Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZAES to Malwarebytes to ComboFix Search Hijacking


  • This topic is locked This topic is locked
25 replies to this topic

#1 BugsandWormsYum

BugsandWormsYum

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 PM

Posted 01 November 2010 - 01:05 PM

I apologize for not following the prefered route to a posting. I would like permission to submit a ComboFix report as well as any other help you may deem necessary.
Brief introduction to the problem:
My laptop has been getting sluggish for some time. My efforts to reverse that included:
*Replacing Norton anti virus and an old ZoneAlarm with the latest ZoneAlarm Extreme Security (ZAES)
*Almost daily scouring of my programs / files to remove unnecessary deadwood.
Last week I started noticing search redirection from Yahoo and Google to garbage search substitutes. Virus scanning proved helpless. I went the ZoneAlarm forum which recommended a deep scan in safemode with ZAES. Done, but nothing found. Then they recommended Malwarebytes. Scan found and removed 6 infected documents (log file available). I thought I was done. This weekend my search tools were hijacked with a vengeance (both Yahoo and Google). The issue accelerated: early yesterday I could still open Safari (which I thought was more resistant to bugs). By the end of the day I cold no longer open Safari at all. I chatted with ZoneAlarm tech support. They pointed me to the Combofix approach. This morning I tried to get to the BleepingComputer site but IE refused to take me there. I was getting pretty desperate. The last thing I tried was a private browsing session started from within ZAES which succeeded to take me there and allowed me to follow the recommended process.
Please let me know how to proceed.
Thanks

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:19 PM

Posted 08 November 2010 - 08:24 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 BugsandWormsYum

BugsandWormsYum
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 PM

Posted 08 November 2010 - 11:19 PM

Hi m0le,
Thanks for replying. Much has happened since I posted my first entry last Monday. I would describe it as a "near death" computer experience.

I earn my living by using my computer. By Friday I was becoming very concerned that it was a time bomb ready to go off and give me even more damage than it already had. At that time I decided to use the tools described in the preparation steps at BleepingComputer.com. Defogger and dds ran uneventfully. Gmer could not conclude its scan. On Friday night I set aside a bunch of time to see if I could bring the scan to a conclusion. After a few hours of scanning, the screen froze. The only movement I could still get was from the mouse and from the AltTab key combination. I had no choice but to force a powerdown.

Saturday morning the computer could not start. I tried normal, last known good configuration, safe mode, safe mode with command line and recovery console (which I had installed just a week ago to have available at boot time). Booting generally stopped with the message "WINDOWS COULD NOT START BECAUSE THE FOLLOWING FILE IS MISSING OR CORRUPT: c:\ windows\system32\config\system". During my first try after I waited a while, chkdsk came on, reported damage on the hard disk and proceeded to delete unreadable segments. After watching it a short while, I became concerned that this may be causing more unrecoverable damage so I stopped it. Late Saturday I hit upon the idea of removing my hard drive, putting it into an external drive enclosure and connecting it via USB to another computer. There I could see that none of the contents was accessible due to damage of the file or directory system. So I ran chkdsk from that computer in in recovery mode which made the disk accessible again. When I put it back in my laptop it started up normally.
That's where I am now. I would like to make sure that no malware is left on my laptop and hope very much that you can help.
Regards,
BugsandWormsYum

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:19 PM

Posted 09 November 2010 - 06:00 AM

Nice work :thumbup2:

We should start by making sure we have no rootkit activity.

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


And

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#5 BugsandWormsYum

BugsandWormsYum
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 PM

Posted 09 November 2010 - 12:58 PM

Hi m0le, thanks for your continued help.

First, a side note: this morning my laptop took unusually long to boot up. After startup, vsmon was pretty busy for a while, contributing to a sluggish response.

Here are the reports:

2010/11/09 09:34:47.0750 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/09 09:34:47.0750 ================================================================================
2010/11/09 09:34:47.0750 SystemInfo:
2010/11/09 09:34:47.0750
2010/11/09 09:34:47.0750 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/09 09:34:47.0750 Product type: Workstation
2010/11/09 09:34:47.0750 ComputerName: D1BNYV81
2010/11/09 09:34:47.0765 UserName: AnnandAndy
2010/11/09 09:34:47.0765 Windows directory: C:\WINDOWS
2010/11/09 09:34:47.0765 System windows directory: C:\WINDOWS
2010/11/09 09:34:47.0765 Processor architecture: Intel x86
2010/11/09 09:34:47.0765 Number of processors: 1
2010/11/09 09:34:47.0765 Page size: 0x1000
2010/11/09 09:34:47.0765 Boot type: Normal boot
2010/11/09 09:34:47.0765 ================================================================================
2010/11/09 09:34:51.0968 Initialize success
2010/11/09 09:35:05.0125 ================================================================================
2010/11/09 09:35:05.0125 Scan started
2010/11/09 09:35:05.0125 Mode: Manual;
2010/11/09 09:35:05.0125 ================================================================================
2010/11/09 09:35:06.0968 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/11/09 09:35:07.0468 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/09 09:35:07.0859 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/09 09:35:08.0296 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/11/09 09:35:08.0812 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/09 09:35:09.0281 AegisP (076394a345ee5e9e3911fc0f058f4f38) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/11/09 09:35:09.0640 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2010/11/09 09:35:10.0078 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/09 09:35:10.0453 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/09 09:35:10.0875 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/11/09 09:35:11.0265 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/11/09 09:35:11.0671 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/11/09 09:35:12.0078 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/11/09 09:35:12.0484 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/11/09 09:35:12.0859 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/11/09 09:35:13.0328 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/11/09 09:35:13.0734 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/11/09 09:35:14.0171 ApfiltrService (aeb775a2bae0f392ba6adc0bb706233a) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/11/09 09:35:14.0640 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2010/11/09 09:35:15.0062 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/09 09:35:15.0500 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/11/09 09:35:15.0890 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/11/09 09:35:16.0265 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/11/09 09:35:16.0656 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/09 09:35:17.0093 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/09 09:35:18.0406 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/11/09 09:35:18.0828 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/09 09:35:19.0265 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/09 09:35:19.0375 AVG Anti-Spyware Driver (7d78b7fd0ebe00f177b053a08c78e35b) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
2010/11/09 09:35:19.0750 AvgAsCln (6d4a1da6e6d522b3ebbcbff4a3589ec5) C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys
2010/11/09 09:35:20.0203 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/11/09 09:35:20.0562 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/09 09:35:21.0203 btaudio (ecdc40cc54603c711e1a7a1c9255184a) C:\WINDOWS\system32\drivers\btaudio.sys
2010/11/09 09:35:21.0625 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys
2010/11/09 09:35:22.0421 BTKRNL (885b6d0f826a216eee4c3ad883809012) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2010/11/09 09:35:22.0984 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2010/11/09 09:35:23.0484 btwhid (e48668b4a6a5cf68b33aecad18ee8e1e) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2010/11/09 09:35:23.0921 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/11/09 09:35:24.0921 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/11/09 09:35:25.0281 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/09 09:35:25.0687 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/11/09 09:35:26.0109 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/11/09 09:35:26.0515 CdaC15BA (08f60f40d1a2a95a1f12eddbd9f25c1c) C:\WINDOWS\system32\drivers\CdaC15BA.SYS
2010/11/09 09:35:26.0906 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/09 09:35:27.0312 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/09 09:35:27.0718 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/09 09:35:28.0562 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/09 09:35:29.0000 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/11/09 09:35:29.0984 cmvad (a6d2ad97bd10c4cb3f5df8c429ab086b) C:\WINDOWS\system32\drivers\cmudaxv.sys
2010/11/09 09:35:30.0984 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/09 09:35:31.0390 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/11/09 09:35:32.0171 CSS DVP (d7cde6905f84b438ed3de5997c9b2cfa) C:\WINDOWS\system32\DRIVERS\css-dvp.sys
2010/11/09 09:35:32.0656 cvintdrv (310c5ec0b4278211089f0a5e915d025f) C:\WINDOWS\system32\drivers\cvintdrv.sys
2010/11/09 09:35:33.0187 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
2010/11/09 09:35:33.0781 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\System32\Drivers\d347prt.sys
2010/11/09 09:35:34.0312 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/11/09 09:35:34.0750 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/11/09 09:35:35.0140 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/09 09:35:36.0031 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/09 09:35:36.0875 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/09 09:35:37.0281 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/09 09:35:37.0687 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/09 09:35:38.0125 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/11/09 09:35:38.0515 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/09 09:35:38.0906 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/11/09 09:35:39.0312 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/11/09 09:35:39.0546 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/11/09 09:35:39.0968 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2010/11/09 09:35:40.0406 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/09 09:35:40.0921 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/09 09:35:41.0312 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/09 09:35:41.0734 FilterService (1edc0df2da14e04504dd3bac21aa32cd) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2010/11/09 09:35:42.0156 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/09 09:35:42.0546 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/09 09:35:43.0000 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/09 09:35:43.0421 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/09 09:35:43.0828 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/09 09:35:44.0203 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/11/09 09:35:44.0640 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/09 09:35:45.0078 gpibclsb (2a954128fcfed41e7ad289e70bdb7004) C:\WINDOWS\System32\Drivers\gpibclsb.sys
2010/11/09 09:35:45.0562 gpibclsd (31b923554cbe9c451518f32acb8da049) C:\WINDOWS\System32\Drivers\gpibclsd.sys
2010/11/09 09:35:46.0265 Hardlock (d64a40b94602158e40527ae95e7a9193) C:\WINDOWS\system32\drivers\hardlock.sys
2010/11/09 09:35:46.0968 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/09 09:35:47.0375 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/11/09 09:35:47.0843 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/11/09 09:35:48.0203 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/11/09 09:35:48.0609 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/11/09 09:35:49.0062 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2010/11/09 09:35:50.0046 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/11/09 09:35:51.0046 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/09 09:35:51.0453 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/09 09:35:51.0859 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/11/09 09:35:52.0265 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/09 09:35:52.0484 icsak (66793a4cbe9b5aa07882e3f3622f4ffe) C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys
2010/11/09 09:35:52.0906 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/09 09:35:53.0359 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/11/09 09:35:53.0781 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/09 09:35:54.0171 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/09 09:35:54.0625 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/09 09:35:55.0015 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/09 09:35:55.0421 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/09 09:35:55.0906 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/09 09:35:56.0406 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/09 09:35:56.0828 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/09 09:35:57.0281 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/09 09:35:57.0375 ISWKL (f0dec1fdc2e67aedd8cc00b48eee0d43) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2010/11/09 09:35:57.0875 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
2010/11/09 09:35:58.0250 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/09 09:35:58.0703 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/09 09:35:59.0187 kl1 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\kl1.sys
2010/11/09 09:35:59.0734 KLIF (a11c971434468fa05815eec8228d63fd) C:\WINDOWS\system32\DRIVERS\klif.sys
2010/11/09 09:36:00.0203 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/09 09:36:00.0703 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/09 09:36:01.0500 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2010/11/09 09:36:02.0250 LVRS (e22fd7852e74f04cceb6b8a684a51f3e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2010/11/09 09:36:03.0015 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
2010/11/09 09:36:06.0312 LVUVC (e89df2b88ee659954de79827ddf46dc9) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2010/11/09 09:36:09.0609 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/11/09 09:36:10.0015 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/09 09:36:10.0421 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/09 09:36:10.0796 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/09 09:36:11.0203 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/09 09:36:11.0578 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/09 09:36:11.0984 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/11/09 09:36:12.0203 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2010/11/09 09:36:12.0421 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2010/11/09 09:36:12.0906 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/09 09:36:13.0515 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/09 09:36:13.0921 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/09 09:36:14.0359 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/09 09:36:14.0890 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/09 09:36:15.0312 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/09 09:36:15.0718 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/09 09:36:16.0140 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/11/09 09:36:16.0546 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/09 09:36:17.0000 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/11/09 09:36:17.0484 NatMotion (a62ca9ce7a40a6a112cfc39dcfb29d95) C:\WINDOWS\system32\drivers\NatMotion.sys
2010/11/09 09:36:17.0937 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/09 09:36:18.0312 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/11/09 09:36:18.0703 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/09 09:36:19.0093 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/09 09:36:19.0500 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/09 09:36:19.0921 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/09 09:36:20.0343 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/09 09:36:20.0796 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/09 09:36:21.0296 niarbk (5d249c5365f819f70882570a1746c9d2) C:\WINDOWS\system32\drivers\niarbk.dll
2010/11/09 09:36:21.0703 nibffrk (ec11f3561e9ef42b515839c5feed393b) C:\WINDOWS\system32\drivers\nibffrk.dll
2010/11/09 09:36:22.0203 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/09 09:36:22.0953 Nidaq32k (6f62f04c6d9d728da838034d4cca4997) C:\WINDOWS\system32\drivers\Nidaq32k.sys
2010/11/09 09:36:23.0375 nidimk (10d5d53cbf50556fa39ed713512cb446) C:\WINDOWS\system32\drivers\nidimkl.sys
2010/11/09 09:36:23.0781 nidmmk (e8733c0d8963b21dae10d2dd30f554c2) C:\WINDOWS\system32\drivers\nidmmk.dll
2010/11/09 09:36:24.0203 nimdsk (ba77da54ec1ddd8b1c24f05566b920bf) C:\WINDOWS\system32\drivers\nimdsk.dll
2010/11/09 09:36:24.0609 niorbk (06f23d080d8f7d389c20a8272b2318e6) C:\WINDOWS\system32\drivers\niorbkl.sys
2010/11/09 09:36:25.0000 nipalfwedl (9a8584bf421862a325c7885d5a82107d) C:\WINDOWS\system32\drivers\nipalfwedl.sys
2010/11/09 09:36:25.0828 NIPALK (68bc26fa16659000d72f00cc68907391) C:\WINDOWS\system32\drivers\nipalk.sys
2010/11/09 09:36:26.0250 nipalusbedl (beac34e081bcf5162f833feced148734) C:\WINDOWS\system32\drivers\nipalusbedl.sys
2010/11/09 09:36:26.0625 nipbcfk (34b226ced2ea3ed5283455c30f28c73e) C:\WINDOWS\system32\drivers\nipbcfk.sys
2010/11/09 09:36:27.0046 nistck (c517992eb204652f4d5c0fc67e3d49c1) C:\WINDOWS\system32\drivers\nistck.dll
2010/11/09 09:36:27.0437 NiViFWK (996865842919ba694b5e52e19e7e2cf7) C:\WINDOWS\system32\drivers\NiViFWKl.sys
2010/11/09 09:36:27.0859 NiViPciK (ec1751d5f5294cbae0491f08c319d4dd) C:\WINDOWS\system32\drivers\NiViPciKl.sys
2010/11/09 09:36:28.0234 NiViPxiK (badd3eb39a4cf7e495aca8981954436d) C:\WINDOWS\system32\drivers\NiViPxiKl.sys
2010/11/09 09:36:28.0640 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/09 09:36:29.0281 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/09 09:36:29.0656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/09 09:36:30.0953 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/09 09:36:32.0234 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/09 09:36:32.0625 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/09 09:36:33.0015 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/09 09:36:33.0437 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/11/09 09:36:33.0890 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/09 09:36:34.0296 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/09 09:36:34.0671 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/09 09:36:35.0375 PCASp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\PCASp50.sys
2010/11/09 09:36:35.0812 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/11/09 09:36:36.0265 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/09 09:36:36.0953 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/09 09:36:37.0375 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/11/09 09:36:39.0125 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/11/09 09:36:39.0531 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/11/09 09:36:39.0953 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
2010/11/09 09:36:40.0421 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/09 09:36:40.0828 prcmondrv (0c0d173c2a6f790baee8d4cc48a1ef59) C:\WINDOWS\system32\drivers\prcmondrv1041.sys
2010/11/09 09:36:41.0234 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/09 09:36:41.0640 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/09 09:36:42.0062 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/09 09:36:42.0484 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/11/09 09:36:42.0906 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/11/09 09:36:43.0421 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/11/09 09:36:43.0828 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/11/09 09:36:44.0218 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/11/09 09:36:44.0640 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/09 09:36:45.0187 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/09 09:36:45.0734 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/09 09:36:46.0171 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/09 09:36:46.0593 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/09 09:36:46.0968 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/09 09:36:47.0453 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/09 09:36:48.0015 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/09 09:36:48.0468 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/09 09:36:48.0906 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/11/09 09:36:49.0328 s24trans (81aa6f0d6a2be1c550f814b036215888) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/11/09 09:36:49.0765 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/11/09 09:36:50.0218 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/09 09:36:50.0687 Sentinel (618a8eb6c3a830b7301df1dfd99854b2) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
2010/11/09 09:36:51.0125 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/09 09:36:51.0562 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/09 09:36:52.0000 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/11/09 09:36:52.0375 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/11/09 09:36:52.0812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/11/09 09:36:53.0609 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/11/09 09:36:54.0031 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/11/09 09:36:54.0453 SNTNLUSB (8d4a96868ae13c3cf8425b383b59d802) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
2010/11/09 09:36:54.0890 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/11/09 09:36:55.0328 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/09 09:36:55.0781 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/09 09:36:56.0328 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/09 09:36:56.0703 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/11/09 09:36:57.0062 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/11/09 09:36:57.0578 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
2010/11/09 09:36:58.0296 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/11/09 09:36:58.0703 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/11/09 09:36:59.0093 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/09 09:36:59.0515 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/09 09:36:59.0937 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/11/09 09:37:00.0328 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/11/09 09:37:00.0718 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/11/09 09:37:01.0187 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/11/09 09:37:01.0609 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/09 09:37:02.0250 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/09 09:37:02.0687 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/09 09:37:03.0093 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/09 09:37:03.0515 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/09 09:37:03.0968 tffsport (d9d5e4ca72270e9f3eca97da0983ab87) C:\WINDOWS\system32\DRIVERS\tffsport.sys
2010/11/09 09:37:04.0359 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/11/09 09:37:04.0703 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/11/09 09:37:05.0046 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/11/09 09:37:05.0437 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
2010/11/09 09:37:05.0906 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/11/09 09:37:06.0265 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/11/09 09:37:06.0593 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/11/09 09:37:06.0953 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/11/09 09:37:07.0390 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/11/09 09:37:07.0843 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/11/09 09:37:08.0281 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/09 09:37:08.0703 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/11/09 09:37:09.0265 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/09 09:37:09.0937 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/11/09 09:37:10.0390 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/11/09 09:37:10.0812 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/09 09:37:11.0281 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/09 09:37:11.0734 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/09 09:37:12.0140 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/09 09:37:12.0546 USBREC (8d9e86d710889ebb31dd42435922da2f) C:\WINDOWS\system32\DRIVERS\USBREC.sys
2010/11/09 09:37:12.0921 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/09 09:37:13.0328 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/09 09:37:13.0750 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/09 09:37:14.0171 USBVCD (f4a825865e31a849aca14efc8340f229) C:\WINDOWS\system32\drivers\USBVCD.sys
2010/11/09 09:37:14.0640 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/11/09 09:37:15.0078 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2010/11/09 09:37:15.0562 VCIDRV (9b58d735c22e218e717f055d06354b77) C:\WINDOWS\system32\DRIVERS\VCIDRV.sys
2010/11/09 09:37:16.0125 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/09 09:37:16.0593 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/11/09 09:37:17.0015 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/09 09:37:17.0453 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/09 09:37:18.0046 vsdatant (7f10c6c385a03f40b07d682bfaa07e2f) C:\WINDOWS\system32\vsdatant.sys
2010/11/09 09:37:20.0062 w29n51 (f0f902220910c4fbe42a51964bd33599) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2010/11/09 09:37:22.0031 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/09 09:37:22.0453 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2010/11/09 09:37:23.0203 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/09 09:37:23.0937 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/11/09 09:37:24.0750 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/11/09 09:37:25.0156 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/11/09 09:37:25.0609 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/09 09:37:28.0437 ================================================================================
2010/11/09 09:37:28.0437 Scan finished
2010/11/09 09:37:28.0437 ================================================================================
2010/11/09 09:40:14.0875 Deinitialize success


The other report:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000006c

Kernel Drivers (total 183):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xBA328000 nipbcfk.sys
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA330000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB9F4A000 pcmcia.sys
0xBA0B8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xB9F05000 dmio.sys
0xBA338000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9EED000 atapi.sys
0xB9EC8000 tffsport.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EA8000 fltmgr.sys
0xB9E96000 sr.sys
0xB9E80000 drvmcdb.sys
0xBA0F8000 PxHelp20.sys
0xB9E69000 KSecDD.sys
0xB9E56000 WudfPf.sys
0xB9DC9000 Ntfs.sys
0xB9D9C000 NDIS.sys
0xBA108000 ohci1394.sys
0xBA118000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9D01000 nipalk.sys
0xBA340000 \WINDOWS\System32\drivers\TDI.SYS
0xB9CE7000 Mup.sys
0xB97C7000 kl1.sys
0xBA238000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA554000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB8455000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB8441000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA480000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB841D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA488000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA248000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xB8409000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xB80F9000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xB80B6000 \SystemRoot\system32\drivers\STAC97.sys
0xB8092000 \SystemRoot\system32\drivers\portcls.sys
0xBA268000 \SystemRoot\system32\drivers\drmk.sys
0xB806F000 \SystemRoot\system32\drivers\ks.sys
0xB803E000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xB7F3F000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xB7E97000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA490000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA278000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB7E7D000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xBA498000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB919A000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA4A8000 \SystemRoot\system32\drivers\Afc.sys
0xBA4B0000 \SystemRoot\system32\drivers\pfc.sys
0xBA5FA000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xB918A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB917A000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA368000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xB7DAC000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xB7D6F000 \SystemRoot\system32\DRIVERS\iwca.sys
0xB7C25000 \SystemRoot\system32\drivers\cmudaxv.sys
0xBA785000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA5F4000 \SystemRoot\System32\Drivers\RootMdm.sys
0xB4830000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB48E4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB1AA1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB4820000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB4810000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB1A90000 \SystemRoot\system32\DRIVERS\psched.sys
0xB4800000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA390000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA398000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB1A60000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB47F0000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5FC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB1A02000 \SystemRoot\system32\DRIVERS\update.sys
0xB3A26000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA3B0000 \SystemRoot\system32\DRIVERS\omci.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\btport.sys
0xB1982000 \SystemRoot\system32\drivers\btaudio.sys
0xB47B0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB4780000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA60E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB32FA000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xAF916000 \SystemRoot\system32\DRIVERS\klif.sys
0xBA616000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB1D73000 \SystemRoot\System32\Drivers\Null.SYS
0xBA618000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3D0000 \SystemRoot\system32\drivers\ssrtln.sys
0xB1D72000 \SystemRoot\System32\DRIVERS\AvgAsCln.sys
0xBA3E0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3E8000 \SystemRoot\System32\drivers\vga.sys
0xBA61A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA61C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA408000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA410000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB32EA000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAF8E3000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAF88A000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAF862000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAF7E2000 \SystemRoot\System32\vsdatant.sys
0xB32DE000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xAF7C0000 \SystemRoot\System32\drivers\afd.sys
0xB4770000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAF795000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA418000 \??\C:\WINDOWS\system32\drivers\prcmondrv1041.sys
0xAF725000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB4750000 \SystemRoot\System32\Drivers\Fips.SYS
0xAF6FF000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA6CB000 \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
0xB326E000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xBA420000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xAF6DB000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB4700000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAF6C3000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA65C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB2386000 \SystemRoot\System32\drivers\Dxapi.sys
0xB1ECF000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA722000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF049000 \SystemRoot\System32\ati2cqag.dll
0xBF07D000 \SystemRoot\System32\atikvmag.dll
0xBF0B2000 \SystemRoot\System32\ati3duag.dll
0xBF2F4000 \SystemRoot\System32\ativvaxx.dll
0xBF391000 \SystemRoot\System32\mnmdd.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB860A000 \SystemRoot\system32\drivers\drvnddm.sys
0xBA6FD000 \SystemRoot\system32\dla\tfsndres.sys
0xAB7AC000 \SystemRoot\system32\dla\tfsnifs.sys
0xB2C30000 \SystemRoot\system32\dla\tfsnopio.sys
0xBA5DC000 \SystemRoot\system32\dla\tfsnpool.sys
0xABE8A000 \SystemRoot\system32\dla\tfsnboio.sys
0xB85FA000 \SystemRoot\system32\dla\tfsncofs.sys
0xBA6FE000 \SystemRoot\system32\dla\tfsndrct.sys
0xAB793000 \SystemRoot\system32\dla\tfsnudf.sys
0xAB77A000 \SystemRoot\system32\dla\tfsnudfa.sys
0xAC585000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xAC579000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xB24D8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB1DE8000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0xAB54D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAB4E8000 \SystemRoot\system32\drivers\wdmaud.sys
0xB4760000 \SystemRoot\system32\drivers\sysaudio.sys
0xAB7C4000 \SystemRoot\System32\Drivers\cvintdrv.SYS
0xAB2ED000 \SystemRoot\System32\Drivers\SENTINEL.SYS
0xAB59E000 \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS
0xAB221000 \SystemRoot\system32\DRIVERS\css-dvp.sys
0xBA648000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xAB17D000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0xAB05D000 \SystemRoot\system32\DRIVERS\srv.sys
0xAB525000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAB45A000 \SystemRoot\system32\drivers\nibffrk.dll
0xAB44A000 \SystemRoot\system32\drivers\nimdsk.dll
0xAAF4D000 \SystemRoot\system32\drivers\nistck.dll
0xB1EBF000 \SystemRoot\System32\drivers\NiViPxiKl.sys
0xB1EAF000 \SystemRoot\System32\drivers\NiViPxiK.sys
0xAAF22000 \SystemRoot\System32\drivers\nidimk.dll
0xAB41A000 \SystemRoot\System32\drivers\niorbk.dll
0xAB0B5000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAAD6A000 \SystemRoot\system32\drivers\niarbk.dll
0xAAB81000 \SystemRoot\System32\Drivers\Nidaq32k.SYS
0xB85BA000 \SystemRoot\system32\drivers\nidmmk.dll
0xAA6E8000 \SystemRoot\System32\Drivers\HTTP.sys
0xB4B42000 \SystemRoot\System32\Drivers\PCASp50.sys
0xBA380000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xAA495000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xAA7C9000 \??\C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys
0xAA2CE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xAA6A8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAB64E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAB6A6000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA9DD4000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 62):
0 System Idle Process
4 System
560 C:\WINDOWS\system32\smss.exe
992 csrss.exe
1088 C:\WINDOWS\system32\winlogon.exe
1132 C:\WINDOWS\system32\services.exe
1144 C:\WINDOWS\system32\lsass.exe
1316 C:\WINDOWS\system32\svchost.exe
1384 svchost.exe
1424 C:\WINDOWS\system32\svchost.exe
1536 C:\WINDOWS\system32\svchost.exe
1596 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1628 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1664 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
1724 C:\WINDOWS\system32\svchost.exe
1824 svchost.exe
1864 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
1468 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
1776 C:\WINDOWS\system32\spoolsv.exe
1252 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
236 svchost.exe
832 C:\Program Files\Bonjour\mDNSResponder.exe
844 C:\WINDOWS\explorer.exe
872 C:\WINDOWS\system32\drivers\CDAC11BA.EXE
612 C:\WINDOWS\system32\dlcfcoms.exe
968 C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
1936 C:\WINDOWS\system32\svchost.exe
208 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
720 C:\WINDOWS\system32\svchost.exe
808 C:\WINDOWS\system32\svchost.exe
660 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2116 C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
2236 C:\WINDOWS\system32\snmp.exe
2292 C:\WINDOWS\system32\svchost.exe
2348 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
2432 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
3620 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
3772 C:\PROGRA~1\Dell\QuickSet\quickset.exe
3888 C:\Program Files\Wireless-G Music Bridge\WMB54G.exe
3908 C:\WINDOWS\system\cmflywav.exe
2168 C:\Program Files\Apoint\Apoint.exe
3104 C:\Program Files\Logitech\QuickCam\Quickcam.exe
3196 C:\Program Files\Apoint\ApntEx.exe
3716 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
296 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
1992 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
3816 C:\Program Files\QuickTime\QTTask.exe
1884 wmiprvse.exe
860 C:\Program Files\Skype\Phone\Skype.exe
3280 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
2964 C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
3784 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
2864 C:\WINDOWS\system32\svchost.exe
2544 alg.exe
1196 C:\Program Files\Skype\Plugin Manager\skypePM.exe
500 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
1716 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
3524 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
1016 C:\Program Files\Internet Explorer\iexplore.exe
2740 C:\Program Files\Internet Explorer\iexplore.exe
3268 C:\Program Files\Internet Explorer\iexplore.exe
2404 C:\Documents and Settings\AnnandAndy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`02f10c00 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT)

PhysicalDrive0 Model Number: WDCWD800VE-75HDT1, Rev: 11.07D11
PhysicalDrive2 Model Number: FUJITSUMHT2080AT PL, Rev:
PhysicalDrive1 Model Number: TOSHIBAMK2001MPL, Rev: W1.31 N

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 79BCE648F143823706869D592F56B05B3E4D6E83
74 GB \\.\PhysicalDrive2 RE: Dell MBR code detected
SHA1: 84B95CE8A54B7C5C3AAF149934FC46FB70FF8365
1 GB \\.\PhysicalDrive1 Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

I will wait for your next instructions.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:19 PM

Posted 09 November 2010 - 06:40 PM

The MBR has been rewritten.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Important Note: While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the operating system so that it will not boot up or the partitions may become corrupted. I recommend you have your Windows CD available which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then if any problems occur, the links below explain how to use and repair the MBR:If you do not have a Vista recovery disk then please burn one as shown here


Run MBRCheck.exe
  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter 2 and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter the correct number for your operating system (1 for XP), and then press Enter.
  • when asked Do you want to fix the MRB code? type in YES and press enter
  • Restart your PC.
After you restart the PC
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread

Posted Image
m0le is a proud member of UNITE

#7 BugsandWormsYum

BugsandWormsYum
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 PM

Posted 10 November 2010 - 12:33 AM

New symptom: Windows booting sounds sound choppy, as if the CPU is too busy with other tasks to produce a smooth sound.
OK, here it is.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 189):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xBA328000 nipbcfk.sys
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA330000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB9F4A000 pcmcia.sys
0xBA0B8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xB9F05000 dmio.sys
0xBA338000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9EED000 atapi.sys
0xB9EC8000 tffsport.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EA8000 fltmgr.sys
0xB9E96000 sr.sys
0xB9E80000 drvmcdb.sys
0xBA0F8000 PxHelp20.sys
0xB9E69000 KSecDD.sys
0xB9E56000 WudfPf.sys
0xB9DC9000 Ntfs.sys
0xB9D9C000 NDIS.sys
0xBA108000 ohci1394.sys
0xBA118000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9D01000 nipalk.sys
0xBA340000 \WINDOWS\System32\drivers\TDI.SYS
0xB9CE7000 Mup.sys
0xB97C7000 kl1.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA554000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB960D000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB95F9000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA3C0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB95D5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3F0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xB95C1000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xB92B1000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xB926E000 \SystemRoot\system32\drivers\STAC97.sys
0xB924A000 \SystemRoot\system32\drivers\portcls.sys
0xBA308000 \SystemRoot\system32\drivers\drmk.sys
0xB9227000 \SystemRoot\system32\drivers\ks.sys
0xB91F6000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xB90F7000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xB904F000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA480000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA318000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB9035000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xBA378000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA388000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA178000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA398000 \SystemRoot\system32\drivers\Afc.sys
0xBA3A8000 \SystemRoot\system32\drivers\pfc.sys
0xBA5C8000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xBA188000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA198000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA3E0000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xB8F3C000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xB8EFF000 \SystemRoot\system32\DRIVERS\iwca.sys
0xB8D15000 \SystemRoot\system32\drivers\cmudaxv.sys
0xBA7D5000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA5E8000 \SystemRoot\System32\Drivers\RootMdm.sys
0xBA208000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA57C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8CFE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA218000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA228000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8CED000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA238000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA430000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA440000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8CBD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA248000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5EE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8C5F000 \SystemRoot\system32\DRIVERS\update.sys
0xBA59C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\omci.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\btport.sys
0xB8BDF000 \SystemRoot\system32\drivers\btaudio.sys
0xBA2C8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8EDF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA602000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB9776000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xB6B23000 \SystemRoot\system32\DRIVERS\klif.sys
0xBA60A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA76D000 \SystemRoot\System32\Drivers\Null.SYS
0xBA60E000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3C8000 \SystemRoot\system32\drivers\ssrtln.sys
0xBA770000 \SystemRoot\System32\DRIVERS\AvgAsCln.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA560000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB8ECF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA408000 \SystemRoot\System32\drivers\vga.sys
0xBA612000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA616000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA418000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA428000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA568000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB6AF0000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xBA580000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB6A97000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB6A6F000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB6A49000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB69C9000 \SystemRoot\System32\vsdatant.sys
0xB8BD7000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB68DF000 \SystemRoot\System32\drivers\afd.sys
0xB8E5F000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB68B4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA380000 \??\C:\WINDOWS\system32\drivers\prcmondrv1041.sys
0xB6844000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA1B8000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA1D8000 \SystemRoot\System32\Drivers\usbaapl.sys
0xBA7C9000 \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
0xBA498000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB9029000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xBA258000 \SystemRoot\system32\DRIVERS\LVUSBSta.sys
0xB6B6F000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xBA438000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xBA468000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xBA278000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xBA288000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA570000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xBA298000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB6804000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA644000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB6911000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA450000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA75A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF049000 \SystemRoot\System32\ati2cqag.dll
0xBF07D000 \SystemRoot\System32\atikvmag.dll
0xBF0B2000 \SystemRoot\System32\ati3duag.dll
0xBF2F4000 \SystemRoot\System32\ativvaxx.dll
0xBF391000 \SystemRoot\System32\mnmdd.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB4744000 \SystemRoot\system32\drivers\drvnddm.sys
0xBA703000 \SystemRoot\system32\dla\tfsndres.sys
0xB465E000 \SystemRoot\system32\dla\tfsnifs.sys
0xB46B8000 \SystemRoot\system32\dla\tfsnopio.sys
0xBA63A000 \SystemRoot\system32\dla\tfsnpool.sys
0xB67EC000 \SystemRoot\system32\dla\tfsnboio.sys
0xB4724000 \SystemRoot\system32\dla\tfsncofs.sys
0xBA75E000 \SystemRoot\system32\dla\tfsndrct.sys
0xB4645000 \SystemRoot\system32\dla\tfsnudf.sys
0xB462C000 \SystemRoot\system32\dla\tfsnudfa.sys
0xB4618000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB4520000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xB44CC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA3B0000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0xB4067000 \SystemRoot\system32\drivers\wdmaud.sys
0xB4754000 \SystemRoot\system32\drivers\sysaudio.sys
0xB3F4C000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA774000 \SystemRoot\System32\Drivers\cvintdrv.SYS
0xB3DC7000 \SystemRoot\System32\Drivers\SENTINEL.SYS
0xB3DF0000 \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS
0xB3C5B000 \SystemRoot\system32\DRIVERS\css-dvp.sys
0xB3C37000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBA63E000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xB3B93000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0xB3A73000 \SystemRoot\system32\DRIVERS\srv.sys
0xB3B6B000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB3D67000 \SystemRoot\system32\drivers\nibffrk.dll
0xB4774000 \SystemRoot\system32\drivers\nimdsk.dll
0xB398B000 \SystemRoot\system32\drivers\nistck.dll
0xBA3F8000 \SystemRoot\System32\drivers\NiViPxiKl.sys
0xB67FC000 \SystemRoot\System32\drivers\NiViPxiK.sys
0xB3960000 \SystemRoot\System32\drivers\nidimk.dll
0xB3FE4000 \SystemRoot\System32\drivers\niorbk.dll
0xB40EC000 \SystemRoot\system32\drivers\niarbk.dll
0xB365F000 \SystemRoot\System32\Drivers\Nidaq32k.SYS
0xB3B4B000 \SystemRoot\system32\drivers\nidmmk.dll
0xB30F6000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA360000 \SystemRoot\System32\Drivers\PCASp50.sys
0xBA370000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xB2F1B000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xB3427000 \??\C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys
0xB29F0000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 60):
0 System Idle Process
4 System
588 C:\WINDOWS\system32\smss.exe
1000 csrss.exe
1028 C:\WINDOWS\system32\winlogon.exe
1072 C:\WINDOWS\system32\services.exe
1084 C:\WINDOWS\system32\lsass.exe
1252 C:\WINDOWS\system32\svchost.exe
1332 svchost.exe
1372 C:\WINDOWS\system32\svchost.exe
1416 C:\WINDOWS\system32\svchost.exe
1524 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1560 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1600 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
1644 C:\WINDOWS\system32\svchost.exe
1764 svchost.exe
1984 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
380 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
784 C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
1792 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
1860 C:\WINDOWS\system32\spoolsv.exe
572 svchost.exe
1996 C:\Program Files\Bonjour\mDNSResponder.exe
388 C:\WINDOWS\explorer.exe
1908 C:\WINDOWS\system32\drivers\CDAC11BA.EXE
1672 C:\WINDOWS\system32\dlcfcoms.exe
2040 C:\WINDOWS\system32\svchost.exe
372 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1660 C:\WINDOWS\system32\svchost.exe
2088 C:\WINDOWS\system32\svchost.exe
2120 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2260 C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
2312 C:\WINDOWS\system32\snmp.exe
2388 C:\WINDOWS\system32\svchost.exe
2436 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
2524 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
3152 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
3508 C:\PROGRA~1\Dell\QuickSet\quickset.exe
3528 C:\WINDOWS\system32\wuauclt.exe
3548 C:\Program Files\Wireless-G Music Bridge\WMB54G.exe
3620 C:\WINDOWS\system\cmflywav.exe
4000 C:\Program Files\Apoint\Apoint.exe
2880 C:\Program Files\Logitech\QuickCam\Quickcam.exe
2992 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3348 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
3380 C:\Program Files\Apoint\ApntEx.exe
200 C:\Program Files\QuickTime\QTTask.exe
620 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
2004 C:\Program Files\Skype\Phone\Skype.exe
3600 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
2648 wmiprvse.exe
832 C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
3580 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
2376 C:\WINDOWS\system32\svchost.exe
3776 alg.exe
4008 C:\Program Files\Skype\Plugin Manager\skypePM.exe
3092 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
2220 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
3724 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
3036 C:\Documents and Settings\AnnandAndy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)

PhysicalDrive0 Model Number: WDCWD800VE-75HDT1, Rev: 11.07D11

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 79BCE648F143823706869D592F56B05B3E4D6E83


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Thanks again

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:19 PM

Posted 10 November 2010 - 04:52 PM

That appears not to have worked.

Locate your XP disk. If you can't find it then follow the instructions to burn one below.

Please download the Recovery Console Bootable CD iso
Unzip the file and user your favourite burning application to burn the iso to a CD. Note, this is not the same as just burning the iso file on a CD.

Insert the CD-ROM into the CD-ROM drive, and then restart the computer.

You must back up your MBR. Here are the short instructions for doing this.

When you have the disk do the following:
  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
      If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
  • Your PC should now boot from your CD.
    Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.

  • When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

  • When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

  • A command prompt will open
Once in Recovery Console, please type fixmbr and hit enter.

Type exit to exit and restart your PC.

Edited by m0le, 10 November 2010 - 04:58 PM.

Posted Image
m0le is a proud member of UNITE

#9 BugsandWormsYum

BugsandWormsYum
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 PM

Posted 10 November 2010 - 09:15 PM

FIXMBR done! I ran MBRCheck for your reading pleasure and - to my unskilled eye - it looks like a step forward. Before I insert the report I should mention that CDBurner XP (which I used to burn the iso) at first refused to work. I ended up rerunning Defogger (to re-enable), reinstalling CDBurner XP, burning the iso and then re-running Defogger (to disable again).

Here is the report:


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000006c

Kernel Drivers (total 188):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xBA328000 nipbcfk.sys
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA330000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB9F4A000 pcmcia.sys
0xBA0B8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xB9F05000 dmio.sys
0xBA338000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9EED000 atapi.sys
0xB9EC8000 tffsport.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EA8000 fltmgr.sys
0xB9E96000 sr.sys
0xB9E80000 drvmcdb.sys
0xBA0F8000 PxHelp20.sys
0xB9E69000 KSecDD.sys
0xB9E56000 WudfPf.sys
0xB9DC9000 Ntfs.sys
0xB9D9C000 NDIS.sys
0xBA108000 ohci1394.sys
0xBA118000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9D01000 nipalk.sys
0xBA340000 \WINDOWS\System32\drivers\TDI.SYS
0xB9CE7000 Mup.sys
0xB97C7000 kl1.sys
0xBA178000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA5A0000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB8872000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB885E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA3C0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB883A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3C8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xB8826000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xB8516000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xB84D3000 \SystemRoot\system32\drivers\STAC97.sys
0xB84AF000 \SystemRoot\system32\drivers\portcls.sys
0xBA1C8000 \SystemRoot\system32\drivers\drmk.sys
0xB848C000 \SystemRoot\system32\drivers\ks.sys
0xB843A000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xB833B000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xB8293000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA3D0000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA1D8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB8279000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA3E0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8AF4000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA3E8000 \SystemRoot\system32\drivers\Afc.sys
0xBA3F0000 \SystemRoot\system32\drivers\pfc.sys
0xBA5D6000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xB8AE4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8AD4000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA3F8000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xB81A8000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xB816B000 \SystemRoot\system32\DRIVERS\iwca.sys
0xB7FD6000 \SystemRoot\system32\drivers\cmudaxv.sys
0xBA7DC000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA60E000 \SystemRoot\System32\Drivers\RootMdm.sys
0xBA308000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA568000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB7FBF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA318000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB7FAE000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA188000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA478000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA480000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB7F7E000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA198000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA610000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB7F20000 \SystemRoot\system32\DRIVERS\update.sys
0xBA57C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA378000 \SystemRoot\system32\DRIVERS\omci.sys
0xBA380000 \SystemRoot\system32\DRIVERS\btport.sys
0xB7E78000 \SystemRoot\system32\drivers\btaudio.sys
0xB8A94000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8A64000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA61E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB976E000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xB5DE4000 \SystemRoot\system32\DRIVERS\klif.sys
0xBA622000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7BA000 \SystemRoot\System32\Drivers\Null.SYS
0xBA624000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA390000 \SystemRoot\system32\drivers\ssrtln.sys
0xBA7BB000 \SystemRoot\System32\DRIVERS\AvgAsCln.sys
0xBA398000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3A0000 \SystemRoot\System32\drivers\vga.sys
0xBA626000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA628000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3A8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3B0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB922C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB5DB1000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB5D58000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB5D30000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB5CB0000 \SystemRoot\System32\vsdatant.sys
0xB9220000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB5C8E000 \SystemRoot\System32\drivers\afd.sys
0xB8AA4000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB5BC3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA3B8000 \??\C:\WINDOWS\system32\drivers\prcmondrv1041.sys
0xB5B2B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA208000 \SystemRoot\System32\Drivers\Fips.SYS
0xB5B05000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA7E3000 \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
0xBA560000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xBA564000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA420000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB7F0C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB5AB9000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBA278000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA400000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA288000 \SystemRoot\system32\DRIVERS\LVUSBSta.sys
0xB7EFC000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xBA408000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xBA410000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xBA298000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xB7EF8000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xB5AA1000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA658000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB5E44000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA428000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7B7000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF049000 \SystemRoot\System32\ati2cqag.dll
0xBF07D000 \SystemRoot\System32\atikvmag.dll
0xBF0B2000 \SystemRoot\System32\ati3duag.dll
0xBF2F4000 \SystemRoot\System32\ativvaxx.dll
0xBF391000 \SystemRoot\System32\mnmdd.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA2F8000 \SystemRoot\system32\drivers\drvnddm.sys
0xBA7EC000 \SystemRoot\system32\dla\tfsndres.sys
0xB352F000 \SystemRoot\system32\dla\tfsnifs.sys
0xB35B5000 \SystemRoot\system32\dla\tfsnopio.sys
0xBA634000 \SystemRoot\system32\dla\tfsnpool.sys
0xB5A89000 \SystemRoot\system32\dla\tfsnboio.sys
0xB8AC4000 \SystemRoot\system32\dla\tfsncofs.sys
0xBA7ED000 \SystemRoot\system32\dla\tfsndrct.sys
0xB3516000 \SystemRoot\system32\dla\tfsnudf.sys
0xB34FD000 \SystemRoot\system32\dla\tfsnudfa.sys
0xB3595000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB3581000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xB3401000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB5A69000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0xB2F80000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB2F43000 \SystemRoot\system32\drivers\wdmaud.sys
0xB316D000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA714000 \SystemRoot\System32\Drivers\cvintdrv.SYS
0xB2D48000 \SystemRoot\System32\Drivers\SENTINEL.SYS
0xB305D000 \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS
0xB2C2C000 \SystemRoot\system32\DRIVERS\css-dvp.sys
0xBA5E6000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xB2B60000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0xB299A000 \SystemRoot\system32\DRIVERS\srv.sys
0xB2D08000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB5C0E000 \SystemRoot\system32\drivers\nibffrk.dll
0xB2FDD000 \SystemRoot\system32\drivers\nimdsk.dll
0xB2862000 \SystemRoot\system32\drivers\nistck.dll
0xBA440000 \SystemRoot\System32\drivers\NiViPxiKl.sys
0xBA470000 \SystemRoot\System32\drivers\NiViPxiK.sys
0xB2837000 \SystemRoot\System32\drivers\nidimk.dll
0xB2A42000 \SystemRoot\System32\drivers\niorbk.dll
0xB27FF000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB2FFD000 \SystemRoot\system32\drivers\niarbk.dll
0xB255D000 \SystemRoot\System32\Drivers\Nidaq32k.SYS
0xB2FCD000 \SystemRoot\system32\drivers\nidmmk.dll
0xB20BC000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA368000 \SystemRoot\System32\Drivers\PCASp50.sys
0xBA460000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xB1D51000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xB1CFE000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 61):
0 System Idle Process
4 System
556 C:\WINDOWS\system32\smss.exe
992 csrss.exe
1088 C:\WINDOWS\system32\winlogon.exe
1132 C:\WINDOWS\system32\services.exe
1144 C:\WINDOWS\system32\lsass.exe
1312 C:\WINDOWS\system32\svchost.exe
1396 svchost.exe
1436 C:\WINDOWS\system32\svchost.exe
1512 C:\WINDOWS\system32\svchost.exe
1592 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1624 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1652 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
1716 C:\WINDOWS\system32\svchost.exe
1816 svchost.exe
1860 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
908 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
1456 C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
256 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
360 C:\WINDOWS\system32\spoolsv.exe
616 svchost.exe
796 C:\Program Files\Bonjour\mDNSResponder.exe
864 C:\WINDOWS\system32\drivers\CDAC11BA.EXE
452 C:\WINDOWS\system32\dlcfcoms.exe
1760 C:\WINDOWS\explorer.exe
1772 C:\WINDOWS\system32\svchost.exe
1612 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
808 C:\WINDOWS\system32\svchost.exe
2976 C:\Program Files\CDBurnerXP\NMSAccessU.exe
3436 C:\WINDOWS\system32\svchost.exe
3820 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
3872 C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
1256 C:\WINDOWS\system32\snmp.exe
1756 C:\WINDOWS\system32\svchost.exe
2060 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
2128 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
2816 C:\WINDOWS\system32\wuauclt.exe
3292 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
3344 C:\PROGRA~1\Dell\QuickSet\quickset.exe
3420 C:\Program Files\Wireless-G Music Bridge\WMB54G.exe
3776 C:\WINDOWS\system\cmflywav.exe
3836 C:\Program Files\Apoint\Apoint.exe
1740 C:\Program Files\Logitech\QuickCam\Quickcam.exe
3880 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2448 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
2652 C:\Program Files\Apoint\ApntEx.exe
2684 C:\Program Files\QuickTime\QTTask.exe
2912 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
3928 C:\Program Files\Skype\Phone\Skype.exe
536 wmiprvse.exe
3088 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
4088 C:\WINDOWS\system32\svchost.exe
3016 alg.exe
820 C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
2920 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
3664 C:\Program Files\Skype\Plugin Manager\skypePM.exe
2708 C:\Documents and Settings\AnnandAndy\Desktop\MBRCheck.exe
3208 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
2296 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
4032 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`02f10c00 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT)

PhysicalDrive0 Model Number: WDCWD800VE-75HDT1, Rev: 11.07D11
PhysicalDrive2 Model Number: FUJITSUMHT2080AT PL, Rev:
PhysicalDrive1 Model Number: TOSHIBAMK2001MPL, Rev: W1.31 N

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
74 GB \\.\PhysicalDrive2 RE: Dell MBR code detected
SHA1: 84B95CE8A54B7C5C3AAF149934FC46FB70FF8365
1 GB \\.\PhysicalDrive1 Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E


Done!

Best regards.

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:19 PM

Posted 11 November 2010 - 05:36 PM

Yes, a giant step forward.


Please run MBAM next

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#11 BugsandWormsYum

BugsandWormsYum
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 PM

Posted 13 November 2010 - 01:13 AM

I did this scan in a couple of installments. At first, since I didn't know how long it was going to take, I started but had to leave and interrupt MBAM. The next day, I ran it overnight and was able to finish the scan with only one external hard drive attached (tat's the first attached report). Later did another scan with the remaining two external drives(see the second report, attached).

It looks like nothing found.

Could it be...?
**********************************************************************************************
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5096

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/12/10 12:27:26
mbam-log-2010-11-12 (12-27-26).txt

Scan type: Full scan (C:\|F:\|)
Objects scanned: 522796
Time elapsed: 7 hour(s), 19 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


**********************************************************************************************

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5096

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/12/10 21:00:21
mbam-log-2010-11-12 (21-00-21).txt

Scan type: Full scan (G:\|H:\|)
Objects scanned: 191931
Time elapsed: 16 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:19 PM

Posted 13 November 2010 - 07:42 AM

Run the ESET scan next. If this was just a TDSS attack on your MBR then, theoretically, this should also be a clean log.

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#13 BugsandWormsYum

BugsandWormsYum
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 PM

Posted 14 November 2010 - 05:15 AM

Sorry, ESET did not run for me. I tried it three times. Each time the base window (from which the pop up would run) would quit and another message would pop up as follows:

The instruction at "0x07de0068" referenced memory at "0x07de0068". The memory could not be "written". Click on OK to terminate the program....
Internet Explorer has closed this webpage to help protect your computer
A malfunctioning or malicious add-on has caused Internet Explorer to close this webpage.
Windows Data Execution Prevention detected an add-on trying to use system memory incorrectly. This can be caused by a malfunction or a malicious add-on.

What went wrong?

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:19 PM

Posted 14 November 2010 - 06:46 AM

There's still something bad there and it's interfering with the scan.

Please rerun Combofix , agreeing any updates.
Posted Image
m0le is a proud member of UNITE

#15 BugsandWormsYum

BugsandWormsYum
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 PM

Posted 14 November 2010 - 09:56 PM

Combofix report is included below. One remarkable occurence during this scan: My ZoneAlarm poped up a screen announcing that it caught two viruses:

1st virus:
EICAR-Test-File was found in C:\Documents and Settings\AnnandAndy\Local Settings\Temp\Av-test.txt on 11/14/10 17:23:28

2nd vius
Backdoor.Win32.Papras.ze was found in C:\WINDOWS\system32\netsedir.dll on 11/14/10 17:37:30

Both items were quarantined.

I wonder why ZoneAlarm was suddenly able to find these just as ComboFix was doing its scan (not 5 minutes before or after). Could it be that Combofix caused these things to become exposed and vulnerable to ZoneAlarm?

Enough with the speculation. Here is the ComboFix report:

**************************************************************************************
ComboFix 10-11-14.01 - AnnandAndy 11/14/10 17:23:26.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1360 [GMT -8:00]
Running from: c:\documents and settings\AnnandAndy\Desktop\ComboFix.exe
AV: Anti-Virus - SBC Yahoo! Online Protection *On-access scanning disabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: ZoneAlarm Extreme Security Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\etc\lmhosts
H:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-10-15 to 2010-11-15 )))))))))))))))))))))))))))))))
.

2010-11-11 01:16 . 2010-11-11 01:16 -------- d-----w- c:\documents and settings\AnnandAndy\Application Data\Canneverbe Limited
2010-11-11 01:16 . 2010-11-11 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-11-11 01:15 . 2009-11-12 22:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-11-11 01:15 . 2010-11-11 01:15 -------- d-----w- c:\program files\CDBurnerXP
2010-11-07 18:35 . 2010-11-07 18:35 -------- d-----w- C:\found.001
2010-11-07 11:23 . 2010-11-07 11:23 -------- d-----w- C:\found.000
2010-10-27 23:25 . 2010-10-27 23:25 -------- d-----w- c:\documents and settings\AnnandAndy\Application Data\Malwarebytes
2010-10-27 23:24 . 2010-04-29 23:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-27 23:24 . 2010-10-27 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-27 23:24 . 2010-11-11 23:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-27 23:24 . 2010-04-29 23:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-21 19:33 . 2010-10-21 19:33 -------- d-----w- c:\program files\iPod
2010-10-21 19:26 . 2010-10-21 19:26 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin8.dll
2010-10-21 19:26 . 2010-10-21 19:26 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-10-21 19:26 . 2010-10-21 19:26 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-10-21 19:26 . 2010-10-21 19:26 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-10-21 19:26 . 2010-10-21 19:26 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-10-21 19:26 . 2010-10-21 19:26 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-10-21 19:26 . 2010-10-21 19:26 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-10-21 19:26 . 2010-10-21 19:26 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-10-21 19:25 . 2010-10-21 19:26 -------- d-----w- c:\program files\QuickTime
2010-10-18 00:12 . 2010-10-18 00:18 -------- d-----w- c:\program files\Common Files\Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 19:23 . 2004-08-11 23:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-11 23:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-11 23:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-11 23:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-11 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-11 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2004-08-11 23:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2007-04-04 00:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-29 09:53 . 2010-09-01 18:14 72704 ----a-w- c:\windows\zllsputility.exe
2010-08-29 09:53 . 2010-09-01 18:13 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-08-29 09:53 . 2010-09-01 18:14 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-08-29 09:53 . 2010-09-01 18:14 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-08-27 08:02 . 2004-08-11 23:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-11 23:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2005-11-18 23:48 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-16 14:31 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-11 23:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-11 23:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2004-03-11 21:40 . 2004-03-11 21:40 308448 -c--a-w- c:\program files\unmsjvm.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-11-01_16.15.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-15 00:43 . 2010-11-15 00:43 16384 c:\windows\Temp\Perflib_Perfdata_7a8.dat
+ 2010-09-06 23:09 . 2010-11-15 01:37 60928 c:\windows\system32\ZoneLabs\zlqrtdb.dat
+ 2010-11-15 00:56 . 2010-11-15 00:56 63222 c:\windows\system32\ZoneLabs\avsys\temp\update\rollback\bases\wmuf\wmuf0012.dat
+ 2010-11-15 00:56 . 2010-11-15 00:56 90102 c:\windows\system32\ZoneLabs\avsys\temp\update\rollback\bases\wmuf\wmuf0011.dat
+ 2010-11-15 00:55 . 2010-11-15 00:55 21294 c:\windows\system32\ZoneLabs\avsys\temp\update\rollback\bases\apu\apu0016.dat
+ 2010-09-01 18:56 . 2010-11-15 00:55 63594 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0012.dat
+ 2010-09-01 18:56 . 2010-11-15 00:55 90101 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0011.dat
+ 2010-09-01 18:56 . 2010-11-11 19:46 90110 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0010.dat
- 2010-09-01 18:56 . 2010-10-27 15:57 90110 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0010.dat
+ 2010-09-01 18:56 . 2010-11-12 12:23 90073 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0009.dat
- 2010-09-01 18:56 . 2010-10-31 21:33 90073 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0009.dat
+ 2010-09-01 18:56 . 2010-11-10 22:41 90081 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0008.dat
+ 2010-09-01 18:56 . 2010-11-13 21:18 90100 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0007.dat
+ 2010-09-01 18:56 . 2010-11-01 21:32 90089 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0006.dat
- 2010-09-01 18:56 . 2010-10-27 15:57 90089 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0006.dat
+ 2010-09-01 18:56 . 2010-11-09 16:43 53999 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0003.dat
+ 2010-09-01 18:45 . 2010-11-11 19:46 44332 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\blst\bl0021.dat
+ 2010-11-08 16:41 . 2010-11-08 16:41 48329 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\av\ark\i386\win\mark64.dat
+ 2010-09-23 16:47 . 2010-11-08 16:41 46793 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\av\ark\i386\win\mark32.dat
+ 2010-11-07 21:29 . 2010-11-15 00:55 21540 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0016.dat
+ 2010-10-19 15:41 . 2010-11-09 22:48 90112 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0015.dat
+ 2010-09-19 21:50 . 2010-11-09 22:48 90094 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0014.dat
+ 2010-09-01 18:55 . 2010-11-09 22:48 90064 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0013.dat
+ 2010-09-01 18:55 . 2010-11-09 22:48 90124 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0012.dat
- 2010-09-01 18:55 . 2010-11-01 08:44 90124 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0012.dat
+ 2010-09-01 18:55 . 2010-11-11 16:29 90101 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0011.dat
+ 2010-09-01 18:55 . 2010-11-09 22:48 90115 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0010.dat
+ 2010-09-01 18:55 . 2010-11-09 22:48 90092 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0009.dat
+ 2010-09-01 18:55 . 2010-11-09 22:48 90116 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0008.dat
+ 2010-09-01 18:55 . 2010-11-09 22:48 90076 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0007.dat
+ 2010-09-01 18:55 . 2010-11-09 22:48 90115 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0006.dat
+ 2010-09-01 18:55 . 2010-11-09 22:48 90090 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0005.dat
+ 2010-09-01 18:55 . 2010-11-12 12:23 89837 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0004.dat
- 2010-09-01 18:55 . 2010-11-01 08:44 90112 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0003.dat
+ 2010-09-01 18:55 . 2010-11-09 22:48 90112 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0003.dat
+ 2010-09-01 18:55 . 2010-11-12 18:30 81505 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0002.dat
+ 2010-09-01 18:59 . 2010-11-15 00:56 63594 c:\windows\system32\ZoneLabs\avsys\bases\wmuf0012.dat
+ 2010-09-01 18:14 . 2010-11-15 00:56 90101 c:\windows\system32\ZoneLabs\avsys\bases\wmuf0011.dat
+ 2010-09-01 18:14 . 2010-11-11 19:47 90110 c:\windows\system32\ZoneLabs\avsys\bases\wmuf0010.dat
- 2010-09-01 18:14 . 2010-10-27 15:57 90110 c:\windows\system32\ZoneLabs\avsys\bases\wmuf0010.dat
- 2010-09-01 18:14 . 2010-10-31 21:33 90073 c:\windows\system32\ZoneLabs\avsys\bases\wmuf0009.dat
+ 2010-09-01 18:14 . 2010-11-12 12:23 90073 c:\windows\system32\ZoneLabs\avsys\bases\wmuf0009.dat
+ 2010-09-01 18:14 . 2010-11-10 22:41 90081 c:\windows\system32\ZoneLabs\avsys\bases\wmuf0008.dat
+ 2010-09-01 18:14 . 2010-11-13 21:19 90100 c:\windows\system32\ZoneLabs\avsys\bases\wmuf0007.dat
- 2010-09-01 18:14 . 2010-10-27 15:57 90089 c:\windows\system32\ZoneLabs\avsys\bases\wmuf0006.dat
+ 2010-09-01 18:14 . 2010-11-01 21:32 90089 c:\windows\system32\ZoneLabs\avsys\bases\wmuf0006.dat
+ 2010-09-01 18:14 . 2010-11-09 16:44 53999 c:\windows\system32\ZoneLabs\avsys\bases\wmuf0003.dat
+ 2010-11-08 16:42 . 2010-11-08 16:42 48329 c:\windows\system32\ZoneLabs\avsys\bases\mark64.dat
+ 2010-09-01 18:14 . 2010-11-08 16:42 46793 c:\windows\system32\ZoneLabs\avsys\bases\mark32.dat
+ 2010-09-01 18:57 . 2010-11-11 19:46 44332 c:\windows\system32\ZoneLabs\avsys\bases\bl0021.dat
+ 2010-11-07 21:29 . 2010-11-15 00:55 21540 c:\windows\system32\ZoneLabs\avsys\bases\apu0016.dat
+ 2010-10-19 15:41 . 2010-11-09 22:49 90112 c:\windows\system32\ZoneLabs\avsys\bases\apu0015.dat
+ 2010-09-19 21:51 . 2010-11-09 22:49 90094 c:\windows\system32\ZoneLabs\avsys\bases\apu0014.dat
+ 2010-09-01 18:56 . 2010-11-09 22:49 90064 c:\windows\system32\ZoneLabs\avsys\bases\apu0013.dat
+ 2010-09-01 18:56 . 2010-11-09 22:49 90124 c:\windows\system32\ZoneLabs\avsys\bases\apu0012.dat
- 2010-09-01 18:56 . 2010-11-01 08:45 90124 c:\windows\system32\ZoneLabs\avsys\bases\apu0012.dat
+ 2010-09-01 18:14 . 2010-11-11 16:30 90101 c:\windows\system32\ZoneLabs\avsys\bases\apu0011.dat
+ 2010-09-01 18:14 . 2010-11-09 22:49 90115 c:\windows\system32\ZoneLabs\avsys\bases\apu0010.dat
+ 2010-09-01 18:14 . 2010-11-09 22:49 90092 c:\windows\system32\ZoneLabs\avsys\bases\apu0009.dat
+ 2010-09-01 18:14 . 2010-11-09 22:49 90116 c:\windows\system32\ZoneLabs\avsys\bases\apu0008.dat
+ 2010-09-01 18:14 . 2010-11-09 22:49 90076 c:\windows\system32\ZoneLabs\avsys\bases\apu0007.dat
+ 2010-09-01 18:14 . 2010-11-09 22:49 90115 c:\windows\system32\ZoneLabs\avsys\bases\apu0006.dat
+ 2010-09-01 18:14 . 2010-11-09 22:49 90090 c:\windows\system32\ZoneLabs\avsys\bases\apu0005.dat
+ 2010-09-01 18:14 . 2010-11-12 12:23 89837 c:\windows\system32\ZoneLabs\avsys\bases\apu0004.dat
- 2010-09-01 18:14 . 2010-11-01 08:45 90112 c:\windows\system32\ZoneLabs\avsys\bases\apu0003.dat
+ 2010-09-01 18:14 . 2010-11-09 22:49 90112 c:\windows\system32\ZoneLabs\avsys\bases\apu0003.dat
+ 2010-09-01 18:14 . 2010-11-12 18:30 81505 c:\windows\system32\ZoneLabs\avsys\bases\apu0002.dat
+ 2006-01-25 04:18 . 2004-04-13 08:10 36864 c:\windows\system32\spool\drivers\w32x86\hpofficejet_7400_ser66de\hpofax08.dll
+ 2004-08-11 23:00 . 2010-11-07 17:49 69736 c:\windows\system32\perfc009.dat
+ 2010-11-13 23:50 . 2004-12-15 23:20 19696 c:\windows\hpomdl05.dat
+ 2010-11-13 23:50 . 2010-11-14 09:34 68256 c:\windows\hpoins05.dat
- 2006-01-31 18:38 . 2010-11-01 15:40 4212 c:\windows\system32\zllictbl.dat
+ 2006-01-31 18:38 . 2010-11-15 01:05 4212 c:\windows\system32\zllictbl.dat
+ 2010-11-01 16:33 . 2010-11-01 16:33 393216 c:\windows\Temp\sfdb.dat
+ 2010-11-01 16:33 . 2010-11-01 16:33 262144 c:\windows\Temp\iswift.dat
+ 2004-08-11 23:00 . 2010-11-07 17:49 438058 c:\windows\system32\perfh009.dat
- 2007-10-14 06:54 . 2010-11-01 02:11 3777536 c:\windows\Installer\7676e.msi
+ 2007-10-14 06:54 . 2010-11-12 21:46 3777536 c:\windows\Installer\7676e.msi
+ 2006-02-13 22:39 . 2010-11-10 17:16 35758536 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2006-10-21 73728]
"Dell QuickSet"="c:\progra~1\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"Linksys WMB54G Utility"="c:\program files\Wireless-G Music Bridge\WMB54G.exe" [2006-02-20 1171456]
"CmFlywaveName"="c:\windows\System\CmFlywav.exe" [2005-10-05 32768]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-08-29 1039360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\AnnandAndy\Start Menu\Programs\Startup\
hpqtra08.exe [2008-3-25 214360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoTaskGrouping"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-22 07:26 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer 3 SE Camera Monitor Ver.3.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.3.lnk
backup=c:\windows\pss\ImageMixer 3 SE Camera Monitor Ver.3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton GoBack.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Norton GoBack.lnk
backup=c:\windows\pss\Norton GoBack.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^AnnandAndy^Start Menu^Programs^Startup^Gist Outlook Plugin.lnk]
path=c:\documents and settings\AnnandAndy\Start Menu\Programs\Startup\Gist Outlook Plugin.lnk
backup=c:\windows\pss\Gist Outlook Plugin.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^AnnandAndy^Start Menu^Programs^Startup^hpqtra08.exe]
path=c:\documents and settings\AnnandAndy\Start Menu\Programs\Startup\hpqtra08.exe
backup=c:\windows\pss\hpqtra08.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 06:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 11:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-02-22 17:33 72192 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-06 03:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bacstray]
2004-08-18 18:26 118784 ----a-w- c:\program files\Broadcom\BACS\BacsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2006-01-26 18:41 81920 -c----w- c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2005-05-31 13:33 122941 ----a-w- c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19 53248 -c----w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-17 00:15 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 09:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-09-26 07:31 185640 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2009-03-12 23:33 1347584 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-03-20 21:32 1312256 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 18:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunNarrator]
2008-04-14 00:12 53760 ----a-w- c:\windows\system32\narrator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 10:43 83608 ----a-w- c:\program files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
2010-03-17 20:55 1565696 ----a-w- c:\program files\Verizon\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"NITaggerService"=2 (0x2)
"niSvcLoc"=2 (0x2)
"Nimushiv"=3 (0x3)
"NILM License Manager"=3 (0x3)
"NIDomainService"=2 (0x2)
"NICCONFIGSVC"=2 (0x2)
"CAISafe"=2 (0x2)
"VETMSGNT"=2 (0x2)
"Sytctmcrs.1"=3 (0x3)
"lkTimeSync"=2 (0x2)
"lkClassAds"=2 (0x2)
"mxssvr"=2 (0x2)
"LkCitadelServer"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"GoToAssist"=3 (0x3)
"Atarexxachv"=3 (0x3)
"gupdate1c9859294e592c4"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"aawservice"=3 (0x3)
"UPS"=3 (0x3)
"TapiSrv"=3 (0x3)
"IntuitUpdateService"=2 (0x2)
"ImapiService"=3 (0x3)
"CCALib8"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Autirans"=3 (0x3)
"mnmsrvc"=2 (0x2)
"Symantec RemoteAssist"=3 (0x3)
"FreeAgentGoNext Service"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"McciCMService"=2 (0x2)
"btwdins"=2 (0x2)
"ACDaemon"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MimBoot"=c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe"
"Motive SmartBridge"=c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
"Verizon_McciTrayApp"=c:\program files\Verizon\McciTrayApp.exe
"IMAQBoot"=c:\program files\National Instruments\NI-IMAQ\bin\ImaqBoot.exe
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dlcfcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcfpswx.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)

R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [02/15/07 17:23 15136]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [08/20/08 17:04 149376]
R1 prcmondrv;prcmondrv;c:\windows\system32\drivers\prcmondrv1041.sys [12/28/06 17:04 18432]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [06/15/10 03:09 26352]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [06/15/10 03:09 493032]
R2 niarbk;niarbk;c:\windows\system32\drivers\niarbk.dll [12/01/01 14:21 37376]
R2 nibffrk;nibffrk;c:\windows\system32\drivers\nibffrk.dll [12/01/01 14:21 21504]
R2 Nidaq32k;Nidaq32k;c:\windows\system32\drivers\nidaq32k.sys [12/01/01 15:50 670720]
R2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\system32\drivers\nidmmk.dll [12/01/01 15:51 46592]
R2 nimdsk;nimdsk;c:\windows\system32\drivers\nimdsk.dll [12/01/01 14:25 31232]
R2 nistck;nistck;c:\windows\system32\drivers\niSTCk.dll [12/01/01 14:27 111616]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [02/23/07 10:25 11552]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [03/21/08 00:20 327800]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [01/21/10 15:24 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [06/16/09 07:58 20480]
R3 cmvad;C-Media Wi-Sonic Wireless Audio Interface;c:\windows\system32\drivers\cmudaxv.sys [12/23/06 14:37 1351360]
R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [06/15/10 03:09 35568]
S2 NatMotion;NatMotion;c:\windows\system32\drivers\NatMotion.sys [06/13/01 10:15 104537]
S3 gpibclsb;GPIB Board Class Driver;c:\windows\system32\drivers\gpibclsb.sys [07/01/99 12:25 56904]
S3 gpibclsd;GPIB Device Class Driver;c:\windows\system32\drivers\gpibclsd.sys [07/01/99 12:04 34664]
S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [02/21/07 22:20 11552]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [02/15/07 23:00 11552]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [02/15/07 23:00 11552]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [02/22/07 10:42 11552]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [02/23/07 10:25 11552]
S3 USBREC;Canon USB Video Record;c:\windows\system32\drivers\USBREC.sys [10/05/04 10:39 4992]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [04/28/10 17:34 11520]
S4 Atarexxachv;Atarexxachv; [x]
S4 Autirans;Autirans;c:\windows\system32\drivers\gpibpci.sys [08/10/00 14:33 81218]
S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [01/25/06 18:20 155136]
S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [01/25/06 18:20 5248]
S4 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [09/25/09 23:32 189736]
S4 gupdate1c9859294e592c4;Google Update Service (gupdate1c9859294e592c4);c:\program files\Google\Update\GoogleUpdate.exe [02/02/09 16:01 133104]
S4 Nimushiv;Nimushiv; [x]
S4 Sytctmcrs.1;Sytctmcrs.1; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NIPALK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-11-13 c:\windows\Tasks\Backup.job
- c:\windows\system32\ntbackup.exe [2004-08-11 00:12]

2010-11-13 c:\windows\Tasks\C and F incremental.job
- c:\windows\system32\ntbackup.exe [2004-08-11 00:12]

2010-11-13 c:\windows\Tasks\HolochipToDriveF.job
- c:\windows\system32\ntbackup.exe [2004-08-11 00:12]

2009-06-26 c:\windows\Tasks\Thirty.job
- c:\documents and settings\AnnandAndy\My Documents\Andy\Personal\Thirty.wav [2009-04-21 15:53]

2010-11-15 c:\windows\Tasks\User_Feed_Synchronization-{BC8FC3C7-17C6-4AEA-8F35-E1CB052E630F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
mStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/forgotPassword.asp?affid=105-56&langid=1&close=true&RW=1
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37570.cab
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 17:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1353860857-2295238807-1704135317-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\0* {]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1032)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll

- - - - - - - > 'lsass.exe'(1088)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll

- - - - - - - > 'csrss.exe'(992)
c:\program files\CheckPoint\ZAForceField\AK\akconsole.dll
.
Completion time: 2010-11-14 17:56:56
ComboFix-quarantined-files.txt 2010-11-15 01:56
ComboFix2.txt 2010-11-01 16:18

Pre-Run: 23,014,506,496 bytes free
Post-Run: 24,076,840,960 bytes free

- - End Of File - - 0EB923A12A90E96F781D2A77E8244618




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users