MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0004000d
Kernel Drivers (total 131):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CE000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 intelide.sys
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AE000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA338000 pxscan.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EEB000 fltMgr.sys
0xB9ED7000 PQV2i.sys
0xB9EC0000 KSecDD.sys
0xB9E33000 Ntfs.sys
0xB9E06000 NDIS.sys
0xB9DEB000 Mup.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9CDD000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xB9CC9000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9C9B000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xBA3C0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9C78000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3C8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9BE2000 \SystemRoot\system32\drivers\smwdm.sys
0xB9BBE000 \SystemRoot\system32\drivers\portcls.sys
0xBA2C8000 \SystemRoot\system32\drivers\drmk.sys
0xB9B9B000 \SystemRoot\system32\drivers\ks.sys
0xBA5B8000 \SystemRoot\system32\drivers\aeaudio.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB9B87000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA570000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA574000 \SystemRoot\System32\Drivers\GearAspiWDM.SYS
0xBA6CE000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA308000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA57C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9B70000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA318000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA108000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9B5F000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA118000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3E0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9B2E000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA128000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB9AE8000 \SystemRoot\system32\DRIVERS\teefer2.sys
0xBA5BA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9A8F000 \SystemRoot\system32\DRIVERS\update.sys
0xBA59C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA148000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA188000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5BC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA400000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA5BE000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA98B4000 \SystemRoot\System32\drivers\pxrts.sys
0xBA5C0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA768000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5C2000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA410000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA418000 \SystemRoot\System32\drivers\vga.sys
0xBA5C4000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5C6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA420000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA428000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA564000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA9859000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA9801000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA97D4000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xA97AF000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xBA1F8000 \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
0xA9787000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA9765000 \SystemRoot\System32\drivers\afd.sys
0xBA208000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA218000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0xA96FB000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xBA228000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB9B2A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA258000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB9B26000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB9B22000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA438000 \SystemRoot\System32\drivers\pxkbf.sys
0xA96D0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9955000 \SystemRoot\System32\Drivers\PQIMount.SYS
0xA9611000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA9935000 \SystemRoot\System32\Drivers\Fips.SYS
0xA95B3000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xA9596000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xBA1C8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA957E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5C8000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA55C000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA450000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7D9000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF03E000 \SystemRoot\System32\ialmdev5.DLL
0xBF064000 \SystemRoot\System32\ialmdd5.DLL
0xA9466000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9196000 \??\C:\WINDOWS\system32\drivers\WpsHelper.sys
0xA9052000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA9017000 \SystemRoot\System32\Drivers\SENTINEL.SYS
0xBA470000 \??\C:\WINDOWS\system32\drivers\InAspi32.sys
0xA8ED0000 \SystemRoot\system32\DRIVERS\srv.sys
0xA8E96000 \SystemRoot\SYSTEM32\DRIVERS\WibuKey.sys
0xA8D69000 \SystemRoot\system32\drivers\wdmaud.sys
0xA8E86000 \SystemRoot\system32\drivers\sysaudio.sys
0xA88EA000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA368000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xA8558000 \SystemRoot\System32\Drivers\SRTSP.SYS
0xA840D000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101209.048\NAVEX15.SYS
0xA83F9000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101209.048\NAVENG.SYS
0xA8213000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 30):
0 System Idle Process
4 System
960 C:\WINDOWS\system32\smss.exe
1060 csrss.exe
1084 C:\WINDOWS\system32\winlogon.exe
1128 C:\WINDOWS\system32\services.exe
1140 C:\WINDOWS\system32\lsass.exe
1292 C:\WINDOWS\system32\svchost.exe
1388 svchost.exe
1428 C:\WINDOWS\system32\svchost.exe
1548 C:\Program Files\Symantec AntiVirus\Smc.exe
1620 svchost.exe
1652 svchost.exe
1760 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1984 C:\WINDOWS\system32\spoolsv.exe
168 svchost.exe
324 C:\WINDOWS\system32\gearsec.exe
368 C:\Program Files\Java\jre6\bin\jqs.exe
492 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
480 C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
456 C:\WINDOWS\explorer.exe
2112 C:\Program Files\Symantec AntiVirus\SmcGui.exe
2208 C:\WINDOWS\system32\hkcmd.exe
2216 C:\Program Files\Java\jre6\bin\jusched.exe
2232 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
2252 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
2276 C:\WINDOWS\system32\ctfmon.exe
2772 C:\Program Files\Internet Explorer\iexplore.exe
2528 C:\Documents and Settings\anthony.berry.SMI\Desktop\MBRCheck.exe
516 SescLU.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)
PhysicalDrive0 Model Number: WDCWD400BD-75LRA0, Rev: 09.01D09
Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-05.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/10/2005 12:49:58 PM
System Uptime: 12/10/2010 1:09:54 PM (0 hours ago)
Motherboard: Dell Inc. | | 0C7195
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 23.648 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
Adobe Acrobat 9 Standard - English, Français, Deutsch
Adobe Acrobat 9.4.1 - CPSID_83708
Adobe Flash Player ActiveX
Ascent Advanced Forms Custom Module V3.7 SR01
Ascent Advanced Forms V3.7 SR01
Ascent Advanced Forms Validation Custom Module V3.7 SR01
Ascent Advanced Forms Validation V3.7 SR01
Ascent Capture 7.0 - Workstation
Broadcom Advanced Control Suite 2
Drive Image 7.0
Hitman Pro 3.5
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Imaging for Windows® Professional Edition 2.5
Intel(R) Graphics Media Accelerator Driver
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 17
Kofax TWAIN Data Source
Kofax VirtualReScan 4.0
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
MSVCRT
RFClient
RFClient8.01
RUMBA 2000
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Segoe UI
Sentinel System Driver 5.41.1 (32-bit)
SpywareBlaster 4.4
Symantec Endpoint Protection
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VBA (2627.01)
WebFldrs XP
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
==== Event Viewer Messages From Past Week ========
12/9/2010 9:06:00 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl Fips IntelIde intelppm IPSec MRxSmb NetBIOS NetBT PQIMount RasAcd Rdbss SPBBCDrv SRTSPX SYMTDI Tcpip WPS
12/9/2010 9:06:00 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2010 9:06:00 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2010 9:06:00 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2010 9:06:00 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/8/2010 12:43:18 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\spoolsv.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2696.
12/7/2010 1:43:13 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file spoolsv.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
12/6/2010 7:58:58 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
12/6/2010 7:57:27 AM, error: NETLOGON [5719] - No Domain Controller is available for domain SMI due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
12/6/2010 10:52:46 AM, error: Print [22] - Failed to ugrade printer settings for printer Adobe PDF,0 driver Adobe PDF Converter error 1801.
12/6/2010 10:52:46 AM, error: Print [22] - Failed to ugrade printer settings for printer \\NCSDU7NG6481\Adobe PDF,0,LocalOnly driver C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\PS5UI.DLL error 1801.
12/6/2010 10:42:44 AM, error: DCOM [10001] - Unable to start a DCOM Server: {73AA8F59-DBC4-11D0-AF5C-00A02448799A} as /. The error: "%2" Happened while starting this command: C:\Program Files\Microsoft Visual Studio\Common\IDE\IDE98\MSE.EXE -JITDebug -Embedding
12/6/2010 10:34:30 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
12/3/2010 3:55:16 PM, error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/3/2010 3:54:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
12/3/2010 3:53:56 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
12/3/2010 2:54:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/3/2010 2:44:15 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
12/3/2010 2:30:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/10/2010 9:37:54 AM, error: Service Control Manager [7024] - The Hitman Pro 3.5 Crusader (Boot) service terminated with service-specific error 0 (0x0).
12/10/2010 9:08:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT PQIMount pxrts RasAcd Rdbss SPBBCDrv SRTSPX SYMTDI Tcpip WPS
12/10/2010 12:30:27 PM, error: DCOM [10000] - Unable to start a DCOM Server: {7E477741-01A6-4C06-9DAC-55F6174C08A3}. The error: "%6" Happened while starting this command: "C:\Program Files\Symantec AntiVirus\SescLU.exe" -Embedding
12/10/2010 11:06:46 AM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
12/10/2010 11:05:38 AM, error: Service Control Manager [7016] - The GEARSecurity service has reported an invalid current state 0.
12/10/2010 10:23:12 AM, error: Service Control Manager [7034] - The V2i Protector service terminated unexpectedly. It has done this 1 time(s).
12/10/2010 10:23:12 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/10/2010 10:23:12 AM, error: Service Control Manager [7034] - The GEARSecurity service terminated unexpectedly. It has done this 1 time(s).
12/10/2010 10:23:12 AM, error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
12/10/2010 10:23:12 AM, error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
12/10/2010 10:23:12 AM, error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.
12/10/2010 10:23:12 AM, error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
==== End Of File ===========================
DDS (Ver_10-12-05.01) - NTFSx86
Run by anthony.berry at 13:31:27.63 on Fri 12/10/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3062.2603 [GMT -5:00]
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\MDM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\anthony.berry.SMI\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://insidesmi/
uDefault_Page_URL = hxxp://www.dell.com
mDefault_Page_URL = hxxp://www.dell.com
mStart Page = hxxp://www.dell.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - \\ncsduvg056\smiapps\prod\smilaunch\SMILaunch.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {FAB8539F-27EC-423B-9D13-A76691C35E20} = 192.168.2.42,10.0.5.3
Notify: igfxcui - igfxsrvc.dll
============= SERVICES / DRIVERS ===============
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2003-6-3 123957]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2003-6-3 46900]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-9-29 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-9-29 108392]
R2 InAspi32;InAspi32;c:\windows\system32\drivers\InAspi32.sys [2006-3-7 8704]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2009-9-29 2477304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-3 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101209.048\NAVENG.SYS [2010-12-10 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101209.048\NAVEX15.SYS [2010-12-10 1360248]
S3 COAX;COAX;c:\windows\system32\drivers\COAX.SYS [2005-8-10 26528]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-9-29 23888]
S3 RMBS;RMBS;c:\windows\system32\drivers\RMBS.SYS [2005-8-10 18208]
S3 VPREMOTE;VPRemote Install Bootstrap Service;c:\temp\clt-inst\vpremote.exe [2010-6-11 142192]
=============== Created Last 30 ================
2010-12-10 14:39:51 134464 ----a-w- c:\windows\system32\LnkProtect.dll
2010-12-10 14:29:23 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-10 14:29:22 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-12-10 14:28:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-12-09 14:11:06 -------- d-s---w- c:\documents and settings\anthony.berry.smi\UserData
2010-12-07 13:18:16 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2010-12-07 13:17:38 417792 ------w- c:\windows\system32\dllcache\vbscript.dll
2010-12-06 20:27:11 -------- d-----w- c:\program files\SpywareBlaster
2010-12-06 20:18:11 -------- d-----w- c:\docume~1\anthon~1.smi\applic~1\Malwarebytes
2010-12-03 19:11:13 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2010-12-03 19:03:20 92488 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2010-12-03 18:56:36 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-12-03 18:56:35 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-03 16:21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-03 16:21:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-03 16:20:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-03 16:20:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
==================== Find3M ====================
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD400BD-75LRA0 rev.09.01D09 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-e
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A4F5555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a4fb7b0]; MOV EAX, [0x8a4fb82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE00A] -> \Device\Harddisk0\DR0[0x8A4E1AB8]
3 CLASSPNP[0xBA0E905B] -> ntkrnlpa!IofCallDriver[0x804EE00A] -> [0x8A4A66B8]
\Driver\atapi[0x8A4D2D30] -> IRP_MJ_CREATE -> 0x8A4F5555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskWDC_WD400BD-75LRA0______________________09.01D09#5&2a36c317&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A4F539B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
============= FINISH: 13:31:59.18 ===============
GMER 1.0.15.15530 -
http://www.gmer.net
Rootkit quick scan 2010-12-10 13:30:18
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort1 WDC_WD400BD-75LRA0 rev.09.01D09
Running: thekbmwt.exe; Driver: C:\DOCUME~1\ANTHON~1.SMI\LOCALS~1\Temp\pwlyqpow.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8A4F539B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A4F539B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A4F539B
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskWDC_WD400BD-75LRA0______________________09.01D09#5&2a36c317&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- EOF - GMER 1.0.15 ----