000 139264 c:\windows\system32

\dhcpcsvc6.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCPv6 Client
CRYPT32.dll 752f0000 991232 c:\windows\system32

\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Crypto API32
MSASN1.dll 75470000 73728 c:\windows\system32

\MSASN1.dll 6.0.6002.18106 (vistasp2_gdr.090903-

2340) ASN.1 Runtime APIs
USERENV.dll 75890000 122880 c:\windows\system32

\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Userenv
fwpuclnt.dll 743b0000 614400 c:\windows\system32

\fwpuclnt.dll 6.0.6000.16386 (vista_rtm.061101-2205)

FWP/IPsec User-Mode API
OLEAUT32.dll 75e80000 577536 C:\Windows\system32

\OLEAUT32.dll 6.0.6002.18005 6.0.6002.18005
FirewallAPI.dll 74c20000 417792 c:\windows\system32

\FirewallAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Firewall API
VERSION.dll 751c0000 32768 c:\windows\system32

\VERSION.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Version Checking and File Installation Libraries
FwRemoteSvr.DLL 74a70000 40960 c:\windows\system32

\FwRemoteSvr.DLL 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows Firewall Remote APIs Server
WLDAP32.dll 760f0000 299008 C:\Windows\system32

\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Win32 LDAP API DLL
PSAPI.DLL 759d0000 28672 C:\Windows\system32

\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Process Status Helper
IMM32.DLL 75f10000 122880 C:\Windows\system32

\IMM32.DLL 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Multi-User Windows IMM32 API Client DLL
MSCTF.dll 75b90000 819200 C:\Windows\system32

\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205)

MSCTF Server DLL
LPK.DLL 75b80000 36864 C:\Windows\system32\LPK.DLL

6.0.6002.18051 (vistasp2_gdr.090615-0258)

Language Pack
USP10.dll 76fc0000 512000 C:\Windows\system32

\USP10.dll 1.0626.6002.18005 (lh_sp2rtm.090410-

1830) Uniscribe Unicode script processor
CLBCatQ.DLL 772d0000 540672 C:\Windows\system32

\CLBCatQ.DLL 2001.12.6931.18000

(longhorn_rtm.080118-1840) COM+ Configuration Catalog
SHLWAPI.dll 77360000 364544 C:\Windows\system32

\SHLWAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Shell Light-weight Utility Library
comctl32.dll 74830000 1695744

C:\Windows\WinSxS\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de

0\comctl32.dll 5.82 (longhorn_rtm.080118-1840) Common

Controls Library
wpclsp.dll 74cd0000 81920 C:\Windows\system32

\wpclsp.dll 1.0.0.1 WPC LSP
NETAPI32.dll 75520000 483328 C:\Windows\system32

\NETAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Net Win32 API DLL
SHELL32.dll 764b0000 11599872 C:\Windows\system32

\SHELL32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Shell Common Dll
mswsock.dll 74ff0000 241664 C:\Windows\system32

\mswsock.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft Windows Sockets 2.0 Service Provider
wshtcpip.dll 74cf0000 20480 C:\Windows\System32

\wshtcpip.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Winsock2 Helper DLL (TL/IPv4)
wship6.dll 751a0000 20480 C:\Windows\System32

\wship6.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Winsock2 Helper DLL (TL/IPv6)
credssp.dll 751d0000 28672 C:\Windows\system32

\credssp.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) TS Single Sign On Security Package
schannel.dll 74ee0000 282624 C:\Windows\system32

\schannel.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) TLS / SSL Security Provider



******************************************
EOF

Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Dr Jay on Wed Oct 05, 2011 3:53 pm

Jotti File Submission:
  • Please go to [You must be registered and logged in to see this link.]

  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys


  • Click on the submit button

  • Please post the results (URL) in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Thu Oct 06, 2011 9:53 am

[You must be registered and logged in to see this link.]

Not all of them scanned. Should I try again?

Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Dr Jay on Thu Oct 06, 2011 1:12 pm

When you can, yes...


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Fri Oct 07, 2011 5:01 am

[You must be registered and logged in to see this link.]


Still only 15 of the 20 scanned. The other ones sent a message of "Operation timed out"

Qaytu
Novice
Novice

Posts Posts : 33
Joined Joined : 2011-08-12
Gender Gender : Female
OS OS : Vista 2nd update
Protection Protection : avast free edition 4, windows firewall, SUPERantispyware
Points Points : 19862
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Dr Jay on Sun Oct 09, 2011 6:58 pm

Sorry this is wasting time...

go to [You must be registered and logged in to see this link.] and try it there...


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum