Page 5 of 5 FirstFirst 12345
Results 41 to 49 of 49

Thread: Need Help uninstalling iLivid

  1. #41
    Member
    Join Date
    Dec 2011
    Posts
    30

    Default report.txt

    OS Name: Windows Vista
    Version 6.0.6002 (Service Pack 2)
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0x8D40C000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 4456448 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 97.46 )
    0x8244C000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
    0x8244C000 PnpManager 3907584 bytes
    0x8244C000 RAW 3907584 bytes
    0x8244C000 WMIxWDM 3907584 bytes
    0x9B680000 Win32k 2113536 bytes
    0x9B680000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0xA5A0A000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120108.006\NAVEX15.SYS 1572864 bytes (Symantec Corporation, AV Engine)
    0x88209000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
    0x83001000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
    0x8C600000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
    0x83204000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
    0x80463000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
    0xA0ADC000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
    0x9280C000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx86.sys 835584 bytes (Symantec Corporation, BASH Driver)
    0x82A6A000 C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS 765952 bytes (Symantec Corporation, Symantec Extended File Attributes)
    0x8C703000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
    0x9FC06000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
    0x91C07000 C:\Windows\system32\drivers\stwrt.sys 667648 bytes (SigmaTel, Inc., NDRC)
    0x8D84C000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
    0x83309000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
    0xA5604000 C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS 548864 bytes (Symantec Corporation, Symantec AutoProtect)
    0x9295B000 C:\Windows\System32\Drivers\bthport.sys 524288 bytes (Microsoft Corporation, Bluetooth Bus Driver)
    0x80543000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
    0x82B2E000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0x9FCD9000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0x92393000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
    0x92335000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120106.002\IDSvix86.sys 385024 bytes (Symantec Corporation, IDS Core Driver)
    0x91D98000 C:\Windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS 364544 bytes (Symantec Corporation, Network Dispatch Driver)
    0x82A03000 C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS 356352 bytes (Symantec Corporation, Symantec Data Store)
    0xA0A87000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
    0x8D97D000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 303104 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
    0x806A8000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
    0x92203000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x8060C000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
    0x80422000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
    0x80749000 C:\Windows\system32\drivers\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
    0x8D902000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0x922EF000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0x83137000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
    0xA0A0E000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
    0x88319000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0x831A4000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0x82419000 ACPI_HAL 208896 bytes
    0x82419000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0x8078A000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0x9224B000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
    0x8C7C4000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
    0x91CAA000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0x8310C000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
    0x8D9C7000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
    0x807BC000 C:\Windows\system32\DRIVERS\rfcomm.sys 167936 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
    0xA0BBA000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
    0xA0A5F000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
    0x88369000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
    0x80663000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0x82B9F000 C:\Windows\system32\Drivers\SYMEVENT.SYS 155648 bytes (Symantec Corporation, Symantec Event Library)
    0x91CD7000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0x922B4000 C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS 147456 bytes (Symantec Corporation, Iron Driver)
    0x833AD000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0x8071B000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
    0x9FD91000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0x91D2F000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
    0x9FDB2000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0x82BC5000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
    0x9FD46000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
    0x832EE000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
    0x807E5000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
    0x929E5000 C:\Windows\system32\DRIVERS\bthpan.sys 106496 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
    0x9FD63000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
    0x80702000 C:\Windows\system32\drivers\nvraid.sys 102400 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) RAID Driver)
    0x8D94F000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0xA0A47000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
    0x82BE3000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
    0x83396000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0x928D8000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
    0xA5B9E000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0x9227D000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
    0x91D82000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
    0x9FD7C000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
    0x83172000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
    0x928FC000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
    0x9FDD1000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
    0xA5B8A000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120108.006\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
    0x833DF000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0x831EA000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
    0x9FCC6000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
    0x922A1000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0x9FDE6000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
    0x88390000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
    0x831D9000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
    0x80409000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
    0x883E2000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
    0x8D96D000 C:\Windows\system32\DRIVERS\bcm4sbxp.sys 65536 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
    0x82A5A000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
    0x9291A000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
    0x9FCB6000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
    0x806F2000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
    0x83187000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
    0x883B4000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
    0x8835A000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0x8068A000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
    0x833D0000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0x8D940000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0x80699000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
    0x9B8C0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
    0x92293000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
    0x91D6B000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
    0x9294E000 C:\Windows\System32\Drivers\BTHUSB.sys 53248 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
    0x9292A000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
    0x92941000 C:\Windows\System32\Drivers\dump_nvstor.sys 53248 bytes
    0x8C7B7000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
    0x8073C000 C:\Windows\system32\drivers\nvstor.sys 53248 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) Sata Performance Driver)
    0x83197000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
    0x928EF000 C:\Windows\system32\DRIVERS\usbscan.sys 53248 bytes (Microsoft Corporation, USB Scanner Driver)
    0x805BF000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
    0x92800000 C:\Windows\system32\DRIVERS\hidbth.sys 49152 bytes (Microsoft Corporation, Bluetooth Miniport Driver for HID Devices)
    0xA0BEC000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
    0x91D23000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0x8D8EC000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
    0x8D400000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
    0x883F2000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
    0x91D60000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
    0x8D9F1000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0x922D8000 C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS 45056 bytes (Symantec Corporation, Symantec AutoProtect)
    0x8C7F3000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
    0x883CE000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x929DB000 C:\Windows\system32\DRIVERS\BthEnum.sys 40960 bytes (Microsoft Corporation, Bluetooth Bus Extender)
    0x92937000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
    0x883AA000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
    0x833F3000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
    0x9232B000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
    0xA0BE2000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
    0x8D8F8000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
    0x922E3000 C:\Windows\system32\DRIVERS\usbprint.sys 40960 bytes (Microsoft Corporation, USB Printer driver)
    0xA5BB4000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
    0x883A1000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
    0x91CFC000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
    0x92911000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0x91DF1000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
    0x82B25000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0x91D79000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0x9B8A0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
    0x883D9000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x80652000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0x8041A000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
    0x923F1000 C:\Windows\system32\DRIVERS\LHidFilt.Sys 32768 bytes (Logitech, Inc., Logitech HID Filter Driver.)
    0x88200000 C:\Windows\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
    0x91D13000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0x8065B000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
    0x91D50000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x91D58000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x88352000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
    0xA0BF8000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
    0x91D0C000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
    0x91D1C000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0x80402000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0x91D05000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
    0x8D967000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0xA0AD8000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
    0xA0AD6000 C:\Windows\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
    0x8C7FE000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0x922ED000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    ==============================================
    >Stealth
    ==============================================
    ==============================================
    >Files
    ==============================================
    ==============================================
    >Hooks
    ==============================================
    ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x824F47AA-->824F47B1 [ntkrnlpa.exe]
    [4736]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x763C847D-->69D56323 [ieframe.dll]
