Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dns changer


  • This topic is locked This topic is locked
10 replies to this topic

#1 Rixbiz2

Rixbiz2

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 18 July 2010 - 04:21 PM

I have attempted to remove this trojan with malwarebytes and hijack this. No luck it keeps coming back. After reading the forums here, it seems it is on my router (netgear WGT624). I'm running 2 laptops and 2 desktops (1 with a netgear USB adapter and 1 plugged directly into the router) on this network. So, debugging them all will be quite a bit of work, and I'm not real computer savy (so dumb it down, if you can). They are all showing the same registry data on the malwarebytes log (below).

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4324

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

7/18/2010 11:34:13 AM
mbam-log-2010-07-18 (11-34-13).txt

Scan type: Full scan (C:\|)
Objects scanned: 176358
Time elapsed: 20 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.166.105 93.188.161.105 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c63cd119-5144-4b6f-ac29-f14726d492ad}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.166.105 93.188.161.105 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here are the other logs asked to run in the preparation guide;

DDS


DDS (Ver_10-03-17.01) - NTFSx86
Run by Rick at 13:33:09.29 on Sun 07/18/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.660 [GMT -7:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rick\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearch Bar = hxxp://www.toshiba.com/search
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TDispVol] TDispVol.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-11 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-11 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-11 40384]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-11 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-11 40384]

=============== Created Last 30 ================

2010-07-18 20:30:52 0 ----a-w- c:\documents and settings\rick\defogger_reenable
2010-07-11 19:06:27 3833 ----a-w- c:\windows\machine.ver
2010-07-11 18:18:34 0 d-----w- c:\windows\system32\appmgmt
2010-07-11 18:15:15 2 ----a-w- c:\windows\msoffice.ini
2010-07-11 18:11:42 38848 ----a-w- c:\windows\avastSS.scr
2010-07-11 18:11:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-07-11 17:46:19 0 d-----w- c:\program files\SmartPCTools
2010-07-11 17:29:20 0 d-----w- c:\program files\Trend Micro
2010-07-11 16:40:36 0 d-----w- c:\docume~1\rick\applic~1\Malwarebytes
2010-07-11 16:40:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-11 16:40:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-11 16:40:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-11 16:40:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-11 04:44:01 0 d-----w- c:\docume~1\rick\applic~1\You've Got Pictures Screensaver
2010-07-11 04:44:01 0 d-----w- c:\docume~1\rick\applic~1\Intel
2010-07-11 04:44:01 0 d-----w- c:\docume~1\rick\applic~1\AOL
2010-07-11 04:43:05 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-07-11 04:36:47 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-07-11 04:34:32 61 ----a-w- c:\windows\smscfg.ini
2010-07-11 04:32:53 0 d-----w- c:\program files\AVerMedia
2010-07-11 04:32:35 69632 ----a-r- c:\windows\system32\MCSysUtil.dll
2010-07-11 04:32:35 50176 ----a-w- c:\windows\system32\CSH.DLL
2010-07-11 04:32:35 4528 ----a-r- c:\windows\system32\SETBROWS.EXE
2010-07-11 04:32:35 163840 ----a-w- c:\windows\system32\MCCoreUtil.dll
2010-07-11 04:32:35 135168 ----a-w- c:\windows\system32\XML30Lib.dll
2010-07-11 04:32:32 0 d-----w- c:\program files\Metamail Inc
2010-07-11 04:32:00 0 d-----w- c:\program files\common files\InterVideo
2010-07-11 04:31:22 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-07-11 04:29:29 126 ----a-w- c:\docume~1\rick\applic~1\wklnhst.dat
2010-07-11 04:28:22 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-07-11 04:28:22 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-11 04:28:08 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-07-11 04:28:08 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-11 04:20:31 0 d-----w- c:\windows\system32\LogFiles
2010-07-11 04:18:19 0 d-s---w- c:\documents and settings\rick\UserData

==================== Find3M ====================


============= FINISH: 13:33:33.67 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:42 AM

Posted 25 July 2010 - 11:39 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


MBRCheck

Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3. report from MBRchecker
      4.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:42 AM

Posted 29 July 2010 - 03:51 PM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Rixbiz2

Rixbiz2
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 29 July 2010 - 08:57 PM

Thanks Gringo. I just got notification of your post today. It looks like you just posted it today. give me a day or 2 to run the insructions you gave me.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:42 AM

Posted 29 July 2010 - 09:52 PM

thumbup2.gif
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:42 AM

Posted 02 August 2010 - 06:33 PM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Rixbiz2

Rixbiz2
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 02 August 2010 - 08:09 PM

Ok Gringo, here are the logs:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/10/2010 9:43:36 PM
System Uptime: 7/31/2010 2:32:20 AM (63 hours ago)

Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
Processor: Genuine Intel® CPU T2050 @ 1.60GHz | U1 | 1596/mhz
Processor: Genuine Intel® CPU T2050 @ 1.60GHz | U1 | 1596/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 93 GiB total, 82.711 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 7/10/2010 9:43:43 PM - System Checkpoint
RP2: 7/11/2010 11:11:30 AM - avast! Free Antivirus Setup
RP3: 7/11/2010 11:18:33 AM - Removed MyConnect Special Offer
RP4: 7/12/2010 4:41:10 PM - System Checkpoint
RP5: 7/13/2010 6:12:47 PM - System Checkpoint
RP6: 7/14/2010 6:56:59 PM - System Checkpoint
RP7: 7/15/2010 7:04:10 PM - System Checkpoint
RP8: 7/17/2010 4:57:44 PM - System Checkpoint
RP9: 7/18/2010 5:27:07 PM - System Checkpoint
RP10: 7/20/2010 5:57:44 PM - System Checkpoint
RP11: 7/24/2010 8:56:00 AM - System Checkpoint
RP12: 7/25/2010 11:29:20 AM - System Checkpoint
RP13: 7/27/2010 9:22:37 AM - System Checkpoint
RP14: 7/28/2010 6:07:40 PM - System Checkpoint
RP15: 7/30/2010 6:04:03 PM - System Checkpoint
RP16: 8/1/2010 9:26:18 AM - System Checkpoint

==== Installed Programs ======================

Adobe Reader 7.0
avast! Free Antivirus
Bejeweled 2 Deluxe
Blasterball 2 Revolution
Bluetooth Stack for Windows by Toshiba
CD/DVD Drive Acoustic Silencer
DVD-RAM Driver
ESPNMotion
FATE
GemMaster Mystic
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0 Update 4
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
mCore
mDrWiFi
Metamail (Toshiba Registration Utility)
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office OneNote 2003
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
mIWA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
mWlsSafe
mXML
mZConfig
Office 2003 Trial Assistant
Otto
Polar Golfer
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
SCRABBLE
SD Secure Module
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Sonic DLA
Sonic Encoders
Sonic RecordNow!
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Game Console
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA TV Tuner 4.0.12.73
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Update for Windows Media Player 10 (KB910393)
Update for Windows XP (KB894391)
Update for Windows XP (KB912945)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WebFldrs XP
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890546
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB908250
Yahoo! Music Engine

==== Event Viewer Messages From Past Week ========

7/31/2010 7:45:19 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer DELL02451 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C63CD119-5144-4B6F. The master browser is stopping or an election is being forced.
7/30/2010 8:19:10 AM, error: Dhcp [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 0018DE0641C4 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================


DDS (Ver_10-03-17.01) - NTFSx86
Run by Rick at 17:56:17.49 on Mon 08/02/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.597 [GMT -7:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\WISPTIS.EXE
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Rick\Local Settings\Temporary Internet Files\Content.IE5\KJ2J2V6J\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearch Bar = hxxp://www.toshiba.com/search
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TDispVol] TDispVol.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-11 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-11 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-11 40384]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-11 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-11 40384]

=============== Created Last 30 ================

2010-07-18 20:30:52 0 ----a-w- c:\documents and settings\rick\defogger_reenable
2010-07-11 19:06:27 3833 ----a-w- c:\windows\machine.ver
2010-07-11 18:18:34 0 d-----w- c:\windows\system32\appmgmt
2010-07-11 18:15:15 2 ----a-w- c:\windows\msoffice.ini
2010-07-11 18:11:42 38848 ----a-w- c:\windows\avastSS.scr
2010-07-11 18:11:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-07-11 17:46:19 0 d-----w- c:\program files\SmartPCTools
2010-07-11 17:29:20 0 d-----w- c:\program files\Trend Micro
2010-07-11 16:40:36 0 d-----w- c:\docume~1\rick\applic~1\Malwarebytes
2010-07-11 16:40:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-11 16:40:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-11 16:40:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-11 16:40:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-11 04:44:01 0 d-----w- c:\docume~1\rick\applic~1\You've Got Pictures Screensaver
2010-07-11 04:44:01 0 d-----w- c:\docume~1\rick\applic~1\Intel
2010-07-11 04:44:01 0 d-----w- c:\docume~1\rick\applic~1\AOL
2010-07-11 04:43:05 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-07-11 04:36:47 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-07-11 04:34:32 61 ----a-w- c:\windows\smscfg.ini
2010-07-11 04:32:53 0 d-----w- c:\program files\AVerMedia
2010-07-11 04:32:35 69632 ----a-r- c:\windows\system32\MCSysUtil.dll
2010-07-11 04:32:35 50176 ----a-w- c:\windows\system32\CSH.DLL
2010-07-11 04:32:35 4528 ----a-r- c:\windows\system32\SETBROWS.EXE
2010-07-11 04:32:35 163840 ----a-w- c:\windows\system32\MCCoreUtil.dll
2010-07-11 04:32:35 135168 ----a-w- c:\windows\system32\XML30Lib.dll
2010-07-11 04:32:32 0 d-----w- c:\program files\Metamail Inc
2010-07-11 04:32:00 0 d-----w- c:\program files\common files\InterVideo
2010-07-11 04:31:22 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-07-11 04:29:29 126 ----a-w- c:\docume~1\rick\applic~1\wklnhst.dat
2010-07-11 04:28:22 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-07-11 04:28:22 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-11 04:28:08 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-07-11 04:28:08 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-11 04:20:31 0 d-----w- c:\windows\system32\LogFiles
2010-07-11 04:18:19 0 d-s---w- c:\documents and settings\rick\UserData

==================== Find3M ====================


============= FINISH: 17:56:31.87 ===============


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0xAAB13000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4247552 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2252800 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2252800 bytes
0x804D7000 RAW 2252800 bytes
0x804D7000 WMIxWDM 2252800 bytes
0xBF800000 Win32k 1843200 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1843200 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF70AC000 C:\WINDOWS\system32\DRIVERS\w39n51.sys 1429504 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0xF7242000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1355776 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xAA9DE000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1126400 bytes (Agere Systems, SoftModem Device Driver)
0xBFA39000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF742E000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAA734000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xAA901000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA9A0E000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xA9B50000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBFA04000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
0xF6F21000 C:\WINDOWS\system32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)
0xF7531000 KR10N.sys 204800 bytes (TOSHIBA CORPORATION, TOSHIBA RAID Driver)
0xF6F55000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF6FF9000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 192512 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xF75EF000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA9BE1000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7401000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAA7A3000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA91EC000 C:\WINDOWS\system32\drivers\kmixer.sys 172032 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF7028000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 163840 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xAA8B8000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF7061000 C:\WINDOWS\system32\drivers\tifm21.sys 163840 bytes (Texas Instruments, tifm21.sys)
0xAA70D000 C:\WINDOWS\System32\Drivers\aswSP.SYS 159744 bytes (ALWIL Software, avast! self protection module)
0xF757B000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF7209000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 151552 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xF6FD6000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF7089000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xAA7CE000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF9E2000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xAAAF1000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xAA8E0000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806FD000 ACPI_HAL 134272 bytes
0x806FD000 C:\WINDOWS\system32\hal.dll 134272 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF74FA000 fltMgr.sys 126976 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF75A1000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF75C0000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF73E6000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xAA97D000 C:\WINDOWS\System32\Drivers\meiudf.sys 102400 bytes (Matsubleepa Electric Industrial Co.,Ltd., DVD-RAM UDF File System Driver)
0xF7563000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAA587000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xAA6F5000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7519000 C:\WINDOWS\system32\drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xAA302000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (ALWIL Software, avast! File System Filter Driver for Windows XP)
0xF74BB000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6F97000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAA59F000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xAA571000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF74D2000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xA9E15000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF722E000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA959000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF9C2000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF74E8000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF75DE000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6F86000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7050000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 69632 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xAA96C000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xA9D28000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF76DE000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF773E000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF783E000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF764E000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF771E000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAA192000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF788E000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF9D4000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF765E000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF770E000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF769E000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF76EE000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF77CE000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF767E000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF77EE000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76FE000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF766E000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF77DE000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF784E000 C:\WINDOWS\system32\DRIVERS\Tvs.sys 45056 bytes (TOSHIBA Corporation, TOSHIBA Audio Filter Driver)
0xF76BE000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (ALWIL Software, avast! TDI Filter Driver)
0xAA898000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF781E000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF780E000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF785E000 C:\WINDOWS\system32\DRIVERS\csiidecoder_kern_i386.sys 36864 bytes (-, SRS Labs CSII Decoder Kernel DLL)
0xF768E000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF775E000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF777E000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF76CE000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF763E000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF77FE000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF774E000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA97BE000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF772E000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7A3E000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF797E000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7A1E000 C:\WINDOWS\system32\DRIVERS\tsxt_kern_i386.sys 32768 bytes (-, SRS Labs TruSurround XT kernel DLL)
0xF7A16000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF79B6000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF78BE000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF790E000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7A2E000 C:\WINDOWS\system32\DRIVERS\wowhd_kern_i386.sys 28672 bytes (SRS Labs, Inc., WOW HD kernel mode DLL for Windows)
0xF79AE000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (ALWIL Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF794E000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF7946000 C:\WINDOWS\system32\drivers\iviaspi.sys 24576 bytes (InterVideo, Inc., InterVideo ASPI Shell)
0xF7926000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7936000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7956000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7966000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF7A46000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (ALWIL Software, avast! TDI RDR Driver)
0xF795E000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF78C6000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF79FE000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF78CE000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7A0E000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF79EE000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7906000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF79DE000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7A56000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7AE6000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xAA61D000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xF73BA000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAA5E1000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xAA559000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 16384 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xF7A5A000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xAA9C2000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (ALWIL Software, avast! File System Access Blocking Driver)
0xF7A4E000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7A52000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xAA9D2000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF6F19000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF6F05000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7B22000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xAA47D000 C:\WINDOWS\system32\DRIVERS\netdevio.sys 12288 bytes (TOSHIBA Corporation., Network Device Usermode I/O protocol)
0xF7AFE000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)
0xF6FBA000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF73B2000 C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys 12288 bytes
0xF7BBE000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows ® 2000 DDK provider, TR Manager)
0xF7B66000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B4C000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF7BA6000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7B42000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7B76000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7B62000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B3E000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B6A000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B54000 C:\WINDOWS\system32\DRIVERS\NBSMI.sys 8192 bytes (Toshiba Corporation, Toshiba Notebook PC SMI Driver)
0xF7B6E000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B52000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B48000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B40000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7D0D000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7CD8000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7CB7000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7D78000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7C07000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7C06000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0xAAB13000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4247552 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2252800 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2252800 bytes
0x804D7000 RAW 2252800 bytes
0x804D7000 WMIxWDM 2252800 bytes
0xBF800000 Win32k 1843200 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1843200 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF70AC000 C:\WINDOWS\system32\DRIVERS\w39n51.sys 1429504 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0xF7242000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1355776 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xAA9DE000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1126400 bytes (Agere Systems, SoftModem Device Driver)
0xBFA39000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF742E000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAA734000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xAA901000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA9A0E000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xA9B50000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBFA04000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
0xF6F21000 C:\WINDOWS\system32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)
0xF7531000 KR10N.sys 204800 bytes (TOSHIBA CORPORATION, TOSHIBA RAID Driver)
0xF6F55000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF6FF9000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 192512 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xF75EF000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA9BE1000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7401000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAA7A3000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA91EC000 C:\WINDOWS\system32\drivers\kmixer.sys 172032 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF7028000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 163840 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xAA8B8000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF7061000 C:\WINDOWS\system32\drivers\tifm21.sys 163840 bytes (Texas Instruments, tifm21.sys)
0xAA70D000 C:\WINDOWS\System32\Drivers\aswSP.SYS 159744 bytes (ALWIL Software, avast! self protection module)
0xF757B000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF7209000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 151552 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xF6FD6000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF7089000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xAA7CE000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF9E2000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xAAAF1000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xAA8E0000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806FD000 ACPI_HAL 134272 bytes
0x806FD000 C:\WINDOWS\system32\hal.dll 134272 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF74FA000 fltMgr.sys 126976 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF75A1000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF75C0000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF73E6000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xAA97D000 C:\WINDOWS\System32\Drivers\meiudf.sys 102400 bytes (Matsubleepa Electric Industrial Co.,Ltd., DVD-RAM UDF File System Driver)
0xF7563000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAA587000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xAA6F5000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7519000 C:\WINDOWS\system32\drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xAA302000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (ALWIL Software, avast! File System Filter Driver for Windows XP)
0xF74BB000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6F97000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAA59F000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xAA571000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF74D2000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xA9E15000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF722E000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA959000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF9C2000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF74E8000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF75DE000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6F86000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7050000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 69632 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xAA96C000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xA9D28000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF76DE000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF773E000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF783E000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF764E000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF771E000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAA192000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF788E000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF9D4000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF765E000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF770E000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF769E000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF76EE000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF77CE000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF767E000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF77EE000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76FE000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF766E000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF77DE000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF784E000 C:\WINDOWS\system32\DRIVERS\Tvs.sys 45056 bytes (TOSHIBA Corporation, TOSHIBA Audio Filter Driver)
0xF76BE000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (ALWIL Software, avast! TDI Filter Driver)
0xAA898000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF781E000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF780E000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF785E000 C:\WINDOWS\system32\DRIVERS\csiidecoder_kern_i386.sys 36864 bytes (-, SRS Labs CSII Decoder Kernel DLL)
0xF768E000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF775E000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF777E000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF76CE000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF763E000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF77FE000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF774E000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA97BE000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF772E000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7A3E000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF797E000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7A1E000 C:\WINDOWS\system32\DRIVERS\tsxt_kern_i386.sys 32768 bytes (-, SRS Labs TruSurround XT kernel DLL)
0xF7A16000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF79B6000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF78BE000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF790E000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7A2E000 C:\WINDOWS\system32\DRIVERS\wowhd_kern_i386.sys 28672 bytes (SRS Labs, Inc., WOW HD kernel mode DLL for Windows)
0xF79AE000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (ALWIL Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF794E000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF7946000 C:\WINDOWS\system32\drivers\iviaspi.sys 24576 bytes (InterVideo, Inc., InterVideo ASPI Shell)
0xF7926000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7936000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7956000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7966000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF7A46000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (ALWIL Software, avast! TDI RDR Driver)
0xF795E000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF78C6000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF79FE000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF78CE000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7A0E000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF79EE000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7906000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF79DE000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7A56000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7AE6000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xAA61D000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xF73BA000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAA5E1000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xAA559000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 16384 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xF7A5A000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xAA9C2000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (ALWIL Software, avast! File System Access Blocking Driver)
0xF7A4E000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7A52000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xAA9D2000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF6F19000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF6F05000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7B22000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xAA47D000 C:\WINDOWS\system32\DRIVERS\netdevio.sys 12288 bytes (TOSHIBA Corporation., Network Device Usermode I/O protocol)
0xF7AFE000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)
0xF6FBA000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF73B2000 C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys 12288 bytes
0xF7BBE000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows ® 2000 DDK provider, TR Manager)
0xF7B66000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B4C000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF7BA6000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7B42000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7B76000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7B62000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B3E000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B6A000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B54000 C:\WINDOWS\system32\DRIVERS\NBSMI.sys 8192 bytes (Toshiba Corporation, Toshiba Notebook PC SMI Driver)
0xF7B6E000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B52000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B48000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B40000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7D0D000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7CD8000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7CB7000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7D78000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7C07000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7C06000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 155):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FD000 \WINDOWS\system32\hal.dll
0xF7B3E000 \WINDOWS\system32\KDCOM.DLL
0xF7A4E000 \WINDOWS\system32\BOOTVID.dll
0xF75EF000 ACPI.sys
0xF7B40000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF75DE000 pci.sys
0xF763E000 isapnp.sys
0xF764E000 ohci1394.sys
0xF765E000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A52000 compbatt.sys
0xF7A56000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7C06000 pciide.sys
0xF78BE000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF75C0000 pcmcia.sys
0xF766E000 MountMgr.sys
0xF75A1000 ftdisk.sys
0xF7B42000 dmload.sys
0xF757B000 dmio.sys
0xF7A5A000 ACPIEC.sys
0xF7C07000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF78C6000 PartMgr.sys
0xF767E000 VolSnap.sys
0xF7563000 atapi.sys
0xF7531000 KR10N.sys
0xF7519000 \WINDOWS\system32\drivers\SCSIPORT.SYS
0xF768E000 disk.sys
0xF769E000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF74FA000 fltMgr.sys
0xF74E8000 sr.sys
0xF74D2000 DRVMCDB.SYS
0xF78CE000 PxHelp20.sys
0xF74BB000 KSecDD.sys
0xF742E000 Ntfs.sys
0xF7401000 NDIS.sys
0xF73E6000 Mup.sys
0xF76CE000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7AE6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7242000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF722E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7209000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF70AC000 \SystemRoot\system32\DRIVERS\w39n51.sys
0xF7906000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7089000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF790E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF76DE000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7061000 \SystemRoot\system32\drivers\tifm21.sys
0xF7050000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF7028000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF76EE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7926000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6FF9000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7B48000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7936000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF76FE000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7946000 \SystemRoot\system32\drivers\iviaspi.sys
0xF7AFE000 \SystemRoot\system32\drivers\pfc.sys
0xF7B4C000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF770E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF771E000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6FD6000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7D0D000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF77CE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B22000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6F97000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77DE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77EE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF79EE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6F86000 \SystemRoot\system32\DRIVERS\psched.sys
0xF77FE000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF79FE000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7A0E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6F55000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF780E000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B52000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6F21000 \SystemRoot\system32\DRIVERS\update.sys
0xF73BA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF73B2000 \SystemRoot\system32\DRIVERS\tbiosdrv.sys
0xF7B54000 \SystemRoot\system32\DRIVERS\NBSMI.sys
0xF781E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAAB13000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAAAF1000 \SystemRoot\system32\drivers\portcls.sys
0xF783E000 \SystemRoot\system32\drivers\drmk.sys
0xF784E000 \SystemRoot\system32\DRIVERS\Tvs.sys
0xF7A1E000 \SystemRoot\system32\DRIVERS\tsxt_kern_i386.sys
0xF7A2E000 \SystemRoot\system32\DRIVERS\wowhd_kern_i386.sys
0xF785E000 \SystemRoot\system32\DRIVERS\csiidecoder_kern_i386.sys
0xAA9DE000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7A3E000 \SystemRoot\System32\Drivers\Modem.SYS
0xF788E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B62000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D78000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B66000 \SystemRoot\System32\Drivers\Beep.SYS
0xF794E000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF7956000 \SystemRoot\System32\drivers\vga.sys
0xF7B6A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B6E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xAA97D000 \SystemRoot\System32\Drivers\meiudf.sys
0xAA96C000 \SystemRoot\System32\Drivers\Udfs.SYS
0xF795E000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF797E000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6FBA000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA959000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA901000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF76BE000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAA8E0000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF772E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA8B8000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF773E000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xAA7CE000 \SystemRoot\System32\drivers\afd.sys
0xF774E000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA7A3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA734000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF775E000 \SystemRoot\System32\Drivers\Fips.SYS
0xAA70D000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF79AE000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF6F19000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF777E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF79B6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF6F05000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAA6F5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B76000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA9D2000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79DE000 \SystemRoot\System32\watchdog.sys
0xBF9C2000 \SystemRoot\System32\drivers\dxg.sys
0xF7CB7000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9E2000 \SystemRoot\System32\ialmdnt5.dll
0xBF9D4000 \SystemRoot\System32\ialmrnt5.dll
0xBFA04000 \SystemRoot\System32\ialmdev5.DLL
0xBFA39000 \SystemRoot\System32\ialmdd5.DLL
0xAA9C2000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xAA898000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7CD8000 \SystemRoot\System32\DLA\DLADResN.SYS
0xAA59F000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xAA61D000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF7BA6000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xF7A16000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xAA587000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xAA571000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xF7966000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xAA559000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xAA5E1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAA47D000 \SystemRoot\system32\DRIVERS\netdevio.sys
0xAA302000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA9E15000 \SystemRoot\system32\drivers\wdmaud.sys
0xAA192000 \SystemRoot\system32\drivers\sysaudio.sys
0xA9BE1000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7BBE000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xA9B50000 \SystemRoot\System32\Drivers\HTTP.sys
0xA9A0E000 \SystemRoot\system32\DRIVERS\srv.sys
0xF7A46000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA91EC000 \SystemRoot\system32\drivers\kmixer.sys
0xA9D28000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 58):
0 System Idle Process
4 System
800 C:\WINDOWS\system32\smss.exe
856 csrss.exe
880 C:\WINDOWS\system32\winlogon.exe
928 C:\WINDOWS\system32\services.exe
940 C:\WINDOWS\system32\lsass.exe
1112 C:\WINDOWS\system32\svchost.exe
1216 svchost.exe
1272 C:\WINDOWS\system32\svchost.exe
1356 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1412 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1580 svchost.exe
1624 svchost.exe
1832 C:\WINDOWS\explorer.exe
120 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
676 C:\WINDOWS\system32\TDispVol.exe
700 C:\WINDOWS\system32\igfxtray.exe
772 C:\WINDOWS\system32\hkcmd.exe
784 C:\WINDOWS\system32\igfxpers.exe
820 C:\WINDOWS\ehome\ehtray.exe
944 C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
1136 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1120 C:\Program Files\ltmoh\ltmoh.exe
1292 C:\WINDOWS\agrsmmsg.exe
1328 C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
1336 C:\Program Files\Synaptics\SynTP\Toshiba.exe
1196 C:\WINDOWS\system32\TPSMain.exe
1452 C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
1476 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
1500 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
1520 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
1436 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
1708 C:\WINDOWS\system32\TPSBattM.exe
1720 C:\Program Files\Messenger\msmsgs.exe
1728 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
1740 C:\WINDOWS\system32\ctfmon.exe
1760 C:\WINDOWS\system32\RAMASST.exe
368 C:\WINDOWS\system32\spoolsv.exe
672 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
728 C:\WINDOWS\system32\DVDRAMSV.exe
1104 C:\WINDOWS\ehome\ehrecvr.exe
1428 C:\WINDOWS\ehome\ehSched.exe
1384 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2064 svchost.exe
2088 C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
2256 C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
2292 mcrdsvc.exe
3192 alg.exe
3492 C:\WINDOWS\ehome\ehmsas.exe
3496 C:\WINDOWS\system32\dllhost.exe
2260 C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
3052 C:\WINDOWS\system32\svchost.exe
3712 C:\WINDOWS\system32\WISPTIS.EXE
160 C:\TOSHIBA\IVP\ISM\Ivpsvmgr.exe
3788 C:\Program Files\Internet Explorer\IEXPLORE.EXE
2800 C:\WINDOWS\system32\wuauclt.exe
1020 C:\Documents and Settings\Rick\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1032GSX, Rev: AS021G

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 31D100779DE502702C374F7C15687B56FCFD5528


Done!

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:42 AM

Posted 02 August 2010 - 09:28 PM

Greetings


Resetting Router

Let’s try to reset the router to its default configuration.
  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS

Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.


after you have completed this run MBAM on all the computers and let me know if it fixed the problem

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Rixbiz2

Rixbiz2
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 03 August 2010 - 10:08 PM

Hi Gringo,

Long story short, I just bought a new router. I've rerun MBAM on all computers, everything came up clean. should enable defogger?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:42 AM

Posted 03 August 2010 - 10:18 PM

Greetings

Glad we found the problem but sorry you had to buy a new router.

After you complete the steps below just delete any tools and logs that are left.


:DeFogger:
    To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    Your Emulation drivers are now re-enabled.


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:clear system restore points:

This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • choose your root drive (normally C:)
  • after it calculates how much space you will save it will open up a new window
  • Select the More options tab at the top of the window
  • Choose the option to clean up system restore and OK it.
  • go back to the disk clean up tab
  • put a checkmark in all - except compress old files (leave this unchecked)
  • click Ok then click yes
This will remove all restore points except the new one you just created and clean unneeded files

:Make your Internet Explorer more secure:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.

:Make Firefox more secure:

:Turn On Automatic Updates:
    Turn On Automatic Updates
    1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
    2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

    If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

    or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and useing often.

please read this great article by miekiemoes How to prevent Malware:
and
this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here:

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:42 AM

Posted 07 August 2010 - 02:32 AM

Since the issue is resolved, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users