MBR:\...\PHYSICALDRIVE0

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Go down

MBR:...PHYSICALDRIVE0

Post by Qaytu on Sat 20 Aug 2011, 9:01 am

First topic message reminder :

I can only start in safe mode. I'm running Vista 2nd update. I was running avast 5 when the scan picked up this rootkit virus. Here are the OTL and extras texts, also the aswMBR text.
_________
OTL Extras logfile created on: 8/13/2011 11:00:27 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\dummy\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 81.46% Memory free
2.16 Gb Paging File | 1.94 Gb Available in Paging File | 89.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 55.80 Gb Free Space | 25.05% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.53 Gb Free Space | 35.33% Space Free | Partition Type: NTFS

Computer Name: JOYCE-PC | User Name: dummy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3731821497-1863557417-350186197-1001]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EB27AC-24E6-4F7E-BEA2-6F73537DF84D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{079DA964-225A-43E4-93BB-B65133AC839F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{168B8360-B228-483D-8600-947717636C47}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{186FBE03-BDF2-41D1-95C9-6A511CED26FE}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{1DF635C1-187F-4ADB-9265-A4926B4DE20F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2054BF37-22A4-4C7C-BFFF-EB4CB2BB082E}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{2D0DF968-39FA-47A1-8733-6AB9CB9A1C96}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{5875486D-ADCB-4136-BB4A-BEC9C2585115}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{596B81AE-1645-4401-8024-F70FAA557305}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{62BBE71C-73B4-429F-9BB4-440FC74144B7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{6776A08F-221C-4935-BA9A-FAA700D546B6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6A5406E2-EBBF-4F87-8751-32EE2D76616A}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{80B4C7DA-CE48-4EC3-8A9D-EC09E3E16FEE}" = lport=2178 | protocol=6 | dir=in | app=system |
"{812641CE-E0D2-42D6-8709-6881581B25AC}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{970412A7-EE29-4E4D-B7E1-FF95F8B9D388}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{9BA664CB-3F3D-4CFA-B434-A19B335928AD}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{B2EA9E6A-3878-47DF-9FB3-FAF4668F1F03}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B96FFD81-237B-495C-87FF-4CB7C19170C6}" = rport=2178 | protocol=6 | dir=out | app=system |
"{FF2DD0DA-16F5-4455-9587-A14374CB03EF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014F8A22-CE7F-499E-BCB9-57BB669FFD4A}" = protocol=6 | dir=in | app=c:\users\ethan!\desktop\trywow.exe |
"{02791285-D961-4EBB-9E30-F584D45A2202}" = protocol=6 | dir=in | app=c:\program files\bfgclient\bfgclient.exe |
"{0ABD1915-6627-403E-A5D6-66253926081C}" = protocol=17 | dir=in | app=c:\program files\bfgclient\bfgprocess.exe |
"{0DD01FB4-6A2E-4D9E-8481-ACB67F1140C6}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{112F719D-FC66-4EE1-B09B-7BA9575A83A4}" = protocol=17 | dir=in | app=c:\users\debi!!\appdata\local\temp\wmpscnfg.exe |
"{1AB1EAF3-8E46-4466-85BE-336EF2F10FE6}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{21083DA9-C628-418C-B49E-7FB18A0F2369}" = protocol=6 | dir=in | app=c:\users\debi!!\appdata\local\temp\nvvscv.exe |
"{2B0E4EC6-30B5-4CC8-BB78-C24AEC663266}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{3465BEB3-3D56-4DFA-BDE1-31482078A0D9}" = protocol=17 | dir=in | app=e:\ravenhearst_en.exe |
"{35C0A966-D908-4BE6-96CC-7A3914E552C2}" = protocol=6 | dir=in | app=e:\ravenhearst_en.exe |
"{3627E63F-91AB-40BD-B07E-13CAD63E990B}" = protocol=17 | dir=in | app=c:\users\ethan!\desktop\trywow.exe |
"{3C8F36C2-7101-45CE-9C17-D22468EA8F52}" = protocol=6 | dir=in | app=c:\users\debi!!\appdata\local\temp\wmpscnfg.exe |
"{3F604EBF-A50D-48AC-8261-D21C5EA4677C}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{464475BB-7526-4C54-9820-108376FCE2FE}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{4855DE68-82EB-4190-9C24-96EAA4FF3574}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{48EEAF7C-CEBB-4713-81DD-ACAE44986001}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{4DA67A1D-68D1-42D8-B230-C191986E50B2}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{527867F9-D766-4A17-90D7-F07775F11B80}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{5F9AC933-139D-4C29-A014-57A9BCE625DA}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{611ACD0A-C6A4-48AD-8276-05DE2F52F464}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{7C616388-42B7-48CC-8CA3-7AA3AB06C383}" = protocol=6 | dir=in | app=c:\windows\system32\wercon.exe |
"{7EE6E32C-406E-4492-9CE2-B73894242405}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{80A17717-6007-490D-A201-DB40D189A878}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{81B470E0-E1C9-497B-8736-B9C22CFE39B2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{82B571A5-C9CF-4A1D-9C61-EC8BF779700F}" = protocol=17 | dir=in | app=c:\users\debi!!\appdata\local\temp\nvvscv.exe |
"{8CFABF60-EF2B-4E8A-9995-4CF844571CD0}" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{9BD3A751-3F4E-4068-A9B4-D1217898F493}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{9ED94F92-8848-4BFB-8B2D-8D47991EF3D9}" = protocol=17 | dir=in | app=c:\program files\bfgclient\bfggameservices.exe |
"{A5EAE059-798D-46EE-868C-E74DCB40D5E3}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{ABEE3B27-FF12-4E94-9FA1-BC02FB4503B3}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{ADC25442-7AC3-4801-9429-BD257139CE7E}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe |
"{B6858DB1-58E8-408D-B3EF-01316158FAA8}" = protocol=6 | dir=in | app=c:\program files\bfgclient\bfgprocess.exe |
"{BA482BE8-6F17-4580-9DEA-AFB34E794237}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{BFFDCD7A-5457-414A-847C-852C46F1C57A}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{C5B0E0F1-64F5-4103-B87C-BD503A590DD4}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{C7F59A8E-1023-482D-90F2-673EFE9A1B3D}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{CD8F569D-8510-4A69-9325-3B6874152CFE}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{D4C54C4C-C178-4C2A-B445-F71BCEBE3B08}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{D7912B64-A4D0-4BF9-9702-7C6A7FDAAB93}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D7C43FEA-0875-4ADC-BAF1-385E2E5A6D02}" = protocol=6 | dir=out | app=system |
"{E30EC8A2-8789-40E7-BC1E-7F5FE153D3E0}" = protocol=17 | dir=in | app=c:\program files\bfgclient\bfgclient.exe |
"{EB735D33-FDD7-49FE-A7D8-A0D928636EE0}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{F1DB4E70-0882-49D0-8DEB-56EC8E4A8800}" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{F209C1A4-E119-4F81-9A1A-FAD1BF8B4569}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{F81D17C5-8692-4283-992C-1B7D75D804C2}" = protocol=17 | dir=in | app=c:\windows\system32\wercon.exe |
"{FCD733CF-CD32-47B0-8C9E-0D59792DCC82}" = protocol=6 | dir=in | app=c:\program files\bfgclient\bfggameservices.exe |
"TCP Query User{28A56EDD-A2BD-4A8A-9CB1-2E023AF0E6E1}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{9BBA9B99-A202-4C92-A76A-9B6CD10A449A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A0475727-8B76-49FA-A9EB-176A7B233391}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe |
"TCP Query User{A86B132D-E4F4-43AA-BBBF-84D29785AECA}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{EF23B7DE-BB94-423D-8B9E-140328C22C14}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{2907FA5D-B046-4726-80F4-7E3CB6434058}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe |
"UDP Query User{D46FE928-7BCE-46D1-9B5E-CC74FE7150C2}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{E36CFC14-1C12-4EB7-BCDB-0C11D8CB22E2}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{F49022B7-F1CB-4C4D-AD64-5B253B425D72}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F79E9878-7514-4C98-B1CB-2259116ED0E1}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.2.79
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4A4E6B2-D45F-4EB1-8C3A-6EB8D45A31C9}" = ClientTools
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Action Replay DSi Code Manager_is1" = Action Replay DSi Code Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"ArtistScope Plugin IE4.2.0.3" = ArtistScope Plugin IE
"Ask Toolbar_is1" = Ask Toolbar
"avast" = avast! Free Antivirus
"BfgBar" = Big Fish Games Toolbar 2.0
"BFGC" = Big Fish Games: Game Manager
"CCleaner" = CCleaner
"Chuzzle Deluxe 1.0" = Chuzzle Deluxe 1.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"conduitEngine" = Conduit Engine
"eGames GameButler" = eGames GameButler
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hoyle Puzzle & Board Games 2009" = Hoyle Puzzle & Board Games 2009
"IObit Security 360_is1" = IObit Security 360
"isoHunt Toolbar" = isoHunt Toolbar
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Standard)
"Live Billiards 2" = Live Billiards 2
"Magic Encyclopedia Moon Light 1.00" = Magic Encyclopedia Moon Light 1.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NetSight" = Nielsen
"OpenAL" = OpenAL
"Origin" = Origin
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"RollerCoaster Tycoon Setup" = Roll
"Search Guard Plus" = Search Guard Plus (My Web Tattoo)
"Search Guard Plus Updater" = Search Guard Plus Updater (My Web Tattoo)
"Silent Package Run-Time Sample" = EPSON PictureMate User's Guide
"Smart Defrag 2_is1" = Smart Defrag 2
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)
"Unlocker" = Unlocker 1.9.0
"uTorrent" = µTorrent
"VIVAGplayer" = VIVA MEDIA GAME CENTER
"Voodoo Whisperer - Curse of a Legend" = Voodoo Whisperer - Curse of a Legend
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

__________________________
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-12 11:19:55
-----------------------------
11:19:55.458 OS Version: Windows 6.0.6002 Service Pack 2
11:19:55.458 Number of processors: 1 586 0x1601
11:19:55.458 ComputerName: JOYCE-PC UserName: dummy
11:19:56.050 Initialize success
11:20:02.602 AVAST engine defs: 11081200
11:20:10.699 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:20:10.699 Disk 0 Vendor: ST3250310AS 3.ADA Size: 238418MB BusType: 3
11:20:12.727 Disk 0 MBR read successfully
11:20:12.727 Disk 0 MBR scan
11:20:12.742 Disk 0 Windows VISTA default MBR code
11:20:12.758 Disk 0 scanning sectors +488278016
11:20:12.836 Disk 0 scanning C:\Windows\system32\drivers
11:20:23.865 Service scanning
11:20:24.286 Service flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys **HIDDEN**
11:20:25.020 Modules scanning
11:20:30.043 Disk 0 trace - called modules:
11:20:30.074 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
11:20:30.090 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x849194b0]
11:20:30.604 3 CLASSPNP.SYS[87ba78b3] -> nt!IofCallDriver -> [0x83a2a898]
11:20:30.604 5 acpi.sys[8068f6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83e49528]
11:20:31.431 AVAST engine scan C:\Windows
11:20:35.425 AVAST engine scan C:\Windows\system32
11:22:05.858 File: C:\Windows\system32\odbcbcpp.dll **INFECTED** Win32:Malware-gen
11:22:07.215 File: C:\Windows\system32\olecli322.dll **INFECTED** Win32:Malware-gen
11:22:20.116 File: C:\Windows\system32\schedsvcc.dll **INFECTED** Win32:Malware-gen
11:22:58.071 AVAST engine scan C:\Windows\system32\drivers
11:23:15.543 AVAST engine scan C:\Users\dummy
11:24:00.440 AVAST engine scan C:\ProgramData
11:29:02.612 Scan finished successfully
11:33:56.282 Disk 0 MBR has been saved successfully to "C:\Users\dummy\Desktop\MBR.dat"
11:33:56.282 The log file has been saved successfully to "C:\Users\dummy\Desktop\aswMBR.txt"


OTL logfile created on: 8/13/2011 11:00:27 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\dummy\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 81.46% Memory free
2.16 Gb Paging File | 1.94 Gb Available in Paging File | 89.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 55.80 Gb Free Space | 25.05% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.53 Gb Free Space | 35.33% Space Free | Partition Type: NTFS

Computer Name: JOYCE-PC | User Name: dummy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/13 22:56:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\dummy\Desktop\OTL.com
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/08/13 22:56:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\dummy\Desktop\OTL.com
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (avast! Antivirus)
SRV - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/05/22 09:58:23 | 000,266,240 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\CSHelper.exe -- (CSHelper)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/03/19 15:07:54 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/18 15:04:08 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 16:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/13 22:14:30 | 000,278,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/01/13 22:14:30 | 000,025,416 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/06/17 09:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 09:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/29 01:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 11:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 17:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2001/05/07 03:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2011/08/12 00:18:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (isoHunt Toolbar) - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Big Fish Games Toolbar) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (isoHunt Toolbar) - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Big Fish Games Toolbar) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (isoHunt Toolbar) - {A6E4A4EB-D169-4E99-8988-250FCBAFE767} - C:\Program Files\isoHunt\tbiso1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast5] File not found
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SmartDefragBootTime.exe) - C:\Windows\System32\SmartDefragBootTime.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^debi!!^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7249907A.lnk - - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: conhost - hkey= - key= - File not found
MsConfig - StartUpReg: DellSupportCenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: dscactivate - hkey= - key= - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
MsConfig - StartUpReg: NeroCheck - hkey= - key= - File not found
MsConfig - StartUpReg: NielsenOnline - hkey= - key= - File not found
MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: UnlockerAssistant - hkey= - key= - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: SupportSoft RemoteAssist - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/08/13 22:55:22 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\dummy\Desktop\OTL.com
[2011/08/13 02:45:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/13 02:45:25 | 000,000,000 | ---D | C] -- C:\Users\dummy\AppData\Local\temp
[2011/08/13 02:44:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/13 02:08:40 | 000,061,440 | ---- | C] ( ) -- C:\Users\dummy\Desktop\VEW.exe
[2011/08/12 12:07:18 | 004,170,159 | R--- | C] (Swearware) -- C:\Users\dummy\Desktop\ComboFix.exe
[2011/08/12 04:58:02 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\dummy\Desktop\aswMBR.exe
[2011/08/12 04:55:22 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\dummy\Desktop\ATF_Cleaner.exe
[2011/08/12 04:29:55 | 178,215,952 | ---- | C] (AVG Technologies) -- C:\Users\dummy\Desktop\avg_free_x86_all_2011_1392a3812.exe
[2011/08/12 00:07:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/12 00:07:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/12 00:07:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/12 00:07:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/12 00:07:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/05 02:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/08/05 02:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/08/04 17:46:46 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011/08/04 17:46:46 | 000,456,144 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011/08/04 17:46:46 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011/08/04 17:46:46 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011/08/04 17:46:44 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011/08/04 17:46:44 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011/08/04 17:46:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011/08/04 17:46:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011/08/04 17:46:44 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011/08/04 17:46:44 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011/08/04 17:46:42 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011/08/04 17:46:42 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011/08/03 00:19:03 | 000,000,000 | ---D | C] -- C:\Users\dummy\AppData\Roaming\Hoyle FaceCreator
[2011/08/03 00:19:02 | 000,000,000 | ---D | C] -- C:\Users\dummy\AppData\Roaming\Hoyle Puzzle and Board Games
[2011/07/30 03:32:38 | 000,000,000 | ---D | C] -- C:\Users\dummy\AppData\Roaming\AVG10
[2011/07/30 03:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/07/30 03:30:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/07/30 03:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/07/29 22:58:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/07/29 22:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/07/25 10:56:15 | 000,000,000 | ---D | C] -- C:\Users\dummy\AppData\Roaming\Vogat Interactive
[2011/07/18 18:57:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/07/15 00:35:04 | 000,036,864 | ---- | C] (TOSHIBA/MEI) -- C:\Windows\System32\SDDEVMGR.dll
[2011/07/15 00:35:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
[2011/07/15 00:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Panasonic
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/13 22:56:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\dummy\Desktop\OTL.com
[2011/08/13 22:04:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/13 22:04:10 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/08/13 22:02:33 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/13 09:32:41 | 000,000,680 | ---- | M] () -- C:\Users\dummy\AppData\Local\d3d9caps.dat
[2011/08/13 02:08:40 | 000,061,440 | ---- | M] ( ) -- C:\Users\dummy\Desktop\VEW.exe
[2011/08/13 02:05:35 | 000,060,184 | ---- | M] () -- C:\Users\dummy\Desktop\bluescreenview.zip
[2011/08/12 12:07:21 | 004,170,159 | R--- | M] (Swearware) -- C:\Users\dummy\Desktop\ComboFix.exe
[2011/08/12 11:33:56 | 000,000,512 | ---- | M] () -- C:\Users\dummy\Desktop\MBR.dat
[2011/08/12 04:58:13 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\dummy\Desktop\aswMBR.exe
[2011/08/12 04:56:40 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\dummy\Desktop\ATF_Cleaner.exe
[2011/08/12 04:33:02 | 126,978,706 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/08/12 04:29:56 | 178,215,952 | ---- | M] (AVG Technologies) -- C:\Users\dummy\Desktop\avg_free_x86_all_2011_1392a3812.exe
[2011/08/12 00:18:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/08/11 23:22:04 | 000,594,698 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/11 23:22:04 | 000,100,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/05 07:07:28 | 000,006,472 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/08/04 17:46:46 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011/08/04 17:46:46 | 000,456,144 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011/08/04 17:46:46 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011/08/04 17:46:46 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011/08/04 17:46:44 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011/08/04 17:46:44 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011/08/04 17:46:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011/08/04 17:46:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011/08/04 17:46:44 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011/08/04 17:46:44 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011/08/04 17:46:42 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011/08/04 17:46:42 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011/07/30 19:14:39 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/30 10:34:12 | 000,354,150 | ---- | M] () -- C:\Users\dummy\AppData\Local\census.cache
[2011/07/30 10:34:06 | 000,188,155 | ---- | M] () -- C:\Users\dummy\AppData\Local\ars.cache
[2011/07/30 05:18:45 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Users\dummy\Desktop\HousecallLauncher.exe
[2011/07/25 02:53:50 | 000,000,552 | ---- | M] () -- C:\Users\dummy\AppData\Local\d3d8caps.dat
[2011/07/24 23:27:02 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\cgscfs.sys
[2011/07/24 22:12:35 | 000,004,740 | ---- | M] () -- C:\Users\dummy\AppData\Roaming\F9E4.B29
[2011/07/24 04:35:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/24 04:35:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/24 01:29:58 | 000,000,632 | RHS- | M] () -- C:\Users\dummy\ntuser.pol
[2011/07/20 05:12:31 | 000,866,304 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2011/07/20 05:04:57 | 001,690,624 | RH-- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2011/07/15 00:35:04 | 000,000,745 | ---- | M] () -- C:\Users\Public\Desktop\SDFormatter V2.0.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

The rest of the log will be in the next post.
Thanx!

Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down


Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Tue 13 Sep 2011, 10:25 am

Sorry it took so long. I had to learn how to download and burn the iso image file.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 530
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 109):
0x81C1C000 \SystemRoot\system32\ntkrnlpa.exe
0x81FD5000 \SystemRoot\system32\hal.dll
0x80409000 \SystemRoot\system32\kdcom.dll
0x80410000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80480000 \SystemRoot\system32\PSHED.dll
0x80491000 \SystemRoot\system32\BOOTVID.dll
0x80499000 \SystemRoot\system32\CLFS.SYS
0x804DA000 \SystemRoot\system32\CI.dll
0x8060D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068C000 \SystemRoot\system32\drivers\acpi.sys
0x806D2000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DB000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E3000 \SystemRoot\system32\drivers\pci.sys
0x8070A000 \SystemRoot\System32\drivers\partmgr.sys
0x80719000 \SystemRoot\system32\drivers\volmgr.sys
0x80728000 \SystemRoot\System32\drivers\volmgrx.sys
0x80772000 \SystemRoot\system32\DRIVERS\intelide.sys
0x80779000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x80787000 \SystemRoot\system32\drivers\pciide.sys
0x8078E000 \SystemRoot\System32\drivers\mountmgr.sys
0x8079E000 \SystemRoot\system32\drivers\atapi.sys
0x807A6000 \SystemRoot\system32\drivers\ataport.SYS
0x807C4000 \SystemRoot\system32\drivers\fltmgr.sys
0x805BA000 \SystemRoot\system32\drivers\fileinfo.sys
0x807F6000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82206000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82277000 \SystemRoot\system32\drivers\ndis.sys
0x82382000 \SystemRoot\system32\drivers\msrpc.sys
0x823AD000 \SystemRoot\system32\drivers\NETIO.SYS
0x87807000 \SystemRoot\System32\drivers\tcpip.sys
0x878F1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87A05000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87B15000 \SystemRoot\system32\drivers\volsnap.sys
0x87B56000 \SystemRoot\System32\Drivers\SmartDefragDriver.sys
0x87B5D000 \SystemRoot\System32\Drivers\mup.sys
0x87B6C000 \SystemRoot\System32\drivers\ecache.sys
0x87B93000 \SystemRoot\system32\drivers\disk.sys
0x87BA4000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87BC5000 \SystemRoot\system32\drivers\crcdisk.sys
0x87BEE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8790C000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87915000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x87950000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8795B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87999000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8AE0E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8AE9B000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8AEA6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8AEBE000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8AEED000 \SystemRoot\system32\DRIVERS\storport.sys
0x8AF2E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8AF39000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8AF50000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8AF5B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AF7E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AF8D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AFA1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8AFB6000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8AFC6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8AFD1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8AFDC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x879A8000 \SystemRoot\system32\DRIVERS\ks.sys
0x8AFDE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8AFE8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x805CA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x879D2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8AFF5000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x879E3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8AE00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8AE07000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x879F3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x823E8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x87BF9000 \SystemRoot\System32\Drivers\Null.SYS
0x87B4E000 \SystemRoot\System32\Drivers\Beep.SYS
0x823F1000 \SystemRoot\System32\drivers\vga.sys
0x8B00D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B02E000 \SystemRoot\System32\drivers\watchdog.sys
0x8B03A000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B042000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B04D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B05B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8B064000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B07A000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B08E000 \SystemRoot\system32\drivers\afd.sys
0x8B0D6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8B108000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8B111000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8B127000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B135000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8B171000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8B17B000 \SystemRoot\System32\Drivers\dfsc.sys
0x91400000 \SystemRoot\System32\win32k.sys
0x8B19A000 \SystemRoot\System32\drivers\Dxapi.sys
0x91610000 \SystemRoot\System32\drivers\dxg.sys
0x91640000 \SystemRoot\System32\TSDDD.dll
0x916C0000 \SystemRoot\System32\framebuf.dll
0x8B1A4000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B1B1000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8B1BC000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8B1C4000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8B1DD000 \SystemRoot\System32\drivers\mpsdrv.sys
0x87BCE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x93806000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9383F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x93857000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x93869000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x93871000 \SystemRoot\system32\DRIVERS\udfs.sys
0x77820000 \Windows\System32\ntdll.dll

Processes (total 23):
0 System Idle Process
4 System
348 C:\Windows\System32\smss.exe
416 csrss.exe
452 csrss.exe
460 C:\Windows\System32\wininit.exe
488 C:\Windows\System32\winlogon.exe
536 C:\Windows\System32\services.exe
548 C:\Windows\System32\lsass.exe
556 C:\Windows\System32\lsm.exe
712 C:\Windows\System32\svchost.exe
772 C:\Windows\System32\svchost.exe
856 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\svchost.exe
1652 C:\Windows\explorer.exe
396 C:\Windows\System32\wbem\unsecapp.exe
720 WmiPrvSE.exe
1376 C:\Users\dummy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83000000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03000000 (NTFS)

PhysicalDrive0 Model Number: ST3250310AS, Rev: 3.ADA

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Well, it looks like it is now reading the Windows Vista MBR code
That being the case could you help with my BSoD? Stop message: 0x0000008E (0xC000005, 0x81E46BDC, 0x8B71691C, 0x00000000).

Not only do I not know what the letters mean I don't know how to go about fixing them. Since I can only run in Safe mode, every setting that is changed returns to the default when system is restarted. Getting Windows to start normally is now impossible. The BSoD happens on the user login page. This started about 2 weeks ago, along with memory dumps every time. I've tried changing the dump file settings and taking ownership of same.When I restart the comp. all the settings return to default settings. Which means I have no dump files again.
I really hope you can help anyway. I would love to be able to give you dump file information, but I don't have any.
Thank you for trying to help me keep what little sanity I have left!!









Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by DragonMaster Jay on Wed 14 Sep 2011, 10:45 pm

Was the BSOD happening while the MBR was infected?

After fixing the MBR, did it continue happening?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Fri 16 Sep 2011, 10:26 am

Yes to both questions. It seems to be independent of the MBR infection.

Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by DragonMaster Jay on Fri 16 Sep 2011, 11:20 pm

-1. Run MEMTEST for 5 passes: [You must be registered and logged in to see this link.]
-2. Run System File Checker, Start > type in sfc /scannow and hit Enter

Let me know the results of it.

Note: it's important to run MEMTEST for 5 passes, because sometimes only one or two passes won't spot the issue.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Sat 17 Sep 2011, 5:45 pm

Got 5 passes from MemTest. The scannow program scanned and then the window just closed. I'm not sure if this was because it didn't find anything, but I figured you would know.
Thanx!!

Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by DragonMaster Jay on Sat 17 Sep 2011, 9:46 pm

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.



Set the slider to Maximum.



IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.




On the General tab, make sure all of the boxes are checked.




On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.



Click Create Report to run it.


It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to [You must be registered and logged in to see this link.] If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Tue 20 Sep 2011, 11:26 am

[You must be registered and logged in to see this link.]

Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by DragonMaster Jay on Wed 21 Sep 2011, 3:12 am

How many antivirus programs do you have currently running?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Wed 21 Sep 2011, 9:09 am

IOBit Security 360. I had been running avast and then I thought I uninstalled it. Found out it was still in the registry as a start up program. I used IOBit uninstaller to get rid of the rest of the program in the registry. I think that is all . Once the problems are fixed, I will run avgfree edition.

Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by DragonMaster Jay on Thu 22 Sep 2011, 1:23 am

What ones have you installed in the past? Please list all, no matter if they are still installed...


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Thu 22 Sep 2011, 5:46 pm

Windows security, which quit running awhile ago. Avast 4, upgraded to Avast5 (hate it!). Downloaded AVG free and tried to install it in safe mode. It loaded but only partially. Uninstalled it. IOBit Security 360.

I believe that is all

Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by DragonMaster Jay on Sat 24 Sep 2011, 12:46 am

Windows security, which quit running awhile ago.
Windows security? Do you mean Windows Defender? Microsoft Security Essentials? Which one?

Answer that, then we will have to completely remove all of those AV programs...


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Sat 24 Sep 2011, 6:43 pm

Just Windows Defender.

Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by DragonMaster Jay on Tue 27 Sep 2011, 1:04 am

Follow this page to remove all security applications you've had: [You must be registered and logged in to see this link.]

Let me know when done...


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Tue 27 Sep 2011, 3:20 pm

Its done I think

Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by DragonMaster Jay on Thu 29 Sep 2011, 12:50 am

How is the computer running after that?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Sat 01 Oct 2011, 1:47 pm

It made no difference. Still starting in safe mode after getting BSoD trying to start normally.

Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by DragonMaster Jay on Sun 02 Oct 2011, 1:36 am

Please download SpiderKill by DragonMaster Jay and save it to your Desktop.
  • Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  • Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  • Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Mon 03 Oct 2011, 12:44 pm

SpiderKill by DragonMaster Jay


Microsoft Windows [Version 6.0.6002]

********************Drivers list********************


Volume in drive C is OS
Volume Serial Number is FAD5-45CE

Directory of C:\Windows\System32\Drivers

09/26/2011 09:16 PM .
09/26/2011 09:16 PM ..
07/18/2008 05:26 PM 4,782 1028_Dell_INS_530.mrk
11/02/2006 01:55 AM 53,376 1394bus.sys
04/10/2009 11:32 PM 265,688 acpi.sys
01/20/2008 07:32 PM 422,968 adp94xx.sys
01/20/2008 07:32 PM 300,600 adpahci.sys
01/20/2008 07:32 PM 101,432 adpu160m.sys
01/20/2008 07:32 PM 149,560 adpu320.sys
04/10/2009 09:47 PM 273,920 afd.sys
01/20/2008 07:32 PM 56,376 AGP440.sys
01/20/2008 07:32 PM 17,464 aliide.sys
01/20/2008 07:32 PM 57,400 AMDAGP.SYS
01/20/2008 07:32 PM 17,976 amdide.sys
01/20/2008 07:32 PM 41,472 amdk7.sys
01/20/2008 07:32 PM 44,032 amdk8.sys
01/20/2008 07:32 PM 79,416 arc.sys
01/20/2008 07:32 PM 79,928 arcsas.sys
01/20/2008 07:33 PM 17,408 asyncmac.sys
04/10/2009 11:32 PM 19,944 atapi.sys
04/10/2009 11:32 PM 109,032 ataport.sys
11/02/2006 12:36 AM 2,028,032 atikmdag.sys
10/01/2006 02:10 PM 328,162 ativcaxx.cpa
10/01/2006 02:10 PM 929 ativcaxx.vp
10/01/2006 02:10 PM 2,096 ativokxx.vp
10/01/2006 02:10 PM 2,096 ativpkxx.vp
10/15/2006 02:11 PM 34,656 ativvpxx.vp
01/13/2010 10:14 PM 278,984 atksgt.sys
01/20/2008 07:32 PM 28,216 battc.sys
01/20/2008 07:32 PM 12,288 bdasup.sys
01/20/2008 07:33 PM 6,144 beep.sys
01/20/2008 07:32 PM 45,568 blbdrive.sys
01/20/2008 07:33 PM 69,632 bowser.sys
11/02/2006 01:24 AM 13,568 BrFiltLo.sys
11/02/2006 01:24 AM 5,248 BrFiltUp.sys
04/10/2009 10:42 PM 93,696 bridge.sys
11/02/2006 01:25 AM 71,808 BrSerId.sys
11/02/2006 01:24 AM 62,336 BrSerWdm.sys
11/02/2006 01:24 AM 12,160 BrUsbMdm.sys
11/02/2006 01:24 AM 11,904 BrUsbSer.sys
11/02/2006 01:55 AM 39,936 bthmodem.sys
01/20/2008 07:33 PM 70,144 cdfs.sys
10/17/2007 12:00 AM 9,072 cdr4_xp.sys
10/17/2007 12:00 AM 9,200 cdralw2k.sys
04/10/2009 09:39 PM 67,072 cdrom.sys
07/24/2011 11:27 PM 54,016 cgscfs.sys
01/20/2008 07:32 PM 35,328 circlass.sys
04/10/2009 11:32 PM 125,928 Classpnp.sys
01/20/2008 07:32 PM 19,000 cmdide.sys
01/20/2008 07:32 PM 20,792 compbatt.sys
04/10/2009 11:32 PM 35,304 crashdmp.sys
01/20/2008 07:32 PM 24,632 crcdisk.sys
01/20/2008 07:32 PM 40,960 crusoe.sys
09/29/2006 12:14 PM 144,360 del1028.cty
04/10/2009 09:14 PM 75,264 dfsc.sys
04/10/2009 11:32 PM 53,736 disk.sys
04/10/2009 09:39 PM 19,456 Diskdump.sys
11/02/2006 02:50 AM 71,272 djsvs.sys
01/20/2008 07:32 PM 130,048 drmk.sys
01/20/2008 07:32 PM 5,632 drmkaud.sys
04/10/2009 11:32 PM 27,624 Dumpata.sys
01/20/2008 07:34 PM 13,312 dxapi.sys
04/10/2009 09:23 PM 76,288 dxg.sys
09/24/2009 06:27 PM 634,880 dxgkrnl.sys
04/29/2007 01:42 AM 228,224 e1e6032.sys
01/20/2008 07:32 PM 118,784 E1G60I32.sys
04/10/2009 11:32 PM 141,288 ecache.sys
01/20/2008 07:32 PM 342,584 elxstor.sys
05/11/2010 08:02 AM en-US
01/20/2008 07:32 PM 6,656 errdev.sys
08/12/2011 12:18 AM etc
04/10/2009 09:13 PM 136,704 exfat.sys
04/10/2009 09:13 PM 142,848 fastfat.sys
01/20/2008 07:32 PM 25,088 fdc.sys
01/20/2008 07:33 PM 58,936 fileinfo.sys
01/20/2008 07:34 PM 27,648 filetrace.sys
01/20/2008 07:32 PM 20,480 flpydisk.sys
04/10/2009 11:32 PM 190,424 fltMgr.sys
01/20/2008 07:33 PM 12,800 fs_rec.sys
04/10/2009 11:32 PM 99,816 FWPKCLNT.SYS
01/20/2008 07:32 PM 61,496 GAGP30KX.SYS
09/18/2006 02:26 PM 3,440,660 gm.dls
09/18/2006 02:26 PM 646 gmreadme.txt
04/10/2009 09:42 PM 561,152 hdaudbus.sys
11/02/2006 01:55 AM 29,184 hidbth.sys
04/10/2009 09:42 PM 39,424 hidclass.sys
11/02/2006 01:55 AM 21,504 hidir.sys
01/20/2008 07:32 PM 25,472 hidparse.sys
04/10/2009 09:42 PM 12,800 hidusb.sys
01/20/2008 07:32 PM 40,504 HpCISSs.sys
10/18/2006 11:08 AM 258,048 HSXHWBS2.sys
10/18/2006 11:08 AM 659,968 HSX_CNXT.sys
10/18/2006 11:09 AM 986,624 HSX_DPV.sys
11/03/2009 12:41 PM 411,648 http.sys
01/20/2008 07:32 PM 19,000 i2omgmt.sys
01/20/2008 07:32 PM 30,264 i2omp.sys
01/20/2008 07:32 PM 54,784 i8042prt.sys
04/26/2007 03:41 AM 304,920 iaStor.sys
01/20/2008 07:32 PM 235,064 iaStorV.sys
02/11/2008 08:36 PM 2,302,976 igdkmd32.sys
11/02/2006 02:50 AM 41,576 iirsp.sys
01/20/2008 07:32 PM 17,976 intelide.sys
01/20/2008 07:32 PM 41,472 intelppm.sys
01/20/2008 07:34 PM 47,616 ipfltdrv.sys
01/20/2008 07:32 PM 64,512 IPMIDrv.sys
01/20/2008 07:34 PM 100,864 ipnat.sys
03/09/2007 03:04 PM 31,072 iqvw32.sys
01/20/2008 07:34 PM 95,744 irda.sys
01/20/2008 07:33 PM 13,312 irenum.sys
12/07/2009 05:59 PM 61,328 is3srv.sys
01/20/2008 07:32 PM 49,720 isapnp.sys
11/02/2006 02:50 AM 35,944 iteatapi.sys
11/02/2006 02:50 AM 35,944 iteraid.sys
01/20/2008 07:32 PM 35,384 kbdclass.sys
04/10/2009 09:38 PM 17,408 kbdhid.sys
08/05/2011 07:07 AM 6,472 kgpcpy.cfg
04/10/2009 09:38 PM 149,504 ks.sys
06/15/2009 04:15 PM 439,864 ksecdd.sys
06/17/2009 09:56 AM 35,472 LHidFilt.Sys
01/13/2010 10:14 PM 25,416 lirsgt.sys
01/20/2008 07:34 PM 47,104 lltdio.sys
06/17/2009 09:56 AM 37,392 LMouFilt.Sys
01/20/2008 07:32 PM 96,312 lsi_fc.sys
01/20/2008 07:32 PM 89,656 lsi_sas.sys
01/20/2008 07:32 PM 96,312 lsi_scsi.sys
01/20/2008 07:34 PM 84,480 luafv.sys
06/17/2009 09:56 AM 28,560 LUsbFilt.sys
07/06/2011 07:52 PM 22,712 mbam.sys
07/06/2011 07:52 PM 41,272 mbamswissarmy.sys
01/20/2008 07:34 PM 18,944 mcd.sys
06/19/2006 02:26 PM 12,672 mdmxsdk.sys
01/20/2008 07:32 PM 31,288 megasas.sys
01/20/2008 07:32 PM 386,616 MegaSR.sys
01/20/2008 07:34 PM 31,744 modem.sys
01/20/2008 07:32 PM 41,984 monitor.sys
01/20/2008 07:32 PM 34,360 mouclass.sys
01/20/2008 07:32 PM 15,872 mouhid.sys
01/20/2008 07:33 PM 57,400 mountmgr.sys
01/20/2008 07:32 PM 105,016 mpio.sys
01/20/2008 07:34 PM 64,000 mpsdrv.sys
11/02/2006 02:49 AM 33,384 Mraid35x.sys
04/10/2009 09:14 PM 114,688 mrxdav.sys
12/04/2009 08:56 AM 105,984 mrxsmb.sys
12/04/2009 08:56 AM 212,992 mrxsmb10.sys
04/10/2009 09:14 PM 79,360 mrxsmb20.sys
01/20/2008 07:32 PM 28,728 msahci.sys
01/20/2008 07:32 PM 94,776 msdsm.sys
01/20/2008 07:33 PM 22,528 msfs.sys
07/14/2009 10:45 AM 3

