Jump to content

Recommended Posts

Attach.zip

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Databaseversie: 5735

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11-2-2011 0:55:43

mbam-log-2011-02-11 (00-55-43).txt

Scantype: Volledige scan (C:\|D:\|)

Objecten gescand: 367482

Verstreken tijd: 2 uur/uren, 33 minuut/minuten, 19 seconde(n)

Geheugenprocessen ge

Link to post
Share on other sites

Hello krishna! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

You're missing Attach.txt .

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, please post the following logs:

  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file with Attach.txt

Link to post
Share on other sites

Thanks fo the help Borislav!

Amazing that you can figure out what the problem is from what it says here:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Databaseversie: 5747

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12-2-2011 15:03:37

mbam-log-2011-02-12 (15-03-37).txt

Scantype: Snelle scan

Objecten gescand: 232232

Verstreken tijd: 41 minuut/minuten, 34 seconde(n)

Geheugenprocessen ge

ark.zip

Link to post
Share on other sites

It's not a big deal. Thanks! :)

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on -TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, choose it.
  • It may ask you to reboot the computer to complete the process. Click on [-b]Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply.

Note:It will also create a log in the C:\ directory.

In your next reply, please post these log(s):

  1. TDSSKiller log
  2. a new fresh DDS log only

Link to post
Share on other sites

DDS (Ver_10-12-12.02) - FAT32x86

Run by Krishna at 21:54:06,78 on za 12-02-2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1535.801 [GMT 1:00]

AV: McAfee Antivirus en antispyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

SVCHOST.EXE

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

SVCHOST.EXE

SVCHOST.EXE

C:\WINDOWS\system32\spoolsv.exe

SVCHOST.EXE

C:\Program Files\acer\Acer eConsole\MediaServerService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\LGScsiCommandService.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\WINDOWS\system32\mfevtps.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Acer\eRecovery\Monitor.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Program Files\Acer\Acer eMode Management\AspireService.exe

C:\Program Files\Acer\Acer eConsole\MediaSync.exe

C:\program files\umsd tools2.33\umsd.exe

C:\Program Files\Mouse Driver\MouseDrv.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

D:\Mijn muziek\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe

D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

D:\SetPoint\SetPoint.exe

C:\Program Files\SEC\Natural Color Pro\NCProTray.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Krishna\Bureaublad\TDSSKiller.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\McAfee Security Scan\2.0.181\McUICnt.exe

C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

C:\Documents and Settings\Krishna\Local Settings\Temporary Internet Files\Content.IE5\WL3JB4HX\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.nl/ig?hl=nl

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: HistoryTriggerBHO Class: {21a88cb9-84d2-4020-a2d1-b25a21034884} - c:\program files\lg electronics\lg pc suite iv\linkair\LinkAirBrowserHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110119162033.dll

BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - No File

TB: {D51D388B-F5DC-471A-A1CE-5E2D671091C0} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [LG LinkAir] c:\program files\lg electronics\lg pc suite iv\linkair\LinkAir.exe

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; msn OptimizedIE8;NLNL)" -"http://files.keygames.com/games/dcr/mobyblaster/index.html"

mRun: [LaunchApp] Alaunch

mRun: [soundMan] SOUNDMAN.EXE

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [eRecoveryService] c:\program files\acer\erecovery\Monitor.exe

mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe

mRun: [<NO NAME>]

mRun: [VTTimer] VTTimer.exe

mRun: [VTTrayp] VTtrayp.exe

mRun: [AspireService] c:\program files\acer\acer emode management\AspireService.exe

mRun: [MediaSync] c:\program files\acer\acer econsole\MediaSync.exe

mRun: [PLoader] c:\program files\umsd tools2.33\umsd.exe sys_auto_run c:\program files\UMSD Tools2.33

mRun: [CreativeMouse ] c:\program files\mouse driver\MouseDrv.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [WheelMouse] c:\advanc~1\wh_exec.exe

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [QuickTime Task] "D:\qttask.exe" -atboottime

mRun: [iTunesHelper] "d:\mijn muziek\itunes\iTunesHelper.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\logite~2.lnk - d:\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\logite~1.lnk - d:\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\ncprot~1.lnk - c:\program files\sec\natural color pro\NCProTray.exe

StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: LG Air Sync (R-Click) - Save as Mobile Image - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/206

IE: LG Air Sync (R-Click) - Save as Mobile Memo - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/208

IE: LG Air Sync (R-Click) - Save as Mobile Text file - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/210

IE: LG Air Sync (R-Click) - Set as Mobile Wallpaper - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/205

IE: LG Air Sync Option - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/209

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://krishnaramra.spaces.live.com//PhotoUpload/MsnPUpld.cab

DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://www.slide.com/uploader/SlideImageUploader.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136579976796

DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://cache.hyves.org/statics/Aurigma/ImageUploader4.cab

DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://krishnaramra.spaces.live.com/PhotoUpload/MsnPUpld.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://cache.hyves.nl/statics/Aurigma/ImageUploader.cab

DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 386840]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-19 84072]

R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [2010-5-26 47616]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-19 271480]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-19 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-19 271480]

R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-19 271480]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-19 171168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-19 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-19 141792]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-19 55840]

R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]

R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]

R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-19 152960]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-19 52104]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-19 313288]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-1-19 88544]

S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-31 135664]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-12-28 30192]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-1-19 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-19 84264]

S3 OEMSTOR;USB Mass Storage;c:\windows\system32\drivers\USBMSDk.sys [2005-12-3 17024]

S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\YH920GS.sys [2005-12-3 7552]

S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [2007-1-26 6784]

S4 Norman ZANDA;Norman ZANDA;"c:\program files\norman\npm\bin\zanda.exe" --> c:\program files\norman\npm\bin\Zanda.exe [?]

=============== Created Last 30 ================

2011-02-10 21:18:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-10 21:18:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-08 13:19:26 -------- d-----w- c:\program files\iPod

2011-02-04 19:13:49 -------- d-----w- C:\GD880

2011-02-04 18:54:06 53248 ----a-w- c:\windows\system32\CommonDL.dll

2011-02-04 18:54:06 44544 ----a-w- c:\windows\system32\msxml4a.dll

2011-02-04 18:53:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\LGMOBILEAX

2011-02-04 00:06:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

2011-02-03 22:21:28 -------- d-----w- c:\docume~1\krishna\applic~1\Fighters

2011-02-03 22:21:23 -------- d-----w- c:\docume~1\krishna\locals~1\applic~1\PackageAware

2011-01-24 20:57:50 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-01-24 20:57:26 -------- d-----w- c:\docume~1\krishna\applic~1\PriceGong

2011-01-24 20:18:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2011-01-24 20:18:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2011-01-24 20:18:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2011-01-24 20:18:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2011-01-24 20:18:27 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2011-01-24 20:18:27 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-01-24 20:18:27 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2011-01-21 14:44:07 441344 ------w- c:\windows\system32\dllcache\shimgvw.dll

2011-01-19 13:36:22 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-01-19 13:36:16 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-01-19 13:36:16 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-01-19 13:36:16 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-01-19 13:36:16 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-01-19 13:36:16 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-01-19 13:36:16 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-01-19 13:36:16 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-01-19 13:36:10 -------- d-----w- c:\program files\common files\Mcafee

2011-01-19 13:36:09 -------- d-----w- c:\program files\McAfee.com

2011-01-19 13:22:55 141792 ----a-w- c:\windows\system32\mfevtps.exe

2011-01-19 13:04:14 -------- d-----w- c:\program files\Citrix

2011-01-19 12:49:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Citrix

2011-01-19 12:46:20 -------- d-----w- c:\docume~1\krishna\locals~1\applic~1\Citrix

2011-01-19 12:46:18 103784 ----a-w- c:\documents and settings\krishna\GoToAssistDownloadHelper.exe

2011-01-19 12:25:36 -------- d-----w- c:\docume~1\krishna\applic~1\McAfee

2011-01-19 12:24:59 -------- d-----w- c:\program files\McAfee

==================== Find3M ====================

2011-02-02 16:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-21 14:44:08 441344 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 14:04:12 1855104 ----a-w- c:\windows\system32\win32k.sys

2010-12-22 12:34:20 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:52:42 916480 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:52:40 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-20 23:52:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-12-20 17:25:56 735232 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55:38 385024 ----a-w- c:\windows\system32\html.iec

2010-12-09 15:15:34 739328 ----a-w- c:\windows\system32\ntdll.dll

2010-12-09 15:14:08 2197120 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-09 15:14:02 2073728 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-12-09 14:30:18 33280 ----a-w- c:\windows\system32\csrsrv.dll

2010-11-29 16:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 16:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:15:46 86016 ----a-w- c:\windows\system32\isign32.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): Het proces heeft geen toegang tot het bestand omdat

het bestand door een ander proces wordt gebruikt.

device: opened successfully

user: error reading MBR

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8934C008]<<

_asm { PUSH EBP; CALL 0x6; }

1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8A409AB8]

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV DI, 0x5; XOR AX, AX; MOV DL, 0x80; INT 0x13; JAE 0x2d; DEC DI; }

user != kernel MBR !!!

============= FINISH: 21:55:42,85 ===============

2011/02/12 21:46:36.0437 0968 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20

2011/02/12 21:46:36.0843 0968 ================================================================================

2011/02/12 21:46:36.0843 0968 SystemInfo:

2011/02/12 21:46:36.0843 0968

2011/02/12 21:46:36.0843 0968 OS Version: 5.1.2600 ServicePack: 3.0

2011/02/12 21:46:36.0843 0968 Product type: Workstation

2011/02/12 21:46:36.0843 0968 ComputerName: ACER-2D17133CC5

2011/02/12 21:46:36.0843 0968 UserName: Krishna

2011/02/12 21:46:36.0843 0968 Windows directory: C:\WINDOWS

2011/02/12 21:46:36.0843 0968 System windows directory: C:\WINDOWS

2011/02/12 21:46:36.0843 0968 Processor architecture: Intel x86

2011/02/12 21:46:36.0843 0968 Number of processors: 1

2011/02/12 21:46:36.0843 0968 Page size: 0x1000

2011/02/12 21:46:36.0843 0968 Boot type: Normal boot

2011/02/12 21:46:36.0843 0968 ================================================================================

2011/02/12 21:46:37.0250 0968 Initialize success

Link to post
Share on other sites

2011/02/13 14:36:53.0812 1944 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20

2011/02/13 14:36:55.0812 1944 ================================================================================

2011/02/13 14:36:55.0812 1944 SystemInfo:

2011/02/13 14:36:55.0812 1944

2011/02/13 14:36:55.0812 1944 OS Version: 5.1.2600 ServicePack: 3.0

2011/02/13 14:36:55.0812 1944 Product type: Workstation

2011/02/13 14:36:55.0812 1944 ComputerName: ACER-2D17133CC5

2011/02/13 14:36:55.0812 1944 UserName: Krishna

2011/02/13 14:36:55.0812 1944 Windows directory: C:\WINDOWS

2011/02/13 14:36:55.0812 1944 System windows directory: C:\WINDOWS

2011/02/13 14:36:55.0812 1944 Processor architecture: Intel x86

2011/02/13 14:36:55.0812 1944 Number of processors: 1

2011/02/13 14:36:55.0812 1944 Page size: 0x1000

2011/02/13 14:36:55.0812 1944 Boot type: Normal boot

2011/02/13 14:36:55.0812 1944 ================================================================================

2011/02/13 14:36:56.0796 1944 Initialize success

2011/02/13 14:42:08.0359 2376 ================================================================================

2011/02/13 14:42:08.0359 2376 Scan started

2011/02/13 14:42:08.0359 2376 Mode: Manual;

2011/02/13 14:42:08.0359 2376 ================================================================================

2011/02/13 14:42:09.0968 2376 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/02/13 14:42:10.0187 2376 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/02/13 14:42:12.0109 2376 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/02/13 14:42:12.0390 2376 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys

2011/02/13 14:42:12.0640 2376 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/02/13 14:42:13.0921 2376 ALCXWDM (9a6aa923f00d368c8ad3bd7485d5cdca) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2011/02/13 14:42:16.0093 2376 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/02/13 14:42:16.0312 2376 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/02/13 14:42:16.0859 2376 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/02/13 14:42:17.0125 2376 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/02/13 14:42:17.0281 2376 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/02/13 14:42:17.0468 2376 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/02/13 14:42:18.0062 2376 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/02/13 14:42:18.0250 2376 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/02/13 14:42:18.0390 2376 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/02/13 14:42:18.0687 2376 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys

2011/02/13 14:42:20.0671 2376 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/02/13 14:42:20.0875 2376 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys

2011/02/13 14:42:21.0843 2376 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys

2011/02/13 14:42:21.0953 2376 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/02/13 14:42:22.0140 2376 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/02/13 14:42:22.0750 2376 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/02/13 14:42:23.0000 2376 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/02/13 14:42:23.0156 2376 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/02/13 14:42:23.0343 2376 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys

2011/02/13 14:42:24.0031 2376 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/02/13 14:42:24.0453 2376 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/02/13 14:42:24.0609 2376 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/02/13 14:42:24.0890 2376 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/02/13 14:42:25.0125 2376 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys

2011/02/13 14:42:25.0515 2376 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2011/02/13 14:42:25.0796 2376 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/02/13 14:42:26.0046 2376 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/02/13 14:42:26.0734 2376 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/02/13 14:42:27.0578 2376 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/02/13 14:42:27.0953 2376 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/02/13 14:42:28.0437 2376 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Program Files\acer\eRecovery\int15.sys

2011/02/13 14:42:29.0125 2376 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/02/13 14:42:29.0281 2376 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/02/13 14:42:29.0421 2376 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/02/13 14:42:29.0593 2376 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/02/13 14:42:29.0796 2376 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/02/13 14:42:29.0968 2376 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/02/13 14:42:30.0234 2376 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/02/13 14:42:30.0421 2376 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/02/13 14:42:30.0640 2376 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/02/13 14:42:30.0843 2376 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/02/13 14:42:31.0140 2376 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

2011/02/13 14:42:32.0000 2376 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys

2011/02/13 14:42:32.0812 2376 LgBttPort (4dd47b5af0b24871ebb9efc012a7474e) C:\WINDOWS\system32\DRIVERS\lgbtport.sys

2011/02/13 14:42:33.0171 2376 lgbusenum (1d038ca6c529203087a990e5e97887b4) C:\WINDOWS\system32\DRIVERS\lgbtbus.sys

2011/02/13 14:42:33.0484 2376 LGVMODEM (26f1976a330195d62a6224c76968cf0d) C:\WINDOWS\system32\DRIVERS\lgvmodem.sys

2011/02/13 14:42:34.0015 2376 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys

2011/02/13 14:42:34.0921 2376 MagicTune (7acae9601b3eb413f8bf5c90a77a6848) C:\WINDOWS\system32\drivers\MTiCtwl.sys

2011/02/13 14:42:35.0453 2376 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys

2011/02/13 14:42:36.0015 2376 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys

2011/02/13 14:42:36.0656 2376 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys

2011/02/13 14:42:37.0359 2376 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys

2011/02/13 14:42:37.0609 2376 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys

2011/02/13 14:42:37.0906 2376 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

2011/02/13 14:42:38.0046 2376 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

2011/02/13 14:42:38.0343 2376 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys

2011/02/13 14:42:38.0656 2376 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys

2011/02/13 14:42:38.0906 2376 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/02/13 14:42:39.0109 2376 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys

2011/02/13 14:42:39.0421 2376 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys

2011/02/13 14:42:39.0890 2376 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/02/13 14:42:40.0250 2376 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/02/13 14:42:40.0468 2376 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/02/13 14:42:41.0390 2376 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/02/13 14:42:42.0437 2376 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/02/13 14:42:43.0296 2376 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/02/13 14:42:43.0531 2376 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/02/13 14:42:43.0656 2376 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/02/13 14:42:43.0796 2376 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/02/13 14:42:44.0031 2376 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/02/13 14:42:44.0312 2376 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/02/13 14:42:44.0609 2376 NCPro (7acae9601b3eb413f8bf5c90a77a6848) C:\WINDOWS\system32\drivers\MTictwl.sys

2011/02/13 14:42:44.0921 2376 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/02/13 14:42:45.0062 2376 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/02/13 14:42:45.0234 2376 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/02/13 14:42:45.0390 2376 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/02/13 14:42:45.0656 2376 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/02/13 14:42:46.0000 2376 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/02/13 14:42:46.0343 2376 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/02/13 14:42:46.0906 2376 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/02/13 14:42:47.0250 2376 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/02/13 14:42:47.0546 2376 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys

2011/02/13 14:42:47.0875 2376 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/02/13 14:42:48.0375 2376 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/02/13 14:42:49.0046 2376 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/02/13 14:42:49.0187 2376 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/02/13 14:42:49.0421 2376 OEMSTOR (cfb87a03dd0cae2bf3f9a4b4b795be47) C:\WINDOWS\system32\DRIVERS\USBMSDk.SYS

2011/02/13 14:42:49.0812 2376 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/02/13 14:42:50.0328 2376 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/02/13 14:42:50.0453 2376 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/02/13 14:42:50.0843 2376 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/02/13 14:42:51.0375 2376 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/02/13 14:42:51.0687 2376 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/02/13 14:42:53.0875 2376 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys

2011/02/13 14:42:54.0250 2376 PortlUSB (895dbe112ef6435dda75c8c9698e400b) C:\WINDOWS\system32\DRIVERS\YH920GS.sys

2011/02/13 14:42:55.0312 2376 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/02/13 14:42:55.0781 2376 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/02/13 14:42:56.0171 2376 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/02/13 14:42:56.0296 2376 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/02/13 14:42:56.0750 2376 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/02/13 14:42:58.0390 2376 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/02/13 14:42:58.0765 2376 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/02/13 14:42:59.0296 2376 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/02/13 14:42:59.0453 2376 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/02/13 14:42:59.0781 2376 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/02/13 14:42:59.0921 2376 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/02/13 14:43:00.0390 2376 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/02/13 14:43:00.0750 2376 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/02/13 14:43:01.0062 2376 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2011/02/13 14:43:01.0781 2376 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

2011/02/13 14:43:02.0406 2376 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2011/02/13 14:43:02.0828 2376 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/02/13 14:43:03.0187 2376 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/02/13 14:43:03.0671 2376 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/02/13 14:43:04.0093 2376 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/02/13 14:43:05.0218 2376 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/02/13 14:43:05.0578 2376 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/02/13 14:43:05.0984 2376 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/02/13 14:43:06.0343 2376 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/02/13 14:43:06.0687 2376 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/02/13 14:43:09.0046 2376 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/02/13 14:43:09.0406 2376 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/02/13 14:43:09.0750 2376 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/02/13 14:43:10.0093 2376 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/02/13 14:43:10.0546 2376 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/02/13 14:43:11.0171 2376 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys

2011/02/13 14:43:11.0750 2376 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/02/13 14:43:12.0250 2376 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/02/13 14:43:13.0031 2376 usbbus (8ef48ff1c23b1ce6f96d09a45959eb20) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys

2011/02/13 14:43:13.0312 2376 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/02/13 14:43:14.0718 2376 UsbDiag (a0e24c5c2d0cff04bbd3753a72fae80b) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys

2011/02/13 14:43:15.0062 2376 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/02/13 14:43:15.0500 2376 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/02/13 14:43:15.0812 2376 USBModem (cc09a1132b1f6a8362107cc134e90d0b) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys

2011/02/13 14:43:16.0234 2376 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/02/13 14:43:16.0500 2376 usbsermptxp (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys

2011/02/13 14:43:16.0875 2376 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/02/13 14:43:17.0203 2376 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/02/13 14:43:17.0546 2376 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/02/13 14:43:17.0906 2376 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys

2011/02/13 14:43:18.0093 2376 viagfx (949f86f5a8e493574bbb830c3d18e4a9) C:\WINDOWS\system32\DRIVERS\vtmini.sys

2011/02/13 14:43:18.0468 2376 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/02/13 14:43:18.0859 2376 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/02/13 14:43:19.0218 2376 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/02/13 14:43:19.0515 2376 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/02/13 14:43:20.0406 2376 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/02/13 14:43:20.0593 2376 whfltr2k (97d0d27a87622154bc90b92d84fd91b5) C:\WINDOWS\system32\DRIVERS\whfltr2k.sys

2011/02/13 14:43:21.0250 2376 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/02/13 14:43:21.0578 2376 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/02/13 14:43:21.0875 2376 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/02/13 14:43:22.0109 2376 ================================================================================

2011/02/13 14:43:22.0109 2376 Scan finished

2011/02/13 14:43:22.0109 2376 ================================================================================

DDS (Ver_10-12-12.02) - FAT32x86

Run by Krishna at 14:48:10,79 on zo 13-02-2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1535.717 [GMT 1:00]

AV: McAfee Antivirus en antispyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

SVCHOST.EXE

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

SVCHOST.EXE

SVCHOST.EXE

C:\WINDOWS\system32\spoolsv.exe

SVCHOST.EXE

C:\Program Files\acer\Acer eConsole\MediaServerService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\LGScsiCommandService.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\WINDOWS\system32\mfevtps.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\McAfee\VirusScan\mcods.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Acer\eRecovery\Monitor.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Program Files\Acer\Acer eMode Management\AspireService.exe

C:\Program Files\Acer\Acer eConsole\MediaSync.exe

C:\program files\umsd tools2.33\umsd.exe

C:\Program Files\Mouse Driver\MouseDrv.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

D:\Mijn muziek\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe

D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

D:\SetPoint\SetPoint.exe

C:\Program Files\SEC\Natural Color Pro\NCProTray.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Krishna\Bureaublad\TDSSKiller.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Krishna\Local Settings\Temporary Internet Files\Content.IE5\WL3JB4HX\dds[1].scr

C:\WINDOWS\system32\msfeedssync.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.nl/ig?hl=nl

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: HistoryTriggerBHO Class: {21a88cb9-84d2-4020-a2d1-b25a21034884} - c:\program files\lg electronics\lg pc suite iv\linkair\LinkAirBrowserHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110119162033.dll

BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - No File

TB: {D51D388B-F5DC-471A-A1CE-5E2D671091C0} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [LG LinkAir] c:\program files\lg electronics\lg pc suite iv\linkair\LinkAir.exe

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; msn OptimizedIE8;NLNL)" -"http://files.keygames.com/games/dcr/mobyblaster/index.html"

mRun: [LaunchApp] Alaunch

mRun: [soundMan] SOUNDMAN.EXE

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [eRecoveryService] c:\program files\acer\erecovery\Monitor.exe

mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe

mRun: [<NO NAME>]

mRun: [VTTimer] VTTimer.exe

mRun: [VTTrayp] VTtrayp.exe

mRun: [AspireService] c:\program files\acer\acer emode management\AspireService.exe

mRun: [MediaSync] c:\program files\acer\acer econsole\MediaSync.exe

mRun: [PLoader] c:\program files\umsd tools2.33\umsd.exe sys_auto_run c:\program files\UMSD Tools2.33

mRun: [CreativeMouse ] c:\program files\mouse driver\MouseDrv.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [WheelMouse] c:\advanc~1\wh_exec.exe

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [QuickTime Task] "D:\qttask.exe" -atboottime

mRun: [iTunesHelper] "d:\mijn muziek\itunes\iTunesHelper.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\logite~2.lnk - d:\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\logite~1.lnk - d:\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\ncprot~1.lnk - c:\program files\sec\natural color pro\NCProTray.exe

StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: LG Air Sync (R-Click) - Save as Mobile Image - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/206

IE: LG Air Sync (R-Click) - Save as Mobile Memo - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/208

IE: LG Air Sync (R-Click) - Save as Mobile Text file - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/210

IE: LG Air Sync (R-Click) - Set as Mobile Wallpaper - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/205

IE: LG Air Sync Option - c:\program files\lg electronics\lg pc suite iv\linkair\IEContextMenu.dll/209

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://krishnaramra.spaces.live.com//PhotoUpload/MsnPUpld.cab

DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://www.slide.com/uploader/SlideImageUploader.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136579976796

DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://cache.hyves.org/statics/Aurigma/ImageUploader4.cab

DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://krishnaramra.spaces.live.com/PhotoUpload/MsnPUpld.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://cache.hyves.nl/statics/Aurigma/ImageUploader.cab

DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 386840]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-19 84072]

R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [2010-5-26 47616]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-19 271480]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-19 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-19 271480]

R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-19 271480]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-19 171168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-19 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-19 141792]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-19 55840]

R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]

R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]

R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-19 152960]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-19 52104]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-19 313288]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-1-19 88544]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-19 84264]

S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-31 135664]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-12-28 30192]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-1-19 88544]

S3 OEMSTOR;USB Mass Storage;c:\windows\system32\drivers\USBMSDk.sys [2005-12-3 17024]

S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\YH920GS.sys [2005-12-3 7552]

S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [2007-1-26 6784]

S4 Norman ZANDA;Norman ZANDA;"c:\program files\norman\npm\bin\zanda.exe" --> c:\program files\norman\npm\bin\Zanda.exe [?]

=============== Created Last 30 ================

2011-02-10 21:18:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-10 21:18:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-08 13:19:26 -------- d-----w- c:\program files\iPod

2011-02-04 19:13:49 -------- d-----w- C:\GD880

2011-02-04 18:54:06 53248 ----a-w- c:\windows\system32\CommonDL.dll

2011-02-04 18:54:06 44544 ----a-w- c:\windows\system32\msxml4a.dll

2011-02-04 18:53:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\LGMOBILEAX

2011-02-04 00:06:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

2011-02-03 22:21:28 -------- d-----w- c:\docume~1\krishna\applic~1\Fighters

2011-02-03 22:21:23 -------- d-----w- c:\docume~1\krishna\locals~1\applic~1\PackageAware

2011-01-24 20:57:50 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-01-24 20:57:26 -------- d-----w- c:\docume~1\krishna\applic~1\PriceGong

2011-01-24 20:18:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2011-01-24 20:18:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2011-01-24 20:18:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2011-01-24 20:18:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2011-01-24 20:18:27 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2011-01-24 20:18:27 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-01-24 20:18:27 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2011-01-21 14:44:07 441344 ------w- c:\windows\system32\dllcache\shimgvw.dll

2011-01-19 13:36:22 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-01-19 13:36:16 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-01-19 13:36:16 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-01-19 13:36:16 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-01-19 13:36:16 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-01-19 13:36:16 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-01-19 13:36:16 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-01-19 13:36:16 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-01-19 13:36:10 -------- d-----w- c:\program files\common files\Mcafee

2011-01-19 13:36:09 -------- d-----w- c:\program files\McAfee.com

2011-01-19 13:22:55 141792 ----a-w- c:\windows\system32\mfevtps.exe

2011-01-19 13:04:14 -------- d-----w- c:\program files\Citrix

2011-01-19 12:49:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Citrix

2011-01-19 12:46:20 -------- d-----w- c:\docume~1\krishna\locals~1\applic~1\Citrix

2011-01-19 12:46:18 103784 ----a-w- c:\documents and settings\krishna\GoToAssistDownloadHelper.exe

2011-01-19 12:25:36 -------- d-----w- c:\docume~1\krishna\applic~1\McAfee

2011-01-19 12:24:59 -------- d-----w- c:\program files\McAfee

==================== Find3M ====================

2011-02-02 16:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-21 14:44:08 441344 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 14:04:12 1855104 ----a-w- c:\windows\system32\win32k.sys

2010-12-22 12:34:20 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:52:42 916480 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:52:40 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-20 23:52:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-12-20 17:25:56 735232 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55:38 385024 ----a-w- c:\windows\system32\html.iec

2010-12-09 15:15:34 739328 ----a-w- c:\windows\system32\ntdll.dll

2010-12-09 15:14:08 2197120 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-09 15:14:02 2073728 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-12-09 14:30:18 33280 ----a-w- c:\windows\system32\csrsrv.dll

2010-11-29 16:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 16:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:15:46 86016 ----a-w- c:\windows\system32\isign32.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): Het proces heeft geen toegang tot het bestand omdat

het bestand door een ander proces wordt gebruikt.

device: opened successfully

user: error reading MBR

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x88EFCA20]<<

_asm { PUSH EBP; CALL 0x6; }

1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8A409AB8]

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV DI, 0x5; XOR AX, AX; MOV DL, 0x80; INT 0x13; JAE 0x2d; DEC DI; }

user != kernel MBR !!!

============= FINISH: 14:50:00,76 ===============

Link to post
Share on other sites

Thanks!

  • Download MBRCheck to your desktop
  • For Windows XP: Double click on MBRCheck.exe to run it.
  • For Windows Vista/7: Right click on MBRCheck.exe and select Run as Administrator
  • It will show a black screen with some data on it
  • Don't run any of the options!!!
  • When it's done, Press Enter to close the program
  • A file will called MBRCheck_ will appear on your desktop
  • Please copy into to your next reply

Link to post
Share on other sites

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x000003dc

Kernel Drivers (total 133):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806D2000 \WINDOWS\system32\hal.dll

0xBA5A8000 \WINDOWS\system32\KDCOM.DLL

0xBA4B8000 \WINDOWS\system32\BOOTVID.dll

0xB9F78000 ACPI.sys

0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xB9F67000 pci.sys

0xBA0A8000 isapnp.sys

0xBA670000 pciide.sys

0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xBA5AC000 viaide.sys

0xBA0B8000 MountMgr.sys

0xB9F48000 ftdisk.sys

0xBA330000 PartMgr.sys

0xBA0C8000 VolSnap.sys

0xB9F30000 atapi.sys

0xBA0D8000 disk.sys

0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xB9F10000 fltmgr.sys

0xB9EFE000 sr.sys

0xB9EA1000 mfehidk.sys

0xBA0F8000 PxHelp20.sys

0xB9E7D000 Fastfat.sys

0xB9E66000 KSecDD.sys

0xB9E53000 WudfPf.sys

0xB9E26000 NDIS.sys

0xBA338000 viaagp1.sys

0xB9E0C000 Mup.sys

0xBA108000 gagp30kx.sys

0xBA138000 \SystemRoot\system32\DRIVERS\processr.sys

0xB9765000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

0xB9751000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xBA148000 \SystemRoot\system32\DRIVERS\imapi.sys

0xBA368000 \SystemRoot\system32\drivers\pfc.sys

0xBA370000 \SystemRoot\system32\drivers\Afc.sys

0xBA53C000 \SystemRoot\System32\Drivers\UBHelper.SYS

0xBA158000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xBA168000 \SystemRoot\system32\DRIVERS\redbook.sys

0xB972E000 \SystemRoot\system32\DRIVERS\ks.sys

0xBA5AE000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys

0xBA378000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys

0xBA380000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xB970A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xBA388000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xB94D3000 \SystemRoot\system32\drivers\ALCXWDM.SYS

0xB94AF000 \SystemRoot\system32\drivers\portcls.sys

0xBA178000 \SystemRoot\system32\drivers\drmk.sys

0xB949C000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys

0xBA390000 \SystemRoot\system32\DRIVERS\fdc.sys

0xBA188000 \SystemRoot\system32\DRIVERS\serial.sys

0xBA544000 \SystemRoot\system32\DRIVERS\serenum.sys

0xB9488000 \SystemRoot\system32\DRIVERS\parport.sys

0xBA198000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xBA1A8000 \SystemRoot\system32\DRIVERS\L8042mou.Sys

0xB9476000 \SystemRoot\system32\DRIVERS\LMouKE.Sys

0xBA398000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xBA548000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys

0xBA3A0000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xBA6D1000 \SystemRoot\system32\DRIVERS\audstub.sys

0xB9462000 \SystemRoot\system32\DRIVERS\mfendisk.sys

0xBA5B0000 \SystemRoot\System32\Drivers\RootMdm.sys

0xBA3A8000 \SystemRoot\System32\Drivers\Modem.SYS

0xBA1B8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xBA550000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xB944B000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xBA1C8000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xBA1D8000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xBA3B0000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xB943A000 \SystemRoot\system32\DRIVERS\psched.sys

0xBA1E8000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xB934E000 \SystemRoot\system32\drivers\mfeavfk.sys

0xB9303000 \SystemRoot\system32\drivers\mfefirek.sys

0xBA3B8000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xBA3C0000 \SystemRoot\system32\DRIVERS\raspti.sys

0xBA1F8000 \SystemRoot\system32\DRIVERS\termdd.sys

0xBA5B6000 \SystemRoot\system32\DRIVERS\swenum.sys

0xB92A5000 \SystemRoot\system32\DRIVERS\update.sys

0xBA580000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xBA584000 \SystemRoot\system32\DRIVERS\lgbtbus.sys

0xBA208000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xBA58C000 \SystemRoot\system32\DRIVERS\lgvmodem.sys

0xBA590000 \SystemRoot\system32\DRIVERS\lgbtport.sys

0xBA218000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xBA5B8000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xBA5BA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xBA6EA000 \SystemRoot\System32\Drivers\Null.SYS

0xBA5BC000 \SystemRoot\System32\Drivers\Beep.SYS

0xB9DC4000 \SystemRoot\system32\drivers\MTictwl.sys

0xBA3D0000 \SystemRoot\System32\drivers\vga.sys

0xBA5BE000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xBA5C0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xBA3D8000 \SystemRoot\System32\Drivers\Msfs.SYS

0xBA3E0000 \SystemRoot\System32\Drivers\Npfs.SYS

0xB9396000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xB80E3000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xB808A000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xB8077000 \SystemRoot\system32\drivers\mfetdi2k.sys

0xB8051000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xB8001000 \SystemRoot\system32\DRIVERS\netbt.sys

0xB7FDF000 \SystemRoot\System32\drivers\afd.sys

0xBA238000 \SystemRoot\system32\DRIVERS\netbios.sys

0xB7FB4000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xB7F44000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xBA248000 \SystemRoot\System32\Drivers\Fips.SYS

0xBA258000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xB92A1000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xBA268000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xBA3E8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xBA3F0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xB929D000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xBA288000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xB9281000 \SystemRoot\System32\drivers\Dxapi.sys

0xBA3F8000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xBA74D000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF012000 \SystemRoot\System32\nv4_disp.dll

0xBF5E6000 \SystemRoot\System32\ATMFD.DLL

0xB7CDD000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xB7A84000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xB795B000 \??\C:\Program Files\acer\eRecovery\int15.sys

0xB7B31000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys

0xB78DB000 \SystemRoot\system32\DRIVERS\srv.sys

0xB7843000 \SystemRoot\system32\drivers\cfwids.sys

0xBA470000 \SystemRoot\System32\Drivers\TDTCP.SYS

0xB740C000 \SystemRoot\System32\Drivers\RDPWD.SYS

0xB732B000 \SystemRoot\System32\Drivers\HTTP.sys

0xB72C5000 \SystemRoot\system32\drivers\mfeapfk.sys

0xB7713000 \SystemRoot\system32\drivers\mfebopk.sys

0xB6FF5000 \SystemRoot\system32\drivers\wdmaud.sys

0xB712D000 \SystemRoot\system32\drivers\sysaudio.sys

0xBA488000 \??\C:\DOCUME~1\Krishna\LOCALS~1\Temp\mbr.sys

0x7C900000 \WINDOWS\System32\ntdll.dll

Processes (total 58):

0 System Idle Process

4 System

724 C:\WINDOWS\System32\SMSS.EXE

828 CSRSS.EXE

852 C:\WINDOWS\System32\WINLOGON.EXE

900 C:\WINDOWS\System32\SERVICES.EXE

912 C:\WINDOWS\System32\LSASS.EXE

1072 C:\WINDOWS\System32\SVCHOST.EXE

1148 SVCHOST.EXE

1244 C:\WINDOWS\System32\SVCHOST.EXE

1288 C:\WINDOWS\System32\SVCHOST.EXE

1552 SVCHOST.EXE

1588 SVCHOST.EXE

1704 C:\WINDOWS\System32\SPOOLSV.EXE

344 SVCHOST.EXE

384 C:\Program Files\ACER\Acer eConsole\MediaServerService.exe

412 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

480 C:\Program Files\Bonjour\mDNSResponder.exe

644 C:\Program Files\Java\JRE6\BIN\JQS.EXE

708 C:\WINDOWS\System32\LGScsiCommandService.exe

736 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

1156 C:\WINDOWS\System32\MFEVTPS.EXE

1528 C:\WINDOWS\System32\NVSVC32.EXE

1808 C:\Program Files\Common Files\Mcafee\SystemCore\MCSHIELD.EXE

132 C:\Program Files\Common Files\Mcafee\SystemCore\MFEFIRE.EXE

2148 ALG.EXE

3136 C:\WINDOWS\Explorer.EXE

3724 C:\WINDOWS\SOUNDMAN.EXE

3784 C:\Program Files\ACER\eRecovery\Monitor.exe

3580 C:\WINDOWS\System32\VTTimer.exe

3640 C:\Program Files\ACER\Acer eMode Management\AspireService.exe

3920 C:\Program Files\ACER\Acer eConsole\MediaSync.exe

3908 C:\Program Files\UMSD Tools2.33\umsd.exe

3676 C:\Program Files\Mouse Driver\MouseDrv.exe

3100 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

308 C:\WINDOWS\System32\rundll32.exe

508 C:\Program Files\Common Files\Java\Java Update\jusched.exe

3684 D:\Mijn muziek\iTunes\iTunesHelper.exe

3696 C:\WINDOWS\System32\ctfmon.exe

1988 C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

3420 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

1404 C:\Program Files\Messenger\msmsgs.exe

3872 C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe

2512 D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

2456 D:\SetPoint\SetPoint.exe

1500 C:\Program Files\SEC\Natural Color Pro\NCProTray.exe

2440 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

2700 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

3000 C:\Program Files\iPod\bin\iPodService.exe

3660 C:\Program Files\Windows Live\Contacts\wlcomm.exe

2500 C:\WINDOWS\System32\NOTEPAD.EXE

2340 C:\WINDOWS\System32\NOTEPAD.EXE

2384 C:\Program Files\McAfee.com\Agent\mcagent.exe

5024 C:\Program Files\Internet Explorer\iexplore.exe

5120 C:\Program Files\Internet Explorer\iexplore.exe

4408 C:\Program Files\Windows Live\Mail\wlmail.exe

4520 C:\Program Files\Internet Explorer\iexplore.exe

3432 C:\Documents and Settings\Krishna\Local Settings\Temporary Internet Files\Content.IE5\X73C1594\MBRCheck[1].exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`bbc57e00 (FAT32)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000012`e66d1800 (FAT32)

PhysicalDrive0 Model Number: ST3160021A, Rev: 8.01

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: 6A9E5250A0E44930551CF9587936A36755A4D075

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Link to post
Share on other sites

  1. Run MBRCheck.exe
  2. Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  3. Please push the 'Y' key and then press Enter
  4. When program ask you Enter your choice: enter 2 and press the Enter key
  5. Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  6. Enter 0 and press the Enter key.
  7. The program will show Available MBR codes:, followed by a list of operating systems. Please enter the number for Windows 7, and then press Enter.
  8. The program will prompt for confirmation. Type 'YES' and hit Enter.
  9. Left click on the title bar (where program name and path is written).
  10. From menu chose Edit => Select All
  11. Hit the Enter key on your keyboard to copy selected text.
  12. Paste that text into Notepad, save it to your desktop as "MBRCheck results.txt"
  13. Restart your PC.
  14. Post the text in "MBRCheck results.txt" here, please.

Link to post
Share on other sites

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x000003dc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`bbc57e00 (FAT32)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000012`e66d1800 (FAT32)

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: 6A9E5250A0E44930551CF9587936A36755A4D075

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit: y

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice: 2

Enter the physical disk number to fix (0-99, -1 to cancel): 0

Available MBR codes:

[ 0] Default (Windows XP)

[ 1] Windows XP

[ 2] Windows Server 2003

[ 3] Windows Vista

[ 4] Windows 2008

[ 5] Windows 7

[-1] Cancel

Please select the MBR code to write to this drive: 5

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES

Successfully wrote new MBR code!

Please reboot your computer to complete the fix.

Done!

Press ENTER to exit...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.