krishna Posted February 12, 2011 ID:388175 Share Posted February 12, 2011 Attach.zipMalwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabaseversie: 5735Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870211-2-2011 0:55:43mbam-log-2011-02-11 (00-55-43).txtScantype: Volledige scan (C:\|D:\|)Objecten gescand: 367482Verstreken tijd: 2 uur/uren, 33 minuut/minuten, 19 seconde(n)Geheugenprocessen ge Link to post Share on other sites More sharing options...
Maniac Posted February 12, 2011 ID:388180 Share Posted February 12, 2011 Hello krishna! Welcome to Malwarebytes' Anti-Malware Forums!My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following: The process of cleaning your system may take some time, so please be patient.Follow my instructions step by step if there is a problem somewhere, stop and tell me.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!If you don't know or can't understand something please ask. Do not install or uninstall any software or hardware, while work on.Keep me informed about any changes.You're missing Attach.txt .Launch Malwarebytes' Anti-MalwareGo to Update" tab and select Check for Updates.Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.In your next reply, please post the following logs:Malwarebytes' Anti-Malware loga new fresh DDS log file with Attach.txt Link to post Share on other sites More sharing options...
krishna Posted February 12, 2011 Author ID:388208 Share Posted February 12, 2011 Thanks fo the help Borislav!Amazing that you can figure out what the problem is from what it says here:Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabaseversie: 5747Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870212-2-2011 15:03:37mbam-log-2011-02-12 (15-03-37).txtScantype: Snelle scanObjecten gescand: 232232Verstreken tijd: 41 minuut/minuten, 34 seconde(n)Geheugenprocessen geark.zip Link to post Share on other sites More sharing options...
Maniac Posted February 12, 2011 ID:388281 Share Posted February 12, 2011 It's not a big deal. Thanks! Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on -TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, choose it.It may ask you to reboot the computer to complete the process. Click on [-b]Reboot Now.Click the Report button and copy/paste the contents of it into your next reply.Note:It will also create a log in the C:\ directory.In your next reply, please post these log(s):TDSSKiller loga new fresh DDS log only Link to post Share on other sites More sharing options...
krishna Posted February 12, 2011 Author ID:388345 Share Posted February 12, 2011 DDS (Ver_10-12-12.02) - FAT32x86 Run by Krishna at 21:54:06,78 on za 12-02-2011Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1535.801 [GMT 1:00]AV: McAfee Antivirus en antispyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *Enabled* ============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchSVCHOST.EXEC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupSVCHOST.EXESVCHOST.EXEC:\WINDOWS\system32\spoolsv.exeSVCHOST.EXEC:\Program Files\acer\Acer eConsole\MediaServerService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\LGScsiCommandService.exeC:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeC:\WINDOWS\system32\mfevtps.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Acer\eRecovery\Monitor.exeC:\WINDOWS\system32\VTTimer.exeC:\Program Files\Acer\Acer eMode Management\AspireService.exeC:\Program Files\Acer\Acer eConsole\MediaSync.exeC:\program files\umsd tools2.33\umsd.exeC:\Program Files\Mouse Driver\MouseDrv.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\McAfee.com\Agent\mcagent.exeD:\Mijn muziek\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Windows Live\Messenger\MsnMsgr.ExeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exeD:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeD:\SetPoint\SetPoint.exeC:\Program Files\SEC\Natural Color Pro\NCProTray.exeC:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\Program Files\Windows Live\Contacts\wlcomm.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Krishna\Bureaublad\TDSSKiller.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\McAfee Security Scan\2.0.181\McUICnt.exeC:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exeC:\Documents and Settings\Krishna\Local Settings\Temporary Internet Files\Content.IE5\WL3JB4HX\dds[1].scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.nl/ig?hl=nluSearch Page = hxxp://www.google.comuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/keyword/%smSearchAssistant = hxxp://www.google.com/ieuURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: HistoryTriggerBHO Class: {21a88cb9-84d2-4020-a2d1-b25a21034884} - c:\program files\lg electronics\lg pc suite iv\linkair\LinkAirBrowserHelper.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110119162033.dllBHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllTB: {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - No FileTB: {D51D388B-F5DC-471A-A1CE-5E2D671091C0} - No FileuRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exeuRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /backgrounduRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [LG LinkAir] c:\program files\lg electronics\lg pc suite iv\linkair\LinkAir.exeuRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; msn OptimizedIE8;NLNL)" -"http://files.keygames.com/games/dcr/mobyblaster/index.html"mRun: [LaunchApp] AlaunchmRun: [soundMan] SOUNDMAN.EXEmRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNCmRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNCmRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMENamemRun: [eRecoveryService] c:\program files\acer\erecovery\Monitor.exemRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exemRun: [<NO NAME>] mRun: [VTTimer] VTTimer.exemRun: [VTTrayp] VTtrayp.exemRun: [AspireService] c:\program files\acer\acer emode management\AspireService.exemRun: [MediaSync] c:\program files\acer\acer econsole\MediaSync.exemRun: [PLoader] c:\program files\umsd tools2.33\umsd.exe sys_auto_run c:\program files\UMSD Tools2.33mRun: [CreativeMouse ] c:\program files\mouse driver\MouseDrv.exemRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startupmRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXEmRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEmRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exemRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [nwiz] nwiz.exe /installmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [WheelMouse] c:\advanc~1\wh_exec.exemRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkeymRun: [QuickTime Task] "D:\qttask.exe" -atboottimemRun: [iTunesHelper] "d:\mijn muziek\itunes\iTunesHelper.exe"dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXEdRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tStartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXEStartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\logite~2.lnk - d:\desktop messenger\8876480\program\LogitechDesktopMessenger.exeStartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\logite~1.lnk - d:\setpoint\SetPoint.exeStartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\ncprot~1.lnk - c:\program files\sec\natural color pro\NCProTray.exeStartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.htmlIE: LG Air Sync (R-Click) - Save as Mobile Image - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/206IE: LG Air Sync (R-Click) - Save as Mobile Memo - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/208IE: LG Air Sync (R-Click) - Save as Mobile Text file - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/210IE: LG Air Sync (R-Click) - Set as Mobile Wallpaper - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/205IE: LG Air Sync Option - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/209IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllTrusted Zone: internetTrusted Zone: mcafee.comDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://krishnaramra.spaces.live.com//PhotoUpload/MsnPUpld.cabDPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://www.slide.com/uploader/SlideImageUploader.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136579976796DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://cache.hyves.org/statics/Aurigma/ImageUploader4.cabDPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://krishnaramra.spaces.live.com/PhotoUpload/MsnPUpld.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://cache.hyves.nl/statics/Aurigma/ImageUploader.cabDPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cabDPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cabHandler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\desktop messenger\8876480\program\GAPlugProtocol-8876480.dllHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllNotify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dllAppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLLSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll============= SERVICES / DRIVERS ===============R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 386840]R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-19 84072]R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [2010-5-26 47616]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-19 271480]R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-19 271480]R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-19 271480]R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-19 271480]R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-19 171168]R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-19 188136]R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-19 141792]R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-19 55840]R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-19 152960]R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-19 52104]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-19 313288]R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-1-19 88544]S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-31 135664]S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-12-28 30192]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-1-19 88544]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-19 84264]S3 OEMSTOR;USB Mass Storage;c:\windows\system32\drivers\USBMSDk.sys [2005-12-3 17024]S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\YH920GS.sys [2005-12-3 7552]S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [2007-1-26 6784]S4 Norman ZANDA;Norman ZANDA;"c:\program files\norman\npm\bin\zanda.exe" --> c:\program files\norman\npm\bin\Zanda.exe [?]=============== Created Last 30 ================2011-02-10 21:18:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-02-10 21:18:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2011-02-08 13:19:26 -------- d-----w- c:\program files\iPod2011-02-04 19:13:49 -------- d-----w- C:\GD8802011-02-04 18:54:06 53248 ----a-w- c:\windows\system32\CommonDL.dll2011-02-04 18:54:06 44544 ----a-w- c:\windows\system32\msxml4a.dll2011-02-04 18:53:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\LGMOBILEAX2011-02-04 00:06:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData2011-02-03 22:21:28 -------- d-----w- c:\docume~1\krishna\applic~1\Fighters2011-02-03 22:21:23 -------- d-----w- c:\docume~1\krishna\locals~1\applic~1\PackageAware2011-01-24 20:57:50 0 ----a-w- c:\windows\system32\ConduitEngine.tmp2011-01-24 20:57:26 -------- d-----w- c:\docume~1\krishna\applic~1\PriceGong2011-01-24 20:18:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll2011-01-24 20:18:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll2011-01-24 20:18:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll2011-01-24 20:18:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll2011-01-24 20:18:27 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll2011-01-24 20:18:27 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll2011-01-24 20:18:27 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll2011-01-21 14:44:07 441344 ------w- c:\windows\system32\dllcache\shimgvw.dll2011-01-19 13:36:22 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys2011-01-19 13:36:16 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys2011-01-19 13:36:16 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys2011-01-19 13:36:16 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys2011-01-19 13:36:16 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys2011-01-19 13:36:16 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys2011-01-19 13:36:16 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys2011-01-19 13:36:16 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2011-01-19 13:36:10 -------- d-----w- c:\program files\common files\Mcafee2011-01-19 13:36:09 -------- d-----w- c:\program files\McAfee.com2011-01-19 13:22:55 141792 ----a-w- c:\windows\system32\mfevtps.exe2011-01-19 13:04:14 -------- d-----w- c:\program files\Citrix2011-01-19 12:49:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Citrix2011-01-19 12:46:20 -------- d-----w- c:\docume~1\krishna\locals~1\applic~1\Citrix2011-01-19 12:46:18 103784 ----a-w- c:\documents and settings\krishna\GoToAssistDownloadHelper.exe2011-01-19 12:25:36 -------- d-----w- c:\docume~1\krishna\applic~1\McAfee2011-01-19 12:24:59 -------- d-----w- c:\program files\McAfee==================== Find3M ====================2011-02-02 16:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe2011-01-21 14:44:08 441344 ----a-w- c:\windows\system32\shimgvw.dll2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll2010-12-31 14:04:12 1855104 ----a-w- c:\windows\system32\win32k.sys2010-12-22 12:34:20 301568 ----a-w- c:\windows\system32\kerberos.dll2010-12-20 23:52:42 916480 ----a-w- c:\windows\system32\wininet.dll2010-12-20 23:52:40 43520 ----a-w- c:\windows\system32\licmgr10.dll2010-12-20 23:52:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl2010-12-20 17:25:56 735232 ----a-w- c:\windows\system32\lsasrv.dll2010-12-20 12:55:38 385024 ----a-w- c:\windows\system32\html.iec2010-12-09 15:15:34 739328 ----a-w- c:\windows\system32\ntdll.dll2010-12-09 15:14:08 2197120 ----a-w- c:\windows\system32\ntoskrnl.exe2010-12-09 15:14:02 2073728 ----a-w- c:\windows\system32\ntkrnlpa.exe2010-12-09 14:30:18 33280 ----a-w- c:\windows\system32\csrsrv.dll2010-11-29 16:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2010-11-29 16:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts2010-11-18 18:15:46 86016 ----a-w- c:\windows\system32\isign32.dll=================== ROOTKIT ====================Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.netWindows 5.1.2600 CreateFile("\\.\PHYSICALDRIVE0"): Het proces heeft geen toegang tot het bestand omdathet bestand door een ander proces wordt gebruikt.device: opened successfullyuser: error reading MBR Disk trace:called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8934C008]<< _asm { PUSH EBP; CALL 0x6; }1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8A409AB8]kernel: MBR read successfully_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV DI, 0x5; XOR AX, AX; MOV DL, 0x80; INT 0x13; JAE 0x2d; DEC DI; }user != kernel MBR !!! ============= FINISH: 21:55:42,85 ===============2011/02/12 21:46:36.0437 0968 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:202011/02/12 21:46:36.0843 0968 ================================================================================2011/02/12 21:46:36.0843 0968 SystemInfo:2011/02/12 21:46:36.0843 0968 2011/02/12 21:46:36.0843 0968 OS Version: 5.1.2600 ServicePack: 3.02011/02/12 21:46:36.0843 0968 Product type: Workstation2011/02/12 21:46:36.0843 0968 ComputerName: ACER-2D17133CC52011/02/12 21:46:36.0843 0968 UserName: Krishna2011/02/12 21:46:36.0843 0968 Windows directory: C:\WINDOWS2011/02/12 21:46:36.0843 0968 System windows directory: C:\WINDOWS2011/02/12 21:46:36.0843 0968 Processor architecture: Intel x862011/02/12 21:46:36.0843 0968 Number of processors: 12011/02/12 21:46:36.0843 0968 Page size: 0x10002011/02/12 21:46:36.0843 0968 Boot type: Normal boot2011/02/12 21:46:36.0843 0968 ================================================================================2011/02/12 21:46:37.0250 0968 Initialize success Link to post Share on other sites More sharing options...
Maniac Posted February 13, 2011 ID:388428 Share Posted February 13, 2011 Please re-run TDSSKiller and post a new fresh logs from TDSSKiller and then from DDS. Link to post Share on other sites More sharing options...
krishna Posted February 13, 2011 Author ID:388631 Share Posted February 13, 2011 2011/02/13 14:36:53.0812 1944 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:202011/02/13 14:36:55.0812 1944 ================================================================================2011/02/13 14:36:55.0812 1944 SystemInfo:2011/02/13 14:36:55.0812 1944 2011/02/13 14:36:55.0812 1944 OS Version: 5.1.2600 ServicePack: 3.02011/02/13 14:36:55.0812 1944 Product type: Workstation2011/02/13 14:36:55.0812 1944 ComputerName: ACER-2D17133CC52011/02/13 14:36:55.0812 1944 UserName: Krishna2011/02/13 14:36:55.0812 1944 Windows directory: C:\WINDOWS2011/02/13 14:36:55.0812 1944 System windows directory: C:\WINDOWS2011/02/13 14:36:55.0812 1944 Processor architecture: Intel x862011/02/13 14:36:55.0812 1944 Number of processors: 12011/02/13 14:36:55.0812 1944 Page size: 0x10002011/02/13 14:36:55.0812 1944 Boot type: Normal boot2011/02/13 14:36:55.0812 1944 ================================================================================2011/02/13 14:36:56.0796 1944 Initialize success2011/02/13 14:42:08.0359 2376 ================================================================================2011/02/13 14:42:08.0359 2376 Scan started2011/02/13 14:42:08.0359 2376 Mode: Manual; 2011/02/13 14:42:08.0359 2376 ================================================================================2011/02/13 14:42:09.0968 2376 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys2011/02/13 14:42:10.0187 2376 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys2011/02/13 14:42:12.0109 2376 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys2011/02/13 14:42:12.0390 2376 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys2011/02/13 14:42:12.0640 2376 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys2011/02/13 14:42:13.0921 2376 ALCXWDM (9a6aa923f00d368c8ad3bd7485d5cdca) C:\WINDOWS\system32\drivers\ALCXWDM.SYS2011/02/13 14:42:16.0093 2376 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys2011/02/13 14:42:16.0312 2376 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys2011/02/13 14:42:16.0859 2376 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys2011/02/13 14:42:17.0125 2376 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys2011/02/13 14:42:17.0281 2376 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys2011/02/13 14:42:17.0468 2376 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys2011/02/13 14:42:18.0062 2376 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys2011/02/13 14:42:18.0250 2376 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys2011/02/13 14:42:18.0390 2376 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys2011/02/13 14:42:18.0687 2376 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys2011/02/13 14:42:20.0671 2376 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys2011/02/13 14:42:20.0875 2376 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys2011/02/13 14:42:21.0843 2376 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys2011/02/13 14:42:21.0953 2376 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys2011/02/13 14:42:22.0140 2376 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys2011/02/13 14:42:22.0750 2376 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys2011/02/13 14:42:23.0000 2376 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys2011/02/13 14:42:23.0156 2376 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys2011/02/13 14:42:23.0343 2376 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys2011/02/13 14:42:24.0031 2376 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys2011/02/13 14:42:24.0453 2376 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys2011/02/13 14:42:24.0609 2376 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys2011/02/13 14:42:24.0890 2376 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys2011/02/13 14:42:25.0125 2376 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys2011/02/13 14:42:25.0515 2376 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys2011/02/13 14:42:25.0796 2376 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys2011/02/13 14:42:26.0046 2376 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys2011/02/13 14:42:26.0734 2376 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys2011/02/13 14:42:27.0578 2376 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys2011/02/13 14:42:27.0953 2376 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys2011/02/13 14:42:28.0437 2376 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Program Files\acer\eRecovery\int15.sys2011/02/13 14:42:29.0125 2376 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys2011/02/13 14:42:29.0281 2376 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys2011/02/13 14:42:29.0421 2376 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys2011/02/13 14:42:29.0593 2376 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys2011/02/13 14:42:29.0796 2376 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys2011/02/13 14:42:29.0968 2376 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys2011/02/13 14:42:30.0234 2376 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys2011/02/13 14:42:30.0421 2376 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys2011/02/13 14:42:30.0640 2376 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys2011/02/13 14:42:30.0843 2376 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys2011/02/13 14:42:31.0140 2376 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys2011/02/13 14:42:32.0000 2376 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys2011/02/13 14:42:32.0812 2376 LgBttPort (4dd47b5af0b24871ebb9efc012a7474e) C:\WINDOWS\system32\DRIVERS\lgbtport.sys2011/02/13 14:42:33.0171 2376 lgbusenum (1d038ca6c529203087a990e5e97887b4) C:\WINDOWS\system32\DRIVERS\lgbtbus.sys2011/02/13 14:42:33.0484 2376 LGVMODEM (26f1976a330195d62a6224c76968cf0d) C:\WINDOWS\system32\DRIVERS\lgvmodem.sys2011/02/13 14:42:34.0015 2376 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys2011/02/13 14:42:34.0921 2376 MagicTune (7acae9601b3eb413f8bf5c90a77a6848) C:\WINDOWS\system32\drivers\MTiCtwl.sys2011/02/13 14:42:35.0453 2376 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys2011/02/13 14:42:36.0015 2376 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys2011/02/13 14:42:36.0656 2376 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys2011/02/13 14:42:37.0359 2376 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys2011/02/13 14:42:37.0609 2376 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys2011/02/13 14:42:37.0906 2376 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys2011/02/13 14:42:38.0046 2376 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys2011/02/13 14:42:38.0343 2376 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys2011/02/13 14:42:38.0656 2376 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys2011/02/13 14:42:38.0906 2376 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys2011/02/13 14:42:39.0109 2376 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys2011/02/13 14:42:39.0421 2376 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys2011/02/13 14:42:39.0890 2376 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys2011/02/13 14:42:40.0250 2376 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys2011/02/13 14:42:40.0468 2376 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys2011/02/13 14:42:41.0390 2376 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys2011/02/13 14:42:42.0437 2376 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys2011/02/13 14:42:43.0296 2376 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys2011/02/13 14:42:43.0531 2376 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys2011/02/13 14:42:43.0656 2376 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys2011/02/13 14:42:43.0796 2376 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys2011/02/13 14:42:44.0031 2376 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys2011/02/13 14:42:44.0312 2376 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys2011/02/13 14:42:44.0609 2376 NCPro (7acae9601b3eb413f8bf5c90a77a6848) C:\WINDOWS\system32\drivers\MTictwl.sys2011/02/13 14:42:44.0921 2376 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys2011/02/13 14:42:45.0062 2376 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys2011/02/13 14:42:45.0234 2376 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys2011/02/13 14:42:45.0390 2376 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys2011/02/13 14:42:45.0656 2376 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys2011/02/13 14:42:46.0000 2376 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys2011/02/13 14:42:46.0343 2376 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys2011/02/13 14:42:46.0906 2376 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys2011/02/13 14:42:47.0250 2376 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys2011/02/13 14:42:47.0546 2376 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys2011/02/13 14:42:47.0875 2376 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys2011/02/13 14:42:48.0375 2376 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys2011/02/13 14:42:49.0046 2376 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys2011/02/13 14:42:49.0187 2376 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys2011/02/13 14:42:49.0421 2376 OEMSTOR (cfb87a03dd0cae2bf3f9a4b4b795be47) C:\WINDOWS\system32\DRIVERS\USBMSDk.SYS2011/02/13 14:42:49.0812 2376 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys2011/02/13 14:42:50.0328 2376 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys2011/02/13 14:42:50.0453 2376 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys2011/02/13 14:42:50.0843 2376 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys2011/02/13 14:42:51.0375 2376 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys2011/02/13 14:42:51.0687 2376 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys2011/02/13 14:42:53.0875 2376 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys2011/02/13 14:42:54.0250 2376 PortlUSB (895dbe112ef6435dda75c8c9698e400b) C:\WINDOWS\system32\DRIVERS\YH920GS.sys2011/02/13 14:42:55.0312 2376 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys2011/02/13 14:42:55.0781 2376 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys2011/02/13 14:42:56.0171 2376 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys2011/02/13 14:42:56.0296 2376 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys2011/02/13 14:42:56.0750 2376 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys2011/02/13 14:42:58.0390 2376 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys2011/02/13 14:42:58.0765 2376 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys2011/02/13 14:42:59.0296 2376 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys2011/02/13 14:42:59.0453 2376 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys2011/02/13 14:42:59.0781 2376 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys2011/02/13 14:42:59.0921 2376 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys2011/02/13 14:43:00.0390 2376 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys2011/02/13 14:43:00.0750 2376 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys2011/02/13 14:43:01.0062 2376 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys2011/02/13 14:43:01.0781 2376 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys2011/02/13 14:43:02.0406 2376 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS2011/02/13 14:43:02.0828 2376 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys2011/02/13 14:43:03.0187 2376 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys2011/02/13 14:43:03.0671 2376 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys2011/02/13 14:43:04.0093 2376 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys2011/02/13 14:43:05.0218 2376 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys2011/02/13 14:43:05.0578 2376 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys2011/02/13 14:43:05.0984 2376 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys2011/02/13 14:43:06.0343 2376 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys2011/02/13 14:43:06.0687 2376 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys2011/02/13 14:43:09.0046 2376 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys2011/02/13 14:43:09.0406 2376 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys2011/02/13 14:43:09.0750 2376 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys2011/02/13 14:43:10.0093 2376 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys2011/02/13 14:43:10.0546 2376 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys2011/02/13 14:43:11.0171 2376 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys2011/02/13 14:43:11.0750 2376 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys2011/02/13 14:43:12.0250 2376 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys2011/02/13 14:43:13.0031 2376 usbbus (8ef48ff1c23b1ce6f96d09a45959eb20) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys2011/02/13 14:43:13.0312 2376 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys2011/02/13 14:43:14.0718 2376 UsbDiag (a0e24c5c2d0cff04bbd3753a72fae80b) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys2011/02/13 14:43:15.0062 2376 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys2011/02/13 14:43:15.0500 2376 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys2011/02/13 14:43:15.0812 2376 USBModem (cc09a1132b1f6a8362107cc134e90d0b) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys2011/02/13 14:43:16.0234 2376 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys2011/02/13 14:43:16.0500 2376 usbsermptxp (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys2011/02/13 14:43:16.0875 2376 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS2011/02/13 14:43:17.0203 2376 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys2011/02/13 14:43:17.0546 2376 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys2011/02/13 14:43:17.0906 2376 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys2011/02/13 14:43:18.0093 2376 viagfx (949f86f5a8e493574bbb830c3d18e4a9) C:\WINDOWS\system32\DRIVERS\vtmini.sys2011/02/13 14:43:18.0468 2376 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys2011/02/13 14:43:18.0859 2376 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys2011/02/13 14:43:19.0218 2376 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys2011/02/13 14:43:19.0515 2376 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys2011/02/13 14:43:20.0406 2376 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys2011/02/13 14:43:20.0593 2376 whfltr2k (97d0d27a87622154bc90b92d84fd91b5) C:\WINDOWS\system32\DRIVERS\whfltr2k.sys2011/02/13 14:43:21.0250 2376 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys2011/02/13 14:43:21.0578 2376 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys2011/02/13 14:43:21.0875 2376 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys2011/02/13 14:43:22.0109 2376 ================================================================================2011/02/13 14:43:22.0109 2376 Scan finished2011/02/13 14:43:22.0109 2376 ================================================================================DDS (Ver_10-12-12.02) - FAT32x86 Run by Krishna at 14:48:10,79 on zo 13-02-2011Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1535.717 [GMT 1:00]AV: McAfee Antivirus en antispyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *Enabled* ============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchSVCHOST.EXEC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupSVCHOST.EXESVCHOST.EXEC:\WINDOWS\system32\spoolsv.exeSVCHOST.EXEC:\Program Files\acer\Acer eConsole\MediaServerService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\LGScsiCommandService.exeC:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeC:\WINDOWS\system32\mfevtps.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files\McAfee\VirusScan\mcods.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Acer\eRecovery\Monitor.exeC:\WINDOWS\system32\VTTimer.exeC:\Program Files\Acer\Acer eMode Management\AspireService.exeC:\Program Files\Acer\Acer eConsole\MediaSync.exeC:\program files\umsd tools2.33\umsd.exeC:\Program Files\Mouse Driver\MouseDrv.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Common Files\Java\Java Update\jusched.exeD:\Mijn muziek\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Windows Live\Messenger\MsnMsgr.ExeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exeD:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeD:\SetPoint\SetPoint.exeC:\Program Files\SEC\Natural Color Pro\NCProTray.exeC:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Windows Live\Contacts\wlcomm.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Krishna\Bureaublad\TDSSKiller.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Krishna\Local Settings\Temporary Internet Files\Content.IE5\WL3JB4HX\dds[1].scrC:\WINDOWS\system32\msfeedssync.exe============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.nl/ig?hl=nluSearch Page = hxxp://www.google.comuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/keyword/%smSearchAssistant = hxxp://www.google.com/ieuURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: HistoryTriggerBHO Class: {21a88cb9-84d2-4020-a2d1-b25a21034884} - c:\program files\lg electronics\lg pc suite iv\linkair\LinkAirBrowserHelper.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110119162033.dllBHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllTB: {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - No FileTB: {D51D388B-F5DC-471A-A1CE-5E2D671091C0} - No FileuRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exeuRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /backgrounduRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [LG LinkAir] c:\program files\lg electronics\lg pc suite iv\linkair\LinkAir.exeuRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; msn OptimizedIE8;NLNL)" -"http://files.keygames.com/games/dcr/mobyblaster/index.html"mRun: [LaunchApp] AlaunchmRun: [soundMan] SOUNDMAN.EXEmRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNCmRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNCmRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMENamemRun: [eRecoveryService] c:\program files\acer\erecovery\Monitor.exemRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exemRun: [<NO NAME>] mRun: [VTTimer] VTTimer.exemRun: [VTTrayp] VTtrayp.exemRun: [AspireService] c:\program files\acer\acer emode management\AspireService.exemRun: [MediaSync] c:\program files\acer\acer econsole\MediaSync.exemRun: [PLoader] c:\program files\umsd tools2.33\umsd.exe sys_auto_run c:\program files\UMSD Tools2.33mRun: [CreativeMouse ] c:\program files\mouse driver\MouseDrv.exemRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startupmRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXEmRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEmRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exemRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [nwiz] nwiz.exe /installmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [WheelMouse] c:\advanc~1\wh_exec.exemRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkeymRun: [QuickTime Task] "D:\qttask.exe" -atboottimemRun: [iTunesHelper] "d:\mijn muziek\itunes\iTunesHelper.exe"dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXEdRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tStartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXEStartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\logite~2.lnk - d:\desktop messenger\8876480\program\LogitechDesktopMessenger.exeStartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\logite~1.lnk - d:\setpoint\SetPoint.exeStartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\ncprot~1.lnk - c:\program files\sec\natural color pro\NCProTray.exeStartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.htmlIE: LG Air Sync (R-Click) - Save as Mobile Image - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/206IE: LG Air Sync (R-Click) - Save as Mobile Memo - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/208IE: LG Air Sync (R-Click) - Save as Mobile Text file - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/210IE: LG Air Sync (R-Click) - Set as Mobile Wallpaper - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/205IE: LG Air Sync Option - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/209IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllTrusted Zone: internetTrusted Zone: mcafee.comDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://krishnaramra.spaces.live.com//PhotoUpload/MsnPUpld.cabDPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://www.slide.com/uploader/SlideImageUploader.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136579976796DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://cache.hyves.org/statics/Aurigma/ImageUploader4.cabDPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://krishnaramra.spaces.live.com/PhotoUpload/MsnPUpld.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://cache.hyves.nl/statics/Aurigma/ImageUploader.cabDPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cabDPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cabHandler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\desktop messenger\8876480\program\GAPlugProtocol-8876480.dllHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllNotify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dllAppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLLSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll============= SERVICES / DRIVERS ===============R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 386840]R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-19 84072]R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [2010-5-26 47616]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-19 271480]R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-19 271480]R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-19 271480]R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-19 271480]R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-19 171168]R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-19 188136]R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-19 141792]R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-19 55840]R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-19 152960]R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-19 52104]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-19 313288]R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-1-19 88544]R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-19 84264]S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-31 135664]S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-12-28 30192]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-1-19 88544]S3 OEMSTOR;USB Mass Storage;c:\windows\system32\drivers\USBMSDk.sys [2005-12-3 17024]S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\YH920GS.sys [2005-12-3 7552]S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [2007-1-26 6784]S4 Norman ZANDA;Norman ZANDA;"c:\program files\norman\npm\bin\zanda.exe" --> c:\program files\norman\npm\bin\Zanda.exe [?]=============== Created Last 30 ================2011-02-10 21:18:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-02-10 21:18:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2011-02-08 13:19:26 -------- d-----w- c:\program files\iPod2011-02-04 19:13:49 -------- d-----w- C:\GD8802011-02-04 18:54:06 53248 ----a-w- c:\windows\system32\CommonDL.dll2011-02-04 18:54:06 44544 ----a-w- c:\windows\system32\msxml4a.dll2011-02-04 18:53:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\LGMOBILEAX2011-02-04 00:06:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData2011-02-03 22:21:28 -------- d-----w- c:\docume~1\krishna\applic~1\Fighters2011-02-03 22:21:23 -------- d-----w- c:\docume~1\krishna\locals~1\applic~1\PackageAware2011-01-24 20:57:50 0 ----a-w- c:\windows\system32\ConduitEngine.tmp2011-01-24 20:57:26 -------- d-----w- c:\docume~1\krishna\applic~1\PriceGong2011-01-24 20:18:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll2011-01-24 20:18:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll2011-01-24 20:18:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll2011-01-24 20:18:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll2011-01-24 20:18:27 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll2011-01-24 20:18:27 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll2011-01-24 20:18:27 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll2011-01-21 14:44:07 441344 ------w- c:\windows\system32\dllcache\shimgvw.dll2011-01-19 13:36:22 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys2011-01-19 13:36:16 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys2011-01-19 13:36:16 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys2011-01-19 13:36:16 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys2011-01-19 13:36:16 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys2011-01-19 13:36:16 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys2011-01-19 13:36:16 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys2011-01-19 13:36:16 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2011-01-19 13:36:10 -------- d-----w- c:\program files\common files\Mcafee2011-01-19 13:36:09 -------- d-----w- c:\program files\McAfee.com2011-01-19 13:22:55 141792 ----a-w- c:\windows\system32\mfevtps.exe2011-01-19 13:04:14 -------- d-----w- c:\program files\Citrix2011-01-19 12:49:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Citrix2011-01-19 12:46:20 -------- d-----w- c:\docume~1\krishna\locals~1\applic~1\Citrix2011-01-19 12:46:18 103784 ----a-w- c:\documents and settings\krishna\GoToAssistDownloadHelper.exe2011-01-19 12:25:36 -------- d-----w- c:\docume~1\krishna\applic~1\McAfee2011-01-19 12:24:59 -------- d-----w- c:\program files\McAfee==================== Find3M ====================2011-02-02 16:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe2011-01-21 14:44:08 441344 ----a-w- c:\windows\system32\shimgvw.dll2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll2010-12-31 14:04:12 1855104 ----a-w- c:\windows\system32\win32k.sys2010-12-22 12:34:20 301568 ----a-w- c:\windows\system32\kerberos.dll2010-12-20 23:52:42 916480 ----a-w- c:\windows\system32\wininet.dll2010-12-20 23:52:40 43520 ----a-w- c:\windows\system32\licmgr10.dll2010-12-20 23:52:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl2010-12-20 17:25:56 735232 ----a-w- c:\windows\system32\lsasrv.dll2010-12-20 12:55:38 385024 ----a-w- c:\windows\system32\html.iec2010-12-09 15:15:34 739328 ----a-w- c:\windows\system32\ntdll.dll2010-12-09 15:14:08 2197120 ----a-w- c:\windows\system32\ntoskrnl.exe2010-12-09 15:14:02 2073728 ----a-w- c:\windows\system32\ntkrnlpa.exe2010-12-09 14:30:18 33280 ----a-w- c:\windows\system32\csrsrv.dll2010-11-29 16:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2010-11-29 16:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts2010-11-18 18:15:46 86016 ----a-w- c:\windows\system32\isign32.dll=================== ROOTKIT ====================Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.netWindows 5.1.2600 CreateFile("\\.\PHYSICALDRIVE0"): Het proces heeft geen toegang tot het bestand omdathet bestand door een ander proces wordt gebruikt.device: opened successfullyuser: error reading MBR Disk trace:called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x88EFCA20]<< _asm { PUSH EBP; CALL 0x6; }1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8A409AB8]kernel: MBR read successfully_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV DI, 0x5; XOR AX, AX; MOV DL, 0x80; INT 0x13; JAE 0x2d; DEC DI; }user != kernel MBR !!! ============= FINISH: 14:50:00,76 =============== Link to post Share on other sites More sharing options...
Maniac Posted February 13, 2011 ID:388685 Share Posted February 13, 2011 Thanks!Download MBRCheck to your desktopFor Windows XP: Double click on MBRCheck.exe to run it.For Windows Vista/7: Right click on MBRCheck.exe and select Run as AdministratorIt will show a black screen with some data on it Don't run any of the options!!!When it's done, Press Enter to close the programA file will called MBRCheck_ will appear on your desktop Please copy into to your next reply Link to post Share on other sites More sharing options...
krishna Posted February 13, 2011 Author ID:388690 Share Posted February 13, 2011 MBRCheck, version 1.2.3© 2010, ADCommand-line: Windows Version: Windows XP Home EditionWindows Information: Service Pack 3 (build 2600)Logical Drives Mask: 0x000003dcKernel Drivers (total 133): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806D2000 \WINDOWS\system32\hal.dll 0xBA5A8000 \WINDOWS\system32\KDCOM.DLL 0xBA4B8000 \WINDOWS\system32\BOOTVID.dll 0xB9F78000 ACPI.sys 0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xB9F67000 pci.sys 0xBA0A8000 isapnp.sys 0xBA670000 pciide.sys 0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xBA5AC000 viaide.sys 0xBA0B8000 MountMgr.sys 0xB9F48000 ftdisk.sys 0xBA330000 PartMgr.sys 0xBA0C8000 VolSnap.sys 0xB9F30000 atapi.sys 0xBA0D8000 disk.sys 0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xB9F10000 fltmgr.sys 0xB9EFE000 sr.sys 0xB9EA1000 mfehidk.sys 0xBA0F8000 PxHelp20.sys 0xB9E7D000 Fastfat.sys 0xB9E66000 KSecDD.sys 0xB9E53000 WudfPf.sys 0xB9E26000 NDIS.sys 0xBA338000 viaagp1.sys 0xB9E0C000 Mup.sys 0xBA108000 gagp30kx.sys 0xBA138000 \SystemRoot\system32\DRIVERS\processr.sys 0xB9765000 \SystemRoot\system32\DRIVERS\nv4_mini.sys 0xB9751000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xBA148000 \SystemRoot\system32\DRIVERS\imapi.sys 0xBA368000 \SystemRoot\system32\drivers\pfc.sys 0xBA370000 \SystemRoot\system32\drivers\Afc.sys 0xBA53C000 \SystemRoot\System32\Drivers\UBHelper.SYS 0xBA158000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xBA168000 \SystemRoot\system32\DRIVERS\redbook.sys 0xB972E000 \SystemRoot\system32\DRIVERS\ks.sys 0xBA5AE000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys 0xBA378000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys 0xBA380000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xB970A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xBA388000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB94D3000 \SystemRoot\system32\drivers\ALCXWDM.SYS 0xB94AF000 \SystemRoot\system32\drivers\portcls.sys 0xBA178000 \SystemRoot\system32\drivers\drmk.sys 0xB949C000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys 0xBA390000 \SystemRoot\system32\DRIVERS\fdc.sys 0xBA188000 \SystemRoot\system32\DRIVERS\serial.sys 0xBA544000 \SystemRoot\system32\DRIVERS\serenum.sys 0xB9488000 \SystemRoot\system32\DRIVERS\parport.sys 0xBA198000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xBA1A8000 \SystemRoot\system32\DRIVERS\L8042mou.Sys 0xB9476000 \SystemRoot\system32\DRIVERS\LMouKE.Sys 0xBA398000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xBA548000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys 0xBA3A0000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xBA6D1000 \SystemRoot\system32\DRIVERS\audstub.sys 0xB9462000 \SystemRoot\system32\DRIVERS\mfendisk.sys 0xBA5B0000 \SystemRoot\System32\Drivers\RootMdm.sys 0xBA3A8000 \SystemRoot\System32\Drivers\Modem.SYS 0xBA1B8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xBA550000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB944B000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xBA1C8000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xBA1D8000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xBA3B0000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB943A000 \SystemRoot\system32\DRIVERS\psched.sys 0xBA1E8000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xB934E000 \SystemRoot\system32\drivers\mfeavfk.sys 0xB9303000 \SystemRoot\system32\drivers\mfefirek.sys 0xBA3B8000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xBA3C0000 \SystemRoot\system32\DRIVERS\raspti.sys 0xBA1F8000 \SystemRoot\system32\DRIVERS\termdd.sys 0xBA5B6000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB92A5000 \SystemRoot\system32\DRIVERS\update.sys 0xBA580000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xBA584000 \SystemRoot\system32\DRIVERS\lgbtbus.sys 0xBA208000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xBA58C000 \SystemRoot\system32\DRIVERS\lgvmodem.sys 0xBA590000 \SystemRoot\system32\DRIVERS\lgbtport.sys 0xBA218000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xBA5B8000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xBA5BA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xBA6EA000 \SystemRoot\System32\Drivers\Null.SYS 0xBA5BC000 \SystemRoot\System32\Drivers\Beep.SYS 0xB9DC4000 \SystemRoot\system32\drivers\MTictwl.sys 0xBA3D0000 \SystemRoot\System32\drivers\vga.sys 0xBA5BE000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xBA5C0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xBA3D8000 \SystemRoot\System32\Drivers\Msfs.SYS 0xBA3E0000 \SystemRoot\System32\Drivers\Npfs.SYS 0xB9396000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xB80E3000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xB808A000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xB8077000 \SystemRoot\system32\drivers\mfetdi2k.sys 0xB8051000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xB8001000 \SystemRoot\system32\DRIVERS\netbt.sys 0xB7FDF000 \SystemRoot\System32\drivers\afd.sys 0xBA238000 \SystemRoot\system32\DRIVERS\netbios.sys 0xB7FB4000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xB7F44000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xBA248000 \SystemRoot\System32\Drivers\Fips.SYS 0xBA258000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xB92A1000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xBA268000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xBA3E8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xBA3F0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xB929D000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xBA288000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xB9281000 \SystemRoot\System32\drivers\Dxapi.sys 0xBA3F8000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xBA74D000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\nv4_disp.dll 0xBF5E6000 \SystemRoot\System32\ATMFD.DLL 0xB7CDD000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xB7A84000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xB795B000 \??\C:\Program Files\acer\eRecovery\int15.sys 0xB7B31000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys 0xB78DB000 \SystemRoot\system32\DRIVERS\srv.sys 0xB7843000 \SystemRoot\system32\drivers\cfwids.sys 0xBA470000 \SystemRoot\System32\Drivers\TDTCP.SYS 0xB740C000 \SystemRoot\System32\Drivers\RDPWD.SYS 0xB732B000 \SystemRoot\System32\Drivers\HTTP.sys 0xB72C5000 \SystemRoot\system32\drivers\mfeapfk.sys 0xB7713000 \SystemRoot\system32\drivers\mfebopk.sys 0xB6FF5000 \SystemRoot\system32\drivers\wdmaud.sys 0xB712D000 \SystemRoot\system32\drivers\sysaudio.sys 0xBA488000 \??\C:\DOCUME~1\Krishna\LOCALS~1\Temp\mbr.sys 0x7C900000 \WINDOWS\System32\ntdll.dllProcesses (total 58): 0 System Idle Process 4 System 724 C:\WINDOWS\System32\SMSS.EXE 828 CSRSS.EXE 852 C:\WINDOWS\System32\WINLOGON.EXE 900 C:\WINDOWS\System32\SERVICES.EXE 912 C:\WINDOWS\System32\LSASS.EXE 1072 C:\WINDOWS\System32\SVCHOST.EXE 1148 SVCHOST.EXE 1244 C:\WINDOWS\System32\SVCHOST.EXE 1288 C:\WINDOWS\System32\SVCHOST.EXE 1552 SVCHOST.EXE 1588 SVCHOST.EXE 1704 C:\WINDOWS\System32\SPOOLSV.EXE 344 SVCHOST.EXE 384 C:\Program Files\ACER\Acer eConsole\MediaServerService.exe 412 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 480 C:\Program Files\Bonjour\mDNSResponder.exe 644 C:\Program Files\Java\JRE6\BIN\JQS.EXE 708 C:\WINDOWS\System32\LGScsiCommandService.exe 736 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe 1156 C:\WINDOWS\System32\MFEVTPS.EXE 1528 C:\WINDOWS\System32\NVSVC32.EXE 1808 C:\Program Files\Common Files\Mcafee\SystemCore\MCSHIELD.EXE 132 C:\Program Files\Common Files\Mcafee\SystemCore\MFEFIRE.EXE 2148 ALG.EXE 3136 C:\WINDOWS\Explorer.EXE 3724 C:\WINDOWS\SOUNDMAN.EXE 3784 C:\Program Files\ACER\eRecovery\Monitor.exe 3580 C:\WINDOWS\System32\VTTimer.exe 3640 C:\Program Files\ACER\Acer eMode Management\AspireService.exe 3920 C:\Program Files\ACER\Acer eConsole\MediaSync.exe 3908 C:\Program Files\UMSD Tools2.33\umsd.exe 3676 C:\Program Files\Mouse Driver\MouseDrv.exe 3100 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 308 C:\WINDOWS\System32\rundll32.exe 508 C:\Program Files\Common Files\Java\Java Update\jusched.exe 3684 D:\Mijn muziek\iTunes\iTunesHelper.exe 3696 C:\WINDOWS\System32\ctfmon.exe 1988 C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe 3420 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 1404 C:\Program Files\Messenger\msmsgs.exe 3872 C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe 2512 D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe 2456 D:\SetPoint\SetPoint.exe 1500 C:\Program Files\SEC\Natural Color Pro\NCProTray.exe 2440 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe 2700 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE 3000 C:\Program Files\iPod\bin\iPodService.exe 3660 C:\Program Files\Windows Live\Contacts\wlcomm.exe 2500 C:\WINDOWS\System32\NOTEPAD.EXE 2340 C:\WINDOWS\System32\NOTEPAD.EXE 2384 C:\Program Files\McAfee.com\Agent\mcagent.exe 5024 C:\Program Files\Internet Explorer\iexplore.exe 5120 C:\Program Files\Internet Explorer\iexplore.exe 4408 C:\Program Files\Windows Live\Mail\wlmail.exe 4520 C:\Program Files\Internet Explorer\iexplore.exe 3432 C:\Documents and Settings\Krishna\Local Settings\Temporary Internet Files\Content.IE5\X73C1594\MBRCheck[1].exe\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`bbc57e00 (FAT32)\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000012`e66d1800 (FAT32)PhysicalDrive0 Model Number: ST3160021A, Rev: 8.01 Size Device Name MBR Status -------------------------------------------- 149 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 6A9E5250A0E44930551CF9587936A36755A4D075Found non-standard or infected MBR.Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done! Link to post Share on other sites More sharing options...
Maniac Posted February 13, 2011 ID:388693 Share Posted February 13, 2011 Run MBRCheck.exeWait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:Please push the 'Y' key and then press EnterWhen program ask you Enter your choice: enter 2 and press the Enter keyNow the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"Enter 0 and press the Enter key.The program will show Available MBR codes:, followed by a list of operating systems. Please enter the number for Windows 7, and then press Enter.The program will prompt for confirmation. Type 'YES' and hit Enter.Left click on the title bar (where program name and path is written).From menu chose Edit => Select AllHit the Enter key on your keyboard to copy selected text.Paste that text into Notepad, save it to your desktop as "MBRCheck results.txt"Restart your PC.Post the text in "MBRCheck results.txt" here, please. Link to post Share on other sites More sharing options...
krishna Posted February 13, 2011 Author ID:388701 Share Posted February 13, 2011 MBRCheck, version 1.2.3© 2010, ADCommand-line:Windows Version: Windows XP Home EditionWindows Information: Service Pack 3 (build 2600)Logical Drives Mask: 0x000003dc\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`bbc57e00 (FAT32)\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000012`e66d1800 (FAT32) Size Device Name MBR Status -------------------------------------------- 149 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 6A9E5250A0E44930551CF9587936A36755A4D075Found non-standard or infected MBR.Enter 'Y' and hit ENTER for more options, or 'N' to exit: yOptions: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit.Enter your choice: 2Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes: [ 0] Default (Windows XP) [ 1] Windows XP [ 2] Windows Server 2003 [ 3] Windows Vista [ 4] Windows 2008 [ 5] Windows 7 [-1] CancelPlease select the MBR code to write to this drive: 5Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YESSuccessfully wrote new MBR code!Please reboot your computer to complete the fix.Done!Press ENTER to exit... Link to post Share on other sites More sharing options...
Maniac Posted February 13, 2011 ID:388702 Share Posted February 13, 2011 We have a problem. Do you have Windows XP disc? Link to post Share on other sites More sharing options...
krishna Posted February 13, 2011 Author ID:388845 Share Posted February 13, 2011 Yes it says: Windows XP SP2 Link to post Share on other sites More sharing options...
krishna Posted February 13, 2011 Author ID:388853 Share Posted February 13, 2011 Windows XP came with the pc.I do have an ACER disc which says it's a Recovery disc for Windows XP Home. Link to post Share on other sites More sharing options...
Maniac Posted February 14, 2011 ID:389092 Share Posted February 14, 2011 Good, will do the trick. Please follow the instructions:http://helpdeskgeek.com/how-to/fix-mbr-xp-vista/Then post a new fresh MBRCheck log. Link to post Share on other sites More sharing options...
krishna Posted February 15, 2011 Author ID:389463 Share Posted February 15, 2011 Instead of Step "3. Once the setup loads, you will see the option to press R to repair a Windows installation."it goes to start up windows like always. Link to post Share on other sites More sharing options...
Maniac Posted February 15, 2011 ID:389496 Share Posted February 15, 2011 Hold F8 brings up the menu with everything I think. Link to post Share on other sites More sharing options...
krishna Posted February 15, 2011 Author ID:389505 Share Posted February 15, 2011 yes found it! Do I choose:Last known right configuration orsomething with Active Directory? Link to post Share on other sites More sharing options...
Maniac Posted February 15, 2011 ID:389509 Share Posted February 15, 2011 Did you Recovery Console or something? Link to post Share on other sites More sharing options...
krishna Posted February 15, 2011 Author ID:389516 Share Posted February 15, 2011 hm, I don't knowI kept pressing F8 then I ended up in that screen. Normaly I get there if I don't shut off the pc correctly. Link to post Share on other sites More sharing options...
Maniac Posted February 15, 2011 ID:389518 Share Posted February 15, 2011 Okay, let's try another way.First, let's download and install Recovery Console:http://support.microsoft.com/kb/307654Second follow the instruction here:http://helpdeskgeek.com/how-to/fix-mbr-xp-vista/Finally, post a new fresh MBRCheck log. Link to post Share on other sites More sharing options...
krishna Posted February 15, 2011 Author ID:389595 Share Posted February 15, 2011 lemme translate:Log registration vppr start up processVGA-modeLast known right configPut back Active DiroctoryProblem finding mode Link to post Share on other sites More sharing options...
krishna Posted February 15, 2011 Author ID:389597 Share Posted February 15, 2011 OK, I'll do it later tonight, thx Link to post Share on other sites More sharing options...
krishna Posted February 15, 2011 Author ID:389744 Share Posted February 15, 2011 When I type: e:\i386\winnt32.exe/cmdconsit can't read the Acer cd.1) Do I download?: http://support.microsoft.com/kb/3109942) When I just got my pc, I made 5 discs, is that what we are looking for? Link to post Share on other sites More sharing options...
Maniac Posted February 16, 2011 ID:389912 Share Posted February 16, 2011 Nope. Okay, use this instruction if is easier for you:http://www.bleepingcomputer.com/tutorials/tutorial117.html Link to post Share on other sites More sharing options...
Recommended Posts