MsftWdf_Kernel_01009_Inbox_Critical.Wdf
01/20/2008 07:32 PM 16,440 msisadrv.sys
04/10/2009 11:32 PM 180,712 msiscsi.sys
01/20/2008 07:34 PM 8,192 mskssrv.sys
01/20/2008 07:34 PM 5,888 mspclock.sys
01/20/2008 07:34 PM 5,504 mspqm.sys
04/10/2009 11:32 PM 161,752 msrpc.sys
01/20/2008 07:32 PM 31,288 mssmbios.sys
01/20/2008 07:34 PM 6,016 mstee.sys
04/10/2009 11:32 PM 48,104 mup.sys
04/10/2009 11:32 PM 527,848 ndis.sys
01/20/2008 07:34 PM 20,992 ndistapi.sys
01/20/2008 07:34 PM 16,896 ndisuio.sys
04/10/2009 09:46 PM 121,344 ndiswan.sys
01/20/2008 07:34 PM 49,664 ndproxy.sys
01/20/2008 07:34 PM 35,840 netbios.sys
04/10/2009 09:45 PM 185,856 netbt.sys
04/10/2009 11:32 PM 223,208 netio.sys
11/02/2006 02:50 AM 45,160 nfrd960.sys
04/10/2009 09:14 PM 35,328 npfs.sys
01/20/2008 07:34 PM 16,384 nsiproxy.sys
04/10/2009 11:32 PM 1,083,880 ntfs.sys
11/02/2006 12:36 AM 20,608 ntrigdigi.sys
01/20/2008 07:33 PM 4,608 null.sys
01/20/2008 07:32 PM 102,968 nvraid.sys
01/20/2008 07:32 PM 45,112 nvstor.sys
01/20/2008 07:32 PM 109,112 NV_AGP.SYS
04/10/2009 09:43 PM 148,480 nwifi.sys
11/02/2006 01:55 AM 62,080 ohci1394.sys
04/10/2009 09:45 PM 72,192 pacer.sys
11/02/2006 01:51 AM 79,360 parport.sys
04/10/2009 11:32 PM 54,248 partmgr.sys
11/02/2006 01:51 AM 8,704 parvdm.sys
04/10/2009 11:32 PM 149,480 pci.sys
04/10/2009 11:32 PM 14,312 pciide.sys
04/10/2009 11:32 PM 43,496 pciidex.sys
11/02/2006 02:51 AM 167,528 pcmcia.sys
02/23/2010 12:17 PM 47,360 pcouffin.sys
11/02/2006 02:04 AM 878,080 PEAuth.sys
04/10/2009 09:42 PM 167,936 portcls.sys
01/20/2008 07:32 PM 40,960 processr.sys
11/14/2007 01:00 AM 43,840 pxhelp20.sys
01/20/2008 07:32 PM 1,122,360 ql2300.sys
11/02/2006 02:50 AM 106,088 ql40xx.sys
01/20/2008 07:32 PM 31,232 qwavedrv.sys
01/20/2008 07:34 PM 11,776 rasacd.sys
01/20/2008 07:34 PM 76,288 rasl2tp.sys
04/10/2009 09:46 PM 41,472 raspppoe.sys
01/20/2008 07:34 PM 62,976 raspptp.sys
04/10/2009 09:46 PM 69,120 rassstp.sys
04/10/2009 09:14 PM 225,280 rdbss.sys
01/20/2008 07:33 PM 6,144 RDPCDD.sys
01/20/2008 07:32 PM 248,832 rdpdr.sys
01/20/2008 07:34 PM 6,144 RDPENCDD.sys
04/10/2009 09:51 PM 180,736 rdpwd.sys
04/10/2009 09:45 PM 113,664 rmcast.sys
04/10/2009 09:46 PM 33,280 RNDISMP.sys
01/20/2008 07:34 PM 8,192 rootmdm.sys
01/20/2008 07:34 PM 60,416 rspndr.sys
01/24/2008 11:06 AM 2,054,872 RTKVHDA.sys
11/02/2006 02:50 AM 76,392 sbp2port.sys
01/20/2008 07:33 PM 142,904 scsiport.sys
11/01/2006 11:37 PM 20,480 secdrv.sys
11/02/2006 01:51 AM 17,920 serenum.sys
11/02/2006 01:51 AM 83,456 serial.sys
01/20/2008 07:32 PM 19,968 sermouse.sys
01/20/2008 07:32 PM 13,312 sffdisk.sys
01/20/2008 07:32 PM 12,288 sffp_mmc.sys
01/20/2008 07:32 PM 11,776 sffp_sd.sys
01/20/2008 07:32 PM 13,312 sfloppy.sys
01/20/2008 07:32 PM 55,864 SISAGP.SYS
01/20/2008 07:32 PM 41,016 sisraid2.sys
01/20/2008 07:32 PM 74,808 sisraid4.sys
02/23/2011 04:52 PM 16,184 SmartDefragDriver.sys
04/10/2009 09:45 PM 66,560 smb.sys
01/20/2008 07:34 PM 17,408 smclib.sys
01/20/2008 07:33 PM 21,048 spldr.sys
04/10/2009 07:52 PM 684,032 spsys.sys
12/11/2009 04:43 AM 302,080 srv.sys
09/14/2009 02:29 AM 144,896 srv2.sys
12/11/2009 04:43 AM 98,816 srvnet.sys
04/10/2009 11:32 PM 122,344 Storport.sys
04/10/2009 09:42 PM 52,992 stream.sys
01/20/2008 07:32 PM 15,288 swenum.sys
11/02/2006 02:50 AM 35,944 symc8xx.sys
11/02/2006 02:49 AM 31,848 sym_hi.sys
11/02/2006 02:50 AM 34,920 sym_u3.sys
12/07/2009 05:59 PM 61,328 SZKG.sys
05/12/2010 06:01 PM 59,280 SZKGFS.sys
01/20/2008 07:34 PM 24,576 tape.sys
12/08/2009 01:01 PM 904,776 tcpip.sys
12/08/2009 10:26 AM 30,720 tcpipreg.sys
01/20/2008 07:33 PM 20,992 tdi.sys
01/20/2008 07:33 PM 17,920 tdpipe.sys
01/20/2008 07:33 PM 29,184 tdtcp.sys
04/10/2009 09:45 PM 72,192 tdx.sys
04/10/2009 11:32 PM 53,224 termdd.sys
01/20/2008 07:34 PM 23,552 tssecsrv.sys
01/20/2008 07:34 PM 15,360 TUNMP.SYS
01/20/2008 07:34 PM 23,040 tunnel.sys
01/20/2008 07:32 PM 59,448 UAGP35.SYS
04/10/2009 09:13 PM 226,816 udfs.sys
01/20/2008 07:32 PM 60,984 ULIAGPKX.SYS
01/20/2008 07:32 PM 238,648 uliahci.sys
11/02/2006 02:50 AM 98,408 ulsata.sys
01/20/2008 07:32 PM 115,816 ulsata2.sys
01/20/2008 07:32 PM 34,816 umbus.sys
11/19/2009 10:14 AM UMDF
01/20/2008 07:33 PM 7,680 umpass.sys
04/10/2009 09:46 PM 15,872 usb8023.sys
12/14/2010 07:51 PM 41,984 usbaapl.sys
04/10/2009 09:42 PM 25,856 USBCAMD.sys
04/10/2009 09:42 PM 25,856 USBCAMD2.sys
01/20/2008 07:32 PM 73,216 usbccgp.sys
11/02/2006 01:55 AM 68,608 usbcir.sys
01/20/2008 07:32 PM 5,888 usbd.sys
04/10/2009 09:42 PM 39,936 usbehci.sys
04/10/2009 09:43 PM 196,096 usbhub.sys
05/07/2001 03:56 AM 19,805 usbio.sys
11/02/2006 01:55 AM 19,456 usbohci.sys
04/10/2009 09:42 PM 226,304 usbport.sys
01/20/2008 07:32 PM 18,944 usbprint.sys
04/10/2009 09:42 PM 65,536 USBSTOR.SYS
01/20/2008 07:32 PM 23,552 usbuhci.sys
01/20/2008 07:34 PM 25,088 vga.sys
01/20/2008 07:32 PM 26,112 vgapnp.sys
01/20/2008 07:32 PM 56,888 VIAAGP.SYS
01/20/2008 07:32 PM 41,472 viac7.sys
01/20/2008 07:32 PM 20,024 viaide.sys
01/20/2008 07:33 PM 110,080 videoprt.sys
01/20/2008 07:32 PM 52,792 volmgr.sys
04/10/2009 11:33 PM 292,840 volmgrx.sys
04/10/2009 11:32 PM 226,280 volsnap.sys
01/20/2008 07:32 PM 130,616 vsmraid.sys
11/02/2006 01:52 AM 20,608 wacompen.sys
01/20/2008 07:34 PM 62,464 wanarp.sys
04/10/2009 09:22 PM 33,280 watchdog.sys
01/20/2008 07:32 PM 22,072 wd.sys
07/14/2009 10:45 AM 445,008 Wdf01000.sys
07/14/2009 10:45 AM 38,480 WdfLdr.sys
01/20/2008 07:32 PM 11,264 wmiacpi.sys
01/20/2008 07:33 PM 17,976 wmilib.sys
01/20/2008 07:32 PM 39,936 WpdUsb.sys
01/20/2008 07:34 PM 15,872 ws2ifsl.sys
01/20/2008 07:34 PM 51,200 WUDFPf.sys
01/20/2008 07:34 PM 83,328 WUDFRd.sys
08/04/2006 05:39 PM 386,560 XAudio.exe
08/04/2006 05:39 PM 8,192 XAudio.sys
291 File(s) 38,492,299 bytes

