CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\administrator\my documents\downloads\rosetta.stone.v.3.3.5.plus.language.packs\rosetta.stone.v3.3.5.setup\rosetta.stone.setup\crack\rosettastoneversion3.exe
c:\documents and settings\administrator\my documents\downloads\seops\seo powersuite\crack.txt
scanner sequence 3.LB.11.FANAHM
----- EOF -----
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000006d
Kernel Drivers (total 126):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7B0D000 \WINDOWS\system32\KDCOM.DLL
0xF7A1D000 \WINDOWS\system32\BOOTVID.dll
0xF75BE000 ACPI.sys
0xF7B0F000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF75AD000 pci.sys
0xF760D000 isapnp.sys
0xF7BD5000 pciide.sys
0xF788D000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7B11000 intelide.sys
0xF761D000 MountMgr.sys
0xF758E000 ftdisk.sys
0xF7B13000 dmload.sys
0xF7568000 dmio.sys
0xF7895000 PartMgr.sys
0xF762D000 VolSnap.sys
0xF7550000 atapi.sys
0xF763D000 disk.sys
0xF764D000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7530000 fltMgr.sys
0xF751E000 sr.sys
0xF765D000 PxHelp20.sys
0xF7507000 KSecDD.sys
0xF747A000 Ntfs.sys
0xF744D000 NDIS.sys
0xF7433000 Mup.sys
0xF782D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6F5D000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF6F49000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6F1F000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF792D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6EFB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7935000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6EBB000 \SystemRoot\system32\drivers\smwdm.sys
0xF6E97000 \SystemRoot\system32\drivers\portcls.sys
0xF784D000 \SystemRoot\system32\drivers\drmk.sys
0xF6E74000 \SystemRoot\system32\drivers\ks.sys
0xF6DC1000 \SystemRoot\system32\drivers\senfilt.sys
0xF793D000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6DAD000 \SystemRoot\system32\DRIVERS\parport.sys
0xF785D000 \SystemRoot\system32\DRIVERS\serial.sys
0xF73DA000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF786D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF787D000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7CE9000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF767D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7AB1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6D96000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF768D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF769D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7945000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6D85000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76AD000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF794D000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7955000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6D55000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF76BD000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF795D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7965000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B83000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6CF7000 \SystemRoot\system32\DRIVERS\update.sys
0xF707E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF770D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF772D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B85000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF79CD000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7BAF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C11000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BB1000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79DD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF79E5000 \SystemRoot\System32\drivers\vga.sys
0xF7BB3000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BB5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79ED000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79F5000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7B09000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA665000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA60C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA5E4000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA5BE000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAA59C000 \SystemRoot\System32\drivers\afd.sys
0xAAEEC000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7A05000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xAA459000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA3E9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAAECC000 \SystemRoot\System32\Drivers\Fips.SYS
0xAAEBC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF78A5000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF78DD000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA97A7000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xAAE6C000 \SystemRoot\system32\drivers\usbaudio.sys
0xAAE4C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xAAD95000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7BC3000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xAA85F000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF78ED000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xAA84F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAA843000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9F4AA000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA0627000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x9F492000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xA12B3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0x9FCCC000 \SystemRoot\System32\drivers\Dxapi.sys
0xA07F1000 \SystemRoot\System32\watchdog.sys
0xBF9C4000 \SystemRoot\System32\drivers\dxg.sys
0xA4C31000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9E5000 \SystemRoot\System32\ialmdnt5.dll
0xBF9D6000 \SystemRoot\System32\ialmrnt5.dll
0xBFA07000 \SystemRoot\System32\ialmdev5.DLL
0xBFA42000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0x9F47B000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF77BD000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xAA85B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9F40B000 \SystemRoot\system32\drivers\wdmaud.sys
0xAA4FC000 \SystemRoot\system32\drivers\sysaudio.sys
0x9F215000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7BA5000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xAAD05000 \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys
0x9F14B000 \SystemRoot\system32\DRIVERS\srv.sys
0x9EC72000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7B1F000 \SystemRoot\system32\drivers\splitter.sys
0x9E420000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 41):
0 System Idle Process
4 System
604 C:\WINDOWS\system32\smss.exe
652 csrss.exe
676 C:\WINDOWS\system32\winlogon.exe
720 C:\WINDOWS\system32\services.exe
732 C:\WINDOWS\system32\lsass.exe
920 C:\WINDOWS\system32\svchost.exe
988 svchost.exe
1084 C:\WINDOWS\system32\svchost.exe
1188 svchost.exe
1376 svchost.exe
1492 C:\WINDOWS\system32\spoolsv.exe
1548 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1796 C:\WINDOWS\explorer.exe
1912 C:\Program Files\Analog Devices\Core\smax4pnp.exe
1928 C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
1944 C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
2024 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2044 C:\Program Files\Common Files\Java\Java Update\jusched.exe
172 C:\Program Files\trademanager\AliIM.exe
272 svchost.exe
476 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
520 C:\Program Files\Java\jre6\bin\jqs.exe
376 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1148 C:\WINDOWS\system32\svchost.exe
1280 C:\WINDOWS\system32\searchindexer.exe
1316 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1212 C:\WINDOWS\system32\wscntfy.exe
3136 alg.exe
3952 wmiprvse.exe
1048 C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJack.exe
2528 C:\WINDOWS\system32\WISPTIS.EXE
2576 C:\Program Files\Mozilla Firefox\firefox.exe
3180 C:\Program Files\Mozilla Firefox\plugin-container.exe
308 C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
3604 C:\Program Files\TechSmith\Camtasia Studio 7\TscHelp.exe
192 C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
3780 C:\Program Files\Internet Explorer\iexplore.exe
1792 C:\Program Files\Internet Explorer\iexplore.exe
2620 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: ST340014AS, Rev: 8.12
Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:05:28 PM, on 7/20/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\trademanager\aliim.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJack.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Program Files\TechSmith\Camtasia Studio 7\TSCHelp.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAA4ADcANQA4ADkAMwAyADkALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEALQBEAEQAVAArADAA"&"prod=90"&"ver=9.0.894
O4 - HKCU\..\Run: [aliim] C:\Program Files\trademanager\aliim.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Administrator\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 6132 bytes