Possible Malware infection

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Possible Malware infection BSODs....Cannot access Device Manager and Computer Management

#16 SSri09

Group: Member
Posts: 133
Joined: 30-January 09

Posted 16 October 2010 - 04:42 PM

Quote

As a matter of interest does this work to open Device Manager?

No!

In fact, when I realised issues with device manager, computer management in the last few weeks, I booted the system with the win7 installation disk. I clicked repair the OS. I tried this a few few times. It did not find anything to repair.

Thanks
SSri09

#17 emeraldnzl

Group: GeekU Moderator
Posts: 14,416
Joined: 19-November 07

Posted 16 October 2010 - 05:12 PM

Hello SSri09,

Is this computer related to work in any way? The reason I ask is that this looks like a permissions thing and some computers (they may be used at home) have restrictions placed there by administrators from a work environment for one reason or another. Tell me when you return.

Meantime:

Please run the MGA Diagnostic Tool and post back the report it produces:

Download MGADiag to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.

#18 SSri09

Group: Member
Posts: 133
Joined: 30-January 09

Posted 16 October 2010 - 05:56 PM

I own this PC. I use it for my work, home and personal use. My family use it for home and personal uses. There are no administrators.

The win7 64 bit is a retail version, which I procured from a retailer.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-77J2H-X28YY-Q8GHR
Windows Product Key Hash: QHRKHIuOLh7q9TkndzZEmOnm0B0=
Windows Product ID: 00426-292-5963964-85877
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.001
ID: {3F63D85C-08B9-4316-8A4F-76BF36E67AC2}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7600.win7_gdr.100618-1621
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2efd_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\Sundars\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{F7D04146-BE42-480F-8C6E-A03B00DFD403}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-Q8GHR</PKey><PID>00426-292-5963964-85877</PID><PIDType>5</PIDType><SID>S-1-5-21-1248678023-3426249870-1742254041</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP xw8600 Workstation</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>786F5 v01.35</Version><SMBIOSVersion major="2" minor="5"/><Date>20090428000000.000000+000</Date></BIOS><HWID>5DBA3607018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-WKS</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0014-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional 2007</Name><Ver>12</Ver><Val>BA0FF5B8660EF10</Val><Hash>k+0IBWxI55MXFzWXjHw6vSj9kkc=</Hash><Pid>81605-904-6911945-65645</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows® 7, Ultimate edition
Description: Windows Operating System - Windows® 7, RETAIL channel
Activation ID: ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00170-292-596396-00-2057-7600.0000-1782010
Installation ID: 001264267503075855204791910672267573649575434354182523
Processor Certificate URL: http://go.microsoft....k/?LinkID=88338
Machine Certificate URL: http://go.microsoft....k/?LinkID=88339
Use License URL: http://go.microsoft....k/?LinkID=88341
Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340
Partial Product Key: Q8GHR
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 17/10/2010 00:50:24

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 9:22:2010 00:01
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: MgAAAAEAAgABAAEAAgABAAAAAgABAAEA6GGsv+YdckM8tSJWTj7Ao6AFFqACU9xpTFg=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM SEABURG
FACP HPQOEM SEABURG
HPET HPQOEM SEABURG
MCFG HPQOEM SEABURG
SSDT HPQOEM PROJECT
ASF! HPQOEM SEABURG
SLIC HPQOEM SLIC-WKS
TCPA HPQOEM SEABURG

#19 emeraldnzl

Group: GeekU Moderator
Posts: 14,416
Joined: 19-November 07

Posted 16 October 2010 - 06:05 PM

Quote

I own this PC. I use it for my work, home and personal use. My family use it for home and personal uses.

I take it that that means there is no remote control?

Now

Please run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

:Commands
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.

Next

Close all windows and open OTL again.
Click Run Scan and let the program run uninterrupted
It will produce a log for you. Post the log here.

#20 SSri09

Group: Member
Posts: 133
Joined: 30-January 09

Posted 16 October 2010 - 06:48 PM

Quote

I take it that that means there is no remote control?

Thanks for your help.

No, there isn't. Once I used my desktop on a laptop using Gotomypc anywhere. I am sure this is irrelevant to your question.

Quote

It will produce a log for you on reboot, please post that log in your next reply.

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.15.2 log created on 10172010_012534

Quote

Close all windows and open OTL.EXE again. Click Run Scan and let the program run uninterrupted
It will produce a log for you. Post the log here.

OTL logfile created on: 17/10/2010 01:32:01 - Run 2
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Sundars\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 66.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 388.49 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive D: | 1397.27 Gb Total Space | 1355.26 Gb Free Space | 96.99% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: SUNDARS-PC | User Name: Sundars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/17 01:24:34 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Sundars\Downloads\OTL.exe
PRC - [2010/09/06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/26 11:06:44 | 000,096,112 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2010/03/11 12:07:54 | 000,124,432 | ---- | M] ( Pro-Softnet) -- C:\ZoneAlarmBackup\ZABackupWebM.exe
PRC - [2010/03/11 12:01:32 | 000,149,008 | ---- | M] (Pro Softnet Corporation) -- C:\ZoneAlarmBackup\ZABackup Service.exe
PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/07/14 02:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2009/05/12 21:59:16 | 000,487,424 | ---- | M] () -- C:\Program Files (x86)\MegaRAID Storage Manager\MegaMonitor\mrmonitor.exe
PRC - [2009/04/22 17:03:14 | 000,072,760 | R--- | M] () -- C:\Program Files (x86)\MegaRAID Storage Manager\Framework\VivaldiFramework.exe
PRC - [2009/03/25 15:32:18 | 000,102,400 | ---- | M] (LSI) -- C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe
PRC - [2009/03/02 11:27:10 | 000,144,792 | R--- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\MegaRAID Storage Manager\JRE\bin\javaw.exe
PRC - [2009/01/12 08:15:52 | 000,071,096 | ---- | M] () -- C:\Windows\SysWOW64\NMSAccessU.exe

========== Modules (SafeList) ==========

MOD - [2010/10/17 01:24:34 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Sundars\Downloads\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/07/14 13:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 18:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/04/09 14:30:04 | 000,751,616 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/04 14:04:30 | 002,950,744 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_062a651.dll -- (Akamai)
SRV - [2010/09/06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/23 09:09:57 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/05/20 17:19:16 | 000,101,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 12:07:54 | 000,124,432 | ---- | M] ( Pro-Softnet) [Auto | Running] -- C:\ZoneAlarmBackup\ZABackupWebM.exe -- (ZABackupWebM)
SRV - [2010/03/11 12:01:32 | 000,149,008 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\ZoneAlarmBackup\ZABackup Service.exe -- (ZoneAlarmBackup Service)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/07/14 02:16:19 | 000,348,672 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/12 21:59:16 | 000,487,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\MegaRAID Storage Manager\MegaMonitor\mrmonitor.exe -- (MegaMonitorSrv)
SRV - [2009/04/22 17:03:14 | 000,072,760 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\MegaRAID Storage Manager\Framework\VivaldiFramework.exe -- (MSMFramework)
SRV - [2009/01/12 08:15:52 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\NMSAccessU.exe -- (NMSAccess)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/17 19:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 19:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/14 01:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/14 01:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/14 01:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/25 04:38:20 | 000,966,144 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 05 80 23 B2 3A CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.order.2: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: toggleprivatebrowsing@supernova00.biz:1.8
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/10/13 10:26:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/12 10:46:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/12 10:46:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/10/06 08:37:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/06/29 18:47:02 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\Mozilla\Extensions
[2010/06/29 18:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/10/16 19:15:24 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\Mozilla\Firefox\Profiles\h7xf00a3.default\extensions
[2010/06/29 23:52:17 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Firefox\Profiles\h7xf00a3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/06/23 09:10:01 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Firefox\Profiles\h7xf00a3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/10/12 11:00:33 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\Mozilla\Firefox\Profiles\h7xf00a3.default\extensions\toggleprivatebrowsing@supernova00.biz
[2010/10/12 10:46:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/14 22:09:10 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/14 22:09:10 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/14 22:09:10 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/14 22:09:10 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/15 10:20:14 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Popup] C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\Popup.exe (LSI)
O4 - HKCU..\Run: [ZoneAlarm Backup Startup] C:\ZoneAlarmBackup\ZABackupStartup.exe (Pro Softnet Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e8cf7a3b-7e4e-11df-9acf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e8cf7a3b-7e4e-11df-9acf-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- File not found
O33 - MountPoints2\{e8cf7a3b-7e4e-11df-9acf-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE -- File not found
O33 - MountPoints2\{e8cf7a3b-7e4e-11df-9acf-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/17 00:50:47 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2010/10/17 00:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/10/17 00:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows7FirewallControl
[2010/10/16 19:07:03 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Sun
[2010/10/16 11:55:04 | 000,000,000 | ---D | C] -- C:\WFLog
[2010/10/16 11:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/10/16 11:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/10/16 11:20:23 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010/10/15 10:19:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/14 22:39:15 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/14 22:39:15 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/14 22:39:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/14 22:39:12 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/10/14 22:39:10 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/14 22:39:09 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/14 22:39:09 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/14 22:39:08 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/14 22:39:08 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/14 22:39:03 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/14 22:39:03 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/14 22:39:02 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/14 22:39:02 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/14 22:39:02 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/14 22:39:02 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/14 22:39:02 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/14 22:39:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/14 22:39:02 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/14 22:39:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/14 22:39:02 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/14 22:39:02 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/14 22:39:02 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/14 22:39:02 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/14 22:38:57 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/14 22:38:56 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/14 22:38:56 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/14 22:38:55 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/14 22:38:53 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/12 10:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/10/08 15:39:59 | 000,229,376 | ---- | C] (Pro-SoftNet Corporation, USA) -- C:\Windows\SysWow64\IDrLocale.dll
[2010/10/08 15:39:56 | 001,245,184 | ---- | C] (Pro Soft Net Corporation) -- C:\Windows\SysWow64\ZABackupService.dll
[2010/10/08 15:39:55 | 000,000,000 | ---D | C] -- C:\ZoneAlarmBackup
[2010/10/06 13:05:05 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\2BrightSparks
[2010/10/06 13:05:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2BrightSparks
[2010/10/06 11:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2010/10/06 11:40:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/10/06 11:29:45 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Desktop\GEEKSTOGO
[2010/10/06 11:04:05 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/10/06 08:38:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/10/06 08:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/06 08:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/06 08:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/10/06 08:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/06 08:35:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/10/05 20:53:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adaptrade Software
[2010/10/05 12:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2010/10/04 14:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/10/04 14:41:20 | 000,055,856 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2010/10/04 14:41:20 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2010/10/04 14:41:20 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2010/10/04 14:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2010/10/04 14:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/10/04 14:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2010/09/23 12:05:01 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\passport_photo
[2010/09/23 12:01:27 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Documents\PassportPhoto settings
[2010/09/23 12:01:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PassportPhoto
[2010/09/23 10:01:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MegaRAID Storage Manager
[2010/09/23 10:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/09/23 09:55:39 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Intel Corporation
[2010/09/23 09:48:59 | 000,000,000 | ---D | C] -- C:\Intel
[2010/09/23 09:48:58 | 000,540,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/09/23 09:48:57 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/09/23 09:48:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2010/09/23 09:48:56 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\InstallShield
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/17 01:27:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/17 01:23:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1248678023-3426249870-1742254041-1000UA.job
[2010/10/17 00:55:25 | 000,018,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/17 00:55:25 | 000,018,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/16 23:09:55 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/16 23:09:55 | 000,630,928 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/16 23:09:55 | 000,111,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/16 23:01:21 | 000,000,018 | ---- | M] () -- C:\UserName.ini
[2010/10/16 14:25:07 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/16 12:23:00 | 000,000,862 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1248678023-3426249870-1742254041-1000Core.job
[2010/10/16 11:23:40 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/10/15 10:20:14 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/10/15 03:24:35 | 000,426,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/12 10:46:09 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/11 21:32:01 | 000,000,992 | ---- | M] () -- C:\Users\Sundars\Desktop\ZABackup.lnk
[2010/10/06 20:31:28 | 000,012,036 | ---- | M] () -- C:\Users\Sundars\Desktop\PC SECURITY.docx
[2010/10/06 13:05:08 | 000,001,115 | ---- | M] () -- C:\Users\Sundars\Desktop\SyncBackPro.lnk
[2010/10/06 11:40:41 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2010/10/06 11:28:45 | 000,000,000 | -H-- | M] () -- C:\Users\Sundars\Documents\Default.rdp
[2010/10/06 08:36:59 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/05 20:53:47 | 000,002,661 | ---- | M] () -- C:\Users\Public\Desktop\Market System Analyzer 3.lnk
[2010/10/04 23:40:23 | 000,002,288 | ---- | M] () -- C:\Users\Sundars\Desktop\Google Chrome.lnk
[2010/10/04 14:41:24 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 9.lnk
[2010/10/04 12:21:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/10/03 22:02:06 | 003,245,838 | ---- | M] () -- C:\Users\Sundars\Desktop\MTPredictor Trading Course Part 1 (Dec72009).pdf
[2010/10/02 08:41:28 | 000,001,011 | ---- | M] () -- C:\Users\Sundars\Desktop\CCleaner.lnk
[2010/09/29 18:57:20 | 000,034,304 | ---- | M] () -- C:\Users\Sundars\Documents\Copy of Letter from Tony for treating him Elective Professional client.doc
[2010/09/23 21:06:10 | 000,197,416 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/09/23 12:04:59 | 000,002,016 | ---- | M] () -- C:\Users\Sundars\Desktop\PassportPhoto.lnk
[2010/09/23 10:01:45 | 000,000,102 | ---- | M] () -- C:\Windows\LSI_StorSNMP.ini
[2010/09/23 10:01:44 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\MegaRAID Storage Manager.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/16 11:23:40 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/10/12 10:46:09 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/11 21:32:01 | 000,000,992 | ---- | C] () -- C:\Users\Sundars\Desktop\ZABackup.lnk
[2010/10/08 15:39:57 | 000,569,368 | ---- | C] () -- C:\Windows\SysWow64\olelib.tlb
[2010/10/08 15:39:57 | 000,022,212 | ---- | C] () -- C:\Windows\SysWow64\olelib2.tlb
[2010/10/08 15:39:57 | 000,003,841 | ---- | C] () -- C:\Windows\SysWow64\server.pem
[2010/10/08 15:39:56 | 000,147,130 | ---- | C] () -- C:\Windows\SysWow64\CRYPT32.LIB
[2010/10/08 15:39:56 | 000,117,982 | ---- | C] () -- C:\Windows\SysWow64\ADVAPI32.LIB
[2010/10/08 15:39:56 | 000,026,128 | ---- | C] () -- C:\Windows\SysWow64\ZABackupXceedCryReg.exe
[2010/10/08 15:39:56 | 000,000,096 | ---- | C] () -- C:\Windows\SysWow64\RegisterZABackupDll.bat
[2010/10/06 20:31:27 | 000,012,036 | ---- | C] () -- C:\Users\Sundars\Desktop\PC SECURITY.docx
[2010/10/06 13:05:08 | 000,001,115 | ---- | C] () -- C:\Users\Sundars\Desktop\SyncBackPro.lnk
[2010/10/06 13:05:05 | 000,071,096 | ---- | C] () -- C:\Windows\SysWow64\NMSAccessU.exe
[2010/10/06 13:05:05 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\SyncBackPro.dll
[2010/10/06 11:44:42 | 000,293,376 | ---- | C] () -- C:\Users\Sundars\Desktop\gmer.exe
[2010/10/06 11:40:41 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2010/10/06 11:28:45 | 000,000,000 | -H-- | C] () -- C:\Users\Sundars\Documents\Default.rdp
[2010/10/06 08:38:28 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/06 08:36:59 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/05 20:53:47 | 000,002,661 | ---- | C] () -- C:\Users\Public\Desktop\Market System Analyzer 3.lnk
[2010/10/04 23:40:23 | 000,002,288 | ---- | C] () -- C:\Users\Sundars\Desktop\Google Chrome.lnk
[2010/10/04 14:41:24 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 9.lnk
[2010/10/04 12:21:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/10/03 22:02:06 | 003,245,838 | ---- | C] () -- C:\Users\Sundars\Desktop\MTPredictor Trading Course Part 1 (Dec72009).pdf
[2010/09/29 18:57:19 | 000,034,304 | ---- | C] () -- C:\Users\Sundars\Documents\Copy of Letter from Tony for treating him Elective Professional client.doc
[2010/09/23 12:01:23 | 000,002,016 | ---- | C] () -- C:\Users\Sundars\Desktop\PassportPhoto.lnk
[2010/09/23 10:01:44 | 000,001,982 | ---- | C] () -- C:\Users\Public\Desktop\MegaRAID Storage Manager.lnk
[2010/09/08 20:32:30 | 000,000,924 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\Rim.Desktop.Exception.log
[2010/09/08 13:45:26 | 000,003,283 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/08/19 07:13:28 | 000,000,036 | ---- | C] () -- C:\Users\Sundars\AppData\Local\housecall.guid.cache
[2010/08/17 21:35:24 | 000,010,240 | ---- | C] () -- C:\Users\Sundars\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/28 15:32:09 | 000,728,982 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/23 07:41:12 | 000,441,705 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2010/06/23 07:41:12 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 00:16:42 | 000,056,880 | ---- | C] () -- C:\Windows\SysWow64\scvideo.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/07 22:08:06 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\AlertStrings.dll
[2008/11/26 10:06:36 | 000,000,102 | ---- | C] () -- C:\Windows\LSI_StorSNMP.ini
[2006/08/25 05:31:57 | 000,000,040 | ---- | C] () -- C:\Users\Sundars\AppData\Local\703911de9d20150.dat
[2000/07/01 09:14:06 | 000,000,040 | ---- | C] () -- C:\Windows\806e6f6e6963122.ini

< End of report >

Thanks - SSri09

#21 emeraldnzl

Group: GeekU Moderator
Posts: 14,416
Joined: 19-November 07

Posted 16 October 2010 - 07:38 PM

Well that was interesting... looks like some stuff regenerating. Suggests there is some malware hiding in there.

Let's see if this will make a difference.

Please run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 1
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O33 - MountPoints2\{e8cf7a3b-7e4e-11df-9acf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e8cf7a3b-7e4e-11df-9acf-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- File not found
O33 - MountPoints2\{e8cf7a3b-7e4e-11df-9acf-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE -- File not found
O33 - MountPoints2\{e8cf7a3b-7e4e-11df-9acf-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

:Commands
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.

Next

Double click on the OTL icon to run it. Make sure all other windows are closed to let it run uninterrupted.
Under the Custom Scan box paste this in:

/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
disk.sys
ntoskrnl.exe
icsak.sys
srv2.sys
srvnet.sys
win32k.sys
tcpip.sys
mrxsmb10.sys
ksecpkg.sys
dxgkrnl.sys
/md5stop
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open a notepad window, OTL.txt. This is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of the file and paste it into your reply.

#22 SSri09

Group: Member
Posts: 133
Joined: 30-January 09

Posted 17 October 2010 - 03:45 AM

Quote

Looks like some stuff regenerating. Suggests there is some malware hiding in there.

I am not surprised. I thought something fishy in there when I suddenly could not access critical components of the system, despite having full admin rights.
Thank you for your help. You are amazing!

Quote

Then click the Run Fix button at the top

All processes killed
========== OTL ==========
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.order.1
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWinKeys deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8cf7a3b-7e4e-11df-9acf-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8cf7a3b-7e4e-11df-9acf-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8cf7a3b-7e4e-11df-9acf-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8cf7a3b-7e4e-11df-9acf-806e6f6e6963}\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8cf7a3b-7e4e-11df-9acf-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8cf7a3b-7e4e-11df-9acf-806e6f6e6963}\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8cf7a3b-7e4e-11df-9acf-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8cf7a3b-7e4e-11df-9acf-806e6f6e6963}\ not found.
File E:\SETUP.EXE not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
C:\Windows\SysNative\drivers\~GLH0023.TMP deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Sundar
->Temp folder emptied: 109718671 bytes
->Temporary Internet Files folder emptied: 74390 bytes
->Java cache emptied: 128094 bytes
->FireFox cache emptied: 45261555 bytes
->Flash cache emptied: 1228 bytes

User: Sundars
->Temp folder emptied: 117443641 bytes
->Temporary Internet Files folder emptied: 971756 bytes
->Java cache emptied: 128094 bytes
->FireFox cache emptied: 43266543 bytes
->Google Chrome cache emptied: 26214786 bytes
->Flash cache emptied: 1002 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 48300026 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 53127942 bytes

Total Files Cleaned = 424.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Sundar
->Flash cache emptied: 0 bytes

User: Sundars
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.15.2 log created on 10172010_100647

Files\Folders moved on Reboot...
C:\Users\Sundars\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Sundars\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{26AD8B04-9A46-4D6C-AFA5-FFCF41685375}.tmp not found!
File\Folder C:\Users\Sundars\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{287C2EC8-D363-46A1-8111-43CD840C1B65}.tmp not found!
File\Folder C:\Users\Sundars\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8B3AFFEE-40D9-4566-B05D-E9E5AE48A535}.tmp not found!
File\Folder C:\Users\Sundars\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A5943F67-A902-4398-9189-DF72C16F1EBF}.tmp not found!
File\Folder C:\Windows\temp\hsperfdata_SUNDARS-PC$\2056 not found!

Registry entries deleted on Reboot...

Quote

Run OTL.exe and Run Scan

OTL logfile created on: 17/10/2010 10:16:25 - Run 3
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Sundars\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 68.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 399.92 Gb Free Space | 85.86% Space Free | Partition Type: NTFS
Drive D: | 1397.27 Gb Total Space | 1355.26 Gb Free Space | 96.99% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: SUNDARS-PC | User Name: Sundars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/17 01:24:34 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Sundars\Downloads\OTL.exe
PRC - [2010/09/06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/26 11:06:44 | 000,096,112 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2010/03/11 12:07:54 | 000,124,432 | ---- | M] ( Pro-Softnet) -- C:\ZoneAlarmBackup\ZABackupWebM.exe
PRC - [2010/03/11 12:01:32 | 000,149,008 | ---- | M] (Pro Softnet Corporation) -- C:\ZoneAlarmBackup\ZABackup Service.exe
PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/07/14 02:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2009/05/12 21:59:16 | 000,487,424 | ---- | M] () -- C:\Program Files (x86)\MegaRAID Storage Manager\MegaMonitor\mrmonitor.exe
PRC - [2009/04/22 17:03:14 | 000,072,760 | R--- | M] () -- C:\Program Files (x86)\MegaRAID Storage Manager\Framework\VivaldiFramework.exe
PRC - [2009/03/25 15:32:18 | 000,102,400 | ---- | M] (LSI) -- C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe
PRC - [2009/03/02 11:27:10 | 000,144,792 | R--- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\MegaRAID Storage Manager\JRE\bin\javaw.exe
PRC - [2009/01/12 08:15:52 | 000,071,096 | ---- | M] () -- C:\Windows\SysWOW64\NMSAccessU.exe

========== Modules (SafeList) ==========

MOD - [2010/10/17 01:24:34 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Sundars\Downloads\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/07/14 13:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 18:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/04/09 14:30:04 | 000,751,616 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/04 14:04:30 | 002,950,744 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_062a651.dll -- (Akamai)
SRV - [2010/09/06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/23 09:09:57 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/05/20 17:19:16 | 000,101,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 12:07:54 | 000,124,432 | ---- | M] ( Pro-Softnet) [Auto | Running] -- C:\ZoneAlarmBackup\ZABackupWebM.exe -- (ZABackupWebM)
SRV - [2010/03/11 12:01:32 | 000,149,008 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\ZoneAlarmBackup\ZABackup Service.exe -- (ZoneAlarmBackup Service)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/07/14 02:16:19 | 000,348,672 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/12 21:59:16 | 000,487,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\MegaRAID Storage Manager\MegaMonitor\mrmonitor.exe -- (MegaMonitorSrv)
SRV - [2009/04/22 17:03:14 | 000,072,760 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\MegaRAID Storage Manager\Framework\VivaldiFramework.exe -- (MSMFramework)
SRV - [2009/01/12 08:15:52 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\NMSAccessU.exe -- (NMSAccess)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/17 19:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 19:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/14 01:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/14 01:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/14 01:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/25 04:38:20 | 000,966,144 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 05 80 23 B2 3A CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.2: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: toggleprivatebrowsing@supernova00.biz:1.8
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/10/13 10:26:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/12 10:46:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/12 10:46:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/10/06 08:37:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/06/29 18:47:02 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\Mozilla\Extensions
[2010/06/29 18:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/10/16 19:15:24 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\Mozilla\Firefox\Profiles\h7xf00a3.default\extensions
[2010/06/29 23:52:17 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Firefox\Profiles\h7xf00a3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/06/23 09:10:01 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Firefox\Profiles\h7xf00a3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/10/12 11:00:33 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\Mozilla\Firefox\Profiles\h7xf00a3.default\extensions\toggleprivatebrowsing@supernova00.biz
[2010/10/12 10:46:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/14 22:09:10 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/14 22:09:10 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/14 22:09:10 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/14 22:09:10 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/17 10:07:46 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Popup] C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\Popup.exe (LSI)
O4 - HKCU..\Run: [ZoneAlarm Backup Startup] C:\ZoneAlarmBackup\ZABackupStartup.exe (Pro Softnet Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/17 00:50:47 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2010/10/17 00:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/10/17 00:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows7FirewallControl
[2010/10/16 19:07:03 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Sun
[2010/10/16 11:55:04 | 000,000,000 | ---D | C] -- C:\WFLog
[2010/10/16 11:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/10/16 11:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/10/16 11:20:23 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010/10/15 10:19:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/14 22:39:15 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/14 22:39:15 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/14 22:39:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/14 22:39:12 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/10/14 22:39:10 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/14 22:39:09 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/14 22:39:09 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/14 22:39:08 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/14 22:39:08 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/14 22:39:03 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/14 22:39:03 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/14 22:39:02 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/14 22:39:02 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/14 22:39:02 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/14 22:39:02 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/14 22:39:02 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/14 22:39:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/14 22:39:02 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/14 22:39:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/14 22:39:02 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/14 22:39:02 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/14 22:39:02 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/14 22:39:02 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/14 22:38:57 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/14 22:38:56 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/14 22:38:56 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/14 22:38:55 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/14 22:38:53 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/12 10:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/10/08 15:39:59 | 000,229,376 | ---- | C] (Pro-SoftNet Corporation, USA) -- C:\Windows\SysWow64\IDrLocale.dll
[2010/10/08 15:39:56 | 001,245,184 | ---- | C] (Pro Soft Net Corporation) -- C:\Windows\SysWow64\ZABackupService.dll
[2010/10/08 15:39:55 | 000,000,000 | ---D | C] -- C:\ZoneAlarmBackup
[2010/10/06 13:05:05 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\2BrightSparks
[2010/10/06 13:05:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2BrightSparks
[2010/10/06 11:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2010/10/06 11:40:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/10/06 11:29:45 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Desktop\GEEKSTOGO
[2010/10/06 11:04:05 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/10/06 08:38:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/10/06 08:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/06 08:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/06 08:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/10/06 08:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/06 08:35:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/10/05 20:53:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adaptrade Software
[2010/10/05 12:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2010/10/04 14:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/10/04 14:41:20 | 000,055,856 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2010/10/04 14:41:20 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2010/10/04 14:41:20 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2010/10/04 14:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2010/10/04 14:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/10/04 14:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2010/09/23 12:05:01 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\passport_photo
[2010/09/23 12:01:27 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Documents\PassportPhoto settings
[2010/09/23 12:01:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PassportPhoto
[2010/09/23 10:01:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MegaRAID Storage Manager
[2010/09/23 10:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/09/23 09:55:39 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Intel Corporation
[2010/09/23 09:48:59 | 000,000,000 | ---D | C] -- C:\Intel
[2010/09/23 09:48:58 | 000,540,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/09/23 09:48:57 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/09/23 09:48:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2010/09/23 09:48:56 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\InstallShield

========== Files - Modified Within 30 Days ==========

[2010/10/17 10:17:08 | 000,018,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/17 10:17:07 | 000,018,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/17 10:15:02 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/17 10:15:02 | 000,630,928 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/17 10:15:02 | 000,111,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/17 10:09:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/17 10:07:46 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/10/17 01:23:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1248678023-3426249870-1742254041-1000UA.job
[2010/10/16 23:01:21 | 000,000,018 | ---- | M] () -- C:\UserName.ini
[2010/10/16 14:25:07 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/16 12:23:00 | 000,000,862 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1248678023-3426249870-1742254041-1000Core.job
[2010/10/16 11:23:40 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/10/15 03:24:35 | 000,426,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/12 10:46:09 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/11 21:32:01 | 000,000,992 | ---- | M] () -- C:\Users\Sundars\Desktop\ZABackup.lnk
[2010/10/06 20:31:28 | 000,012,036 | ---- | M] () -- C:\Users\Sundars\Desktop\PC SECURITY.docx
[2010/10/06 13:05:08 | 000,001,115 | ---- | M] () -- C:\Users\Sundars\Desktop\SyncBackPro.lnk
[2010/10/06 11:40:41 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2010/10/06 11:28:45 | 000,000,000 | -H-- | M] () -- C:\Users\Sundars\Documents\Default.rdp
[2010/10/06 08:36:59 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/05 20:53:47 | 000,002,661 | ---- | M] () -- C:\Users\Public\Desktop\Market System Analyzer 3.lnk
[2010/10/04 23:40:23 | 000,002,288 | ---- | M] () -- C:\Users\Sundars\Desktop\Google Chrome.lnk
[2010/10/04 14:41:24 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 9.lnk
[2010/10/04 12:21:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/10/03 22:02:06 | 003,245,838 | ---- | M] () -- C:\Users\Sundars\Desktop\MTPredictor Trading Course Part 1 (Dec72009).pdf
[2010/10/02 08:41:28 | 000,001,011 | ---- | M] () -- C:\Users\Sundars\Desktop\CCleaner.lnk
[2010/09/29 18:57:20 | 000,034,304 | ---- | M] () -- C:\Users\Sundars\Documents\Copy of Letter from Tony for treating him Elective Professional client.doc
[2010/09/23 21:06:10 | 000,197,416 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/09/23 12:04:59 | 000,002,016 | ---- | M] () -- C:\Users\Sundars\Desktop\PassportPhoto.lnk
[2010/09/23 10:01:45 | 000,000,102 | ---- | M] () -- C:\Windows\LSI_StorSNMP.ini
[2010/09/23 10:01:44 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\MegaRAID Storage Manager.lnk

========== Files Created - No Company Name ==========

[2010/10/16 11:23:40 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/10/12 10:46:09 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/11 21:32:01 | 000,000,992 | ---- | C] () -- C:\Users\Sundars\Desktop\ZABackup.lnk
[2010/10/08 15:39:57 | 000,569,368 | ---- | C] () -- C:\Windows\SysWow64\olelib.tlb
[2010/10/08 15:39:57 | 000,022,212 | ---- | C] () -- C:\Windows\SysWow64\olelib2.tlb
[2010/10/08 15:39:57 | 000,003,841 | ---- | C] () -- C:\Windows\SysWow64\server.pem
[2010/10/08 15:39:56 | 000,147,130 | ---- | C] () -- C:\Windows\SysWow64\CRYPT32.LIB
[2010/10/08 15:39:56 | 000,117,982 | ---- | C] () -- C:\Windows\SysWow64\ADVAPI32.LIB
[2010/10/08 15:39:56 | 000,026,128 | ---- | C] () -- C:\Windows\SysWow64\ZABackupXceedCryReg.exe
[2010/10/08 15:39:56 | 000,000,096 | ---- | C] () -- C:\Windows\SysWow64\RegisterZABackupDll.bat
[2010/10/06 20:31:27 | 000,012,036 | ---- | C] () -- C:\Users\Sundars\Desktop\PC SECURITY.docx
[2010/10/06 13:05:08 | 000,001,115 | ---- | C] () -- C:\Users\Sundars\Desktop\SyncBackPro.lnk
[2010/10/06 13:05:05 | 000,071,096 | ---- | C] () -- C:\Windows\SysWow64\NMSAccessU.exe
[2010/10/06 13:05:05 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\SyncBackPro.dll
[2010/10/06 11:44:42 | 000,293,376 | ---- | C] () -- C:\Users\Sundars\Desktop\gmer.exe
[2010/10/06 11:40:41 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2010/10/06 11:28:45 | 000,000,000 | -H-- | C] () -- C:\Users\Sundars\Documents\Default.rdp
[2010/10/06 08:38:28 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/06 08:36:59 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/05 20:53:47 | 000,002,661 | ---- | C] () -- C:\Users\Public\Desktop\Market System Analyzer 3.lnk
[2010/10/04 23:40:23 | 000,002,288 | ---- | C] () -- C:\Users\Sundars\Desktop\Google Chrome.lnk
[2010/10/04 14:41:24 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 9.lnk
[2010/10/04 12:21:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/10/03 22:02:06 | 003,245,838 | ---- | C] () -- C:\Users\Sundars\Desktop\MTPredictor Trading Course Part 1 (Dec72009).pdf
[2010/09/29 18:57:19 | 000,034,304 | ---- | C] () -- C:\Users\Sundars\Documents\Copy of Letter from Tony for treating him Elective Professional client.doc
[2010/09/23 12:01:23 | 000,002,016 | ---- | C] () -- C:\Users\Sundars\Desktop\PassportPhoto.lnk
[2010/09/23 10:01:44 | 000,001,982 | ---- | C] () -- C:\Users\Public\Desktop\MegaRAID Storage Manager.lnk
[2010/09/08 20:32:30 | 000,000,924 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\Rim.Desktop.Exception.log
[2010/09/08 13:45:26 | 000,003,283 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/08/19 07:13:28 | 000,000,036 | ---- | C] () -- C:\Users\Sundars\AppData\Local\housecall.guid.cache
[2010/08/17 21:35:24 | 000,010,240 | ---- | C] () -- C:\Users\Sundars\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/28 15:32:09 | 000,728,982 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/23 07:41:12 | 000,441,705 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2010/06/23 07:41:12 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 00:16:42 | 000,056,880 | ---- | C] () -- C:\Windows\SysWow64\scvideo.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/07 22:08:06 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\AlertStrings.dll
[2008/11/26 10:06:36 | 000,000,102 | ---- | C] () -- C:\Windows\LSI_StorSNMP.ini
[2006/08/25 05:31:57 | 000,000,040 | ---- | C] () -- C:\Users\Sundars\AppData\Local\703911de9d20150.dat
[2000/07/01 09:14:06 | 000,000,040 | ---- | C] () -- C:\Windows\806e6f6e6963122.ini

========== Custom Scans ==========

< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/07/14 02:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 02:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: DXGKRNL.SYS >
[2010/05/19 15:54:38 | 000,982,408 | ---- | M] (Microsoft Corporation) MD5=372117D46A16ADD8CA6E3EE3B3BDD57C -- C:\Windows\winsxs\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_6.1.7600.20715_none_0892dc3716229fcb\dxgkrnl.sys
[2009/10/02 06:15:34 | 000,982,600 | ---- | M] (Microsoft Corporation) MD5=7AE191EE4F79313E98771035AA473C32 -- C:\Windows\winsxs\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_6.1.7600.20539_none_088139bb162f42bb\dxgkrnl.sys
[2009/07/14 00:38:58 | 000,974,848 | ---- | M] (Microsoft Corporation) MD5=7CB7D2B73813CE05C7BC0F5F95D27CEC -- C:\Windows\winsxs\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_6.1.7600.16385_none_07bd8a45fd3dcc23\dxgkrnl.sys
[2009/10/02 05:32:07 | 000,982,600 | ---- | M] (Microsoft Corporation) MD5=EBCE0B0924835F635F620D19F0529DCE -- C:\Windows\winsxs\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_6.1.7600.16432_none_07f09ae9fd17f190\dxgkrnl.sys
[2009/10/02 05:32:07 | 000,982,600 | ---- | M] (Microsoft Corporation) MD5=EBCE0B0924835F635F620D19F0529DCE -- C:\Windows\winsxs\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_6.1.7600.16595_none_07b2be25fd45e262\dxgkrnl.sys

< MD5 for: IASTOR.SYS >
[2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysWow64\DriverStore\FileRepository\iastor.inf_amd64_neutral_d73865c94450cce1\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: KSECPKG.SYS >
[2009/12/11 11:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) MD5=A8C63880EF6F4D3FEC7B616B9C060215 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\ksecpkg.sys
[2009/12/11 11:38:44 | 000,153,176 | ---- | M] (Microsoft Corporation) MD5=A8D4F3B3F038A45BCE78CE6AEEB7402C -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\ksecpkg.sys
[2009/07/14 02:48:04 | 000,153,152 | ---- | M] (Microsoft Corporation) MD5=BBE1BF6D9B661C354D4857D5FADB943B -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\ksecpkg.sys

< MD5 for: MRXSMB10.SYS >
[2009/07/14 00:24:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=1BEE517B220B7F024F411AEC1571DD5A -- C:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.16385_none_e4997d30651fb42c\mrxsmb10.sys
[2010/02/27 08:52:17 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=2DD6A56A8C7B58F3181C98E536A327B2 -- C:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.20655_none_e5438d8b7e24fa71\mrxsmb10.sys
[2010/02/27 08:52:29 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=920EE0FF995FCFDEB08C41605A959E1C -- C:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.16539_none_e4d391c064f38821\mrxsmb10.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NTOSKRNL.EXE >
[2010/06/19 08:05:01 | 005,507,968 | ---- | M] (Microsoft Corporation) MD5=28C4FE45FC1B176FA74A48FB15DE7C9A -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_c8730901cd997f9b\ntoskrnl.exe
[2010/02/27 12:46:28 | 003,899,784 | ---- | M] (Microsoft Corporation) MD5=466FD46F58768E56F7B841681014EFF1 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_6cb0c81f2e7bee1e\ntoskrnl.exe
[2010/06/19 08:05:25 | 005,474,184 | ---- | M] (Microsoft Corporation) MD5=5223C216E348E397C5EACCBEFB57FFF2 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_c8e8063ee6c6709e\ntoskrnl.exe
[2010/02/27 16:28:56 | 005,485,448 | ---- | M] (Microsoft Corporation) MD5=7B7253D90EF53BAFCDC96C888B1DB4F3 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_c8cf63a2e6d95f54\ntoskrnl.exe
[2010/06/19 07:33:29 | 003,899,784 | ---- | M] (Microsoft Corporation) MD5=8218E74A67942120BF8EE30661EDF83F -- C:\Windows\SysWOW64\ntoskrnl.exe
[2010/06/19 07:33:29 | 003,899,784 | ---- | M] (Microsoft Corporation) MD5=8218E74A67942120BF8EE30661EDF83F -- C:\Windows\SysWOW64\ntoskrnl.exe
[2010/06/19 07:33:29 | 003,899,784 | ---- | M] (Microsoft Corporation) MD5=8218E74A67942120BF8EE30661EDF83F -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_6c546d7e153c0e65\ntoskrnl.exe
[2009/07/14 02:48:28 | 005,511,248 | ---- | M] (Microsoft Corporation) MD5=9E722B768E33D26AD8FA7D642E707443 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f\ntoskrnl.exe
[2009/07/14 02:20:44 | 003,899,472 | ---- | M] (Microsoft Corporation) MD5=B9D673F7707219DFD264891A26C21ECB -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntoskrnl.exe
[2010/06/19 07:37:01 | 003,909,512 | ---- | M] (Microsoft Corporation) MD5=D5662CD1F9B85936561A07ADC400ACF4 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_6cc96abb2e68ff68\ntoskrnl.exe
[2010/02/27 13:07:48 | 003,899,280 | ---- | M] (Microsoft Corporation) MD5=DD2ED3246F5F4E4B07F385A9520C3C7C -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_6c40cc54154a7bce\ntoskrnl.exe
[2010/02/27 16:17:00 | 005,509,008 | ---- | M] (Microsoft Corporation) MD5=FD787551F58F9686CEC6353F693EF571 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_c85f67d7cda7ed04\ntoskrnl.exe

< MD5 for: NVSTOR.SYS >
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SRV2.SYS >
[2010/06/22 04:20:50 | 000,404,992 | ---- | M] (Microsoft Corporation) MD5=03715CF9C30B563DA35FC5F2B8F7B8E0 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.16619_none_363141640ff053a7\srv2.sys
[2010/06/22 03:47:35 | 000,404,992 | ---- | M] (Microsoft Corporation) MD5=069A85A39B43C3F2336835CB5E3A0E6D -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.20740_none_36916bd1292e6335\srv2.sys
[2010/08/27 04:39:45 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=17D31E2F7FCCC24C08ECACEA945D3B14 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.20789_none_366f2ebb2946b708\srv2.sys
[2010/08/27 04:37:48 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4D33D59C0B930C523D29F9BD40CDA9D2 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.16664_none_35f63056101d60a9\srv2.sys
[2009/07/14 00:25:04 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=F773D2ED090B7BAA1C1A034F3CA476C8 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.16385_none_35e18b16102cba6d\srv2.sys

< MD5 for: SRVNET.SYS >
[2009/07/14 00:24:59 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=26E84D3649019C3244622E654DFCD75B -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.16385_none_5fcb1fdb29d81d5e\srvnet.sys
[2010/08/27 04:39:24 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=3EBBD18201CF162E537217D7C51047F6 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.20789_none_6058c38042f219f9\srvnet.sys
[2009/12/08 09:42:06 | 000,162,304 | ---- | M] (Microsoft Corporation) MD5=47A7DCDDEA3FC3099A126EB603FEC7A3 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.20591_none_6045ed78430170e4\srvnet.sys
[2010/08/27 04:37:26 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5A663FD67049267BC5C3F3279E631FFB -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.16664_none_5fdfc51b29c8c39a\srvnet.sys
[2010/06/22 03:47:20 | 000,162,304 | ---- | M] (Microsoft Corporation) MD5=A2FF8C218D5B62D693658F91B7FBB514 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.20740_none_607b009642d9c626\srvnet.sys
[2009/12/08 09:32:29 | 000,162,304 | ---- | M] (Microsoft Corporation) MD5=CCE32BB223E9FF55D241099A858FA889 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.16481_none_5fc7209929dbb529\srvnet.sys
[2010/06/22 04:20:34 | 000,162,304 | ---- | M] (Microsoft Corporation) MD5=FBD09635227A8026C0F7790F604343C6 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.16619_none_601ad629299bb698\srvnet.sys

< MD5 for: TCPIP.SYS >
[2010/06/14 07:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010/04/09 12:06:28 | 001,898,376 | ---- | M] (Microsoft Corporation) MD5=7FC877A25796D8ADF539E64703FCA7E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys
[2010/06/14 07:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2010/04/09 08:56:29 | 001,892,232 | ---- | M] (Microsoft Corporation) MD5=A9C0F786AC1F736891D05CE0A1D29DEB -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys

< MD5 for: WIN32K.SYS >
[2010/05/01 16:04:07 | 003,124,224 | ---- | M] (Microsoft Corporation) MD5=333F53E52C29577D65D7328D4A95FFF1 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20704_none_15c78cf4cd156ec7\win32k.sys
[2010/05/01 16:07:05 | 003,122,176 | ---- | M] (Microsoft Corporation) MD5=718F3491CF541569956BAA4C6E7B351E -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16585_none_14e86f2db437cab5\win32k.sys
[2010/06/19 05:24:19 | 003,124,224 | ---- | M] (Microsoft Corporation) MD5=799A5411338E2F3D2A3710B3D209D8B3 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20738_none_15ab1e58cd2a27f6\win32k.sys
[2010/09/01 03:58:34 | 003,123,712 | ---- | M] (Microsoft Corporation) MD5=8549DC7684CBC0A0AA542051B7EF5A23 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16667_none_1500117fb425c2a8\win32k.sys
[2010/09/01 03:55:20 | 003,125,248 | ---- | M] (Microsoft Corporation) MD5=A671682E193BD7D39CE8DD33ABD4FC71 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20792_none_15643d14cd603792\win32k.sys
[2009/07/14 00:40:40 | 003,122,176 | ---- | M] (Microsoft Corporation) MD5=CBEF2EB83438ED9FC39411CC8378B0E7 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16385_none_14e86b61b437d067\win32k.sys
[2010/06/19 05:32:34 | 003,122,688 | ---- | M] (Microsoft Corporation) MD5=E04C151CA3D6C1D968AA066B2C67DF24 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16617_none_1536211bb3fd36f3\win32k.sys

< End of report >

I have another account created recently; I created this account after having troubles with device manager etc. After that, I changed the normally used account to standard account. The newly created account has full admin rights and can access device manager, computer management. The existing account from where I am running these recommendations still cannot access, despite giving full admin rights again. Once this mess is sorted out, I will most probably delete the newly created account; create a new one again with full admin rights and change the status of the normally used account to standard user. BTW, as you have noticed from the OTL logs since yesterday evening, I have added windows7 firewall control plus, to make my life a little easier. Apologies if I have not told you and if it interferes with your help. I'll remove it if necessary.

Thansk for your help again.

SSri09

#23 emeraldnzl

Group: GeekU Moderator
Posts: 14,416
Joined: 19-November 07

Posted 17 October 2010 - 12:41 PM

Quote

The newly created account has full admin rights

Yes that is a way to fix an intractable user permissions issue. Create the new one and once you have what you want set up, delete the old one.

I am sure you will already be aware of this, but just in case, here are two links that might be of interest:

Go to this link for information on managing user accounts in Vista

http://www.vista4beg...e-User-Accounts

Go to the link below for information on how to enable administator acount in Vista.

http://www.online-te...-account-vista/

Now

Please run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4 - HKCU..\Run: [ZoneAlarm Backup Startup] C:\ZoneAlarmBackup\ZABackupStartup.exe (Pro Softnet Corporation)
[2010/10/08 15:39:55 | 000,000,000 | ---D | C] -- C:\ZoneAlarmBackup
[2010/10/11 21:32:01 | 000,000,992 | ---- | C] () -- C:\Users\Sundars\Desktop\ZABackup.lnk
[2010/10/08 15:39:56 | 000,026,128 | ---- | C] () -- C:\Windows\SysWow64\ZABackupXceedCryReg.exe
[2010/10/08 15:39:56 | 000,000,096 | ---- | C] () -- C:\Windows\SysWow64\RegisterZABackupDll.bat

:Commands
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.

After that

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Quote

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

When you return please post
OTL fix log
MBRCheck report

#24 SSri09

Group: Member
Posts: 133
Joined: 30-January 09

Posted 17 October 2010 - 01:27 PM

Quote

Create the new one and once you have what you want set up, delete the old one

I was planning to create a new one once the infection is flushed out.

Quote

Then click the Run Fix button at the top

The commands moved the Zonealarm online backup files and folders, which is essentially www.Idrive.com online backp! They parterned with Zonealarm to offer a backup and they do not anymore, although they continue to support users of ZA IDrive online backup. Is there a reason why you advised me to flush this out please? Thanks....

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ deleted successfully.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ZoneAlarm Backup Startup deleted successfully.
C:\ZoneAlarmBackup\ZABackupStartup.exe moved successfully.
C:\ZoneAlarmBackup\ZoneAlarmBackup folder moved successfully.
C:\Users\Sundars\Desktop\ZABackup.lnk moved successfully.
C:\Windows\SysWOW64\ZABackupXceedCryReg.exe moved successfully.
C:\Windows\SysWOW64\RegisterZABackupDll.bat moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.15.2 log created on 10172010_200701

Quote

Please download MBRCheck.exe to your Desktop. Run the application

This is a master boot record infection checker, is it not? It did find an infection

The unknown MBR code on Disk1 --- 1397 GB is the RAID5 OF 4X500 GB SATA HDD.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP xw8600 Workstation
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 197):
0x02C1D000 \SystemRoot\system32\ntoskrnl.exe
0x031F9000 \SystemRoot\system32\hal.dll
0x00BBB000 \SystemRoot\system32\kdcom.dll
0x00C88000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CCC000 \SystemRoot\system32\PSHED.dll
0x00CE0000 \SystemRoot\system32\CLFS.SYS
0x00D3E000 \SystemRoot\system32\CI.dll
0x00EE3000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F87000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F96000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FED000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FF6000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E6A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E7F000 \SystemRoot\System32\drivers\volmgrx.sys
0x00EDB000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00C00000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00C10000 \SystemRoot\System32\drivers\mountmgr.sys
0x01035000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0123F000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x0135D000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01366000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01390000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x014E4000 \SystemRoot\system32\DRIVERS\storport.sys
0x01546000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01551000 \SystemRoot\system32\drivers\fltmgr.sys
0x0159D000 \SystemRoot\system32\drivers\fileinfo.sys
0x015B1000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01604000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01400000 \SystemRoot\System32\Drivers\msrpc.sys
0x017A7000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0145E000 \SystemRoot\System32\Drivers\cng.sys
0x017C1000 \SystemRoot\System32\drivers\pcw.sys
0x017D2000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0183B000 \SystemRoot\system32\drivers\ndis.sys
0x0192D000 \SystemRoot\system32\drivers\NETIO.SYS
0x0198D000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A02000 \SystemRoot\System32\drivers\tcpip.sys
0x013AD000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x019B8000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x00C2A000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x019C8000 \SystemRoot\System32\Drivers\spldr.sys
0x01800000 \SystemRoot\System32\drivers\rdyboost.sys
0x019D0000 \SystemRoot\System32\Drivers\mup.sys
0x019E2000 \SystemRoot\System32\drivers\hwpolicy.sys
0x015BE000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x017DC000 \SystemRoot\system32\DRIVERS\disk.sys
0x01000000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x042B0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x042DA000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x04307000 \SystemRoot\System32\Drivers\Null.SYS
0x04310000 \SystemRoot\System32\Drivers\Beep.SYS
0x04317000 \SystemRoot\System32\drivers\vga.sys
0x04325000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0434A000 \SystemRoot\System32\drivers\watchdog.sys
0x0435A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04363000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0436C000 \SystemRoot\system32\drivers\rdprefmp.sys
0x04375000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04380000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04391000 \SystemRoot\system32\DRIVERS\tdx.sys
0x043AF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04000000 \SystemRoot\system32\drivers\afd.sys
0x02EF7000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02F3C000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02F45000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02F6B000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02F81000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02F90000 \SystemRoot\system32\DRIVERS\serial.sys
0x02FAD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02FC8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02FDC000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x02FE6000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x02E00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02E51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02E5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02E68000 \SystemRoot\System32\drivers\discache.sys
0x0447D000 \SystemRoot\system32\drivers\csc.sys
0x04500000 \SystemRoot\System32\Drivers\dfsc.sys
0x0451E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x09056000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x04A70000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04B64000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04BAA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04A00000 \SystemRoot\system32\DRIVERS\b57nd60a.sys
0x04A48000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x09B5E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04A55000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x09BB4000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04BCE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04BEC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x09000000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0900F000 \SystemRoot\system32\DRIVERS\serenum.sys
0x0901B000 \SystemRoot\system32\DRIVERS\fdc.sys
0x09028000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x09035000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04A66000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0452F000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0904B000 \SystemRoot\System32\Drivers\RootMdm.sys
0x0453F000 \SystemRoot\system32\drivers\modem.sys
0x0454E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04564000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x09BF2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04588000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x045B7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x045D2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04400000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0441A000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
0x04422000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x04BFB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0442D000 \SystemRoot\system32\DRIVERS\ks.sys
0x02E77000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02E89000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x043BC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05238000 \SystemRoot\system32\drivers\HdAudio.sys
0x05294000 \SystemRoot\system32\drivers\portcls.sys
0x052D1000 \SystemRoot\system32\drivers\drmk.sys
0x052F3000 \SystemRoot\system32\drivers\ksthunk.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x052F9000 \SystemRoot\System32\drivers\Dxapi.sys
0x05305000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05313000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0532C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05335000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05337000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x05354000 \SystemRoot\system32\DRIVERS\HidBatt.sys
0x0535F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0536C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0408A000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x0537A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x0538D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00500000 \SystemRoot\System32\TSDDD.dll
0x00700000 \SystemRoot\System32\cdd.dll
0x0539B000 \SystemRoot\system32\drivers\luafv.sys
0x053BE000 \SystemRoot\system32\drivers\WudfPf.sys
0x053DF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03C8F000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x03CE2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03CF5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03D0D000 \SystemRoot\system32\drivers\HTTP.sys
0x03DD5000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03C00000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03C18000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05447000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05495000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x054B8000 \SystemRoot\system32\drivers\peauth.sys
0x0555E000 \SystemRoot\System32\Drivers\secdrv.SYS
0x05569000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x05596000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06ECE000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06F35000 \SystemRoot\System32\DRIVERS\srv.sys
0x06FCB000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x06E00000 \SystemRoot\system32\drivers\spsys.sys
0x06E71000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77450000 \Windows\System32\ntdll.dll
0x48360000 \Windows\System32\smss.exe
0xFF770000 \Windows\System32\apisetschema.dll
0xFF580000 \Windows\System32\setupapi.dll
0x77620000 \Windows\System32\psapi.dll
0xFF500000 \Windows\System32\difxapi.dll
0xFF4B0000 \Windows\System32\Wldap32.dll
0xFF490000 \Windows\System32\imagehlp.dll
0xFF360000 \Windows\System32\wininet.dll
0xFF2C0000 \Windows\System32\msvcrt.dll
0x77610000 \Windows\System32\normaliz.dll
0xFF0B0000 \Windows\System32\ole32.dll
0xFF040000 \Windows\System32\gdi32.dll
0x77330000 \Windows\System32\kernel32.dll
0xFE2B0000 \Windows\System32\shell32.dll
0xFE210000 \Windows\System32\clbcatq.dll
0x77230000 \Windows\System32\user32.dll
0xFE190000 \Windows\System32\shlwapi.dll
0xFDF30000 \Windows\System32\iertutil.dll
0xFDF20000 \Windows\System32\lpk.dll
0xFDE40000 \Windows\System32\advapi32.dll
0xFDE30000 \Windows\System32\nsi.dll
0xFDD00000 \Windows\System32\rpcrt4.dll
0xFDC30000 \Windows\System32\usp10.dll
0xFDB20000 \Windows\System32\msctf.dll
0xFDAF0000 \Windows\System32\imm32.dll
0xFDA10000 \Windows\System32\oleaut32.dll
0xFD9F0000 \Windows\System32\sechost.dll
0xFD9A0000 \Windows\System32\ws2_32.dll
0xFD900000 \Windows\System32\comdlg32.dll
0xFD780000 \Windows\System32\urlmon.dll
0xFD710000 \Windows\System32\KernelBase.dll
0xFD6D0000 \Windows\System32\wintrust.dll
0xFD560000 \Windows\System32\crypt32.dll
0xFD520000 \Windows\System32\cfgmgr32.dll
0xFD480000 \Windows\System32\comctl32.dll
0xFD460000 \Windows\System32\devobj.dll
0xFD450000 \Windows\System32\msasn1.dll
0x76EC0000 \Windows\SysWOW64\normaliz.dll

Processes (total 81):
0 System Idle Process
4 System
320 C:\Windows\System32\smss.exe
400 csrss.exe
484 csrss.exe
492 C:\Windows\System32\wininit.exe
564 C:\Windows\System32\services.exe
580 C:\Windows\System32\lsass.exe
588 C:\Windows\System32\lsm.exe
620 C:\Windows\System32\winlogon.exe
724 C:\Windows\System32\svchost.exe
804 C:\Windows\System32\svchost.exe
892 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
992 C:\Windows\System32\svchost.exe
344 C:\Windows\System32\svchost.exe
420 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\audiodg.exe
1080 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\svchost.exe
1372 C:\Windows\System32\spoolsv.exe
1412 C:\Windows\System32\svchost.exe
1512 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1532 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
1640 C:\Windows\SysWOW64\svchost.exe
1660 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1724 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1772 C:\PROGRA~2\McAfee\SITEAD~1\mcsacore.exe
1808 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
1864 C:\Windows\SysWOW64\NMSAccessU.exe
1872 C:\Windows\System32\rundll32.exe
1928 C:\Windows\SysWOW64\rundll32.exe
1936 C:\Windows\System32\svchost.exe
2000 C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
2036 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1212 C:\ZoneAlarmBackup\ZABackupWebM.exe
1448 C:\ZoneAlarmBackup\ZABackup Service.exe
1552 C:\Program Files (x86)\MegaRAID Storage Manager\Framework\VivaldiFramework.exe
1692 C:\Windows\SysWOW64\cmd.exe
1688 C:\Windows\System32\conhost.exe
1896 C:\Program Files (x86)\MegaRAID Storage Manager\JRE\bin\javaw.exe
2060 C:\Program Files (x86)\MegaRAID Storage Manager\MegaMonitor\mrmonitor.exe
2280 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2376 C:\Windows\System32\SearchIndexer.exe
2412 C:\Windows\System32\svchost.exe
2848 C:\Windows\System32\SearchProtocolHost.exe
1956 WmiPrvSE.exe
3212 C:\Windows\System32\taskhost.exe
3372 C:\Windows\explorer.exe
3472 C:\Program Files\Microsoft Security Essentials\msseces.exe
3480 C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
3508 C:\Program Files (x86)\Skype\Phone\Skype.exe
3516 C:\Program Files\Windows Sidebar\sidebar.exe
3668 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3692 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
3700 C:\Windows\System32\svchost.exe
3732 C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe
3260 C:\Program Files\Windows Media Player\wmpnetwk.exe
1148 C:\Windows\System32\VSSVC.exe
3864 C:\Windows\System32\svchost.exe
2700 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
3104 C:\Windows\System32\sppsvc.exe
1032 WmiPrvSE.exe
2840 C:\Windows\servicing\TrustedInstaller.exe
3256 C:\Users\Sundars\AppData\Local\Google\Chrome\Application\chrome.exe
3964 C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
3648 C:\Users\Sundars\AppData\Local\Google\Chrome\Application\chrome.exe
3196 C:\Users\Sundars\AppData\Local\Google\Chrome\Application\chrome.exe
2296 C:\Users\Sundars\AppData\Local\Google\Chrome\Application\chrome.exe
1836 C:\Users\Sundars\AppData\Local\Google\Chrome\Application\chrome.exe
2460 C:\Windows\splwow64.exe
3808 C:\Windows\System32\SearchProtocolHost.exe
2336 C:\Windows\System32\SearchFilterHost.exe
4100 C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe
4288 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4328 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4816 C:\Windows\System32\wbem\WMIADAP.exe
5096 C:\Windows\System32\dllhost.exe
4168 dllhost.exe
4224 dllhost.exe
2824 C:\Users\Sundars\Desktop\MBRCheck.exe
2396 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKS-00A7B2, Rev: 01.03B01
PhysicalDrive1 Model Number: aø€ÿÿþ »ø€ÿÿ

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
1397 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 44FF1AA735D3B0C649637771A6DBA517336C3747

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Thanks - SSri09

#25 emeraldnzl

Group: GeekU Moderator
Posts: 14,416
Joined: 19-November 07

Posted 17 October 2010 - 02:37 PM

Quote

Is there a reason why you advised me to flush this out please?

Just removing what I thought were residues of ZoneAlarm... I am still thinking that ZoneAlarm might have done something to the permissions although infection can do this too. Just making sure really.

Quote

This is a master boot record infection checker, is it not?

Yes.

Quote

It did find an infection

Well... maybe, maybe not. Nowadays many MBRs are non standard.

To make sure do this:

Put the Windows 7 installation disc in the disc drive, and then start the computer.
Press a key when you are prompted.
Select a language, a time, a currency, a keyboard or an input method, and then click Next.
Click Repair your computer.
Click the operating system that you want to repair, and then click Next.
In the System Recovery Options dialog box, click Command Prompt.
Type bootrec.exe /fixmbr (Note the gap... it should be there) , and then press ENTER.
On completion re-boot

For more information go here

#26 SSri09

Group: Member
Posts: 133
Joined: 30-January 09

Posted 17 October 2010 - 03:14 PM

Quote

type bootrec.exe /fixmbr, and then press ENTER

I followed your steps. When I typed "bootrec.exe /fixmbr, it did not appear to have done anything as it instantaneously showed "task completed successfully" or "something towards that effect". Is that expected or is it supposed to take a while to fix the presumably infected MBR please?

On reboot, I again ran "MBRCHECK.EXE". It showed one non-standard or infected MBR. I typed N and exited.

How do I protect the MBR from infection?

That report is

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP xw8600 Workstation
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 200):
0x02C00000 \SystemRoot\system32\ntoskrnl.exe
0x031DC000 \SystemRoot\system32\hal.dll
0x00BC4000 \SystemRoot\system32\kdcom.dll
0x00C6C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CB0000 \SystemRoot\system32\PSHED.dll
0x00CC4000 \SystemRoot\system32\CLFS.SYS
0x00D22000 \SystemRoot\system32\CI.dll
0x00E2F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ED3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EE2000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F39000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F42000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F4C000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F7F000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F8C000 \SystemRoot\System32\drivers\partmgr.sys
0x00FA1000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FAA000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FB6000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FCB000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00FD2000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FE2000 \SystemRoot\System32\drivers\mountmgr.sys
0x010FC000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x014CB000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x015E9000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01400000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x0142A000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x01447000 \SystemRoot\system32\DRIVERS\storport.sys
0x014A9000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01306000 \SystemRoot\system32\drivers\fltmgr.sys
0x014B4000 \SystemRoot\system32\drivers\fileinfo.sys
0x015F2000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x0165C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01352000 \SystemRoot\System32\Drivers\msrpc.sys
0x01600000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x0161A000 \SystemRoot\System32\drivers\pcw.sys
0x0162B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01877000 \SystemRoot\system32\drivers\ndis.sys
0x01969000 \SystemRoot\system32\drivers\NETIO.SYS
0x019C9000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A03000 \SystemRoot\System32\drivers\tcpip.sys
0x01800000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0184A000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01073000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0185A000 \SystemRoot\System32\Drivers\spldr.sys
0x010BF000 \SystemRoot\System32\drivers\rdyboost.sys
0x01862000 \SystemRoot\System32\Drivers\mup.sys
0x019F4000 \SystemRoot\System32\drivers\hwpolicy.sys
0x013B0000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01635000 \SystemRoot\system32\DRIVERS\disk.sys
0x01C6E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x04638000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x04662000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x0468F000 \SystemRoot\System32\Drivers\Null.SYS
0x04698000 \SystemRoot\System32\Drivers\Beep.SYS
0x0469F000 \SystemRoot\System32\drivers\vga.sys
0x046AD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x046D2000 \SystemRoot\System32\drivers\watchdog.sys
0x046E2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x046EB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x046F4000 \SystemRoot\system32\drivers\rdprefmp.sys
0x046FD000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04708000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04719000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04737000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04744000 \SystemRoot\system32\drivers\afd.sys
0x01CAC000 \SystemRoot\System32\DRIVERS\netbt.sys
0x047CE000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x047D7000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04400000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x01CF1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01D00000 \SystemRoot\system32\DRIVERS\serial.sys
0x01D1D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x01D38000 \SystemRoot\system32\DRIVERS\termdd.sys
0x01D4C000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x01D56000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x01D60000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x01DB1000 \SystemRoot\system32\drivers\nsiproxy.sys
0x01DBD000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x01DC8000 \SystemRoot\System32\drivers\discache.sys
0x0307A000 \SystemRoot\system32\drivers\csc.sys
0x030FD000 \SystemRoot\System32\Drivers\dfsc.sys
0x0311B000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04CE8000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x04893000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04987000 \SystemRoot\System32\drivers\dxgmms1.sys
0x049CD000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04800000 \SystemRoot\system32\DRIVERS\b57nd60a.sys
0x04848000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04C00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04855000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04C56000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04866000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04884000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x049F1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04C94000 \SystemRoot\system32\DRIVERS\serenum.sys
0x04CA0000 \SystemRoot\system32\DRIVERS\fdc.sys
0x04CAD000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04CBA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04CD0000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x057F0000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04CD9000 \SystemRoot\System32\Drivers\RootMdm.sys
0x0312C000 \SystemRoot\system32\drivers\modem.sys
0x0313B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03151000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03175000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03181000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x031B0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x031CB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03000000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0301A000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
0x03022000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x04CE1000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0302D000 \SystemRoot\system32\DRIVERS\ks.sys
0x031EC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x01C00000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x01DD7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0623A000 \SystemRoot\system32\drivers\HdAudio.sys
0x06296000 \SystemRoot\system32\drivers\portcls.sys
0x062D3000 \SystemRoot\system32\drivers\drmk.sys
0x062F5000 \SystemRoot\system32\drivers\ksthunk.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x062FB000 \SystemRoot\System32\drivers\Dxapi.sys
0x06307000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x06315000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0632E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06337000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x06339000 \SystemRoot\system32\DRIVERS\HidBatt.sys
0x06344000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06361000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0636E000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x0637F000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x0638B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x063A6000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04416000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x063B4000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x063C7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00550000 \SystemRoot\System32\TSDDD.dll
0x00680000 \SystemRoot\System32\cdd.dll
0x063D5000 \SystemRoot\system32\drivers\luafv.sys
0x06200000 \SystemRoot\system32\drivers\WudfPf.sys
0x06221000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03C71000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x03CC4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03CD7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03CEF000 \SystemRoot\system32\drivers\HTTP.sys
0x03DB7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03DD5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03C00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04A0B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x04A59000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x04A7C000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x04A8C000 \SystemRoot\system32\drivers\peauth.sys
0x04B32000 \SystemRoot\System32\Drivers\secdrv.SYS
0x04B3D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x04B6A000 \SystemRoot\System32\drivers\tcpipreg.sys
0x04B7C000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07A86000 \SystemRoot\System32\DRIVERS\srv.sys
0x07B1C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x07B4D000 \SystemRoot\system32\drivers\spsys.sys
0x76D20000 \Windows\System32\ntdll.dll
0x475D0000 \Windows\System32\smss.exe
0xFF040000 \Windows\System32\apisetschema.dll
0xFEE50000 \Windows\System32\setupapi.dll
0xFED40000 \Windows\System32\msctf.dll
0xFEBC0000 \Windows\System32\urlmon.dll
0xFEB50000 \Windows\System32\gdi32.dll
0xFEAB0000 \Windows\System32\msvcrt.dll
0xFE8A0000 \Windows\System32\ole32.dll
0xFE770000 \Windows\System32\wininet.dll
0x76EF0000 \Windows\System32\normaliz.dll
0x76C00000 \Windows\System32\kernel32.dll
0xFE510000 \Windows\System32\iertutil.dll
0xFE4F0000 \Windows\System32\sechost.dll
0xFE450000 \Windows\System32\comdlg32.dll
0x76EE0000 \Windows\System32\psapi.dll
0xFE3D0000 \Windows\System32\shlwapi.dll
0xFE300000 \Windows\System32\usp10.dll
0xFE2E0000 \Windows\System32\imagehlp.dll
0xFE260000 \Windows\System32\difxapi.dll
0xFE230000 \Windows\System32\imm32.dll
0xFE220000 \Windows\System32\lpk.dll
0xFE210000 \Windows\System32\nsi.dll
0xFE170000 \Windows\System32\clbcatq.dll
0xFE120000 \Windows\System32\ws2_32.dll
0xFE040000 \Windows\System32\oleaut32.dll
0x76B00000 \Windows\System32\user32.dll
0xFDF60000 \Windows\System32\advapi32.dll
0xFDE30000 \Windows\System32\rpcrt4.dll
0xFDDE0000 \Windows\System32\Wldap32.dll
0xFD050000 \Windows\System32\shell32.dll
0xFCEE0000 \Windows\System32\crypt32.dll
0xFCE40000 \Windows\System32\comctl32.dll
0xFCE00000 \Windows\System32\wintrust.dll
0xFCDE0000 \Windows\System32\devobj.dll
0xFCD70000 \Windows\System32\KernelBase.dll
0xFCD30000 \Windows\System32\cfgmgr32.dll
0xFCD20000 \Windows\System32\msasn1.dll
0x76ED0000 \Windows\SysWOW64\normaliz.dll

Processes (total 66):
0 System Idle Process
4 System
320 C:\Windows\System32\smss.exe
400 csrss.exe
484 csrss.exe
492 C:\Windows\System32\wininit.exe
560 C:\Windows\System32\services.exe
576 C:\Windows\System32\lsass.exe
584 C:\Windows\System32\lsm.exe
616 C:\Windows\System32\winlogon.exe
720 C:\Windows\System32\svchost.exe
800 C:\Windows\System32\svchost.exe
892 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
972 C:\Windows\System32\svchost.exe
128 C:\Windows\System32\svchost.exe
348 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\audiodg.exe
1080 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\svchost.exe
1384 C:\Windows\System32\spoolsv.exe
1420 C:\Windows\System32\svchost.exe
1528 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1552 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
1648 C:\Windows\SysWOW64\svchost.exe
1672 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1804 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1872 C:\PROGRA~2\McAfee\SITEAD~1\mcsacore.exe
1908 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
1940 C:\Windows\System32\rundll32.exe
1956 C:\Windows\SysWOW64\rundll32.exe
2020 C:\Windows\SysWOW64\NMSAccessU.exe
1152 C:\Windows\System32\svchost.exe
1568 C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
1680 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1844 C:\ZoneAlarmBackup\ZABackupWebM.exe
2052 C:\ZoneAlarmBackup\ZABackup Service.exe
2096 C:\Program Files (x86)\MegaRAID Storage Manager\Framework\VivaldiFramework.exe
2152 C:\Windows\SysWOW64\cmd.exe
2160 C:\Windows\System32\conhost.exe
2196 C:\Program Files (x86)\MegaRAID Storage Manager\JRE\bin\javaw.exe
2212 C:\Program Files (x86)\MegaRAID Storage Manager\MegaMonitor\mrmonitor.exe
2316 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2488 C:\Windows\System32\SearchIndexer.exe
2592 WUDFHost.exe
2864 C:\Windows\System32\svchost.exe
3684 WmiPrvSE.exe
4008 C:\Windows\System32\VSSVC.exe
4048 C:\Windows\System32\svchost.exe
1832 C:\Windows\System32\taskhost.exe
3668 C:\Windows\explorer.exe
1512 C:\Program Files\Microsoft Security Essentials\msseces.exe
700 C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
2988 C:\Program Files (x86)\Skype\Phone\Skype.exe
2692 C:\Program Files\Windows Sidebar\sidebar.exe
2824 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2788 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
2472 C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe
3404 C:\Windows\System32\svchost.exe
2944 WmiPrvSE.exe
3008 C:\Program Files\Windows Media Player\wmpnetwk.exe
3168 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
2816 C:\Windows\System32\sppsvc.exe
3352 dllhost.exe
2852 dllhost.exe
1052 C:\Users\Sundars\Desktop\MBRCheck.exe
3548 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKS-00A7B2, Rev: 01.03B01
PhysicalDrive1 Model Number: fø€ÿÿN Xø€ÿÿ

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
1397 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 44FF1AA735D3B0C649637771A6DBA517336C3747

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

I loaded an external HDD (Maxtor), which is also shown as an unknown MBR code.

I tried accessing "device manager," etc. again without success.

If we are running windows setup disk and type "bootrec.exe /fixmbr", does it repair the non-OS system disks, such as say Drives D and E? Drive C contains the OS?

Quote

Just removing what I thought were residues of ZoneAlarm

How do restore only these zonealarm backup to the original location? Do I reinstall them again?

thanks
SSri09

#27 emeraldnzl

Group: GeekU Moderator
Posts: 14,416
Joined: 19-November 07

Posted 17 October 2010 - 03:45 PM

Quote

Is that expected or is it supposed to take a while to fix the presumably infected MBR please?

No that's pretty much it.

Quote

If we are running windows setup disk and type "bootrec.exe /fixmbr", does it repair the non-OS system disks, such as say Drives D and E? Drive C contains the OS?

The MBR infection if you have it can only run on a disk that has an OS. If it is on another drive and you don't boot on it it is irrelevant. If you want to fix the MBR on the second one you need to specify that drive: fixmbr \Device\HardDisk1. I don't like playing with the MBR, there are too many things to go wrong. My best thought is to leave it and if you ever want to use that drive to install an OS and boot from then reformat it first.

Quote

I have added windows7 firewall control plus

I was interested to see that. I don't know much about it but I see some users like it and say it doesn't cause any problems. I will be interested to hear if you have any issues.

Quote

How do restore only these zonealarm backup to the original location? Do I reinstall them again?

They should be in C:\_OTL\Moved Files. You can go there and copy and paste them back to there original path if you wish. That file will be removed when we go to cleanup at the end of the cleaning process so if you do want to do that you will need to do it before cleanup. Is there a reason you want to do that?

Now

I think that your MBR is fixed. If there was no arguement when you ran that command we must be confident that there is not an infection there.

I am still slightly uncomfortable about your machine though. There is a very new infection that does mess with your permissions and which is all but hidden from most of our tools. Your machine is not showing some of the other symptoms that come with it... hence my earlier thought that you were likely experiencing conflict issues. Since then we have found some infection albeit different from the new one I am thinking of. I am still leaning towards and conflict issue with some infection as well. Nevertheless we want to be sure we have covered all possibilities. This next tool has had some success at detecting this latest infection.

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

#28 SSri09

Group: Member
Posts: 133
Joined: 30-January 09

Posted 18 October 2010 - 04:04 AM

Quote

doubleclick on TDSSKiller.exe

It scanned services/drivers and boot sectors....No infection found!

2010/10/18 09:58:45.0089 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/18 09:58:45.0089 ================================================================================
2010/10/18 09:58:45.0089 SystemInfo:
2010/10/18 09:58:45.0089
2010/10/18 09:58:45.0089 OS Version: 6.1.7600 ServicePack: 0.0
2010/10/18 09:58:45.0089 Product type: Workstation
2010/10/18 09:58:45.0089 ComputerName: SUNDARS-PC
2010/10/18 09:58:45.0089 UserName: Sundars
2010/10/18 09:58:45.0089 Windows directory: C:\Windows
2010/10/18 09:58:45.0089 System windows directory: C:\Windows
2010/10/18 09:58:45.0089 Running under WOW64
2010/10/18 09:58:45.0089 Processor architecture: Intel x64
2010/10/18 09:58:45.0089 Number of processors: 4
2010/10/18 09:58:45.0089 Page size: 0x1000
2010/10/18 09:58:45.0089 Boot type: Normal boot
2010/10/18 09:58:45.0089 ================================================================================
2010/10/18 09:58:45.0089 Utility is running under WOW64
2010/10/18 09:58:45.0433 Initialize success
2010/10/18 09:58:55.0417 ================================================================================
2010/10/18 09:58:55.0417 Scan started
2010/10/18 09:58:55.0417 Mode: Manual;
2010/10/18 09:58:55.0417 ================================================================================
2010/10/18 09:58:55.0947 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/10/18 09:58:55.0978 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
2010/10/18 09:58:56.0009 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/10/18 09:58:56.0041 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/10/18 09:58:56.0072 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/10/18 09:58:56.0103 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/10/18 09:58:56.0134 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/10/18 09:58:56.0618 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/10/18 09:58:56.0649 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/10/18 09:58:56.0680 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/10/18 09:58:56.0680 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/10/18 09:58:56.0711 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/10/18 09:58:56.0727 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/10/18 09:58:56.0758 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/10/18 09:58:56.0774 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/10/18 09:58:56.0805 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/10/18 09:58:56.0821 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/10/18 09:58:56.0852 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/10/18 09:58:56.0867 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/10/18 09:58:56.0899 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/18 09:58:56.0914 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/10/18 09:58:56.0961 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
2010/10/18 09:58:56.0992 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/10/18 09:58:57.0008 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/10/18 09:58:57.0039 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/10/18 09:58:57.0086 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/10/18 09:58:57.0117 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/18 09:58:57.0117 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/10/18 09:58:57.0133 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/10/18 09:58:57.0164 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/10/18 09:58:57.0179 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/10/18 09:58:57.0195 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/10/18 09:58:57.0211 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/10/18 09:58:57.0226 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/10/18 09:58:57.0257 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/18 09:58:57.0273 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/18 09:58:57.0289 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/10/18 09:58:57.0320 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/10/18 09:58:57.0367 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/18 09:58:57.0382 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/10/18 09:58:57.0413 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/10/18 09:58:57.0445 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/18 09:58:57.0460 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/10/18 09:58:57.0476 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/10/18 09:58:57.0523 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2010/10/18 09:58:57.0554 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/10/18 09:58:57.0569 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/10/18 09:58:57.0601 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/10/18 09:58:57.0647 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/10/18 09:58:57.0694 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/18 09:58:57.0772 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/10/18 09:58:57.0850 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/10/18 09:58:57.0881 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/10/18 09:58:57.0913 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/10/18 09:58:57.0944 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/10/18 09:58:57.0959 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/18 09:58:57.0991 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/10/18 09:58:58.0006 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/10/18 09:58:58.0022 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/18 09:58:58.0053 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/10/18 09:58:58.0069 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/10/18 09:58:58.0084 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/18 09:58:58.0115 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/10/18 09:58:58.0147 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/10/18 09:58:58.0178 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/10/18 09:58:58.0209 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/10/18 09:58:58.0240 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2010/10/18 09:58:58.0271 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/18 09:58:58.0287 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/10/18 09:58:58.0318 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/10/18 09:58:58.0334 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/10/18 09:58:58.0365 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/18 09:58:58.0396 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/10/18 09:58:58.0443 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/10/18 09:58:58.0474 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/10/18 09:58:58.0505 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/18 09:58:58.0537 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
2010/10/18 09:58:58.0568 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/10/18 09:58:58.0661 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/10/18 09:58:58.0708 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/10/18 09:58:58.0724 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/18 09:58:58.0755 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/18 09:58:58.0771 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/10/18 09:58:58.0802 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/10/18 09:58:58.0833 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/10/18 09:58:58.0849 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/10/18 09:58:58.0880 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/18 09:58:58.0911 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/18 09:58:58.0927 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/18 09:58:58.0958 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/18 09:58:58.0989 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/10/18 09:58:59.0005 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/10/18 09:58:59.0051 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/18 09:58:59.0083 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/10/18 09:58:59.0098 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/10/18 09:58:59.0114 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/10/18 09:58:59.0129 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/10/18 09:58:59.0145 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/10/18 09:58:59.0176 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/10/18 09:58:59.0207 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/10/18 09:58:59.0223 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/10/18 09:58:59.0254 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/18 09:58:59.0270 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/18 09:58:59.0285 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/18 09:58:59.0301 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/10/18 09:58:59.0363 MpFilter (c4d8c3031c7cd5884ca856b15307e997) C:\Windows\system32\DRIVERS\MpFilter.sys
2010/10/18 09:58:59.0379 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/10/18 09:58:59.0395 MpNWMon (a768f58c55d3f303e686a7646348aec3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2010/10/18 09:58:59.0410 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/18 09:58:59.0441 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/10/18 09:58:59.0457 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/18 09:58:59.0488 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/18 09:58:59.0504 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/18 09:58:59.0519 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/10/18 09:58:59.0535 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/10/18 09:58:59.0597 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
2010/10/18 09:58:59.0613 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/10/18 09:58:59.0629 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/10/18 09:58:59.0644 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/10/18 09:58:59.0675 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/18 09:58:59.0722 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/18 09:58:59.0738 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/10/18 09:58:59.0753 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/10/18 09:58:59.0785 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/18 09:58:59.0800 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/10/18 09:58:59.0816 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/10/18 09:58:59.0847 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/10/18 09:58:59.0894 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/18 09:58:59.0941 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/10/18 09:58:59.0987 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/10/18 09:59:00.0019 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/18 09:59:00.0034 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/18 09:59:00.0050 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/18 09:59:00.0065 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/10/18 09:59:00.0081 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/18 09:59:00.0097 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/18 09:59:00.0175 netr28ux (883269c1ca478658f1334f3c39b0c7ac) C:\Windows\system32\DRIVERS\netr28ux.sys
2010/10/18 09:59:00.0221 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/10/18 09:59:00.0253 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/10/18 09:59:00.0268 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/18 09:59:00.0315 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/10/18 09:59:00.0362 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/10/18 09:59:00.0580 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/10/18 09:59:00.0658 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/10/18 09:59:00.0674 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/10/18 09:59:00.0689 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/10/18 09:59:00.0705 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/10/18 09:59:00.0752 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/10/18 09:59:00.0767 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/10/18 09:59:00.0783 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/10/18 09:59:00.0799 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/10/18 09:59:00.0830 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/10/18 09:59:00.0845 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/10/18 09:59:00.0861 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/10/18 09:59:00.0939 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/18 09:59:00.0955 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/10/18 09:59:00.0986 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/18 09:59:01.0017 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
2010/10/18 09:59:01.0048 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/10/18 09:59:01.0095 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/10/18 09:59:01.0111 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/18 09:59:01.0126 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/18 09:59:01.0157 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/10/18 09:59:01.0173 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/18 09:59:01.0204 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/18 09:59:01.0220 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/18 09:59:01.0235 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/18 09:59:01.0251 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/10/18 09:59:01.0267 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/18 09:59:01.0298 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2010/10/18 09:59:01.0329 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/18 09:59:01.0345 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/10/18 09:59:01.0360 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/10/18 09:59:01.0391 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/10/18 09:59:01.0423 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2010/10/18 09:59:01.0469 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
2010/10/18 09:59:01.0485 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
2010/10/18 09:59:01.0516 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/18 09:59:01.0532 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/10/18 09:59:01.0625 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2010/10/18 09:59:01.0657 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2010/10/18 09:59:01.0672 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/10/18 09:59:01.0703 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/10/18 09:59:01.0735 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/10/18 09:59:01.0766 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/10/18 09:59:01.0797 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/10/18 09:59:01.0813 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/10/18 09:59:01.0859 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/10/18 09:59:01.0875 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/10/18 09:59:01.0891 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/10/18 09:59:01.0891 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/10/18 09:59:01.0922 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/10/18 09:59:01.0937 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/10/18 09:59:01.0969 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/10/18 09:59:02.0000 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/10/18 09:59:02.0047 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2010/10/18 09:59:02.0093 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/18 09:59:02.0125 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/18 09:59:02.0156 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/10/18 09:59:02.0187 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/10/18 09:59:02.0203 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2010/10/18 09:59:02.0218 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/18 09:59:02.0296 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2010/10/18 09:59:02.0374 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/18 09:59:02.0405 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/18 09:59:02.0421 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/10/18 09:59:02.0437 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/10/18 09:59:02.0452 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/18 09:59:02.0468 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/18 09:59:02.0515 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/18 09:59:02.0546 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/18 09:59:02.0561 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/10/18 09:59:02.0577 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/18 09:59:02.0608 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/10/18 09:59:02.0639 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/18 09:59:02.0655 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/10/18 09:59:02.0686 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/18 09:59:02.0702 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/10/18 09:59:02.0717 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/18 09:59:02.0749 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/18 09:59:02.0764 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/10/18 09:59:02.0780 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/18 09:59:02.0827 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2010/10/18 09:59:02.0827 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/18 09:59:02.0858 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/18 09:59:02.0873 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/10/18 09:59:02.0889 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/18 09:59:02.0905 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/10/18 09:59:02.0920 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/10/18 09:59:02.0936 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/10/18 09:59:02.0967 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2010/10/18 09:59:02.0983 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/10/18 09:59:02.0998 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/10/18 09:59:03.0029 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/10/18 09:59:03.0045 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/10/18 09:59:03.0092 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/10/18 09:59:03.0123 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/10/18 09:59:03.0139 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/10/18 09:59:03.0170 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/10/18 09:59:03.0201 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/18 09:59:03.0201 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/18 09:59:03.0248 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/10/18 09:59:03.0279 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/18 09:59:03.0326 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/10/18 09:59:03.0357 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/10/18 09:59:03.0435 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/10/18 09:59:03.0466 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/10/18 09:59:03.0513 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/18 09:59:03.0544 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/10/18 09:59:03.0575 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/18 09:59:03.0653 ================================================================================
2010/10/18 09:59:03.0653 Scan finished
2010/10/18 09:59:03.0653 ================================================================================

Quote

If you want to fix the MBR on the second one you need to specify that drive: fixmbr \Device\HardDisk1

The OS is on Drive C. The Raid 5 is Drive D (internal) and an external HDD is Drive F. If I want to fix the mbr on Drives D and F, is the HardDisk 1 = Drive C, Hardisk 2 = Drive D and Hardisk3 = Drive F?

Do you give the following commands?

bootrec.exe /fixmbr \device\HarDisk2 ....this is Drive D
bootrec.exe /fixmbr \device\HarDisk3 .... this is Drive F...?

Quote

They should be in C:\_OTL\Moved Files. Is there a reason you want to do that?

I will reinstall them...that's better as I do not want to mess up....

A minor issue on the web browser of Firefox

I used to have google tool bar on the right top corner of the screen as a search engine....It became amazon.co.uk search engine by default. I manually enabled google as a search engine again..hopefully, it won't change.

Quote

windows 7 firewall control plus....I will be interested to hear if you have any issues

as you know, it is based on WFP....Like Win7 firewall, it fails the leak test....this should not be surprising as it is based on the windows architecture...It is very light..The plus version has extra features...notification of blocked connections (the log can be disabled), you may group the permissions into zones (email, web, FTP, etc as opposed to plain inbound/outbound. It shows a popup when you launch an application that needs an outbound connection....This is convenient as you may enable it in respective zone as and when the application is launched..The log balloon that keeps poping up at the left bottom corner can be disabled (I believe only in the plus version)....it is pretty cheap and light...It is not a resource hog.

Test Results of the win7 firewall control plus - WFCP - using GRC.COM

Leak Test Without this application, the windows firewall was penetrated. After installing WFCP, it poped up a message for an outbound connection. It goes through if and only if you allow connection. Disable All prevents the connection and WFCP protects it.....

File Sharing Port 139 does not exist and unable to connect to NetBios

Common Port Failed as port 22 is Open (PLEASE ADVISE HOW TO MAKE THIS STEALTH)

All Service Port - first 1056 ports...Stealth except port 22...result Failed

Spam Test - I tried...I did not see any spam window.. I do not use Windows Messenger....Probably disabled...I have not checked it....

PCFlank test results with win7 firewall control plus - WFCP

pcflank leaktest new Failed....it opens and runs only on IE....If you type a message and open IE, the message is relayed back to the browser through their server.

quick test (a) Remote Attack - port 135, 138, 139 - warning - open ports? contradicts grc stealth test...(b) Trojan horse check - Safe and © Browser Privacy - Danger as information is not private (By default, firefox and IE opens as private browsers on my system). this was done in firefox.

stealth test all fine

browser test

trojan test passed

Advanced Port Scanner - tcp connect scanning 135, 138, 139 closed....needs to be stealth....

Exploits test Safe...

In summary, the main concerns are : (a) Leak test failing, (b) ports 22, 135, 138 and 139 not stealth (PLEAE ADVISE HOW TO MAKE IT STEALTH USING REG EDIT) and © Lack of privacy despite running the firefox and IE in private modes and Chrome in New Incongnito windows.....Zonealarm had an amazing virtualization...this was cool...If we can address these issues (a to c), it would be pretty good....I already feel the system is light with Windows and firewall control plus. I am already thinking of paying for it, unless you think otherwise, forget zonealarm.

Thanks
SSri09

#29 emeraldnzl

Group: GeekU Moderator
Posts: 14,416
Joined: 19-November 07

Posted 18 October 2010 - 04:24 PM

Quote

Do you give the following commands?

bootrec.exe /fixmbr \device\HarDisk2 ....this is Drive D
bootrec.exe /fixmbr \device\HarDisk3 .... this is Drive F...?

To find out what you computer sees as the device drive numbers do this:

Put the Windows 7 installation disc in the disc drive, and then start the computer.
Press a key when you are prompted.
Select a language, a time, a currency, a keyboard or an input method, and then click Next.
Log into your installation. To enable access to the command prompt, select your user name from the pulldown menu
Enter your password.
Click OK to continue.
The System Recovery Options menu opens.
Select Command Prompt
Type DiskPart, and then press ENTER.

This will show you what RC sees. An example might look something like this:

C: \Device\Harddisk0 (my boot drive)

D: \Device\Harddisk1 (second drive)

E: \Device\Harddisk2 (third drive)

That should tell you which drives are where. Write down the information for your future use.

As I have already said... I don't like messing with MBR if I don't have to, too many things can go wrong. Proceed at your own risk...

Quote

I used to have google tool bar on the right top corner of the screen as a search engine....It became amazon.co.uk search engine by default. I manually enabled google as a search engine again..hopefully, it won't change.

That would have happened when we fixed the "Web Search" that ZoneAlarm had placed in your Firefox, it just reverted to what was left and yes good idea to set google as the default.

Tell me what you machines symtoms are now:

As I understand it you still cannot access Device manager or Computer Management under your user name but you can under a new user name. In other words we can fix that by establishing a new user account for you and removing the old.

Is your computer still experiencing BSODs?

I am pretty sure your computer is clean of malware now but before we move to cleaning away the tools we have been using tell me if you think we may have missed something.

#30 SSri09

Group: Member
Posts: 133
Joined: 30-January 09

Posted 20 October 2010 - 01:06 PM

Hi,

Sorry..I was pretty busy in the last couple of days.

Quote

machines symptoms

Nothing....Touch wood!

Quote

cannot access Device manager or Computer Management

permissions have gone nuts.. Device Manager, Computer Management, Event Viewer, Services, etc. cannot be accessed...Think it is not worth trying to figure out the corrupt account. May be some new unknown infection or ZA caused these problems. Best is to delete this account completely from the system.

Quote

new user account for you

I would like to create a new account from the System Admin area and delete the two existing accounts. I am thinking it might be better to make this account a standard user. Any installation can be done by installing as an administrator by providing the admin password from the standard user area. The only issue is I need full read, write and modify access to all the hard drives on the system.

I installed a lot of applications.

I would like to transfer (a) application settings, (b) security settings - firewall, firewall control plus, etc, © outlook account settings including the e-mail account settings, and (d) any other relevant settings . I do NOT want to transfer the messed up permissions to a new account.

Quote

BSODs

Not in the last one week. I have not experienced the key board and mice freezes in the last one week; earlier they always forced a hard boot.

Quote

tell me if you think we may have missed something

I cannot think of anything. I am no longer sure whether I want to install ZA. What I miss is the Zonealarm forcefield, which is pretty good.

The windows firewall and the firewall control plus seem fine. I closed the ports 135, 137-139 and 445 through reg edit. Still they are not stealth in the recent port scan. The port 22 is open. I do not use remote access. It will be great if you give me the procedure for making the port 22 and ports 135, 137-139, 445 stealth.The only issue is the leak test (with and without firewall control plus) continues to fail the firewall.

I am using the windows security essential. I presume it is sufficient. I have a non-real time MBAM. I am thinking of taking the real-time subscription.

In a nutshell, the windows firewall, windows 7 firewall control plus and the WSE seem to make the system pretty lighter on resources!

Thanks,
SSri09

Back to Virus, Spyware, Malware Removal

Share this topic:

3 Pages
←
1
2
3
→

Please log in to reply

Possible Malware infection - Geeks to Go Forums