Directory of C:\Windows\System32\Drivers\en-US

05/11/2010 08:02 AM .
05/11/2010 08:02 AM ..
11/02/2006 05:38 AM 9,728 acpi.sys.mui
11/02/2006 05:38 AM 8,704 afd.sys.mui
11/02/2006 05:39 AM 3,072 AGP440.sys.mui
11/02/2006 05:39 AM 3,072 AMDAGP.SYS.mui
11/02/2006 05:38 AM 2,560 amdide.sys.mui
11/02/2006 05:38 AM 14,848 amdk7.sys.mui
11/02/2006 05:38 AM 14,848 amdk8.sys.mui
11/02/2006 05:38 AM 3,072 ati2mpad.sys.mui
11/02/2006 05:39 AM 3,584 ati2mtag.sys.mui
11/02/2006 05:38 AM 3,072 atikmdag.sys.mui
01/20/2008 07:35 PM 5,120 b57nd60x.sys.mui
11/02/2006 05:38 AM 7,680 battc.sys.mui
11/02/2006 05:38 AM 5,120 bcm4sbxp.sys.mui
11/02/2006 05:38 AM 2,560 BrParwdm.sys.mui
11/02/2006 05:38 AM 10,240 BrSerId.sys.mui
11/02/2006 05:38 AM 5,120 bthpan.sys.mui
04/10/2009 11:22 PM 8,192 bthport.sys.mui
11/02/2006 05:39 AM 3,072 cmbp0wdm.sys.mui
11/02/2006 05:38 AM 14,848 crusoe.sys.mui
11/02/2006 05:39 AM 3,072 cxbp0wdm.sys.mui
11/02/2006 05:38 AM 3,072 Dot4usb.sys.mui
10/08/2009 04:12 PM 4,096 dxgkrnl.sys.mui
11/02/2006 05:38 AM 5,120 e100b325.sys.mui
01/20/2008 07:35 PM 19,968 e1e6032.sys.mui
01/20/2008 07:35 PM 16,896 E1G60I32.sys.mui
11/02/2006 05:38 AM 5,120 fltmgr.sys.mui
11/02/2006 05:38 AM 3,072 GAGP30KX.SYS.mui
11/02/2006 05:39 AM 3,584 gpr400.sys.mui
11/02/2006 05:39 AM 4,096 grserial.sys.mui
04/10/2009 11:24 PM 4,096 hdaudbus.sys.mui
11/02/2006 05:38 AM 3,584 hidbth.sys.mui
11/03/2009 02:46 PM 36,864 http.sys.mui
11/02/2006 05:38 AM 10,752 i8042prt.sys.mui
11/02/2006 05:38 AM 14,848 intelppm.sys.mui
11/02/2006 05:38 AM 6,144 IPMIDrv.sys.mui
11/02/2006 05:38 AM 4,096 ipnat.sys.mui
11/02/2006 05:39 AM 4,096 isapnp.sys.mui
11/02/2006 05:38 AM 4,608 kbdclass.sys.mui
11/02/2006 05:38 AM 3,072 kbdhid.sys.mui
11/02/2006 05:38 AM 9,728 ltmdmnt.sys.mui
01/20/2008 07:35 PM 6,656 luafv.sys.mui
11/02/2006 05:38 AM 4,096 modem.sys.mui
11/02/2006 05:38 AM 4,608 mouclass.sys.mui
11/02/2006 05:38 AM 3,072 mouhid.sys.mui
01/20/2008 07:35 PM 20,480 mpio.sys.mui
11/02/2006 05:38 AM 4,096 msdsm.sys.mui
11/02/2006 05:39 AM 3,584 mssmbios.sys.mui
11/02/2006 05:38 AM 65,536 ntfs.sys.mui
11/02/2006 05:38 AM 4,096 ntrigdigi.sys.mui
11/02/2006 05:39 AM 5,120 nv4_mini.sys.mui
11/02/2006 05:39 AM 3,072 NV_AGP.SYS.mui
11/02/2006 05:38 AM 12,288 ohci1394.sys.mui
11/02/2006 05:38 AM 3,584 pacer.sys.mui
11/02/2006 05:38 AM 4,096 parport.sys.mui
11/02/2006 05:38 AM 3,072 parvdm.sys.mui
11/02/2006 05:39 AM 8,704 pci.sys.mui
11/02/2006 05:38 AM 4,608 pcmcia.sys.mui
11/02/2006 05:39 AM 3,072 pnpmem.sys.mui
11/02/2006 05:38 AM 14,848 processr.sys.mui
11/02/2006 05:39 AM 4,096 pscr.sys.mui
11/02/2006 05:39 AM 3,072 qwavedrv.sys.mui
11/02/2006 05:38 AM 3,584 RNDISMP.sys.mui
11/02/2006 05:39 AM 3,584 rndismpx.sys.mui
11/02/2006 05:39 AM 4,096 scmstcs.sys.mui
11/02/2006 05:39 AM 4,096 SCR111.sys.mui
11/02/2006 05:39 AM 3,584 scsiport.sys.mui
11/02/2006 05:38 AM 10,752 serial.sys.mui
11/02/2006 05:38 AM 5,632 sermouse.sys.mui
11/02/2006 05:38 AM 3,072 serscan.sys.mui
11/02/2006 05:39 AM 3,072 SISAGP.SYS.mui
11/02/2006 05:38 AM 3,072 srv.sys.mui
11/02/2006 05:39 AM 3,072 stcusb.sys.mui
01/20/2008 07:35 PM 5,120 tpm.sys.mui
11/02/2006 05:38 AM 3,072 UAGP35.SYS.mui
11/02/2006 05:39 AM 3,072 ULIAGPKX.SYS.mui
11/02/2006 05:38 AM 3,584 umbus.sys.mui
11/02/2006 05:39 AM 3,072 VIAAGP.SYS.mui
11/02/2006 05:38 AM 14,848 viac7.sys.mui
01/20/2008 07:35 PM 32,768 volsnap.sys.mui
11/02/2006 05:39 AM 4,608 wacompen.sys.mui
11/02/2006 05:38 AM 2,560 wd.sys.mui
07/14/2009 10:52 AM 2,560 wdf01000.sys.mui
11/02/2006 05:38 AM 5,632 yk60x86.sys.mui
83 File(s) 612,864 bytes

Directory of C:\Windows\System32\Drivers\etc

08/12/2011 12:18 AM .
08/12/2011 12:18 AM ..
08/12/2011 12:18 AM 27 hosts
09/18/2006 02:41 PM 3,683 lmhosts.sam
09/18/2006 02:41 PM 407 networks
09/18/2006 02:41 PM 1,358 protocol
09/18/2006 02:41 PM 17,244 services
5 File(s) 22,719 bytes

Directory of C:\Windows\System32\Drivers\UMDF

11/19/2009 10:14 AM .
11/19/2009 10:14 AM ..
11/19/2009 10:13 AM en-US
09/30/2009 06:01 PM 227,840 WpdFs.dll
04/10/2009 11:28 PM 664,576 WpdMtpDr.dll
2 File(s) 892,416 bytes

Directory of C:\Windows\System32\Drivers\UMDF\en-US

11/19/2009 10:13 AM .
11/19/2009 10:13 AM ..
09/30/2009 06:08 PM 3,072 wpdmtpdr.dll.mui
1 File(s) 3,072 bytes

Total Files Listed:
382 File(s) 40,023,370 bytes
14 Dir(s) 93,716,373,504 bytes free


***********************Hidden Drivers********************
Volume in drive C is OS
Volume Serial Number is FAD5-45CE

Directory of C:\Windows\System32\Drivers

05/11/2010 03:54 AM 0

MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
11/10/2009 04:40 AM 0

Msft_Kernel_LHidFilt_01005.Wdf
11/10/2009 04:40 AM 0

Msft_Kernel_LMouFilt_01005.Wdf
11/10/2009 04:40 AM 0

Msft_Kernel_LUsbFilt_01005.Wdf
05/11/2010 03:54 AM 0

Msft_Kernel_nnfwdk_01009.Wdf
11/09/2009 09:27 PM 0

Msft_User_WpdFs_01_00_00.Wdf
11/19/2009 10:12 AM 0

Msft_User_WpdFs_01_07_00.Wdf
08/22/2009 04:14 PM 0

Msft_User_WpdMtpDr_01_00_00.Wdf
8 File(s) 0 bytes
0 Dir(s) 93,716,381,696 bytes free


*********************Processes*******************


PROCESS PID PRIO PATH
smss.exe 348 Normal C:\Windows\System32

\smss.exe
csrss.exe 416 Normal C:\Windows\system32

\csrss.exe
csrss.exe 452 Normal C:\Windows\system32

\csrss.exe
wininit.exe 460 High C:\Windows\system32

\wininit.exe
winlogon.exe 488 High C:\Windows\system32

\winlogon.exe
services.exe 536 Normal C:\Windows\system32

\services.exe
lsass.exe 548 Normal C:\Windows\system32

\lsass.exe
lsm.exe 556 Normal C:\Windows\system32\lsm.exe
svchost.exe 712 Normal C:\Windows\system32

\svchost.exe
svchost.exe 772 Normal C:\Windows\system32

\svchost.exe
svchost.exe 860 Normal C:\Windows\System32

\svchost.exe
svchost.exe 884 Normal C:\Windows\system32

\svchost.exe
svchost.exe 908 Normal C:\Windows\System32

\svchost.exe
svchost.exe 956 Normal C:\Windows\system32

\svchost.exe
svchost.exe 976 Normal C:\Windows\system32

\svchost.exe
svchost.exe 1052 Normal C:\Windows\system32

\svchost.exe
svchost.exe 1232 Normal C:\Windows\system32

\svchost.exe
Explorer.EXE 1600 Normal C:\Windows\Explorer.EXE
unsecapp.exe 404 Normal C:\Windows\system32

\wbem\unsecapp.exe
wmiprvse.exe 984 Normal C:\Windows\system32

\wbem\wmiprvse.exe
cmd.exe 1648 Normal C:\Windows\system32\cmd.exe
processes.exe 220 Normal

C:\Users\dummy\Desktop\SpiderKill\SpiderKill\processes.exe


*********************Modules of explorer.exe and

svchost.exe*******************
Module information for 'Explorer.EXE'(1600)
MODULE BASE SIZE PATH
Explorer.EXE 510000 2936832 C:\Windows\Explorer.EXE

6.0.6000.16386 (vista_rtm.061101-2205) Windows

Explorer
ntdll.dll 77170000 1208320 C:\Windows\system32

\ntdll.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) NT Layer DLL
kernel32.dll 77090000 901120 C:\Windows\system32

\kernel32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows NT BASE API Client DLL
ADVAPI32.dll 75c60000 811008 C:\Windows\system32

\ADVAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Advanced Windows 32 Base API
RPCRT4.dll 76010000 798720 C:\Windows\system32

\RPCRT4.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Remote Procedure Call Runtime
GDI32.dll 77040000 307200 C:\Windows\system32

\GDI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

GDI Client DLL
USER32.dll 75d30000 643072 C:\Windows\system32

\USER32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Multi-User Windows USER API Client DLL
msvcrt.dll 762d0000 696320 C:\Windows\system32

\msvcrt.dll 7.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows NT CRT DLL
SHLWAPI.dll 77360000 364544 C:\Windows\system32

\SHLWAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Shell Light-weight Utility Library
SHELL32.dll 764b0000 11599872 C:\Windows\system32

\SHELL32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Shell Common Dll
ole32.dll 75a30000 1331200 C:\Windows\system32

\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft OLE for Windows
OLEAUT32.dll 75e80000 577536 C:\Windows\system32

\OLEAUT32.dll 6.0.6002.18005 6.0.6002.18005
SHDOCVW.dll 73850000 1081344 C:\Windows\system32

\SHDOCVW.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Shell Doc Object and Control Library
UxTheme.dll 74b30000 258048 C:\Windows\system32

\UxTheme.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft UxTheme Library
POWRPROF.dll 74f30000 106496 C:\Windows\system32

\POWRPROF.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Power Profile Helper DLL
dwmapi.dll 73f20000 49152 C:\Windows\system32

\dwmapi.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Microsoft Desktop Window Manager API
gdiplus.dll 741e0000 1748992

C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf

1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll

5.2.6002.18005 (lh_sp2rtm.090410-1830) Microsoft GDI+
slc.dll 75290000 237568 C:\Windows\system32\slc.dll

6.0.6002.18005 (lh_sp2rtm.090410-1830) Software

Licensing Client Dll
PROPSYS.dll 74120000 765952 C:\Windows\system32

\PROPSYS.dll 7.00.6002.18005 (lh_sp2rtm.090410-

1830) Microsoft Property System
BROWSEUI.dll 73700000 1335296 C:\Windows\system32

\BROWSEUI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Shell Browser UI Library
IMM32.dll 75f10000 122880 C:\Windows\system32

\IMM32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Multi-User Windows IMM32 API Client DLL
MSCTF.dll 75b90000 819200 C:\Windows\system32

\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205)

MSCTF Server DLL
DUser.dll 74aa0000 196608 C:\Windows\system32

\DUser.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows DirectUser Engine
LPK.DLL 75b80000 36864 C:\Windows\system32\LPK.DLL

6.0.6002.18051 (vistasp2_gdr.090615-0258)

Language Pack
USP10.dll 76fc0000 512000 C:\Windows\system32

\USP10.dll 1.0626.6002.18005 (lh_sp2rtm.090410-

1830) Uniscribe Unicode script processor
comctl32.dll 74830000 1695744

C:\Windows\WinSxS\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de

0\comctl32.dll 5.82 (longhorn_rtm.080118-1840) Common

Controls Library
WindowsCodecs.dll 73600000 999424 C:\Windows\system32

\WindowsCodecs.dll 7.0.6002.18107

(vistasp2_gdr_win7ip_dgt(wmbla).090924-1550) Microsoft

Windows Codecs Library
apphelp.dll 73bb0000 180224 C:\Windows\system32

\apphelp.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Application Compatibility Client Library
CLBCatQ.DLL 772d0000 540672 C:\Windows\system32

\CLBCatQ.DLL 2001.12.6931.18000

(longhorn_rtm.080118-1840) COM+ Configuration Catalog
EhStorShell.dll 73580000 126976 C:\Windows\system32

\EhStorShell.dll 5.2.3790.1830 Windows Enhanced

Storage Shell Extension
IconCodecService.dll 735e0000 24576 C:\Windows\system32

\IconCodecService.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Converts a PNG part of the icon to a legacy bmp icon
rsaenh.dll 74e70000 241664 C:\Windows\system32

\rsaenh.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Microsoft Enhanced Cryptographic Provider
timedate.cpl 733c0000 729088 C:\Windows\system32

\timedate.cpl 6.0.6001.18000 (longhorn_rtm.080118-

1840) Time Date Control Panel Applet
ATL.DLL 74b10000 81920 C:\Windows\system32\ATL.DLL

3.05.2284 ATL Module for Windows XP

(Unicode)
NETAPI32.dll 75520000 483328 C:\Windows\system32

\NETAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Net Win32 API DLL
PSAPI.DLL 759d0000 28672 C:\Windows\system32

\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Process Status Helper
OLEACC.dll 73f80000 249856 C:\Windows\system32

\OLEACC.dll 7.0.6002.18155

(vistasp2_gdr_win7ip_uia(wmbla).091008-1406) Active

Accessibility Core Component
WINBRAND.dll 74d90000 880640 C:\Windows\system32

\WINBRAND.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Branding Resources
USERENV.dll 75890000 122880 C:\Windows\system32

\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Userenv
Secur32.dll 75870000 81920 C:\Windows\system32

\Secur32.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) Security Support Provider Interface
shacct.dll 74390000 90112 C:\Windows\System32

\shacct.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Shell Accounts Classes
SAMLIB.dll 75490000 69632 C:\Windows\System32

\SAMLIB.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

SAM Library DLL
msshsq.dll 73350000 245760 C:\Windows\System32

\msshsq.dll 7.00.6002.18005 (lh_sp2rtm.090410-

1830) Structured Query
NaturalLanguage6.dll 731b0000 815104 C:\Windows\System32

\NaturalLanguage6.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Natural Language Development Platform 6
CRYPT32.dll 752f0000 991232 C:\Windows\System32

\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Crypto API32
MSASN1.dll 75470000 73728 C:\Windows\System32

\MSASN1.dll 6.0.6002.18106 (vistasp2_gdr.090903-

2340) ASN.1 Runtime APIs
NLSData0009.dll 72790000 4886528 C:\Windows\System32

\NLSData0009.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Microsoft English Natural Language Server Data and Code
NLSLexicons0009.dll 72500000 2650112 C:\Windows\System32

\NLSLexicons0009.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Microsoft English Natural Language Server Data and Code
authui.dll 74540000 1998848 C:\Windows\system32

\authui.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Authentication UI
MSIMG32.dll 74d00000 20480 C:\Windows\system32

\MSIMG32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

GDIEXT Client DLL
LINKINFO.dll 749d0000 36864 C:\Windows\system32

\LINKINFO.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Volume Tracking
ieframe.dll 71f30000 6094848 C:\Windows\system32

\ieframe.dll 7.00.6000.16386 (vista_rtm.061101-

2205) Internet Explorer
iertutil.dll 759e0000 282624 C:\Windows\system32

\iertutil.dll 7.00.6002.18005 (lh_sp2rtm.090410-

1830) Run time utility for Internet Explorer
WININET.dll 75f30000 856064 C:\Windows\system32

\WININET.dll 7.00.6000.16386 (vista_rtm.061101-

2205) Internet Extensions for Win32
Normaliz.dll 773c0000 12288 C:\Windows\system32

\Normaliz.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Unicode Normalization DLL
WINMM.dll 73fc0000 204800 C:\Windows\system32

\WINMM.dll 6.0.6000.16386 (vista_rtm.061101-2205)

MCI API DLL
wdmaud.drv 73320000 192512 C:\Windows\system32

\wdmaud.drv 6.0.6000.16386 (vista_rtm.061101-2205)

Winmm audio system driver
ksuser.dll 740f0000 16384 C:\Windows\system32

\ksuser.dll 6.0.6000.16386 (vista_rtm.061101-2205)

User CSA Library
MMDevAPI.DLL 732f0000 163840 C:\Windows\system32

\MMDevAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

MMDevice API
AVRT.dll 74500000 28672 C:\Windows\system32

\AVRT.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Multimedia Realtime Runtime
ExplorerFrame.dll 744f0000 36864 C:\Windows\system32

\ExplorerFrame.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

ExplorerFrame
urlmon.dll 76380000 1220608 C:\Windows\system32

\urlmon.dll 7.00.6001.18000 (longhorn_rtm.080118-

1840) OLE32 Extensions for Win32
stobject.dll 73050000 598016 C:\Windows\system32

\stobject.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Systray shell service object
BatMeter.dll 72f90000 745472 C:\Windows\system32

\BatMeter.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Battery Meter Helper DLL
SETUPAPI.dll 76140000 1613824 C:\Windows\system32

\SETUPAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Setup API
WTSAPI32.dll 74c00000 40960 C:\Windows\system32

\WTSAPI32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Terminal Server SDK APIs
WINSTA.dll 75840000 151552 C:\Windows\system32

\WINSTA.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Winstation Library
FunctionDiscoveryFolder.dll 71d20000 2146304

C:\Windows\system32\FunctionDiscoveryFolder.dll

6.0.6002.18005 (lh_sp2rtm.090410-1830) Function Discovery

Folder
bthprops.cpl 72ee0000 667648 C:\Windows\system32

\bthprops.cpl 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Bluetooth Control Panel Applet
NTMARTA.DLL 74d10000 135168 C:\Windows\system32

\NTMARTA.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Windows NT MARTA provider
WLDAP32.dll 760f0000 299008 C:\Windows\system32