    [4736]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x763B2EF5-->69D562BE [ieframe.dll]
    [4736]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x763C8152-->69D56259 [ieframe.dll]
    [4736]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x763B10B0-->69B6170B [ieframe.dll]
    [4736]iexplore.exe-->user32.dll-->EnableWindow, Type: Inline - RelativeJump 0x7638CD8B-->69C09A14 [ieframe.dll]
    [4736]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x763DD639-->69D56103 [ieframe.dll]
    [4736]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x763DD65D-->69D5609F [ieframe.dll]
    [4736]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x763DD4D9-->69D561E0 [ieframe.dll]
    [4736]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x763DD5D3-->69D56167 [ieframe.dll]
    [744]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->677C47BB [IEShims.dll]
    [744]iexplore.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x73C01288-->677C47BB [IEShims.dll]
    [744]iexplore.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B61130-->677DBC51 [IEShims.dll]
    [744]iexplore.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B6119C-->677C63E7 [IEShims.dll]
    [744]iexplore.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B611BC-->677DC811 [IEShims.dll]
    [744]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->677C47BB [IEShims.dll]
    [744]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->677C6D22 [IEShims.dll]
    [744]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->677C5EC7 [IEShims.dll]
    [744]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->677C4E2B [IEShims.dll]
    [744]iexplore.exe-->gdi32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77B611AC-->677D029E [IEShims.dll]
    [744]iexplore.exe-->kernel32.dll+0x00001CB3, Type: Inline - RelativeJump 0x76B41CB3-->034700F7 [unknown_code_page]
    [744]iexplore.exe-->kernel32.dll+0x00001DBE, Type: Inline - RelativeJump 0x76B41DBE-->03470319 [unknown_code_page]
    [744]iexplore.exe-->kernel32.dll+0x00029DA6, Type: Inline - RelativeJump 0x76B69DA6-->034703CF [unknown_code_page]
    [744]iexplore.exe-->kernel32.dll+0x0004AF70, Type: Inline - RelativeJump 0x76B8AF70-->03470263 [unknown_code_page]
    [744]iexplore.exe-->kernel32.dll+0x00095D4F, Type: Inline - RelativeJump 0x76BD5D4F-->034701AD [unknown_code_page]
    [744]iexplore.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x76B8CB2E-->69BC7303 [ieframe.dll]
    [744]iexplore.exe-->kernel32.dll-->HeapCreate, Type: Inline - RelativeJump 0x76B69DAB-->76B69DA6 [kernel32.dll]
    [744]iexplore.exe-->kernel32.dll-->SetProcessDEPPolicy, Type: Inline - RelativeJump 0x76BD5D54-->76BD5D4F [kernel32.dll]
    [744]iexplore.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x76B8AF75-->76B8AF70 [kernel32.dll]
    [744]iexplore.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76B41DC3-->76B41DBE [kernel32.dll]
    [744]iexplore.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x76B41CB8-->76B41CB3 [kernel32.dll]
    [744]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->677C47BB [IEShims.dll]
    [744]iexplore.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x777A4974-->0347003A [unknown_code_page]
    [744]iexplore.exe-->shell32.dll+0x000889A8, Type: Inline - PushRet 0x76CA89A8-->C1677D01 [unknown_code_page]
    [744]iexplore.exe-->shell32.dll+0x000889A9, Type: Code Mismatch 0x76CA89A9 + 559529 [01 7D 67]
    [744]iexplore.exe-->shell32.dll+0x000889B0, Type: Inline - RelativeJump 0x76CA89B0-->76CA8A1F [shell32.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x768E125C-->677DBC51 [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateDirectoryW, Type: IAT modification 0x768E13B0-->677C6291 [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x768E1460-->677C63E7 [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateHardLinkW, Type: IAT modification 0x768E11A4-->677DC49D [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x768E12E8-->677D7F4F [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x768E13B4-->677DC811 [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x768E132C-->677DF94D [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x768E1328-->677DFCF6 [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x768E1114-->677E07CA [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->GetBinaryTypeW, Type: IAT modification 0x768E1280-->677D9F4B [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesA, Type: IAT modification 0x768E1370-->677D0ADF [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesExW, Type: IAT modification 0x768E14A4-->677D968F [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesW, Type: IAT modification 0x768E13BC-->677C5F62 [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->GetLongPathNameW, Type: IAT modification 0x768E14EC-->677D997F [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileIntW, Type: IAT modification 0x768E1390-->677DA249 [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionNamesW, Type: IAT modification 0x768E1164-->677DA89F [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionW, Type: IAT modification 0x768E1100-->677DA56D [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x768E13A0-->677DABDB [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameA, Type: IAT modification 0x768E136C-->677D9AF3 [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameW, Type: IAT modification 0x768E1428-->677D9C69 [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x768E14E0-->677C6D22 [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x768E1284-->677C5EC7 [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x768E1448-->677C4E2B [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x768E13C0-->677DE0C1 [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x768E130C-->677DE089 [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->RemoveDirectoryW, Type: IAT modification 0x768E13AC-->677DEE67 [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->ReplaceFileW, Type: IAT modification 0x768E1140-->677DE457 [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x768E1384-->677D029E [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x768E124C-->677DF500 [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x768E13B8-->677D939B [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileSectionW, Type: IAT modification 0x768E1168-->677DB245 [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x768E116C-->677DB56B [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->ntdll.dll-->NtQueryDirectoryFile, Type: IAT modification 0x768E2320-->677D8C1A [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->user32.dll-->LoadImageW, Type: IAT modification 0x768E1890-->677DCB0F [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->user32.dll-->PrivateExtractIconsW, Type: IAT modification 0x768E1A6C-->677DD11F [IEShims.dll]
    [744]iexplore.exe-->shell32.dll-->user32.dll-->WinHelpW, Type: IAT modification 0x768E191C-->677DD6BF [IEShims.dll]
    [744]iexplore.exe-->user32.dll-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x77D5154C-->677C6692 [IEShims.dll]
    [744]iexplore.exe-->user32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D51548-->677D19CA [IEShims.dll]
    [744]iexplore.exe-->user32.dll-->advapi32.dll-->RegDeleteKeyW, Type: IAT modification 0x77D51544-->677E33C5 [IEShims.dll]
    [744]iexplore.exe-->user32.dll-->advapi32.dll-->RegEnumValueW, Type: IAT modification 0x77D51524-->677D0E28 [IEShims.dll]
    [744]iexplore.exe-->user32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D51528-->677C60B5 [IEShims.dll]
    [744]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryInfoKeyW, Type: IAT modification 0x77D51520-->677D1555 [IEShims.dll]
    [744]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryValueExW, Type: IAT modification 0x77D5152C-->677C7278 [IEShims.dll]
    [744]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x76388E3B-->69C27BB7 [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->CreateDialogIndirectParamA, Type: Inline - RelativeJump 0x763A26F1-->69D56660 [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->CreateDialogIndirectParamW, Type: Inline - RelativeJump 0x763A9A62-->69D56698 [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->CreateDialogParamA, Type: Inline - RelativeJump 0x763A17AA-->69D565F0 [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->CreateDialogParamW, Type: Inline - RelativeJump 0x763872A2-->69D56628 [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->CreateWindowExA, Type: Inline - RelativeJump 0x7638DC2A-->69BD3363 [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x76391305-->69C2FF8F [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->DefWindowProcA, Type: Inline - RelativeJump 0x7638DB88-->69BC952D [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->DefWindowProcA, Type: Inline - SEH 0x7638DB8D [unknown_code_page]
    [744]iexplore.exe-->user32.dll-->DefWindowProcA, Type: Inline - SEH 0x7638DB8E [unknown_code_page]
    [744]iexplore.exe-->user32.dll-->DefWindowProcW, Type: Inline - RelativeJump 0x763A03B4-->69C27C1A [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->DefWindowProcW, Type: Inline - SEH 0x763A03B9 [unknown_code_page]
    [744]iexplore.exe-->user32.dll-->DefWindowProcW, Type: Inline - SEH 0x763A03BA [unknown_code_page]
    [744]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x763C847D-->69D56323 [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x763B2EF5-->69D562BE [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x763C8152-->69D56259 [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x763B10B0-->69B6170B [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->EnableWindow, Type: Inline - RelativeJump 0x7638CD8B-->69C09A14 [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->EndDialog, Type: Inline - RelativeJump 0x763B326E-->69D5702E [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - RelativeJump 0x7638863C-->69BADD8D [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->GetKeyState, Type: Inline - RelativeJump 0x76398CB1-->69BADC67 [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->IsDialogMessage, Type: Inline - RelativeJump 0x763A1847-->69D56D5A [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->IsDialogMessageW, Type: Inline - RelativeJump 0x763A0745-->69D56D82 [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77D511A8-->677DBC51 [IEShims.dll]
    [744]iexplore.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D512B8-->677C63E7 [IEShims.dll]
    [744]iexplore.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->677D7F4F [IEShims.dll]
    [744]iexplore.exe-->user32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77D511B0-->677DC811 [IEShims.dll]
    [744]iexplore.exe-->user32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x77D511E4-->677DF94D [IEShims.dll]
    [744]iexplore.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77D511EC-->677DFCF6 [IEShims.dll]
    [744]iexplore.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77D511E8-->677E07CA [IEShims.dll]
    [744]iexplore.exe-->user32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x77D51328-->677DABDB [IEShims.dll]
    [744]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->677C47BB [IEShims.dll]
    [744]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->677C6D22 [IEShims.dll]
    [744]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->677C5EC7 [IEShims.dll]
    [744]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->677C4E2B [IEShims.dll]
    [744]iexplore.exe-->user32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77D511AC-->677DE089 [IEShims.dll]
    [744]iexplore.exe-->user32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77D51154-->677D029E [IEShims.dll]
    [744]iexplore.exe-->user32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x77D511D8-->677DF500 [IEShims.dll]
    [744]iexplore.exe-->user32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x77D512BC-->677DB56B [IEShims.dll]
    [744]iexplore.exe-->user32.dll-->keybd_event, Type: Inline - RelativeJump 0x763DD972-->69D575AE [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x763DD639-->69D56103 [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x763DD65D-->69D5609F [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x763DD4D9-->69D561E0 [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x763DD5D3-->69D56167 [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump 0x763B2F75-->69D575F1 [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->SetCursorPos, Type: Inline - RelativeJump 0x763C6FB2-->69D576CA [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->SetKeyboardState, Type: Inline - RelativeJump 0x763B0987-->69D57649 [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x763887AD-->69C02194 [ieframe.dll]
    [744]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x763898DB-->69C4EB74 [ieframe.dll]
    [744]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x63001400-->677C47BB [IEShims.dll]
    [744]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->677C47BB [IEShims.dll]

  2. #42
    Member
    Join Date
    Dec 2011
    Posts
    30

    Default step 5

    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Dell Inc
    BIOS Manufacturer: Dell Inc
    System Manufacturer: Dell Inc
    System Product Name: Dimension E521
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 159):
    0x8240B000 \SystemRoot\system32\ntkrnlpa.exe
    0x827C5000 \SystemRoot\system32\hal.dll
    0x80407000 \SystemRoot\system32\kdcom.dll
    0x8040E000 \SystemRoot\system32\PSHED.dll
    0x8041F000 \SystemRoot\system32\BOOTVID.dll
    0x80427000 \SystemRoot\system32\CLFS.SYS
    0x80468000 \SystemRoot\system32\CI.dll
    0x80548000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x805C4000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80607000 \SystemRoot\system32\drivers\acpi.sys
    0x8064D000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x80656000 \SystemRoot\system32\drivers\msisadrv.sys
    0x8065E000 \SystemRoot\system32\drivers\pci.sys
    0x80685000 \SystemRoot\System32\drivers\partmgr.sys
    0x80694000 \SystemRoot\system32\drivers\volmgr.sys
    0x806A3000 \SystemRoot\System32\drivers\volmgrx.sys
    0x806ED000 \SystemRoot\System32\drivers\mountmgr.sys
    0x806FD000 \SystemRoot\system32\drivers\nvraid.sys
    0x80716000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x80737000 \SystemRoot\system32\drivers\nvstor.sys
    0x80744000 \SystemRoot\system32\drivers\storport.sys
    0x80785000 \SystemRoot\system32\drivers\fltmgr.sys
    0x82A0E000 \SystemRoot\system32\drivers\N360\0501000.01D\SYMDS.SYS
    0x82A65000 \SystemRoot\system32\drivers\fileinfo.sys
    0x82A75000 \SystemRoot\system32\drivers\N360\0501000.01D\SYMEFA.SYS
    0x82B30000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x82B39000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x83001000 \SystemRoot\system32\drivers\ndis.sys
    0x8310C000 \SystemRoot\system32\drivers\msrpc.sys
    0x83137000 \SystemRoot\system32\drivers\NETIO.SYS
    0x83204000 \SystemRoot\System32\drivers\tcpip.sys
    0x832EE000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x88203000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x88313000 \SystemRoot\system32\drivers\volsnap.sys
    0x8834C000 \SystemRoot\System32\Drivers\spldr.sys
    0x88354000 \SystemRoot\System32\Drivers\mup.sys
    0x88363000 \SystemRoot\System32\drivers\ecache.sys
    0x8838A000 \SystemRoot\system32\drivers\disk.sys
    0x8839B000 \SystemRoot\system32\drivers\crcdisk.sys
    0x883C8000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x883D3000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x883DC000 \SystemRoot\system32\DRIVERS\amdk8.sys
    0x8D607000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x8DA47000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8DAE7000 \SystemRoot\System32\drivers\watchdog.sys
    0x8DAF3000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x8DAFD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8DB3B000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8DB4A000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8DB62000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x8DB68000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
    0x8DB78000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
    0x8DBC2000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8F804000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0x8F907000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0x8F9BB000 \SystemRoot\system32\drivers\modem.sys
    0x83309000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8F9C8000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8DBEC000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x83396000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x883EC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x833AD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x833D0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x833DF000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x83172000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x83187000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x833F3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x83197000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8F9F7000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x831A2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x831AC000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x831B9000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x831EE000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x91E03000 \SystemRoot\system32\drivers\stwrt.sys
    0x91EA6000 \SystemRoot\system32\drivers\portcls.sys
    0x91ED3000 \SystemRoot\system32\drivers\drmk.sys
    0x91EF8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x91F01000 \SystemRoot\System32\Drivers\Null.SYS
    0x91F08000 \SystemRoot\System32\Drivers\Beep.SYS
    0x91F18000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x91F1F000 \SystemRoot\System32\drivers\vga.sys
    0x91F2B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x91F4C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x91F54000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x91F5C000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x91F67000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x91F75000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x91F7E000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x91F94000 \SystemRoot\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS
    0x82BAA000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    0x91FED000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x91FF7000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x82BD0000 \SystemRoot\system32\DRIVERS\smb.sys
    0x807B7000 \SystemRoot\system32\drivers\afd.sys
    0x92201000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x92233000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x92249000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x92260000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x9226D000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x9227B000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x9228E000 \SystemRoot\system32\drivers\N360\0501000.01D\Ironx86.SYS
    0x922B2000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x922C7000 \SystemRoot\system32\drivers\N360\0501000.01D\SRTSPX.SYS
    0x922D2000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x9230E000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x92317000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x92327000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x9238F000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0x805D1000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x82BE4000 \SystemRoot\System32\Drivers\dfsc.sys
    0x92A07000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx86.sys
    0x92AD3000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x92AE0000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x92AEA000 \SystemRoot\System32\Drivers\dump_nvstor.sys
    0x92AF7000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    0x92AFF000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x92B07000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    0x92B0F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x9B2D0000 \SystemRoot\System32\win32k.sys
    0x92B18000 \SystemRoot\System32\drivers\Dxapi.sys
    0x92B22000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x9B4F0000 \SystemRoot\System32\TSDDD.dll
    0x9B510000 \SystemRoot\System32\cdd.dll
    0x92B31000 \SystemRoot\system32\drivers\luafv.sys
    0x9FC0D000 \SystemRoot\system32\drivers\spsys.sys
    0x9FCBD000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x9FCCD000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9FCE0000 \SystemRoot\system32\drivers\HTTP.sys
    0x9FD4D000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9FD6A000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x9FD83000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x9FD98000 \SystemRoot\system32\drivers\mrxdav.sys
    0x9FDB9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x92B54000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x9FDD8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x92B8D000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA0C0B000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA0C5A000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
    0xA0C5C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xA0C60000 \SystemRoot\System32\Drivers\fastfat.SYS
    0xA0C88000 \SystemRoot\system32\drivers\peauth.sys
    0xA0D66000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xA0D70000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA0D7C000 \SystemRoot\system32\DRIVERS\xaudio.sys
    0xA0D84000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0xA0D99000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
    0xA6602000 \SystemRoot\System32\Drivers\N360\0501000.01D\SRTSP.SYS
    0xA6997000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0xA6800000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120110.032\NAVEX15.SYS
    0xA6980000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120110.032\NAVENG.SYS
    0xA6688000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120110.002\IDSvix86.sys
    0xA69AD000 \SystemRoot\System32\Drivers\BTHUSB.sys
    0xA66E6000 \SystemRoot\System32\Drivers\bthport.sys
    0xA69BA000 \SystemRoot\system32\DRIVERS\rfcomm.sys
    0xA69E3000 \SystemRoot\system32\DRIVERS\BthEnum.sys
    0xA6766000 \SystemRoot\system32\DRIVERS\bthpan.sys
    0xA69ED000 \SystemRoot\system32\DRIVERS\hidbth.sys
    0xA6780000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x77350000 \Windows\System32\ntdll.dll

    Processes (total 68):
    0 System Idle Process
    4 System
    400 C:\Windows\System32\smss.exe
    480 csrss.exe
    532 C:\Windows\System32\wininit.exe
    544 csrss.exe
    576 C:\Windows\System32\services.exe
    592 C:\Windows\System32\lsass.exe
    600 C:\Windows\System32\lsm.exe
    644 C:\Windows\System32\winlogon.exe
    780 C:\Windows\System32\svchost.exe
    844 C:\Windows\System32\svchost.exe
    1024 C:\Windows\System32\svchost.exe
    1056 C:\Windows\System32\svchost.exe
    1076 C:\Windows\System32\svchost.exe
    1144 C:\Windows\System32\audiodg.exe
    1176 C:\Windows\System32\svchost.exe
    1196 C:\Windows\System32\SLsvc.exe
    1232 C:\Windows\System32\svchost.exe
    1356 C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    1428 C:\Windows\System32\svchost.exe
    1612 C:\Windows\System32\spoolsv.exe
    1644 C:\Windows\System32\svchost.exe
    1856 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    1876 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1908 C:\Program Files\Bonjour\mDNSResponder.exe
    1920 C:\Windows\System32\svchost.exe
    1964 C:\Windows\System32\dldtcoms.exe
    2008 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    320 C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
    1188 C:\Windows\System32\svchost.exe
    1344 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    2084 C:\Program Files\Dell DataSafe Local Backup\SftService.exe
    2112 C:\Windows\System32\svchost.exe
    2168 C:\Windows\System32\svchost.exe
    2248 C:\Windows\System32\SearchIndexer.exe
    2280 C:\Windows\System32\drivers\XAudio.exe
    2552 C:\Windows\System32\taskeng.exe
    2560 WUDFHost.exe
    2916 dllhost.exe
    3128 C:\Windows\System32\svchost.exe
    3880 C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
    3648 C:\Windows\System32\taskeng.exe
    1124 C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
    3784 C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    3740 C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    4140 C:\Windows\explorer.exe
    4148 C:\Windows\System32\dwm.exe
    5928 C:\Windows\sttray.exe
    5936 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    5952 C:\Program Files\QuickTime\QTTask.exe
    5960 C:\Program Files\iTunes\iTunesHelper.exe
    5972 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    5996 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    6048 C:\Windows\ehome\ehtray.exe
    5144 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3492 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5336 C:\Program Files\SetPoint\SetPoint.exe
    3512 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    5992 C:\Windows\ehome\ehmsas.exe
    3804 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    5708 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    1408 C:\Program Files\iPod\bin\iPodService.exe
    2516 C:\Program Files\Internet Explorer\iexplore.exe
    3252 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    5732 C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
    424 C:\Program Files\Internet Explorer\iexplore.exe
    7688 C:\Users\Bruce\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`82800000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

    PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.AD

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

  3. #43
    Member
    Join Date
    Dec 2011
    Posts
    30

    Default Step 6

    Hi Scolabar, As always thanks for your help and patience. I don't think I had any problems . If the imfo. I pasted is what you were looking for then I did not . I'm always a little unsure when I don't see some of the exact imfo. that you provided ie; a_d_13 but I think I got it right.
    Thanks ,Bruce

  4. #44
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    148

    Default

    Hi Bruce C,

    Thank you, those were the logs I was after.
    I hope the trip the hospital went OK.

    Congratulations and well done! I can now confirm that your system now appears to be clean.

    Now that your computer appears to clear of malware infection we need to tidy a few things up and deal with a few remaining items:
    Step 1:

    It's now time for some housekeeping. Please follow the instructions below to remove the tools we have used to clean up your computer.
    OTL - Cleanup

    1. Right-click on OTL.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
      This will remove most, if not all, of the tools we used to clean your PC.
    2. Close all other programs apart from OTL as this step will require a reboot.
    3. On the OTL main screen, press the CleanUp! button.
    4. Click on the Yes button at the prompt and then allow the program to reboot your computer.

    Remove Tools Used

    You can now safely delete the tools used in cleaning up the infection. Please remove the following tools from your system along with any related .zip files.

    MBRCheck.exe
    RKUnhookerLE.exe
    SecurityCheck.exe

    Please Note: These tools are updated on a regular basis and so, if required in future, should be downloaded afresh under supervision.

    Step 2:
    Create Clean System Restore Point

    Create a new, clean System Restore point which be used in the event of future system problems:

    1. Click on Start > All Programs > Accessories > System Tools > System Restore.
    2. Select the Create a restore point option then click on Next.
    3. You can name your new Restore Point something like All Clean, for example, and then select Create.
    4. Once the Restore Point has been created you can click on Close.
    5. Now remove old, infected System Restore points:
    6. Next click on Start > Run.
    7. Copy and Paste the following command into the text entry box:
      Code:
      cleanmgr
    8. Then click on the OK button.
    9. Make sure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked. You can choose to check other boxes if you wish but they are not required.
    10. Select the More Options tab, under System Restore and click on the Clean up... button and reply Yes to the prompt.
    11. Click on the OK button and the Yes button to confirm.

    Step 3:
    Security Vulnerabilities

    I cannot stress how important it is to address the following security vulnerabilities. If you don't keep your Operating System and Internet Explorer up-to-date the computer will be open to re-infection.

    The same equally applies to the programs you use. Please see the Further Guidelines section below for more information on keeping your programs up-to-date in future.

    Outdated Adobe Reader

    It is strongly recommended that you update to the current version of Adobe Reader X - 10.1.2.
    Older versions of Adobe Reader are known to have vunerabilities that can be exploited by malware to infect your system.

    1. Download the latest available version from here.
    2. Before proceeding any further uninstall all previous versions of Adobe Reader.
    3. Then run the newly downloaded Adobe Reader installer.
      Please Note: Remember to Uncheck the Free McAfee® Security Scan Plus if you do not want or need it.

    Step 4:
    Improve Your Computer's Security

    MalwareBytes' AntiMalware
    It is worth keeping MalwareBytes' AntiMalware on your system. Updating the program and running a scan once every couple of weeks will help you to keep malware free.

    Below are additional (free) programs that can help improve your computer's security.
    Many feel that having a "layered" protection scheme is beneficial. You'll need to decide what works best for your situation. You may like to give them a try.

    WinPatrol
    Download it from Copyright © BillP Studios.
    Information about how WinPatrol works, is available here.
    (The free version of WinPatrol provides limited real-time protection.)

    SiteAdvisor
    SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
    You can find more information and download it from here .

    SpywareBlaster
    Download and install Javacool's SpywareBlaster from Here.
    SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

    Web of Trust (WOT)
    Install Web of Trust (WOT). WOT keeps you from dangerous websites with warnings and blockings.
    You can find more information about the program and download it from Here .

    MVPS Hosts
    For added protection you may also like to add a hosts file. A simple explanation of what a Hosts file does is provided here.
    Install MVPS Hosts File from here.
    The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
    You can read the Tutorial here.

    Panda USB Vaccine
    Protect your computer from removable or USB drive infections with Panda USB Vaccine. It is an effective method of preventing the spread of malware.
    You can download and learn more about this product from Here.

    Step 5:
    Further Guidelines

    Please follow these simple guidelines in order to help keep your computer more secure:

    Update your Anti-virus program and other programs regularly.
    Online Secunia Software Inspector - © Secunia.
    FileHippo.com Update Checker - © FileHippo.com
    F-secure Health Check - © F-Secure Corporation.

    Visit Microsoft often
    Keep on top of critical updates, as well as other updates for your computer.
    Using Windows Update in Windows Vista
    What is Windows Update?
    Microsoft Update Home

    Read, stay informed.
    To help minimize the chances of becoming re-infected, please read:
    Computer Security - a short guide to staying safer online

    If your computer is running slowly after your clean up, please read:
    What to do if your Computer is running slowly

    Please confirm that you have completed the cleanup steps and reviewed the rest of the post.
    Once your reply has been received, unless there are other malware questions or concerns, this topic will be closed as resolved.

    Stay Safe!
    Scolabar
    Malware Removal University - You too could train to help others

  5. #45
    Member
    Join Date
    Dec 2011
    Posts
    30

    Default clean up

    I got halfway there yesterday before I was interupted, I'lll finish it up this afternoon , Thanks , Bruce

  6. #46
    Member
    Join Date
    Dec 2011
    Posts
    30

    Default Step 2 #5

    Please help. My husband finished #4 on step 2. We need to start at #4, however cannot find the start>Run. Can you get us to where #5 starts.

    Thank you

  7. #47
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    148

    Default

    Hi Bruce C,

    Apologies for the oversight. I provided instructions for Windows XP instead of Vista.
    Please replace Step 2 with the instructions below and then continue with the rest of the instructions:

    Step 2:
    Create Clean System Restore Point

    Create a new, clean System Restore point which be used in the event of future system problems:

    Reset System Restore:
    1. Select Start > Right-click on Computer > select Properties.
    2. In the left-hand pane click on the System Protection option.
    3. Under the System Protection tab.
    4. Select the drive letter where Windows is located (usually C: drive) indicates System protection ON.
      (This indicates System Restore is turned ON for the Windows drive).
    5. Click on the Configure button.
    6. Select the Turn off system protection option and then click on the Apply button.
    7. Click on the Yes button to accept the pop-up confirmation.
    8. Click on the OK button and close the System window in the Control Panel.
      This will remove all restore points and clear all the old stored system files once the computer has been restarted.
    9. Restart your computer.


    Turn ON System Restore:
    As soon as the computer has restarted and you have logged back on:
    1. Select Start > Right-click on Computer > select Properties.
    2. In the left-hand pane click on the System Protection option.
    3. Under the System Protection tab.
    4. Select the drive letter where Windows is located (usually C: drive). This will now be indicated by System protection OFF.
      (This will indicate that System Restore is currently turned OFF for the Windows drive).
    5. Click on the Configure button.
    6. Select the Restore system settings and previous versions of files option, click on the Apply button and then click on the OK button.
    7. Click on the OK button and close the System window in the Control Panel.
      You now have a clean restore point to use if you need to restore your system.


    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  8. #48
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    148

    Default

    Hi Bruce C,

    It has been over 48 hours since my last post.

    • Did you manage to complete the instructions?
    • Do you still need help?
    • Do you need more time?
    • Are you having problems following the instructions?
    • In line with Safer-Networking's Forum Guidelines, topics will be closed after 3 days without a response.
    • If you do not reply within the next 24 hours, this topic will be closed.


    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  9. #49
    Visiting Fellow
    Join Date
    Nov 2009
    Location
    Land Of The Leprechauns
    Posts
    461

    Default

    This topic has been archived due to inactivity.

    If it has been three days or more since your last post, and the helper assisting you posted a response to which you did not reply, your thread will not be re-opened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested previously, you would be starting fresh.

    If it has been less than three days since your last response and you need the thread re-opened, please send your helper a private message (pm). A valid, working link to the closed topic is required.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •