you cant have more than 10000 characters in each post though
split it into several posts
Hi nadz,
Then use as much as it takes, with continue…use 3 or 4 consequent postings…
I also opened it and got a lot of gobbledigook with Chinese characters there,
And another thing on the message you received, later we will find what hosed this dll, but you can try this: You aren’t going to be able to overwrite that file outside of DOS or possibly safe mode, however doing that manually is not a necessary job anyways. Just run an update package and let it overwrite the file while windows is still loading. Please download and install these updated Visual C++ Service Pack 6 runtimes (MSVCRT stands for MS Visual C++ Runtimes by the way):
http://download.microsoft.com/download/vc60pro/Update/1/W9XNT4/EN-US/VC6RedistSetup_enu.exe
Keep that file and you may want to re-install it periodically after installing other titles. It will always be safe to re-install this package even when it’s out of date, because when it’s out of date it won’t overwrite anything, unlike whatever the program was that hosed your MSVCRT.dll.
polonus
ROOTREPEAL (c) AD, 2007-2008
Scan Time: 2009/05/31 22:06
Program Version: Version 1.2.3.0
Windows Version: Windows Vista SP1
Drivers
Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x807BA000 Size: 286720 File Visible: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x8241A000 Size: 3903488 File Visible: -
Status: -
Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x8FE0A000 Size: 294912 File Visible: -
Status: -
Name: aswArKrn.sys
Image Path: C:\Users\Nadeem\AppData\Local\Temp\aswArKrn.sys
Address: 0xA1EB5000 Size: 21888 File Visible: No
Status: -
Name: aswFsBlk.sys
Image Path: C:\Windows\system32\DRIVERS\aswFsBlk.sys
Address: 0x8FFB1000 Size: 32768 File Visible: -
Status: -
Name: aswMonFlt.sys
Image Path: C:\Windows\system32\DRIVERS\aswMonFlt.sys
Address: 0x8FF9A000 Size: 94208 File Visible: -
Status: -
Name: aswRdr.SYS
Image Path: C:\Windows\System32\Drivers\aswRdr.SYS
Address: 0x8FE52000 Size: 15136 File Visible: -
Status: -
Name: aswSP.SYS
Image Path: C:\Windows\System32\Drivers\aswSP.SYS
Address: 0x8FF25000 Size: 135168 File Visible: -
Status: -
Name: aswTdi.SYS
Image Path: C:\Windows\System32\Drivers\aswTdi.SYS
Address: 0x8FDE8000 Size: 41664 File Visible: -
Status: -
Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x82A80000 Size: 32768 File Visible: -
Status: -
Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x82A88000 Size: 122880 File Visible: -
Status: -
Name: bcmwl6.sys
Image Path: C:\Windows\system32\DRIVERS\bcmwl6.sys
Address: 0x8E408000 Size: 1056768 File Visible: -
Status: -
Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x8ABF9000 Size: 28672 File Visible: -
Status: -
Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x8047A000 Size: 32768 File Visible: -
Status: -
Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0x81D99000 Size: 102400 File Visible: -
Status: -
Name: BthEnum.sys
Image Path: C:\Windows\system32\DRIVERS\BthEnum.sys
Address: 0x8FCAF000 Size: 40960 File Visible: -
Status: -
Name: bthmodem.sys
Image Path: C:\Windows\system32\DRIVERS\bthmodem.sys
Address: 0x8FCD3000 Size: 57344 File Visible: -
Status: -
Name: bthpan.sys
Image Path: C:\Windows\system32\DRIVERS\bthpan.sys
Address: 0x8FCB9000 Size: 106496 File Visible: -
Status: -
Name: bthport.sys
Image Path: C:\Windows\System32\Drivers\bthport.sys
Address: 0x8FC64000 Size: 237568 File Visible: -
Status: -
Name: BTHUSB.sys
Image Path: C:\Windows\System32\Drivers\BTHUSB.sys
Address: 0x8FC58000 Size: 49152 File Visible: -
Status: -
Name: btwaudio.sys
Image Path: C:\Windows\system32\drivers\btwaudio.sys
Address: 0x8FD55000 Size: 507904 File Visible: -
Status: -
Name: btwavdt.sys
Image Path: C:\Windows\system32\drivers\btwavdt.sys
Address: 0x8FCEE000 Size: 421888 File Visible: -
Status: -
Name: btwrchid.sys
Image Path: C:\Windows\system32\DRIVERS\btwrchid.sys
Address: 0x8FDD1000 Size: 9472 File Visible: -
Status: -
Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x986C0000 Size: 57344 File Visible: -
Status: -
Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0xA1E2B000 Size: 90112 File Visible: -
Status: -
Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8E515000 Size: 98304 File Visible: -
Status: -
Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x804C3000 Size: 917504 File Visible: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x8ABA6000 Size: 135168 File Visible: -
Status: -
Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x80482000 Size: 266240 File Visible: -
Status: -
Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x8FF46000 Size: 53248 File Visible: -
Status: -
Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x8ABC7000 Size: 36864 File Visible: -
Status: -
Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x8FF0E000 Size: 94208 File Visible: -
Status: -
Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x8AB95000 Size: 69632 File Visible: -
Status: -
Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x82B8F000 Size: 151552 File Visible: -
Status: -
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8FF5E000 Size: 32768 File Visible: No
Status: -
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8FF53000 Size: 45056 File Visible: No
Status: -
Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x8FF66000 Size: 40960 File Visible: -
Status: -
Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8EF47000 Size: 651264 File Visible: -
Status: -
Name: e1e6032.sys
Image Path: C:\Windows\system32\DRIVERS\e1e6032.sys
Address: 0x8A905000 Size: 241664 File Visible: -
Status: -
Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x8AB6E000 Size: 159744 File Visible: -
Status: -
Name: fastfat.SYS
Image Path: C:\Windows\System32\Drivers\fastfat.SYS
Address: 0xA1E03000 Size: 163840 File Visible: -
Status: -
Name: fdc.sys
Image Path: C:\Windows\system32\DRIVERS\fdc.sys
Address: 0x8E50A000 Size: 45056 File Visible: -
Status: -
Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x82AD8000 Size: 65536 File Visible: -
Status: -
Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x82AA6000 Size: 204800 File Visible: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8F7F5000 Size: 36864 File Visible: -
Status: -
Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x8A8EA000 Size: 110592 File Visible: -
Status: -
Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x827D3000 Size: 208896 File Visible: -
Status: -
Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8A98D000 Size: 73728 File Visible: -
Status: -
Name: HIDCLASS.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x8FC37000 Size: 65536 File Visible: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x8A9F8000 Size: 28672 File Visible: -
Status: -
Name: hidusb.sys
Image Path: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0x8FC2E000 Size: 36864 File Visible: -
Status: -
Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0x81D11000 Size: 438272 File Visible: -
Status: -
Name: IntelDH.sys
Image Path: C:\Windows\System32\Drivers\IntelDH.sys
Address: 0x8E5FD000 Size: 5632 File Visible: -
Status: -
Name: intelide.sys
Image Path: C:\Windows\system32\DRIVERS\intelide.sys
Address: 0x82A54000 Size: 28672 File Visible: -
Status: -
Name: intelppm.sys
Image Path: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x8AA00000 Size: 61440 File Visible: -
Status: -
Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8A9D8000 Size: 45056 File Visible: -
Status: -
Name: kbdhid.sys
Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys
Address: 0x8FC4F000 Size: 36864 File Visible: -
Status: -
Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x80401000 Size: 32768 File Visible: -
Status: -
Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x8A779000 Size: 172032 File Visible: -
Status: -
Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x82AF1000 Size: 462848 File Visible: -
Status: -
Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x81CBA000 Size: 65536 File Visible: -
Status: -
Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x8FF7F000 Size: 110592 File Visible: -
Status: -
Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x80409000 Size: 393216 File Visible: -
Status: -
Name: modem.sys
Image Path: C:\Windows\system32\drivers\modem.sys
Address: 0x8FCE1000 Size: 53248 File Visible: -
Status: -
Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x8FF70000 Size: 61440 File Visible: -
Status: -
Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8A9E3000 Size: 45056 File Visible: -
Status: -
Name: mouhid.sys
Image Path: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0x8FC47000 Size: 32768 File Visible: -
Status: -
Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x82A70000 Size: 65536 File Visible: -
Status: -
Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0x81DB2000 Size: 86016 File Visible: -
Status: -
Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0x81DC7000 Size: 131072 File Visible: -
Status: -
Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x8FFC1000 Size: 126976 File Visible: -
Status: -
Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x9F803000 Size: 233472 File Visible: -
Status: -
Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x9F83C000 Size: 98304 File Visible: -
Status: -
Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x82BE1000 Size: 45056 File Visible: -
Status: -
Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x805A3000 Size: 32768 File Visible: -
Status: -
Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8E52D000 Size: 188416 File Visible: -
Status: -
Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x8A714000 Size: 176128 File Visible: -
Status: -
Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8A9EE000 Size: 40960 File Visible: -
Status: -
Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x8AB5F000 Size: 61440 File Visible: -
Status: -
Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x8A609000 Size: 1093632 File Visible: -
Status: -
Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8E5BE000 Size: 45056 File Visible: -
Status: -
Name: ndisuio.sys
Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0x81CF4000 Size: 40960 File Visible: -
Status: -
Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8E5C9000 Size: 143360 File Visible: -
Status: -
Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8A7E4000 Size: 69632 File Visible: -
Status: -
Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x8FEA7000 Size: 57344 File Visible: -
Status: -
Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8FE56000 Size: 204800 File Visible: -
Status: -
Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x8A73F000 Size: 237568 File Visible: -
Status: -
Name: nmsunidr.sys
Image Path: C:\Windows\system32\DRIVERS\nmsunidr.sys
Address: 0x9F8C7000 Size: 5376 File Visible: -
Status: -
Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x82BEC000 Size: 57344 File Visible: -
Status: -
Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x8FF04000 Size: 40960 File Visible: -
Status: -
Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x8AA0F000 Size: 1110016 File Visible: -
Status: -
Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x8241A000 Size: 3903488 File Visible: -
Status: -
Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x8E400000 Size: 28672 File Visible: -
Status: -
Name: nvlddmkm.sys
Image Path: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Address: 0x8E801000 Size: 7624192 File Visible: -
Status: -
Name: nwifi.sys
Image Path: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0x81CCA000 Size: 172032 File Visible: -
Status: -
Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x8FE91000 Size: 90112 File Visible: -
Status: -
Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x805D2000 Size: 61440 File Visible: -
Status: -
Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x805AB000 Size: 159744 File Visible: -
Status: -
Name: pciide.sys
Image Path: C:\Windows\system32\drivers\pciide.sys
Address: 0x82A69000 Size: 28672 File Visible: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\DRIVERS\PCIIDEX.SYS
Address: 0x82A5B000 Size: 57344 File Visible: -
Status: -
Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0x9F8C9000 Size: 909312 File Visible: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x8241A000 Size: 3903488 File Visible: -
Status: -
Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x82B62000 Size: 184320 File Visible: -
Status: -
Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x80469000 Size: 69632 File Visible: -
Status: -
Name: PxHelp20.sys
Image Path: C:\Windows\System32\Drivers\PxHelp20.sys
Address: 0x82AE8000 Size: 36288 File Visible: -
Status: -
Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x82A00000 Size: 36864 File Visible: -
Status: -
Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8E5A7000 Size: 94208 File Visible: -
Status: -
Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8E5EC000 Size: 61440 File Visible: -
Status: -
Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8A99F000 Size: 81920 File Visible: -
Status: -
Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8A9B3000 Size: 86016 File Visible: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x8241A000 Size: 3903488 File Visible: -
Status: -
Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x8FEC8000 Size: 245760 File Visible: -
Status: -
Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8A600000 Size: 32768 File Visible: -
Status: -
Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8A7F5000 Size: 32768 File Visible: -
Status: -
Name: rfcomm.sys
Image Path: C:\Windows\system32\DRIVERS\rfcomm.sys
Address: 0x8FC9E000 Size: 69632 File Visible: -
Status: -
Name: rootrepeal.SYS
Image Path: C:\Windows\System32\Drivers\rootrepeal.SYS
Address: 0xA1EDE000 Size: 45056 File Visible: No
Status: -
Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0x81CFE000 Size: 77824 File Visible: -
Status: -
Name: RTKVHDA.sys
Image Path: C:\Windows\system32\drivers\RTKVHDA.sys
Address: 0x8F600000 Size: 2049472 File Visible: -
Status: -
Name: SCSIPORT.SYS
Image Path: C:\Windows\System32\Drivers\SCSIPORT.SYS
Address: 0x80794000 Size: 155648 File Visible: -
Status: -
Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0x9F9A7000 Size: 40960 File Visible: -
Status: -
Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x8FDD4000 Size: 81920 File Visible: -
Status: -
Name: sp_rsdrv2.sys
Image Path: C:\Windows\system32\drivers\sp_rsdrv2.sys
Address: 0xA1EBB000 Size: 142592 File Visible: -
Status: -
Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x8AB57000 Size: 32768 File Visible: -
Status: -
Name: spqo.sys
Image Path: C:\Windows\System32\Drivers\spqo.sys
Address: 0x8068B000 Size: 1048576 File Visible: No
Status: -
Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x81C0B000 Size: 716800 File Visible: -
Status: -
Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No
Status: -
Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0x9F87B000 Size: 311296 File Visible: -
Status: -
Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0x9F854000 Size: 159744 File Visible: -
Status: -
Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0x81D7C000 Size: 118784 File Visible: -
Status: -
Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x8E55B000 Size: 266240 File Visible: -
Status: -
Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8E5FB000 Size: 4992 File Visible: -
Status: -
Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x8A803000 Size: 946176 File Visible: -
Status: -
Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0x9F9B1000 Size: 49152 File Visible: -
Status: -
Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8E59C000 Size: 45056 File Visible: -
Status: -
Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x8FC04000 Size: 90112 File Visible: -
Status: -
Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8A9C8000 Size: 65536 File Visible: -
Status: -
Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x98680000 Size: 36864 File Visible: -
Status: -
Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x8ABF0000 Size: 36864 File Visible: -
Status: -
Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8A7A3000 Size: 53248 File Visible: -
Status: -
Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8FC2C000 Size: 8192 File Visible: -
Status: -
Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8A97E000 Size: 61440 File Visible: -
Status: -
Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8A7B0000 Size: 212992 File Visible: -
Status: -
Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8A940000 Size: 253952 File Visible: -
Status: -
Name: USBSTOR.SYS
Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Address: 0x8FC1A000 Size: 73728 File Visible: -
Status: -
Name: usbuhci.sys
Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys
Address: 0x8EFF3000 Size: 45056 File Visible: -
Status: -
Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x82BB4000 Size: 49152 File Visible: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x82BC0000 Size: 135168 File Visible: -
Status: -
Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x805E1000 Size: 61440 File Visible: -
Status: -
Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x82A0A000 Size: 303104 File Visible: -
Status: -
Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x8AB1E000 Size: 233472 File Visible: -
Status: -
Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x8FEB5000 Size: 77824 File Visible: -
Status: -
Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8EFE6000 Size: 53248 File Visible: -
Status: -
Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x80602000 Size: 507904 File Visible: -
Status: -
Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x8067E000 Size: 53248 File Visible: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0x98460000 Size: 2105344 File Visible: -
Status: -
Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x98460000 Size: 2105344 File Visible: -
Status: -
Name: WMILIB.SYS
Image Path: C:\Windows\System32\Drivers\WMILIB.SYS
Address: 0x8078B000 Size: 36864 File Visible: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x8241A000 Size: 3903488 File Visible: -
Status: -
Name: ws2ifsl.sys
Image Path: C:\Windows\system32\drivers\ws2ifsl.sys
Address: 0x8FE88000 Size: 36864 File Visible: -
Status: -
Name: WUDFPf.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFPf.sys
Address: 0x9F9D2000 Size: 73728 File Visible: -
Status: -
Name: WUDFRd.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFRd.sys
Address: 0x9F9BD000 Size: 83328 File Visible: -
Status: -
thats all guys
That logs good ( all files visible ) did you run MBAM and SAS ?
i cudnt access mbam or sas kept saying the page can not be displayed so i used spyware terminator instead
try to download mbam and sas, then try to update and run quick scans. If you have any problems downloading or updating or scanning post back
http://filehippo.com/download_malwarebytes_anti_malware/
http://filehippo.com/download_superantispyware/
Post the logs
You’ll need to fix those 017 entries because they will divert you from anti-malware sites.
Run HijackThis! again, tick all the 017 entries and click ‘Fix’ and reboot.
Then try the MBAM site again.
This is true, however using sites like filehippo, sometimes works
malware bytes is doing a scan at the moment but superanti spyware keeps crashing when i try to install it
Rename the set up file. Right click and choose rename, call it someshit.exe, then install, navigate to C/program files/superantispyware/superantispyware.exe and rename superantispyware.exe.Then double click on renamed file to run
sas installation still not working.working now
should i do a full scan or quick scan for mbam?
Quick. ( i thought you said mbam was already running )
yh it is, i started a full scan but i was wonderin whether i shudda dun a quick scan instead
That pop-up is most likely a varient of Vundo, I got a simliar pop up before.
should i click on remove selected and remove all those files the scan found?
mbam logfile:
Malwarebytes’ Anti-Malware 1.37
Database version: 2182
Windows 6.0.6001 Service Pack 1
31/05/2009 23:59:59
mbam-log-2009-05-31 (23-59-55).txt
Scan type: Quick Scan
Objects scanned: 113171
Time elapsed: 12 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 10
Folders Infected: 2
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) → No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys (Trojan.Agent) → No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces{483e6976-b351-4980-b960-e165a697e9d5}\DhcpNameServer (Trojan.DNSChanger) → Data: 85.255.112.113,85.255.112.175 → No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces{dd0776bd-5582-4a88-a0e6-56cd9fdcf422}\DhcpNameServer (Trojan.DNSChanger) → Data: 85.255.112.113,85.255.112.175 → No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces{483e6976-b351-4980-b960-e165a697e9d5}\DhcpNameServer (Trojan.DNSChanger) → Data: 85.255.112.113,85.255.112.175 → No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces{dd0776bd-5582-4a88-a0e6-56cd9fdcf422}\DhcpNameServer (Trojan.DNSChanger) → Data: 85.255.112.113,85.255.112.175 → No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) → Data: 85.255.112.113,85.255.112.175 → No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces{483e6976-b351-4980-b960-e165a697e9d5}\DhcpNameServer (Trojan.DNSChanger) → Data: 85.255.112.113,85.255.112.175 → No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces{483e6976-b351-4980-b960-e165a697e9d5}\NameServer (Trojan.DNSChanger) → Data: 85.255.112.113,85.255.112.175 → No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces{796decb5-83d9-40cf-850f-d3358ebe12eb}\NameServer (Trojan.DNSChanger) → Data: 85.255.112.113,85.255.112.175 → No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces{dd0776bd-5582-4a88-a0e6-56cd9fdcf422}\DhcpNameServer (Trojan.DNSChanger) → Data: 85.255.112.113,85.255.112.175 → No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces{dd0776bd-5582-4a88-a0e6-56cd9fdcf422}\NameServer (Trojan.DNSChanger) → Data: 85.255.112.113,85.255.112.175 → No action taken.
Folders Infected:
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) → No action taken.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) → No action taken.
Files Infected:
c:\program files\fbrowsingadvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) → No action taken.
c:\program files\fbrowsingadvisor\Logo.png (Trojan.FBrowsingAdvisor) → No action taken.
c:\program files\fbrowsingadvisor\main.db (Trojan.FBrowsingAdvisor) → No action taken.
c:\program files\fbrowsingadvisor\unins000.dat (Trojan.FBrowsingAdvisor) → No action taken.
c:\program files\fbrowsingadvisor\unins000.exe (Trojan.FBrowsingAdvisor) → No action taken.
c:\program files\fbrowsingadvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) → No action taken.
c:\RECYCLER\S-4-8-49-100001131-100016181-100014154-9891.com (Trojan.Agent) → No action taken.
Yes,however, its possible MBAM will not rid you of these viruses.Read the link, and consider that course of action. Run SAS also.
What you have is nasty,if this was my pc, i i would run flash disinfector/avenger/mbam/sas/ and another hjt
http://www.myantispyware.com/2009/04/22/how-to-remove-gxvxcservsys-trojan-redirect-virus/
Tell me, have you recently removed some major malware ?
SUPERAntiSpyware Scan Log
Application Version : 4.26.1004
Core Rules Database Version : 3917
Trace Rules Database Version: 1861
Memory items scanned : 855
Memory threats detected : 0
Registry items scanned : 580
Registry threats detected : 4
File items scanned : 24537
File threats detected : 249
Trojan.Unclassified/SmartEnhancer-G
HKU\S-1-5-21-423385528-2537745124-2120478297-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{D4070176-F144-22CD-0D5C-71B49B46FF19}
Adware.Tracking Cookie
C:\Users\Nadeem\AppData\Roaming\Microsoft\Windows\Cookies\nadeem@stopzilla[2].txt
C:\Users\Nadeem\AppData\Roaming\Microsoft\Windows\Cookies\nadeem@ads.clicksor[1].txt
C:\Users\Nadeem\AppData\Roaming\Microsoft\Windows\Cookies\nadeem@adtech[1].txt
C:\Users\Nadeem\AppData\Roaming\Microsoft\Windows\Cookies\nadeem@chitika[2].txt
C:\Users\Nadeem\AppData\Roaming\Microsoft\Windows\Cookies\nadeem@revsci[2].txt
C:\Users\Nadeem\AppData\Roaming\Microsoft\Windows\Cookies\nadeem@questionmarket[1].txt
C:\Users\Nadeem\AppData\Roaming\Microsoft\Windows\Cookies\nadeem@bs.serving-sys[2].txt
C:\Users\Nadeem\AppData\Roaming\Microsoft\Windows\Cookies\nadeem@ads.pointroll[1].txt
C:\Users\Nadeem\AppData\Roaming\Microsoft\Windows\Cookies\nadeem@collective-media[1].txt
C:\Users\Nadeem\AppData\Roaming\Microsoft\Windows\Cookies\nadeem@myroitracking[1].txt
C:\Users\Nadeem\AppData\Roaming\Microsoft\Windows\Cookies\nadeem@msnportal.112.2o7[1].txt
C:\Users\Nadeem\AppData\Roaming\Microsoft\Windows\Cookies\nadeem@media6degrees[1].txt
C:\Users\Nadeem\AppData\Roaming\Microsoft\Windows\Cookies\nadeem@www.stopzilla[1].txt
C:\Users\Nadeem\AppData\Roaming\Microsoft\Windows\Cookies\nadeem@serving-sys[2].txt
C:\Users\Nadeem\AppData\Roaming\Microsoft\Windows\Cookies\nadeem@rambler[1].txt
C:\Users\Nadeem\AppData\Roaming\Microsoft\Windows\Cookies\nadeem@ad.yieldmanager[1].txt
C:\Users\Nadeem\AppData\Roaming\Microsoft\Windows\Cookies\nadeem@tribalfusion[2].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@2o7[1].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@ad.yieldmanager[2].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@www.googleadservices[1].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@ads.jobsite.co[1].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@adopt.specificclick[2].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@122.2o7[2].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@adopt.euroclick[2].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@ads.pointroll[2].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@atdmt[2].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@bs.serving-sys[1].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@clicks.pangora[2].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@clickshift[1].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@ehg-debenhams.hitbox[1].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@euroclick[1].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@mediaplex[1].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@hitbox[2].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@msnaccountservices.112.2o7[1].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@msnportal.112.2o7[1].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@optimost[1].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@overture[2].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@questionmarket[2].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@realmedia[1].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@revsci[1].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@serving-sys[2].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@specificclick[1].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@tribalfusion[1].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@umstreet.adbureau[2].txt
C:\Users\Madinah\AppData\Roaming\Microsoft\Windows\Cookies\madinah@ad.uk.tangozebra[1].txt
C:\Users\Madinah\AppData\Roaming\Microsoft\Windows\Cookies\madinah@serving-sys[1].txt
C:\Users\Madinah\AppData\Roaming\Microsoft\Windows\Cookies\madinah@specificclick[2].txt
C:\Users\Madinah\AppData\Roaming\Microsoft\Windows\Cookies\madinah@realmedia[1].txt
C:\Users\Madinah\AppData\Roaming\Microsoft\Windows\Cookies\madinah@media.adrevolver[2].txt
C:\Users\Madinah\AppData\Roaming\Microsoft\Windows\Cookies\madinah@media.adrevolver[1].txt
C:\Users\Madinah\AppData\Roaming\Microsoft\Windows\Cookies\madinah@hitbox[2].txt
C:\Users\Madinah\AppData\Roaming\Microsoft\Windows\Cookies\madinah@adopt.euroclick[2].txt
C:\Users\Madinah\AppData\Roaming\Microsoft\Windows\Cookies\madinah@bs.serving-sys[1].txt
C:\Users\Madinah\AppData\Roaming\Microsoft\Windows\Cookies\madinah@tribalfusion[1].txt
C:\Users\Madinah\AppData\Roaming\Microsoft\Windows\Cookies\madinah@adtech[1].txt
C:\Users\Madinah\AppData\Roaming\Microsoft\Windows\Cookies\madinah@adviva[2].txt
C:\Users\Madinah\AppData\Roaming\Microsoft\Windows\Cookies\madinah@2o7[2].txt
C:\Users\Madinah\AppData\Roaming\Microsoft\Windows\Cookies\madinah@ehg-wssuk.hitbox[1].txt
C:\Users\Madinah\AppData\Roaming\Microsoft\Windows\Cookies\madinah@atdmt[2].txt
C:\Users\Madinah\AppData\Roaming\Microsoft\Windows\Cookies\madinah@questionmarket[2].txt
C:\Users\Madinah\AppData\Roaming\Microsoft\Windows\Cookies\madinah@revsci[2].txt
C:\Users\Madinah\AppData\Roaming\Microsoft\Windows\Cookies\madinah@tacoda[1].txt
C:\Users\Madinah\AppData\Roaming\Microsoft\Windows\Cookies\madinah@at.atwola[2].txt
C:\Users\Madinah\AppData\Roaming\Microsoft\Windows\Cookies\madinah@ad.yieldmanager[2].txt
C:\Users\Madinah\AppData\Roaming\Microsoft\Windows\Cookies\madinah@advertising[2].txt
C:\Users\Madinah\AppData\Roaming\Microsoft\Windows\Cookies\madinah@www.googleadservices[1].txt