\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Win32 LDAP API DLL
WS2_32.dll 772a0000 184320 C:\Windows\system32

\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Socket 2.0 32-Bit DLL
NSI.dll 760e0000 24576 C:\Windows\system32\NSI.dll

6.0.6001.18000 (longhorn_rtm.080118-1840) NSI

User-mode interface DLL
ntshrui.dll 732a0000 303104 C:\Windows\system32

\ntshrui.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Shell extensions for sharing
cscapi.dll 744e0000 45056 C:\Windows\system32

\cscapi.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Offline Files Win32 API
es.dll 73110000 286720 C:\Windows\system32\es.dll

2001.12.6932.18005 (lh_sp2rtm.090410-1830) COM+
SndVolSSO.dll 72e80000 196608 C:\Windows\System32

\SndVolSSO.dll 6.0.6000.16386 (vista_rtm.061101-2205)

SCA Volume
msiltcfg.dll 744d0000 28672 C:\Windows\system32

\msiltcfg.dll 4.0.6000.16386 (vista_rtm.061101-2205)

Windows Installer Configuration API Stub
VERSION.dll 751c0000 32768 C:\Windows\system32

\VERSION.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Version Checking and File Installation Libraries
msi.dll 72c50000 2256896 C:\Windows\system32\msi.dll

4.5.6002.18005 Windows Installer
netshell.dll 71620000 3190784 C:\Windows\System32

\netshell.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Network Connections Shell
IPHLPAPI.DLL 753f0000 102400 C:\Windows\System32

\IPHLPAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

IP Helper API
dhcpcsvc.DLL 75210000 217088 C:\Windows\System32

\dhcpcsvc.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCP Client Service
DNSAPI.dll 754b0000 180224 C:\Windows\System32

\DNSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

DNS Client API DLL
WINNSI.DLL 752e0000 28672 C:\Windows\System32

\WINNSI.DLL 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Store Information RPC interface
dhcpcsvc6.DLL 751e0000 139264 C:\Windows\System32

\dhcpcsvc6.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCPv6 Client
nlaapi.dll 74c10000 61440 C:\Windows\System32

\nlaapi.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Location Awareness 2
pnidui.dll 71a80000 1830912 C:\Windows\system32

\pnidui.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Network System Icon
QUtil.dll 73280000 94208 C:\Windows\system32

\QUtil.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Quarantine Utilities
wevtapi.dll 75250000 262144 C:\Windows\system32

\wevtapi.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Eventing Consumption and Configuration API
wlanutil.dll 744c0000 24576 C:\Windows\system32

\wlanutil.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Wireless LAN 802.11 Utility DLL
igfxsrvc.dll 2f60000 69632 C:\Windows\system32

\igfxsrvc.dll 7.14.10.1437 igfxsrvc Module
WINTRUST.dll 74a00000 184320 C:\Windows\system32

\WINTRUST.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Microsoft Trust Verification APIs
imagehlp.dll 75e50000 167936 C:\Windows\system32

\imagehlp.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows NT Image Helper
npmproxy.dll 73ee0000 32768 C:\Windows\System32

\npmproxy.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Network List Manager Proxy
Wlanapi.dll 710c0000 73728 C:\Windows\system32

\Wlanapi.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows WLAN AutoConfig Client Side API DLL
OneX.DLL 708d0000 1556480 C:\Windows\system32

\OneX.DLL 6.0.6001.18000 (longhorn_rtm.080118-

1840) IEEE 802.1X supplicant library
eappprxy.dll 73980000 57344 C:\Windows\system32

\eappprxy.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Microsoft EAPHost Peer Client DLL
eappcfg.dll 71090000 147456 C:\Windows\system32

\eappcfg.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Eap Peer Config
bcrypt.dll 750f0000 282624 C:\Windows\system32

\bcrypt.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows Cryptographic Primitives Library
AltTab.dll 735f0000 53248 C:\Windows\System32

\AltTab.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Shell Alt Tab
wpdshserviceobj.dll 70fe0000 102400 C:\Windows\system32

\wpdshserviceobj.dll 6.0.6002.18112

(vistasp2_gdr_win7ip_wpd(wmbla).090930-1800) Windows Portable

Device Shell Service Object
PortableDeviceTypes.dll 708a0000 176128

C:\Windows\system32\PortableDeviceTypes.dll 6.0.6002.18112

(vistasp2_gdr_win7ip_wpd(wmbla).090930-1800) Windows Portable

Device (Parameter) Types Component
PortableDeviceApi.dll 70760000 352256 C:\Windows\system32

\PortableDeviceApi.dll 6.0.6002.18112

(vistasp2_gdr_win7ip_wpd(wmbla).090930-1800) Windows Portable

Device API Components
SXS.DLL 75780000 389120 C:\Windows\system32\SXS.DLL

6.0.6000.16386 (vista_rtm.061101-2205) Fusion

2.5
taskschd.dll 706c0000 368640 C:\Windows\system32

\taskschd.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Task Scheduler COM API
XmlLite.dll 74510000 192512 C:\Windows\system32

\XmlLite.dll 1.2.1009.0 Microsoft XmlLite

Library
mstask.dll 70680000 212992 C:\Windows\System32

\mstask.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Task Scheduler interface DLL
NTDSAPI.dll 75450000 98304 C:\Windows\System32

\NTDSAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Active Directory Domain Services API
COMDLG32.dll 75dd0000 471040 C:\Windows\system32

\COMDLG32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Common Dialogs DLL
srchadmin.dll 70570000 315392 C:\Windows\System32

\srchadmin.dll 7.00.6002.18005 (lh_sp2rtm.090410-

1830) Indexing Options
webcheck.dll 70640000 245760 C:\Windows\system32

\webcheck.dll 7.00.6000.16386 (vista_rtm.061101-

2205) Web Site Monitor
SyncCenter.dll 6fef0000 2211840 C:\Windows\System32

\SyncCenter.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft Sync Center
QAgent.dll 70840000 188416 C:\Windows\System32

\QAgent.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Quarantine Agent Proxy
fwpuclnt.dll 743b0000 614400 C:\Windows\System32

\fwpuclnt.dll 6.0.6000.16386 (vista_rtm.061101-2205)

FWP/IPsec User-Mode API
imapi2.dll 704b0000 393216 C:\Windows\system32

\imapi2.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Image Mastering API v2
wbemprox.dll 71930000 45056 C:\Windows\system32

\wbem\wbemprox.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

WMI
wbemcomn.dll 73be0000 372736 C:\Windows\system32

\wbemcomn.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) WMI
wbemsvc.dll 71080000 65536 C:\Windows\system32

\wbem\wbemsvc.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

WMI
fastprox.dll 70130000 626688 C:\Windows\system32

\wbem\fastprox.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

WMI Custom Marshaller
MLANG.dll 71580000 196608 C:\Windows\system32

\MLANG.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Multi Language Support DLL
actxprxy.dll 734c0000 339968 C:\Windows\System32

\actxprxy.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) ActiveX Interface Marshaling Library
UnlockerCOM.dll 10000000 28672 C:\Program

Files\Unlocker\UnlockerCOM.dll
mbamext.dll 739b0000 94208 C:\Program

Files\Malwarebytes' Anti-Malware\mbamext.dll 1.50.1.0000

Malwarebytes' Anti-Malware
SASCTXMN.DLL 26c0000 61440 C:\Program

Files\SUPERAntiSpyware\SASCTXMN.DLL 1, 0, 0, 1004

SUPERAntiSpyware Context Menu Extension
IS360Ext.dll 26d0000 36864 C:\Program

Files\IObit\IObit Security 360\IS360Ext.dll 1, 0, 1, 0

IS360Ext
syncui.dll 73550000 188416 C:\Windows\system32

\syncui.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Briefcase
SYNCENG.dll 739d0000 90112 C:\Windows\system32

\SYNCENG.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Briefcase Engine
ASCv4ExtMenu.dll 28a0000 143360 C:\Program

Files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll 1, 0, 1,

1 ASCv4ExtMenu Module
7-zip.dll 2c90000 81920 C:\Program Files\7-Zip\7-

zip.dll 4.65 7-Zip Shell Extension
MPR.dll 75430000 81920 C:\Windows\system32\MPR.dll

6.0.6000.16386 (vista_rtm.061101-2205) Multiple

Provider Router DLL
ntlanman.dll 715c0000 77824 C:\Windows\System32

\ntlanman.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft® Lan Manager
drprov.dll 72c40000 32768 C:\Windows\System32

\drprov.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft Terminal Server Network Provider
davclnt.dll 71560000 73728 C:\Windows\System32

\davclnt.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Web DAV Client DLL
zipfldr.dll 71190000 356352 C:\Windows\system32

\zipfldr.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Compressed (zipped) Folders
thumbcache.dll 71370000 90112 C:\Windows\system32

\thumbcache.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft Thumbnail Cache

Module information for 'svchost.exe'(712)
MODULE BASE SIZE PATH
svchost.exe 120000 32768 C:\Windows\system32

\svchost.exe 6.0.6000.16386 (vista_rtm.061101-2205)

Host Process for Windows Services
ntdll.dll 77170000 1208320 C:\Windows\system32

\ntdll.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) NT Layer DLL
kernel32.dll 77090000 901120 C:\Windows\system32

\kernel32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows NT BASE API Client DLL
msvcrt.dll 762d0000 696320 C:\Windows\system32

\msvcrt.dll 7.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows NT CRT DLL
ADVAPI32.dll 75c60000 811008 C:\Windows\system32

\ADVAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Advanced Windows 32 Base API
RPCRT4.dll 76010000 798720 C:\Windows\system32

\RPCRT4.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Remote Procedure Call Runtime
umpnpmgr.dll 74c90000 233472 c:\windows\system32

\umpnpmgr.dll 6.0.6000.16386 (vista_rtm.061101-2205)

User-mode Plug-and-Play Service
USER32.dll 75d30000 643072 C:\Windows\system32

\USER32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Multi-User Windows USER API Client DLL
GDI32.dll 77040000 307200 C:\Windows\system32

\GDI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

GDI Client DLL
USERENV.dll 75890000 122880 c:\windows\system32

\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Userenv
Secur32.dll 75870000 81920 c:\windows\system32

\Secur32.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) Security Support Provider Interface
IMM32.DLL 75f10000 122880 C:\Windows\system32

\IMM32.DLL 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Multi-User Windows IMM32 API Client DLL
MSCTF.dll 75b90000 819200 C:\Windows\system32

\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205)

MSCTF Server DLL
LPK.DLL 75b80000 36864 C:\Windows\system32\LPK.DLL

6.0.6002.18051 (vistasp2_gdr.090615-0258)

Language Pack
USP10.dll 76fc0000 512000 C:\Windows\system32

\USP10.dll 1.0626.6002.18005 (lh_sp2rtm.090410-

1830) Uniscribe Unicode script processor
POWRPROF.dll 74f30000 106496 C:\Windows\system32

\POWRPROF.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Power Profile Helper DLL
GPAPI.dll 74d70000 86016 C:\Windows\system32

\GPAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Group Policy Client API
slc.dll 75290000 237568 C:\Windows\system32\slc.dll

6.0.6002.18005 (lh_sp2rtm.090410-1830) Software

Licensing Client Dll
rpcss.dll 74b70000 565248 c:\windows\system32

\rpcss.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Distributed COM Services
WS2_32.dll 772a0000 184320 C:\Windows\system32

\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Socket 2.0 32-Bit DLL
NSI.dll 760e0000 24576 C:\Windows\system32\NSI.dll

6.0.6001.18000 (longhorn_rtm.080118-1840) NSI

User-mode interface DLL
FirewallAPI.dll 74c20000 417792 c:\windows\system32

\FirewallAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Firewall API
OLEAUT32.dll 75e80000 577536 C:\Windows\system32

\OLEAUT32.dll 6.0.6002.18005 6.0.6002.18005
ole32.dll 75a30000 1331200 C:\Windows\system32

\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft OLE for Windows
VERSION.dll 751c0000 32768 c:\windows\system32

\VERSION.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Version Checking and File Installation Libraries
CRYPT32.dll 752f0000 991232 C:\Windows\system32

\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Crypto API32
MSASN1.dll 75470000 73728 C:\Windows\system32

\MSASN1.dll 6.0.6002.18106 (vistasp2_gdr.090903-

2340) ASN.1 Runtime APIs
credssp.dll 751d0000 28672 C:\Windows\system32

\credssp.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) TS Single Sign On Security Package
schannel.dll 74ee0000 282624 C:\Windows\system32

\schannel.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) TLS / SSL Security Provider
NETAPI32.dll 75520000 483328 C:\Windows\system32

\NETAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Net Win32 API DLL
PSAPI.DLL 759d0000 28672 C:\Windows\system32

\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Process Status Helper
SETUPAPI.dll 76140000 1613824 C:\Windows\system32

\SETUPAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Setup API
CLBCatQ.DLL 772d0000 540672 C:\Windows\system32

\CLBCatQ.DLL 2001.12.6931.18000

(longhorn_rtm.080118-1840) COM+ Configuration Catalog
Cabinet.dll 73c80000 86016 C:\Windows\system32

\Cabinet.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Microsoft® Cabinet File API
WINSTA.dll 75840000 151552 C:\Windows\system32

\WINSTA.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Winstation Library
NTMARTA.DLL 74d10000 135168 C:\Windows\system32

\NTMARTA.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Windows NT MARTA provider
WLDAP32.dll 760f0000 299008 C:\Windows\system32

\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Win32 LDAP API DLL
SAMLIB.dll 75490000 69632 C:\Windows\system32

\SAMLIB.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

SAM Library DLL
WTSAPI32.dll 74c00000 40960 C:\Windows\system32

\WTSAPI32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Terminal Server SDK APIs
Module information for 'svchost.exe'(772)
MODULE BASE SIZE PATH
svchost.exe 120000 32768 C:\Windows\system32

\svchost.exe 6.0.6000.16386 (vista_rtm.061101-2205)

Host Process for Windows Services
ntdll.dll 77170000 1208320 C:\Windows\system32

\ntdll.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) NT Layer DLL
kernel32.dll 77090000 901120 C:\Windows\system32

\kernel32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows NT BASE API Client DLL
msvcrt.dll 762d0000 696320 C:\Windows\system32

\msvcrt.dll 7.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows NT CRT DLL
ADVAPI32.dll 75c60000 811008 C:\Windows\system32

\ADVAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Advanced Windows 32 Base API
RPCRT4.dll 76010000 798720 C:\Windows\system32

\RPCRT4.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Remote Procedure Call Runtime
rpcss.dll 74b70000 565248 c:\windows\system32

\rpcss.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Distributed COM Services
WS2_32.dll 772a0000 184320 C:\Windows\system32

\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Socket 2.0 32-Bit DLL
NSI.dll 760e0000 24576 C:\Windows\system32\NSI.dll

6.0.6001.18000 (longhorn_rtm.080118-1840) NSI

User-mode interface DLL
Secur32.dll 75870000 81920 c:\windows\system32

\Secur32.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) Security Support Provider Interface
FirewallAPI.dll 74c20000 417792 c:\windows\system32

\FirewallAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Firewall API
USER32.dll 75d30000 643072 C:\Windows\system32

\USER32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Multi-User Windows USER API Client DLL
GDI32.dll 77040000 307200 C:\Windows\system32

\GDI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

GDI Client DLL
OLEAUT32.dll 75e80000 577536 C:\Windows\system32

\OLEAUT32.dll 6.0.6002.18005 6.0.6002.18005
ole32.dll 75a30000 1331200 C:\Windows\system32

\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft OLE for Windows
VERSION.dll 751c0000 32768 c:\windows\system32

\VERSION.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Version Checking and File Installation Libraries
IMM32.DLL 75f10000 122880 C:\Windows\system32

\IMM32.DLL 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Multi-User Windows IMM32 API Client DLL
MSCTF.dll 75b90000 819200 C:\Windows\system32

\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205)

MSCTF Server DLL
LPK.DLL 75b80000 36864 C:\Windows\system32\LPK.DLL

6.0.6002.18051 (vistasp2_gdr.090615-0258)

Language Pack
USP10.dll 76fc0000 512000 C:\Windows\system32

\USP10.dll 1.0626.6002.18005 (lh_sp2rtm.090410-

1830) Uniscribe Unicode script processor
CRYPT32.dll 752f0000 991232 C:\Windows\system32

\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Crypto API32
MSASN1.dll 75470000 73728 C:\Windows\system32

\MSASN1.dll 6.0.6002.18106 (vistasp2_gdr.090903-

2340) ASN.1 Runtime APIs
USERENV.dll 75890000 122880 C:\Windows\system32

\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Userenv
credssp.dll 751d0000 28672 C:\Windows\system32

\credssp.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) TS Single Sign On Security Package
schannel.dll 74ee0000 282624 C:\Windows\system32

\schannel.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) TLS / SSL Security Provider
NETAPI32.dll 75520000 483328 C:\Windows\system32

\NETAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Net Win32 API DLL
PSAPI.DLL 759d0000 28672 C:\Windows\system32

\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Process Status Helper
rsaenh.dll 74e70000 241664 C:\Windows\system32

\rsaenh.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Microsoft Enhanced Cryptographic Provider
wpclsp.dll 74cd0000 81920 C:\Windows\system32

\wpclsp.dll 1.0.0.1 WPC LSP
SHELL32.dll 764b0000 11599872 C:\Windows\system32

\SHELL32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Shell Common Dll
SHLWAPI.dll 77360000 364544 C:\Windows\system32

\SHLWAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Shell Light-weight Utility Library
comctl32.dll 74830000 1695744

C:\Windows\WinSxS\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de

0\comctl32.dll 5.82 (longhorn_rtm.080118-1840) Common

Controls Library
mswsock.dll 74ff0000 241664 C:\Windows\system32

\mswsock.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft Windows Sockets 2.0 Service Provider
wshtcpip.dll 74cf0000 20480 C:\Windows\System32

\wshtcpip.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Winsock2 Helper DLL (TL/IPv4)
wship6.dll 751a0000 20480 C:\Windows\System32

\wship6.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Winsock2 Helper DLL (TL/IPv6)
fwpuclnt.dll 743b0000 614400 C:\Windows\system32

\fwpuclnt.dll 6.0.6000.16386 (vista_rtm.061101-2205)

FWP/IPsec User-Mode API
CLBCatQ.DLL 772d0000 540672 C:\Windows\system32

\CLBCatQ.DLL 2001.12.6931.18000

(longhorn_rtm.080118-1840) COM+ Configuration Catalog
Module information for 'svchost.exe'(860)
MODULE BASE SIZE PATH
svchost.exe 120000 32768 C:\Windows\System32

\svchost.exe 6.0.6000.16386 (vista_rtm.061101-2205)

Host Process for Windows Services
ntdll.dll 77170000 1208320 C:\Windows\system32

\ntdll.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) NT Layer DLL
kernel32.dll 77090000 901120 C:\Windows\system32

\kernel32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows NT BASE API Client DLL
msvcrt.dll 762d0000 696320 C:\Windows\system32

\msvcrt.dll 7.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows NT CRT DLL
ADVAPI32.dll 75c60000 811008 C:\Windows\system32

\ADVAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Advanced Windows 32 Base API
RPCRT4.dll 76010000 798720 C:\Windows\system32

\RPCRT4.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Remote Procedure Call Runtime
wevtsvc.dll 74730000 1032192 c:\windows\system32

\wevtsvc.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Event Logging Service
USERENV.dll 75890000 122880 c:\windows\system32

\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Userenv
Secur32.dll 75870000 81920 c:\windows\system32

\Secur32.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) Security Support Provider Interface
USER32.dll 75d30000 643072 C:\Windows\system32

\USER32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Multi-User Windows USER API Client DLL
GDI32.dll 77040000 307200 C:\Windows\system32

\GDI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

GDI Client DLL
VERSION.dll 751c0000 32768 c:\windows\system32

\VERSION.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Version Checking and File Installation Libraries
GPAPI.dll 74d70000 86016 c:\windows\system32

\GPAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Group Policy Client API
slc.dll 75290000 237568 c:\windows\system32\slc.dll

6.0.6002.18005 (lh_sp2rtm.090410-1830) Software

Licensing Client Dll
IMM32.DLL 75f10000 122880 C:\Windows\system32

\IMM32.DLL 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Multi-User Windows IMM32 API Client DLL
MSCTF.dll 75b90000 819200 C:\Windows\system32

\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205)

MSCTF Server DLL
LPK.DLL 75b80000 36864 C:\Windows\system32\LPK.DLL

6.0.6002.18051 (vistasp2_gdr.090615-0258)

Language Pack
USP10.dll 76fc0000 512000 C:\Windows\system32

\USP10.dll 1.0626.6002.18005 (lh_sp2rtm.090410-

1830) Uniscribe Unicode script processor
CRYPT32.dll 752f0000 991232 C:\Windows\System32

\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Crypto API32
MSASN1.dll 75470000 73728 C:\Windows\System32

\MSASN1.dll 6.0.6002.18106 (vistasp2_gdr.090903-

2340) ASN.1 Runtime APIs
credssp.dll 751d0000 28672 C:\Windows\System32

\credssp.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) TS Single Sign On Security Package
schannel.dll 74ee0000 282624 C:\Windows\system32

\schannel.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) TLS / SSL Security Provider
NETAPI32.dll 75520000 483328 C:\Windows\System32

\NETAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Net Win32 API DLL
PSAPI.DLL 759d0000 28672 C:\Windows\system32

\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Process Status Helper
WS2_32.dll 772a0000 184320 C:\Windows\system32

\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Socket 2.0 32-Bit DLL
NSI.dll 760e0000 24576 C:\Windows\system32\NSI.dll

6.0.6001.18000 (longhorn_rtm.080118-1840) NSI

User-mode interface DLL
mswsock.dll 74ff0000 241664 C:\Windows\system32

\mswsock.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft Windows Sockets 2.0 Service Provider

Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Mon 03 Oct 2011, 12:45 pm

wshtcpip.dll 74cf0000 20480 C:\Windows\System32

\wshtcpip.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Winsock2 Helper DLL (TL/IPv4)
wship6.dll 751a0000 20480 C:\Windows\System32

\wship6.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Winsock2 Helper DLL (TL/IPv6)
lmhsvc.dll 74b00000 32768 c:\windows\system32

\lmhsvc.dll 6.0.6000.16386 (vista_rtm.061101-2205)

TCPIP NetBios Transport Services DLL
IPHLPAPI.DLL 753f0000 102400 c:\windows\system32

\IPHLPAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

IP Helper API
dhcpcsvc.DLL 75210000 217088 c:\windows\system32

\dhcpcsvc.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCP Client Service
DNSAPI.dll 754b0000 180224 c:\windows\system32

\DNSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

DNS Client API DLL
WINNSI.DLL 752e0000 28672 c:\windows\system32

\WINNSI.DLL 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Store Information RPC interface
dhcpcsvc6.DLL 751e0000 139264 c:\windows\system32

\dhcpcsvc6.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCPv6 Client
Module information for 'svchost.exe'(884)
MODULE BASE SIZE PATH
svchost.exe 120000 32768 C:\Windows\system32

\svchost.exe 6.0.6000.16386 (vista_rtm.061101-2205)

Host Process for Windows Services
ntdll.dll 77170000 1208320 C:\Windows\system32

\ntdll.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) NT Layer DLL
kernel32.dll 77090000 901120 C:\Windows\system32

\kernel32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows NT BASE API Client DLL
msvcrt.dll 762d0000 696320 C:\Windows\system32

\msvcrt.dll 7.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows NT CRT DLL
ADVAPI32.dll 75c60000 811008 C:\Windows\system32

\ADVAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Advanced Windows 32 Base API
RPCRT4.dll 76010000 798720 C:\Windows\system32

\RPCRT4.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Remote Procedure Call Runtime
NTMARTA.DLL 74d10000 135168 C:\Windows\system32

\NTMARTA.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Windows NT MARTA provider
USER32.dll 75d30000 643072 C:\Windows\system32

\USER32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Multi-User Windows USER API Client DLL
GDI32.dll 77040000 307200 C:\Windows\system32

\GDI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

GDI Client DLL
WLDAP32.dll 760f0000 299008 C:\Windows\system32

\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Win32 LDAP API DLL
WS2_32.dll 772a0000 184320 C:\Windows\system32

\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Socket 2.0 32-Bit DLL
NSI.dll 760e0000 24576 C:\Windows\system32\NSI.dll

6.0.6001.18000 (longhorn_rtm.080118-1840) NSI

User-mode interface DLL
PSAPI.DLL 759d0000 28672 C:\Windows\system32

\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Process Status Helper
SAMLIB.dll 75490000 69632 C:\Windows\system32

\SAMLIB.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

SAM Library DLL
ole32.dll 75a30000 1331200 C:\Windows\system32

\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft OLE for Windows
IMM32.DLL 75f10000 122880 C:\Windows\system32

\IMM32.DLL 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Multi-User Windows IMM32 API Client DLL
MSCTF.dll 75b90000 819200 C:\Windows\system32

\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205)

MSCTF Server DLL
LPK.DLL 75b80000 36864 C:\Windows\system32\LPK.DLL

6.0.6002.18051 (vistasp2_gdr.090615-0258)

Language Pack
USP10.dll 76fc0000 512000 C:\Windows\system32

\USP10.dll 1.0626.6002.18005 (lh_sp2rtm.090410-

1830) Uniscribe Unicode script processor
profsvc.dll 74ad0000 167936 c:\windows\system32

\profsvc.dll 6.0.6000.16386 (vista_rtm.061101-2205)

ProfSvc
SYSNTFY.dll 757e0000 28672 c:\windows\system32

\SYSNTFY.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Notifications Dynamic Link Library
USERENV.dll 75890000 122880 c:\windows\system32

\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Userenv
Secur32.dll 75870000 81920 c:\windows\system32

\Secur32.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) Security Support Provider Interface
nlaapi.dll 74c10000 61440 c:\windows\system32

\nlaapi.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Location Awareness 2
IPHLPAPI.DLL 753f0000 102400 c:\windows\system32

\IPHLPAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

IP Helper API
dhcpcsvc.DLL 75210000 217088 c:\windows\system32

\dhcpcsvc.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCP Client Service
DNSAPI.dll 754b0000 180224 c:\windows\system32

\DNSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

DNS Client API DLL
WINNSI.DLL 752e0000 28672 c:\windows\system32

\WINNSI.DLL 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Store Information RPC interface
dhcpcsvc6.DLL 751e0000 139264 c:\windows\system32

\dhcpcsvc6.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCPv6 Client
ATL.DLL 74b10000 81920 c:\windows\system32\ATL.DLL

3.05.2284 ATL Module for Windows XP

(Unicode)
ikeext.dll 73e70000 454656 c:\windows\system32

\ikeext.dll 6.0.6000.16386 (vista_rtm.061101-2205)

IKE extension
AUTHZ.dll 75620000 90112 c:\windows\system32

\AUTHZ.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Authorization Framework
fwpuclnt.dll 743b0000 614400 c:\windows\system32

\fwpuclnt.dll 6.0.6000.16386 (vista_rtm.061101-2205)

FWP/IPsec User-Mode API
ncrypt.dll 75140000 217088 C:\Windows\system32

\ncrypt.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows cryptographic library
CRYPT32.dll 752f0000 991232 C:\Windows\system32

\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Crypto API32
MSASN1.dll 75470000 73728 C:\Windows\system32

\MSASN1.dll 6.0.6002.18106 (vistasp2_gdr.090903-

2340) ASN.1 Runtime APIs
BCRYPT.dll 750f0000 282624 C:\Windows\system32

\BCRYPT.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows Cryptographic Primitives Library
mswsock.dll 74ff0000 241664 C:\Windows\system32

\mswsock.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft Windows Sockets 2.0 Service Provider
wshtcpip.dll 74cf0000 20480 C:\Windows\System32

\wshtcpip.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Winsock2 Helper DLL (TL/IPv4)
wship6.dll 751a0000 20480 C:\Windows\System32

\wship6.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Winsock2 Helper DLL (TL/IPv6)
wpclsp.dll 74cd0000 81920 C:\Windows\system32

\wpclsp.dll 1.0.0.1 WPC LSP
NETAPI32.dll 75520000 483328 C:\Windows\system32

\NETAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Net Win32 API DLL
SHELL32.dll 764b0000 11599872 C:\Windows\system32

\SHELL32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Shell Common Dll
SHLWAPI.dll 77360000 364544 C:\Windows\system32

\SHLWAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Shell Light-weight Utility Library
comctl32.dll 74830000 1695744

C:\Windows\WinSxS\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de

0\comctl32.dll 5.82 (longhorn_rtm.080118-1840) Common

Controls Library
rsaenh.dll 74e70000 241664 C:\Windows\system32

\rsaenh.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Microsoft Enhanced Cryptographic Provider
wmisvc.dll 73c40000 172032 c:\windows\system32

\wbem\wmisvc.dll 6.0.6000.16386 (vista_rtm.061101-2205)

WMI
wbemcomn.dll 73be0000 372736 C:\Windows\system32

\wbemcomn.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) WMI
OLEAUT32.dll 75e80000 577536 C:\Windows\system32

\OLEAUT32.dll 6.0.6002.18005 6.0.6002.18005
CLBCatQ.DLL 772d0000 540672 C:\Windows\system32

\CLBCatQ.DLL 2001.12.6931.18000

(longhorn_rtm.080118-1840) COM+ Configuration Catalog
VSSAPI.DLL 73d00000 1093632 C:\Windows\system32

\VSSAPI.DLL 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Microsoft® Volume Shadow Copy Requestor/Writer Services API

DLL
vsstrace.dll 74100000 81920 C:\Windows\system32

\vsstrace.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Microsoft® Volume Shadow Copy Requestor/Writer tracing

DLL
XmlLite.dll 74510000 192512 C:\Windows\system32

\XmlLite.dll 1.2.1009.0 Microsoft XmlLite

Library
MPR.dll 75430000 81920 C:\Windows\system32\MPR.dll

6.0.6000.16386 (vista_rtm.061101-2205) Multiple

Provider Router DLL
SETUPAPI.dll 76140000 1613824 C:\Windows\system32

\SETUPAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Setup API
wbemcore.dll 6fcd0000 757760 C:\Windows\system32

\wbem\wbemcore.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Management Instrumentation
esscli.dll 70520000 274432 C:\Windows\system32

\wbem\esscli.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

WMI
FastProx.dll 70130000 626688 C:\Windows\system32

\wbem\FastProx.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

WMI Custom Marshaller
NTDSAPI.dll 75450000 98304 C:\Windows\system32

\NTDSAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Active Directory Domain Services API
wbemsvc.dll 71080000 65536 C:\Windows\system32

\wbem\wbemsvc.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

WMI
wmiutils.dll 73190000 94208 C:\Windows\system32

\wbem\wmiutils.dll 6.0.6000.16386 (vista_rtm.061101-2205)

WMI
repdrvfs.dll 719e0000 278528 C:\Windows\system32

\wbem\repdrvfs.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

WMI Repository Driver
wmiprvsd.dll 71000000 512000 C:\Windows\system32

\wbem\wmiprvsd.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

WMI
NCObjAPI.DLL 754e0000 61440 C:\Windows\system32

\NCObjAPI.DLL 6.0.6001.18000 (longhorn_rtm.080118-

1840)
wbemess.dll 71980000 356352 C:\Windows\system32

\wbem\wbemess.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

WMI
ncprov.dll 73990000 65536 C:\Windows\system32

\wbem\ncprov.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Non-COM WMI Event Provision APIs
wbemcons.dll 73970000 65536 C:\Windows\system32

\wbem\wbemcons.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) WMI Standard Event Consumers
WTSAPI32.dll 74c00000 40960 C:\Windows\system32

\WTSAPI32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Terminal Server SDK APIs
Module information for 'svchost.exe'(908)
MODULE BASE SIZE PATH
svchost.exe 120000 32768 C:\Windows\System32

\svchost.exe 6.0.6000.16386 (vista_rtm.061101-2205)

Host Process for Windows Services
ntdll.dll 77170000 1208320 C:\Windows\system32

\ntdll.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) NT Layer DLL
kernel32.dll 77090000 901120 C:\Windows\system32

\kernel32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows NT BASE API Client DLL
msvcrt.dll 762d0000 696320 C:\Windows\system32

\msvcrt.dll 7.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows NT CRT DLL
ADVAPI32.dll 75c60000 811008 C:\Windows\system32

\ADVAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Advanced Windows 32 Base API
RPCRT4.dll 76010000 798720 C:\Windows\system32

\RPCRT4.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Remote Procedure Call Runtime
NTMARTA.DLL 74d10000 135168 C:\Windows\System32

\NTMARTA.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Windows NT MARTA provider
USER32.dll 75d30000 643072 C:\Windows\system32

\USER32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Multi-User Windows USER API Client DLL
GDI32.dll 77040000 307200 C:\Windows\system32

\GDI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

GDI Client DLL
WLDAP32.dll 760f0000 299008 C:\Windows\system32

\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Win32 LDAP API DLL
WS2_32.dll 772a0000 184320 C:\Windows\system32

\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Socket 2.0 32-Bit DLL
NSI.dll 760e0000 24576 C:\Windows\system32\NSI.dll

6.0.6001.18000 (longhorn_rtm.080118-1840) NSI

User-mode interface DLL
PSAPI.DLL 759d0000 28672 C:\Windows\system32

\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Process Status Helper
SAMLIB.dll 75490000 69632 C:\Windows\System32

\SAMLIB.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

SAM Library DLL
ole32.dll 75a30000 1331200 C:\Windows\system32

\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft OLE for Windows
IMM32.DLL 75f10000 122880 C:\Windows\system32

\IMM32.DLL 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Multi-User Windows IMM32 API Client DLL
MSCTF.dll 75b90000 819200 C:\Windows\system32

\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205)

MSCTF Server DLL
LPK.DLL 75b80000 36864 C:\Windows\system32\LPK.DLL

6.0.6002.18051 (vistasp2_gdr.090615-0258)

Language Pack
USP10.dll 76fc0000 512000 C:\Windows\system32

\USP10.dll 1.0626.6002.18005 (lh_sp2rtm.090410-

1830) Uniscribe Unicode script processor
USERENV.dll 75890000 122880 c:\windows\system32

\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Userenv
Secur32.dll 75870000 81920 c:\windows\system32

\Secur32.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) Security Support Provider Interface
SETUPAPI.dll 76140000 1613824 C:\Windows\system32

\SETUPAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Setup API
OLEAUT32.dll 75e80000 577536 C:\Windows\system32

\OLEAUT32.dll 6.0.6002.18005 6.0.6002.18005
wudfsvc.dll 74a80000 65536 c:\windows\system32

\wudfsvc.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Driver Foundation - User-mode Driver Framework

Service
WUDFPlatform.dll 74a30000 196608 c:\windows\system32

\WUDFPlatform.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Driver Foundation - User-mode Platform Library
VERSION.dll 751c0000 32768 c:\windows\system32

\VERSION.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Version Checking and File Installation Libraries
wevtapi.dll 75250000 262144 c:\windows\system32

\wevtapi.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Eventing Consumption and Configuration API
WINTRUST.dll 74a00000 184320 C:\Windows\System32

\WINTRUST.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Microsoft Trust Verification APIs
CRYPT32.dll 752f0000 991232 C:\Windows\System32

\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Crypto API32
MSASN1.dll 75470000 73728 C:\Windows\System32

\MSASN1.dll 6.0.6002.18106 (vistasp2_gdr.090903-

2340) ASN.1 Runtime APIs
imagehlp.dll 75e50000 167936 C:\Windows\system32

\imagehlp.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows NT Image Helper
netman.dll 71a30000 286720 c:\windows\system32

\netman.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Network Connections Manager
RASAPI32.dll 71cd0000 303104 c:\windows\system32

\RASAPI32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Remote Access API
rasman.dll 71cb0000 81920 c:\windows\system32

\rasman.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Remote Access Connection Manager
NETAPI32.dll 75520000 483328 c:\windows\system32

\NETAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Net Win32 API DLL
TAPI32.dll 715e0000 200704 c:\windows\system32

\TAPI32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft® Windows(TM) Telephony API Client DLL
SHLWAPI.dll 77360000 364544 C:\Windows\system32

\SHLWAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Shell Light-weight Utility Library
rtutils.dll 73960000 49152 c:\windows\system32

\rtutils.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Routing Utilities
WINMM.dll 73fc0000 204800 c:\windows\system32

\WINMM.dll 6.0.6000.16386 (vista_rtm.061101-2205)

MCI API DLL
OLEACC.dll 73f80000 249856 c:\windows\system32

\OLEACC.dll 7.0.6002.18155

(vistasp2_gdr_win7ip_uia(wmbla).091008-1406) Active

Accessibility Core Component
SHELL32.dll 764b0000 11599872 C:\Windows\system32

\SHELL32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Shell Common Dll
WINNSI.DLL 752e0000 28672 c:\windows\system32

\WINNSI.DLL 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Store Information RPC interface
comctl32.dll 74830000 1695744

C:\Windows\WinSxS\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de

0\comctl32.dll 5.82 (longhorn_rtm.080118-1840) Common

Controls Library
CLBCatQ.DLL 772d0000 540672 C:\Windows\system32

\CLBCatQ.DLL 2001.12.6931.18000

(longhorn_rtm.080118-1840) COM+ Configuration Catalog
rsaenh.dll 74e70000 241664 C:\Windows\System32

\rsaenh.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Microsoft Enhanced Cryptographic Provider
netshell.dll 71620000 3190784 C:\Windows\System32

\netshell.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Network Connections Shell
IPHLPAPI.DLL 753f0000 102400 C:\Windows\System32

\IPHLPAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

IP Helper API
dhcpcsvc.DLL 75210000 217088 C:\Windows\System32

\dhcpcsvc.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCP Client Service
DNSAPI.dll 754b0000 180224 C:\Windows\System32

\DNSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

DNS Client API DLL
dhcpcsvc6.DLL 751e0000 139264 C:\Windows\System32

\dhcpcsvc6.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCPv6 Client
nlaapi.dll 74c10000 61440 C:\Windows\System32

\nlaapi.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Location Awareness 2
RASDLG.dll 71480000 843776 C:\Windows\System32

\RASDLG.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Remote Access Common Dialog API
MPRAPI.dll 71160000 106496 C:\Windows\System32

\MPRAPI.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows NT MP Router Administration DLL
ACTIVEDS.dll 71120000 217088 C:\Windows\System32

\ACTIVEDS.dll 6.0.6000.16386 (vista_rtm.061101-2205)

ADs Router Layer DLL
adsldpc.dll 710e0000 208896 C:\Windows\System32

\adsldpc.dll 6.0.6000.16386 (vista_rtm.061101-2205)

ADs LDAP Provider C DLL
credui.dll 73390000 188416 C:\Windows\System32

\credui.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Credential Manager User Interface
ATL.DLL 74b10000 81920 C:\Windows\System32\ATL.DLL

3.05.2284 ATL Module for Windows XP

(Unicode)
slc.dll 75290000 237568 C:\Windows\System32\slc.dll

6.0.6002.18005 (lh_sp2rtm.090410-1830) Software

Licensing Client Dll
Module information for 'svchost.exe'(956)
MODULE BASE SIZE PATH
svchost.exe 120000 32768 C:\Windows\system32

\svchost.exe 6.0.6000.16386 (vista_rtm.061101-2205)

Host Process for Windows Services
ntdll.dll 77170000 1208320 C:\Windows\system32

\ntdll.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) NT Layer DLL
kernel32.dll 77090000 901120 C:\Windows\system32

\kernel32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows NT BASE API Client DLL
msvcrt.dll 762d0000 696320 C:\Windows\system32

\msvcrt.dll 7.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows NT CRT DLL
ADVAPI32.dll 75c60000 811008 C:\Windows\system32

\ADVAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Advanced Windows 32 Base API
RPCRT4.dll 76010000 798720 C:\Windows\system32

\RPCRT4.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Remote Procedure Call Runtime
NTMARTA.DLL 74d10000 135168 C:\Windows\system32

\NTMARTA.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Windows NT MARTA provider
USER32.dll 75d30000 643072 C:\Windows\system32

\USER32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Multi-User Windows USER API Client DLL
GDI32.dll 77040000 307200 C:\Windows\system32

\GDI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

GDI Client DLL
WLDAP32.dll 760f0000 299008 C:\Windows\system32

\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Win32 LDAP API DLL
WS2_32.dll 772a0000 184320 C:\Windows\system32

\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Socket 2.0 32-Bit DLL
NSI.dll 760e0000 24576 C:\Windows\system32\NSI.dll

6.0.6001.18000 (longhorn_rtm.080118-1840) NSI

User-mode interface DLL
PSAPI.DLL 759d0000 28672 C:\Windows\system32

\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Process Status Helper
SAMLIB.dll 75490000 69632 C:\Windows\system32

\SAMLIB.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

SAM Library DLL
ole32.dll 75a30000 1331200 C:\Windows\system32

\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft OLE for Windows
IMM32.DLL 75f10000 122880 C:\Windows\system32

\IMM32.DLL 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Multi-User Windows IMM32 API Client DLL
MSCTF.dll 75b90000 819200 C:\Windows\system32

\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205)

MSCTF Server DLL
LPK.DLL 75b80000 36864 C:\Windows\system32\LPK.DLL

6.0.6002.18051 (vistasp2_gdr.090615-0258)

Language Pack
USP10.dll 76fc0000 512000 C:\Windows\system32

\USP10.dll 1.0626.6002.18005 (lh_sp2rtm.090410-

1830) Uniscribe Unicode script processor
dnsrslvr.dll 749e0000 98304 c:\windows\system32

\dnsrslvr.dll 6.0.6000.16386 (vista_rtm.061101-2205)

DNS Caching Resolver Service
DNSAPI.dll 754b0000 180224 c:\windows\system32

\DNSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

DNS Client API DLL
dhcpcsvc.DLL 75210000 217088 c:\windows\system32

\dhcpcsvc.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCP Client Service
Secur32.dll 75870000 81920 c:\windows\system32

\Secur32.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) Security Support Provider Interface
WINNSI.DLL 752e0000 28672 c:\windows\system32

\WINNSI.DLL 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Store Information RPC interface
dhcpcsvc6.DLL 751e0000 139264 c:\windows\system32

\dhcpcsvc6.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCPv6 Client
IPHLPAPI.DLL 753f0000 102400 c:\windows\system32

\IPHLPAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

IP Helper API
mswsock.dll 74ff0000 241664 C:\Windows\system32

\mswsock.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft Windows Sockets 2.0 Service Provider
wship6.dll 751a0000 20480 C:\Windows\System32

\wship6.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Winsock2 Helper DLL (TL/IPv6)
wshtcpip.dll 74cf0000 20480 C:\Windows\System32

\wshtcpip.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Winsock2 Helper DLL (TL/IPv4)
cryptsvc.dll 73f50000 139264 c:\windows\system32

\cryptsvc.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Cryptographic Services
OLEAUT32.dll 75e80000 577536 C:\Windows\system32

\OLEAUT32.dll 6.0.6002.18005 6.0.6002.18005
VSSAPI.DLL 73d00000 1093632 c:\windows\system32

\VSSAPI.DLL 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Microsoft® Volume Shadow Copy Requestor/Writer Services API

DLL
ATL.DLL 74b10000 81920 c:\windows\system32\ATL.DLL

3.05.2284 ATL Module for Windows XP

(Unicode)
vsstrace.dll 74100000 81920 c:\windows\system32

\vsstrace.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Microsoft® Volume Shadow Copy Requestor/Writer tracing

DLL
AUTHZ.dll 75620000 90112 c:\windows\system32

\AUTHZ.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Authorization Framework
XmlLite.dll 74510000 192512 c:\windows\system32

\XmlLite.dll 1.2.1009.0 Microsoft XmlLite

Library
NETAPI32.dll 75520000 483328 c:\windows\system32

\NETAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Net Win32 API DLL
MPR.dll 75430000 81920 c:\windows\system32\MPR.dll

6.0.6000.16386 (vista_rtm.061101-2205) Multiple

Provider Router DLL
SETUPAPI.dll 76140000 1613824 C:\Windows\system32

\SETUPAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Setup API
CRYPT32.dll 752f0000 991232 c:\windows\system32

\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Crypto API32
MSASN1.dll 75470000 73728 c:\windows\system32

\MSASN1.dll 6.0.6002.18106 (vistasp2_gdr.090903-

2340) ASN.1 Runtime APIs
USERENV.dll 75890000 122880 c:\windows\system32

\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Userenv
nlasvc.dll 73ef0000 176128 c:\windows\system32

\nlasvc.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Network Location Awareness 2
wevtapi.dll 75250000 262144 c:\windows\system32

\wevtapi.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Eventing Consumption and Configuration API
ncsi.dll 73f30000 106496 c:\windows\system32

\ncsi.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Connectivity Status Indicator
WINHTTP.dll 73ca0000 393216 c:\windows\system32

\WINHTTP.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows HTTP Services
SHLWAPI.dll 77360000 364544 C:\Windows\system32

\SHLWAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Shell Light-weight Utility Library
WTSAPI32.dll 74c00000 40960 c:\windows\system32

\WTSAPI32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Terminal Server SDK APIs
bcrypt.dll 750f0000 282624 c:\windows\system32

\bcrypt.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows Cryptographic Primitives Library
CFGMGR32.dll 744b0000 32768 c:\windows\system32

\CFGMGR32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Configuration Manager Forwarder DLL
comctl32.dll 74830000 1695744

C:\Windows\WinSxS\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de

0\comctl32.dll 5.82 (longhorn_rtm.080118-1840) Common

Controls Library
credssp.dll 751d0000 28672 C:\Windows\system32

\credssp.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) TS Single Sign On Security Package
schannel.dll 74ee0000 282624 C:\Windows\system32

\schannel.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) TLS / SSL Security Provider
ssdpapi.dll 740b0000 49152 C:\Windows\system32

\ssdpapi.dll 6.0.6000.16386 (vista_rtm.061101-2205)

SSDP Client API DLL
WINSTA.dll 75840000 151552 C:\Windows\system32

\WINSTA.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Winstation Library
ESENT.dll 739f0000 1474560 C:\Windows\system32

\ESENT.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Extensible Storage Engine for Microsoft(R) Windows(R)
pnrpnsp.dll 730f0000 73728 C:\Windows\system32

\pnrpnsp.dll 6.0.6000.16386 (vista_rtm.061101-2205)

PNRP Name Space Provider
winrnr.dll 73ba0000 32768 C:\Windows\System32

\winrnr.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

LDAP RnR Provider DLL
mdnsNSP.dll 735a0000 151552 C:\Program

Files\Bonjour\mdnsNSP.dll 2.0.4.0 Bonjour

Namespace Provider
rasadhlp.dll 73c70000 24576 C:\Windows\system32

\rasadhlp.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Remote Access AutoDial Helper
SHELL32.dll 764b0000 11599872 C:\Windows\system32

\SHELL32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Shell Common Dll
CRYPTNET.dll 71960000 110592 C:\Windows\system32

\CRYPTNET.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Crypto Network Related API
SensApi.dll 73180000 24576 C:\Windows\system32

\SensApi.dll 6.0.6000.16386 (vista_rtm.061101-2205)

SENS Connectivity API DLL
Module information for 'svchost.exe'(976)
MODULE BASE SIZE PATH
svchost.exe 120000 32768 C:\Windows\system32

\svchost.exe 6.0.6000.16386 (vista_rtm.061101-2205)

Host Process for Windows Services
ntdll.dll 77170000 1208320 C:\Windows\system32

\ntdll.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) NT Layer DLL
kernel32.dll 77090000 901120 C:\Windows\system32

\kernel32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows NT BASE API Client DLL
msvcrt.dll 762d0000 696320 C:\Windows\system32

\msvcrt.dll 7.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows NT CRT DLL
ADVAPI32.dll 75c60000 811008 C:\Windows\system32

\ADVAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Advanced Windows 32 Base API
RPCRT4.dll 76010000 798720 C:\Windows\system32

\RPCRT4.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Remote Procedure Call Runtime
NTMARTA.DLL 74d10000 135168 C:\Windows\system32

\NTMARTA.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Windows NT MARTA provider
USER32.dll 75d30000 643072 C:\Windows\system32

\USER32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Multi-User Windows USER API Client DLL
GDI32.dll 77040000 307200 C:\Windows\system32

\GDI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

GDI Client DLL
WLDAP32.dll 760f0000 299008 C:\Windows\system32

\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Win32 LDAP API DLL
WS2_32.dll 772a0000 184320 C:\Windows\system32

\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Socket 2.0 32-Bit DLL
NSI.dll 760e0000 24576 C:\Windows\system32\NSI.dll

6.0.6001.18000 (longhorn_rtm.080118-1840) NSI

User-mode interface DLL
PSAPI.DLL 759d0000 28672 C:\Windows\system32

\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Process Status Helper
SAMLIB.dll 75490000 69632 C:\Windows\system32

\SAMLIB.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

SAM Library DLL
ole32.dll 75a30000 1331200 C:\Windows\system32

\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft OLE for Windows
IMM32.DLL 75f10000 122880 C:\Windows\system32

\IMM32.DLL 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Multi-User Windows IMM32 API Client DLL
MSCTF.dll 75b90000 819200 C:\Windows\system32

\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205)

MSCTF Server DLL
LPK.DLL 75b80000 36864 C:\Windows\system32\LPK.DLL

6.0.6002.18051 (vistasp2_gdr.090615-0258)

Language Pack
USP10.dll 76fc0000 512000 C:\Windows\system32

\USP10.dll 1.0626.6002.18005 (lh_sp2rtm.090410-

1830) Uniscribe Unicode script processor
nsisvc.dll 74a90000 32768 c:\windows\system32

\nsisvc.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Network Store Interface RPC server
secur32.dll 75870000 81920 C:\Windows\system32

\secur32.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) Security Support Provider Interface
CRYPT32.dll 752f0000 991232 C:\Windows\system32

\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Crypto API32
MSASN1.dll 75470000 73728 C:\Windows\system32

\MSASN1.dll 6.0.6002.18106 (vistasp2_gdr.090903-

2340) ASN.1 Runtime APIs
USERENV.dll 75890000 122880 C:\Windows\system32

\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Userenv
credssp.dll 751d0000 28672 C:\Windows\system32

\credssp.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) TS Single Sign On Security Package
schannel.dll 74ee0000 282624 C:\Windows\system32

\schannel.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) TLS / SSL Security Provider
NETAPI32.dll 75520000 483328 C:\Windows\system32

\NETAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Net Win32 API DLL
wkssvc.dll 740c0000 172032 c:\windows\system32

\wkssvc.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Workstation Service DLL
IPHLPAPI.DLL 753f0000 102400 c:\windows\system32

\IPHLPAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

IP Helper API
dhcpcsvc.DLL 75210000 217088 c:\windows\system32

\dhcpcsvc.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCP Client Service
DNSAPI.dll 754b0000 180224 c:\windows\system32

\DNSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

DNS Client API DLL
WINNSI.DLL 752e0000 28672 c:\windows\system32

\WINNSI.DLL 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Store Information RPC interface
dhcpcsvc6.DLL 751e0000 139264 c:\windows\system32

\dhcpcsvc6.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCPv6 Client
NTDSAPI.dll 75450000 98304 c:\windows\system32

\NTDSAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Active Directory Domain Services API
WINBRAND.dll 74d90000 880640 c:\windows\system32

\WINBRAND.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Branding Resources
netprofm.dll 73b60000 245760 c:\windows\system32

\netprofm.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network List Manager
OLEAUT32.dll 75e80000 577536 C:\Windows\system32

\OLEAUT32.dll 6.0.6002.18005 6.0.6002.18005
GPAPI.dll 74d70000 86016 c:\windows\system32

\GPAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Group Policy Client API
slc.dll 75290000 237568 c:\windows\system32\slc.dll

6.0.6002.18005 (lh_sp2rtm.090410-1830) Software

Licensing Client Dll
nlaapi.dll 74c10000 61440 c:\windows\system32

\nlaapi.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Location Awareness 2
rsaenh.dll 74e70000 241664 C:\Windows\system32

\rsaenh.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Microsoft Enhanced Cryptographic Provider
CLBCatQ.DLL 772d0000 540672 C:\Windows\system32

\CLBCatQ.DLL 2001.12.6931.18000

(longhorn_rtm.080118-1840) COM+ Configuration Catalog
npmproxy.dll 73ee0000 32768 C:\Windows\System32

\npmproxy.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Network List Manager Proxy
WINTRUST.dll 74a00000 184320 C:\Windows\system32

\WINTRUST.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Microsoft Trust Verification APIs
imagehlp.dll 75e50000 167936 C:\Windows\system32

\imagehlp.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows NT Image Helper
Module information for 'svchost.exe'(1052)
MODULE BASE SIZE PATH
svchost.exe 120000 32768 C:\Windows\system32

\svchost.exe 6.0.6000.16386 (vista_rtm.061101-2205)

Host Process for Windows Services
ntdll.dll 77170000 1208320 C:\Windows\system32

\ntdll.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) NT Layer DLL
kernel32.dll 77090000 901120 C:\Windows\system32

\kernel32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows NT BASE API Client DLL
msvcrt.dll 762d0000 696320 C:\Windows\system32

\msvcrt.dll 7.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows NT CRT DLL
ADVAPI32.dll 75c60000 811008 C:\Windows\system32

\ADVAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Advanced Windows 32 Base API
RPCRT4.dll 76010000 798720 C:\Windows\system32

\RPCRT4.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Remote Procedure Call Runtime
bfe.dll 74450000 348160 c:\windows\system32\bfe.dll

6.0.6001.18000 (longhorn_rtm.080118-1840) Base

Filtering Engine
AUTHZ.dll 75620000 90112 c:\windows\system32

\AUTHZ.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Authorization Framework
Secur32.dll 75870000 81920 c:\windows\system32

\Secur32.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) Security Support Provider Interface
USER32.dll 75d30000 643072 C:\Windows\system32

\USER32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Multi-User Windows USER API Client DLL
GDI32.dll 77040000 307200 C:\Windows\system32

\GDI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

GDI Client DLL
IMM32.DLL 75f10000 122880 C:\Windows\system32

\IMM32.DLL 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Multi-User Windows IMM32 API Client DLL
MSCTF.dll 75b90000 819200 C:\Windows\system32

\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205)

MSCTF Server DLL
LPK.DLL 75b80000 36864 C:\Windows\system32\LPK.DLL

6.0.6002.18051 (vistasp2_gdr.090615-0258)

Language Pack
USP10.dll 76fc0000 512000 C:\Windows\system32

\USP10.dll 1.0626.6002.18005 (lh_sp2rtm.090410-

1830) Uniscribe Unicode script processor
mpssvc.dll 74000000 417792 c:\windows\system32

\mpssvc.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Microsoft Protection Service
FirewallAPI.dll 74c20000 417792 c:\windows\system32

\FirewallAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Firewall API
OLEAUT32.dll 75e80000 577536 C:\Windows\system32

\OLEAUT32.dll 6.0.6002.18005 6.0.6002.18005
ole32.dll 75a30000 1331200 C:\Windows\system32

\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft OLE for Windows
VERSION.dll 751c0000 32768 c:\windows\system32

\VERSION.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Version Checking and File Installation Libraries
nlaapi.dll 74c10000 61440 c:\windows\system32

\nlaapi.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Location Awareness 2
IPHLPAPI.DLL 753f0000 102400 c:\windows\system32

\IPHLPAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

IP Helper API
dhcpcsvc.DLL 75210000 217088 c:\windows\system32

\dhcpcsvc.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCP Client Service
DNSAPI.dll 754b0000 180224 c:\windows\system32

\DNSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

DNS Client API DLL
WS2_32.dll 772a0000 184320 C:\Windows\system32

\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Socket 2.0 32-Bit DLL
NSI.dll 760e0000 24576 C:\Windows\system32\NSI.dll

6.0.6001.18000 (longhorn_rtm.080118-1840) NSI

User-mode interface DLL
WINNSI.DLL 752e0000 28672 c:\windows\system32

\WINNSI.DLL 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Store Information RPC interface
dhcpcsvc6.DLL 751e0000 139264 c:\windows\system32

\dhcpcsvc6.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCPv6 Client
CRYPT32.dll 752f0000 991232 c:\windows\system32

\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Crypto API32
MSASN1.dll 75470000 73728 c:\windows\system32

\MSASN1.dll 6.0.6002.18106 (vistasp2_gdr.090903-

2340) ASN.1 Runtime APIs
USERENV.dll 75890000 122880 c:\windows\system32

\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Userenv
bcrypt.dll 750f0000 282624 c:\windows\system32

\bcrypt.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows Cryptographic Primitives Library
WTSAPI32.dll 74c00000 40960 c:\windows\system32

\WTSAPI32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Terminal Server SDK APIs
SHLWAPI.dll 77360000 364544 C:\Windows\system32

\SHLWAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Shell Light-weight Utility Library
fwpuclnt.dll 743b0000 614400 c:\windows\system32

\fwpuclnt.dll 6.0.6000.16386 (vista_rtm.061101-2205)

FWP/IPsec User-Mode API
comctl32.dll 74830000 1695744

C:\Windows\WinSxS\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de

0\comctl32.dll 5.82 (longhorn_rtm.080118-1840) Common

Controls Library
credssp.dll 751d0000 28672 C:\Windows\system32

\credssp.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) TS Single Sign On Security Package
schannel.dll 74ee0000 282624 C:\Windows\system32

\schannel.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) TLS / SSL Security Provider
NETAPI32.dll 75520000 483328 C:\Windows\system32

\NETAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Net Win32 API DLL
PSAPI.DLL 759d0000 28672 C:\Windows\system32

\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Process Status Helper
GPAPI.dll 74d70000 86016 C:\Windows\system32

\GPAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Group Policy Client API
slc.dll 75290000 237568 C:\Windows\system32\slc.dll

6.0.6002.18005 (lh_sp2rtm.090410-1830) Software

Licensing Client Dll
wfapigp.dll 74a60000 32768 C:\Windows\system32

\wfapigp.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Firewall GPO Helper dll
ntmarta.dll 74d10000 135168 C:\Windows\system32

\ntmarta.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows NT MARTA provider
WLDAP32.dll 760f0000 299008 C:\Windows\system32

\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Win32 LDAP API DLL
SAMLIB.dll 75490000 69632 C:\Windows\system32

\SAMLIB.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

SAM Library DLL
wpclsp.dll 74cd0000 81920 C:\Windows\system32

\wpclsp.dll 1.0.0.1 WPC LSP
SHELL32.dll 764b0000 11599872 C:\Windows\system32

\SHELL32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Shell Common Dll
mswsock.dll 74ff0000 241664 C:\Windows\system32

\mswsock.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft Windows Sockets 2.0 Service Provider
wshtcpip.dll 74cf0000 20480 C:\Windows\System32

\wshtcpip.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Winsock2 Helper DLL (TL/IPv4)
wship6.dll 751a0000 20480 C:\Windows\System32

\wship6.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Winsock2 Helper DLL (TL/IPv6)
CLBCatQ.DLL 772d0000 540672 C:\Windows\system32

\CLBCatQ.DLL 2001.12.6931.18000

(longhorn_rtm.080118-1840) COM+ Configuration Catalog
rsaenh.dll 74e70000 241664 C:\Windows\system32

\rsaenh.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Microsoft Enhanced Cryptographic Provider
npmproxy.dll 73ee0000 32768 C:\Windows\System32

\npmproxy.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Network List Manager Proxy
Module information for 'svchost.exe'(1232)
MODULE BASE SIZE PATH
svchost.exe 120000 32768 C:\Windows\system32

\svchost.exe 6.0.6000.16386 (vista_rtm.061101-2205)

Host Process for Windows Services
ntdll.dll 77170000 1208320 C:\Windows\system32

\ntdll.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) NT Layer DLL
kernel32.dll 77090000 901120 C:\Windows\system32

\kernel32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows NT BASE API Client DLL
msvcrt.dll 762d0000 696320 C:\Windows\system32

\msvcrt.dll 7.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows NT CRT DLL
ADVAPI32.dll 75c60000 811008 C:\Windows\system32

\ADVAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Advanced Windows 32 Base API
RPCRT4.dll 76010000 798720 C:\Windows\system32

\RPCRT4.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Remote Procedure Call Runtime
ipsecsvc.dll 73e10000 372736 c:\windows\system32

\ipsecsvc.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows IPsec SPD Server DLL
AUTHZ.dll 75620000 90112 c:\windows\system32

\AUTHZ.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Authorization Framework
ole32.dll 75a30000 1331200 C:\Windows\system32

\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft OLE for Windows
GDI32.dll 77040000 307200 C:\Windows\system32

\GDI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

GDI Client DLL
USER32.dll 75d30000 643072 C:\Windows\system32

\USER32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Multi-User Windows USER API Client DLL
IPHLPAPI.DLL 753f0000 102400 c:\windows\system32

\IPHLPAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

IP Helper API
dhcpcsvc.DLL 75210000 217088 c:\windows\system32

\dhcpcsvc.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCP Client Service
DNSAPI.dll 754b0000 180224 c:\windows\system32

\DNSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

DNS Client API DLL
WS2_32.dll 772a0000 184320 C:\Windows\system32

\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Windows Socket 2.0 32-Bit DLL
NSI.dll 760e0000 24576 C:\Windows\system32\NSI.dll

6.0.6001.18000 (longhorn_rtm.080118-1840) NSI

User-mode interface DLL
Secur32.dll 75870000 81920 c:\windows\system32

\Secur32.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) Security Support Provider Interface
WINNSI.DLL 752e0000 28672 c:\windows\system32

\WINNSI.DLL 6.0.6001.18000 (longhorn_rtm.080118-

1840) Network Store Information RPC interface
dhcpcsvc6.DLL 751e0000 139264 c:\windows\system32

\dhcpcsvc6.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

DHCPv6 Client
CRYPT32.dll 752f0000 991232 c:\windows\system32

\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Crypto API32
MSASN1.dll 75470000 73728 c:\windows\system32

\MSASN1.dll 6.0.6002.18106 (vistasp2_gdr.090903-

2340) ASN.1 Runtime APIs
USERENV.dll 75890000 122880 c:\windows\system32

\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Userenv
fwpuclnt.dll 743b0000 614400 c:\windows\system32

\fwpuclnt.dll 6.0.6000.16386 (vista_rtm.061101-2205)

FWP/IPsec User-Mode API
OLEAUT32.dll 75e80000 577536 C:\Windows\system32

\OLEAUT32.dll 6.0.6002.18005 6.0.6002.18005
FirewallAPI.dll 74c20000 417792 c:\windows\system32

\FirewallAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Firewall API
VERSION.dll 751c0000 32768 c:\windows\system32

\VERSION.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Version Checking and File Installation Libraries
FwRemoteSvr.DLL 74a70000 40960 c:\windows\system32

\FwRemoteSvr.DLL 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Windows Firewall Remote APIs Server
WLDAP32.dll 760f0000 299008 C:\Windows\system32

\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Win32 LDAP API DLL
PSAPI.DLL 759d0000 28672 C:\Windows\system32

\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205)

Process Status Helper
IMM32.DLL 75f10000 122880 C:\Windows\system32

\IMM32.DLL 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Multi-User Windows IMM32 API Client DLL
MSCTF.dll 75b90000 819200 C:\Windows\system32

\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205)

MSCTF Server DLL
LPK.DLL 75b80000 36864 C:\Windows\system32\LPK.DLL

6.0.6002.18051 (vistasp2_gdr.090615-0258)

Language Pack
USP10.dll 76fc0000 512000 C:\Windows\system32

\USP10.dll 1.0626.6002.18005 (lh_sp2rtm.090410-

1830) Uniscribe Unicode script processor
CLBCatQ.DLL 772d0000 540672 C:\Windows\system32

\CLBCatQ.DLL 2001.12.6931.18000

(longhorn_rtm.080118-1840) COM+ Configuration Catalog
SHLWAPI.dll 77360000 364544 C:\Windows\system32

\SHLWAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Shell Light-weight Utility Library
comctl32.dll 74830000 1695744

C:\Windows\WinSxS\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de

0\comctl32.dll 5.82 (longhorn_rtm.080118-1840) Common

Controls Library
wpclsp.dll 74cd0000 81920 C:\Windows\system32

\wpclsp.dll 1.0.0.1 WPC LSP
NETAPI32.dll 75520000 483328 C:\Windows\system32

\NETAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Net Win32 API DLL
SHELL32.dll 764b0000 11599872 C:\Windows\system32

\SHELL32.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) Windows Shell Common Dll
mswsock.dll 74ff0000 241664 C:\Windows\system32

\mswsock.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Microsoft Windows Sockets 2.0 Service Provider
wshtcpip.dll 74cf0000 20480 C:\Windows\System32

\wshtcpip.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Winsock2 Helper DLL (TL/IPv4)
wship6.dll 751a0000 20480 C:\Windows\System32

\wship6.dll 6.0.6000.16386 (vista_rtm.061101-2205)

Winsock2 Helper DLL (TL/IPv6)
credssp.dll 751d0000 28672 C:\Windows\system32

\credssp.dll 6.0.6001.18000 (longhorn_rtm.080118-

1840) TS Single Sign On Security Package
schannel.dll 74ee0000 282624 C:\Windows\system32

\schannel.dll 6.0.6002.18051 (vistasp2_gdr.090615-

0258) TLS / SSL Security Provider



******************************************
EOF

Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by DragonMaster Jay on Thu 06 Oct 2011, 2:53 am

Jotti File Submission:
  • Please go to Jotti's malware scan

  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys


  • Click on the submit button

  • Please post the results (URL) in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Thu 06 Oct 2011, 8:53 pm

[You must be registered and logged in to see this link.]

Not all of them scanned. Should I try again?

Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by DragonMaster Jay on Fri 07 Oct 2011, 12:12 am

When you can, yes...


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Fri 07 Oct 2011, 4:01 pm

[You must be registered and logged in to see this link.]


Still only 15 of the 20 scanned. The other ones sent a message of "Operation timed out"

Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by DragonMaster Jay on Mon 10 Oct 2011, 5:58 am

Sorry this is wasting time...

go to [You must be registered and logged in to see this link.] and try it there...


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Sponsored content Today at 9:19 pm


Sponsored content


Back to top Go down

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum