Follow up
I've done that. Here are the results of the logs.
SystemLook:
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 15:53 on 06/05/2010 by danw (Administrator - Elevation successful)
========== filefind ==========
Searching for "iastor.*"
C:\Drivers\storage\R154200\iastor.cat --a--- 11254 bytes [18:11 18/08/2008] [11:40 17/04/2007] 6F6F9F086E42A50A5EA9664AC11D9423
C:\Drivers\storage\R154200\iastor.inf --a--- 6451 bytes [18:11 18/08/2008] [11:40 17/04/2007] 17CF149196D14322C3775BDAE5CEDE60
C:\Drivers\storage\R154200\iastor.sys --a--- 277784 bytes [18:11 18/08/2008] [11:40 17/04/2007] FD7F9D74C2B35DBDA400804A3F5ED5D8
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\iastor.cat --a--- 11254 bytes [10:54 18/08/2008] [09:07 23/02/2007] 2D429546C0C0A29C97A5039D14FB2D42
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\iastor.inf --a--- 6451 bytes [10:54 18/08/2008] [17:36 12/02/2007] 17CF149196D14322C3775BDAE5CEDE60
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys --a--- 537368 bytes [10:54 18/08/2008] [18:37 12/02/2007] 2EE127D5407DA3957EE54711C9AED6EC
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iastor.cat --a--- 11254 bytes [10:54 18/08/2008] [09:07 23/02/2007] 6F6F9F086E42A50A5EA9664AC11D9423
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iastor.inf --a--- 6451 bytes [10:54 18/08/2008] [17:36 12/02/2007] 17CF149196D14322C3775BDAE5CEDE60
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys --a--- 277784 bytes [10:54 18/08/2008] [18:36 12/02/2007] FD7F9D74C2B35DBDA400804A3F5ED5D8
C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys --a--- 277784 bytes [18:29 18/08/2008] [11:40 17/04/2007] FD7F9D74C2B35DBDA400804A3F5ED5D8
C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8f0cb06b\iaStor.cat --a--- 11254 bytes [18:29 18/08/2008] [11:40 17/04/2007] 6F6F9F086E42A50A5EA9664AC11D9423
C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8f0cb06b\iastor.inf --a--- 6451 bytes [18:29 18/08/2008] [11:40 17/04/2007] 17CF149196D14322C3775BDAE5CEDE60
C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8f0cb06b\iaStor.sys --a--- 277784 bytes [18:29 18/08/2008] [11:40 17/04/2007] FD7F9D74C2B35DBDA400804A3F5ED5D8
C:\Windows\System32\drivers\iaStor.sys --a--- 277784 bytes [18:29 18/08/2008] [11:40 17/04/2007] FD7F9D74C2B35DBDA400804A3F5ED5D8
-=End Of File=-
Combo Fix:
ComboFix 10-05-05.0D - danw 05/06/2010 16:25:11.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.1236 [GMT -6:00]
Running from: c:\users\danw.INFOTRAX\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1016304820-1602329189-69458350-500
c:\$recycle.bin\S-1-5-21-2826133206-2312993737-4083541239-500
c:\$recycle.bin\S-1-5-21-918056312-2952985149-2686913973-500
.
((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))))
.
2010-05-06 22:35 . 2010-05-06 22:36 -------- d-----w- c:\users\danw.INFOTRAX\AppData\Local\temp
2010-05-06 22:35 . 2010-05-06 22:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-06 22:35 . 2010-05-06 22:35 -------- d-----w- c:\users\danw\AppData\Local\temp
2010-05-06 13:52 . 2010-05-06 22:21 -------- d-----w- c:\windows\system32\MpEngineStore
2010-05-05 20:55 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-05-05 20:55 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-05-05 20:55 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-05-05 20:54 . 2010-03-04 17:33 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-05-05 20:54 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-05 20:54 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-05 20:54 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-05 20:54 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-05 20:53 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-05-05 06:44 . 2010-05-05 06:44 -------- d-----w- c:\users\danw.INFOTRAX\AppData\Roaming\Malwarebytes
2010-05-05 06:44 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 06:44 . 2010-05-05 06:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 06:44 . 2010-05-05 06:44 -------- d-----w- c:\programdata\Malwarebytes
2010-05-05 06:44 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-05 06:36 . 2010-05-05 06:36 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-05 06:30 . 2010-04-12 23:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-30 06:04 . 2010-03-29 15:59 52224 ----a-w- c:\users\danw.INFOTRAX\AppData\Roaming\Mozilla\Firefox\Profiles\1f7rpnzq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-04-30 06:04 . 2010-03-29 15:59 101376 ----a-w- c:\users\danw.INFOTRAX\AppData\Roaming\Mozilla\Firefox\Profiles\1f7rpnzq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-04-19 04:37 . 2010-04-19 04:37 388096 ----a-r- c:\users\danw.INFOTRAX\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-19 04:37 . 2010-04-19 04:37 -------- d-----w- c:\program files\TrendMicro
2010-04-19 04:27 . 2010-04-19 04:27 -------- d-----w- C:\fixwareout
2010-04-14 05:19 . 2010-03-09 10:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-14 05:19 . 2010-03-09 10:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-14 05:19 . 2010-03-09 10:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-14 05:19 . 2010-03-09 10:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-14 05:19 . 2010-03-09 10:08 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-04-14 05:18 . 2010-03-09 10:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-14 05:18 . 2010-03-09 10:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-14 05:17 . 2010-04-14 05:17 -------- d-----w- c:\programdata\Alwil Software
2010-04-14 05:17 . 2010-04-14 05:17 -------- d-----w- c:\program files\Alwil Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 22:20 . 2008-08-18 10:58 1779 ----a-w- c:\windows\bthservsdp.dat
2010-05-06 22:01 . 2009-06-02 16:22 -------- d-----w- c:\users\danw.INFOTRAX\AppData\Roaming\Skype
2010-05-06 18:51 . 2008-09-25 21:39 0 ----a-w- c:\users\danw.INFOTRAX\AppData\Local\WavXMapDrive.bat
2010-05-06 13:44 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-06 03:35 . 2009-11-23 01:40 302 ----a-w- c:\users\danw.INFOTRAX\jobq.dat
2010-05-05 06:31 . 2008-08-18 10:47 -------- d-----w- c:\program files\Common Files\Java
2010-05-05 06:30 . 2008-08-18 10:47 -------- d-----w- c:\program files\Java
2010-05-04 23:02 . 2008-10-18 14:43 5972 ----a-w- c:\users\danw.INFOTRAX\AppData\Local\d3d9caps.dat
2010-04-26 16:46 . 2008-09-30 15:50 -------- d-----w- c:\program files\Digsby
2010-03-29 04:41 . 2010-02-24 04:43 50354 ----a-w- c:\users\danw.INFOTRAX\AppData\Roaming\Facebook\uninstall.exe
2010-03-29 04:41 . 2010-02-24 04:43 -------- d-----w- c:\users\danw.INFOTRAX\AppData\Roaming\Facebook
2010-03-09 16:25 . 2010-03-30 20:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 15:42 . 2010-03-30 20:41 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\users\danw.INFOTRAX\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-02-25 21:31 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-24 16:16 . 2009-10-03 06:22 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 15:38 . 2008-09-25 21:39 100432 ----a-w- c:\users\danw.INFOTRAX\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-20 23:06 . 2010-03-15 09:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-15 09:00 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-15 09:00 411648 ----a-w- c:\windows\system32\drivers\http.sys
2008-08-18 18:24 . 2008-08-18 18:12 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2009-12-31 18:53 2349080 ----a-w- c:\program files\Zynga\tbZyng.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyng.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
"ZimbraNotifier"="c:\\ZimbraNotifier.exe" [2009-02-12 159744]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-31 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-31 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-31 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 85504]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-03 405504]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-18 50688]
Glance.lnk - c:\program files\Glance25\Glance.exe [2010-2-18 1737504]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 07:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 16:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 07:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ab,3a,66,3a,f1,b5,ca,01
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-03-19 179712]
R3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\DRIVERS\BthFilt.sys [2007-05-05 13824]
S1 aswSP;aswSP; [x]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-03-09 51792]
S2 BthFilterHelper;Bluetooth Feature Support;c:\program files\CSR\Vista Profile Pack\BthFilterHelper.exe [2006-11-07 127488]
S2 EVault InfoStage Agent;AmeriVault Backup Solution Agent;c:\program files\AmeriVault Backup Solution\Agent\VVAgent.exe [2009-03-28 3432448]
S2 EVault InfoStage BUAgent;AmeriVault Backup Solution BUAgent;c:\program files\AmeriVault Backup Solution\Agent\buagent.exe [2009-03-28 5492736]
S2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2006-11-02 7168]
S3 glancedrv;glancedrv;c:\windows\system32\DRIVERS\glancedrv.sys [2009-05-13 34080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-05-06 c:\windows\Tasks\User_Feed_Synchronization-{65A728E8-D674-4D7B-A17C-4848276ECB41}.job
- c:\windows\system32\msfeedssync.exe [2008-09-23 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://espn.go.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.7.1/GarminAxControl.CAB
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://maceys.lifepics.com/net/Uploader/LPUploader57.cab
FF - ProfilePath - c:\users\danw.INFOTRAX\AppData\Roaming\Mozilla\Firefox\Profiles\1f7rpnzq.default\
FF - component: c:\users\danw.INFOTRAX\AppData\Roaming\Mozilla\Firefox\Profiles\1f7rpnzq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\danw.INFOTRAX\AppData\Roaming\Mozilla\Firefox\Profiles\1f7rpnzq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Glance25\npglance.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\danw.INFOTRAX\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\danw.INFOTRAX\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\danw.INFOTRAX\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\danw.INFOTRAX\AppData\Roaming\Macromedia\Flash Player\
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-05-06 16:35
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys >>UNKNOWN [0x86BC68C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x883aad24
\Driver\ACPI -> acpi.sys @ 0x80691d68
\Driver\atapi -> ataport.SYS @ 0x82d6fa2c
\Driver\iaStor -> iastor.sys @ 0x82ce2d24
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(704)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
c:\program files\Wave Systems Corp\Common\CryptoManager.dll
c:\windows\system32\tcg15.dll
c:\windows\system32\Tsp1.dll
c:\windows\system32\wclient14.dll
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2010-05-06 16:41:33
ComboFix-quarantined-files.txt 2010-05-06 22:41
Pre-Run: 56,894,017,536 bytes free
Post-Run: 56,777,719,808 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 733450698AA914877EC497DF508D0B59