Computer runs slow -- really slow!

[Bonksie]

Hi Jintan:

First, here is the mbr.log -

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

=============================

- and here is the second Gmer scan with _Only non MS files_ selected . . .


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-07 19:33:19
Windows 5.1.2600 Service Pack 3

---- Modules - GMER 1.0.15 ----
Module aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) F798B000-F798D000 (8192 bytes)
Module cmdide.sys (CMD PCI IDE-busstuurprogramma/CMD Technology, Inc.) F798D000-F798F000 (8192 bytes)
Module viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) F7991000-F7993000 (8192 bytes)
Module sparrow.sys (Adaptec AIC-6x60 series SCSI miniport/Adaptec, Inc.) F7717000-F771C000 (20480 bytes)
Module symc810.sys (Symbios Logic Inc. SCSI Miniport Driver/Symbios Logic Inc.) F78A3000-F78A7000 (16384 bytes)
Module asc.sys (AdvanSys SCSI Controller Driver/Advanced System Products, Inc.) F771F000-F7726000 (28672 bytes)
Module asc3550.sys (AdvanSys Ultra-Wide PCI SCSI Driver/Advanced System Products, Inc.) F78AF000-F78B3000 (16384 bytes)
Module mraid35x.sys (MegaRAID RAID Controller Driver for Windows Whistler 32/American Megatrends Inc.) F7727000-F772C000 (20480 bytes)
Module symc8xx.sys (Symbios 8XX SCSI Miniport Driver/LSI Logic) F7737000-F773F000 (32768 bytes)
Module sym_hi.sys (Symbios Hi-Perf SCSI Miniport Driver/LSI Logic) F773F000-F7746000 (28672 bytes)
Module sym_u3.sys (Symbios Ultra3 SCSI Miniport Driver/LSI Logic) F7747000-F774F000 (32768 bytes)
Module ultra.sys (Promise ULTRA66 Minipoort Driver/Promise Technology, Inc.) F7667000-F7670000 (36864 bytes)
Module ql1080.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) F7677000-F7681000 (40960 bytes)
Module ql1280.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) F7687000-F7693000 (49152 bytes)
Module ql12160.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) F7697000-F76A3000 (49152 bytes)
Module dac2w2k.sys (Mylex Disk Array Controller Driver/Mylex Corporation) F7852000-F787E000 (180224 bytes)
Module Lbd.sys (Boot Driver/Lavasoft AB) F76C7000-F76D6000 (61440 bytes)
Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F76D7000-F76E0000 (36864 bytes)
Module WDMCAPI.sys BAF70000-BB000000 (589824 bytes)
Module viasraid.sys (VIA Serial ATA RAID MINIPORT DRIVER FOR WINXP/VIA Technologies inc,.ltd) BAF5D000-BAF70000 (77824 bytes)
Module viaidexp.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.) F7999000-F799B000 (8192 bytes)
Module ulsata.sys (Promise Ultra/Sata Series Driver for WinXP/Promise Technology, Inc.) F76F7000-F7707000 (65536 bytes)
Module siside.sys (SiS PCI Mini IDE Driver/Silicon Integrated Systems Corp.) F799B000-F799D000 (8192 bytes)
Module sisagp.sys (SiS NT AGP Filter/Silicon Integrated Systems Corporation) F7586000-F7590000 (40960 bytes)
Module amdagp.sys (AMD Win2000 AGP Filter/Advanced Micro Devices, Inc.) F7536000-F7541000 (45056 bytes)
Module \SystemRoot\System32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 45.23 /NVIDIA Corporation) B9B1E000-B9C56000 (1277952 bytes)
Module \SystemRoot\System32\DRIVERS\e100b325.sys (Intel(R) PRO/100 Adapter NDIS 5.1 driver/Intel Corporation) B9AC2000-B9AE6000 (147456 bytes)
Module \SystemRoot\system32\drivers\pfc.sys (Padus(R) ASPI Shell/Padus, Inc.) BAE37000-BAE3A000 (12288 bytes)
Module \SystemRoot\System32\Drivers\pwd_2k.SYS (Win2000 Framework for Packet Write Driver/Roxio) B9A6E000-B9A8B000 (118784 bytes)
Module \SystemRoot\System32\Drivers\GEARAspiWDM.sys (CD/DVD Class Filter Driver/GEAR Software Inc.) F7797000-F779E000 (28672 bytes)
Module \SystemRoot\system32\drivers\cmuda.sys (C-Media Audio WDM Driver/C-Media Inc) B9920000-B9A6E000 (1368064 bytes)
Module \SystemRoot\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F77A7000-F77AC000 (20480 bytes)
Module \SystemRoot\System32\DRIVERS\wdmwanmp.sys F77BF000-F77C6000 (28672 bytes)
Module \SystemRoot\System32\Drivers\dvd_2K.SYS (DVD-RAM AddOn Driver/Roxio) F77C7000-F77CD000 (24576 bytes)
Module \SystemRoot\System32\Drivers\Cdr4_xp.SYS (CDR4 CD and DVD Place Holder Driver (see PxHelp)/Sonic Solutions) BA9CF000-BA9D0000 (4096 bytes)
Module \SystemRoot\System32\Drivers\Cdralw2k.SYS (CDRAL Place Holder Driver (see PxHelp)/Sonic Solutions) BA9CE000-BA9CF000 (4096 bytes)
Module \SystemRoot\System32\Drivers\cdudf_xp.SYS (CD-UDF NT Filesystem Driver/Roxio) B068E000-B06CE000 (262144 bytes)
Module \SystemRoot\System32\Drivers\DVDVRRdr_xp.SYS (DVDVR XP Filesystem Reader Driver/Roxio) B0630000-B0654000 (147456 bytes)
Module \SystemRoot\System32\Drivers\UdfReadr_xp.SYS (CD-UDF NT Filesystem Reader Driver/Roxio) B05C1000-B05F6000 (217088 bytes)
Module \SystemRoot\System32\Drivers\Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) B051C000-B0543000 (159744 bytes)
Module \SystemRoot\System32\Drivers\UimFIO.SYS F79EB000-F79ED000 (8192 bytes)
Module \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) B0316000-B0349000 (208896 bytes)
Module \SystemRoot\system32\DRIVERS\P1120Vid.sys (Video Streaming and Capture Device Driver/Creative Technology Ltd.) B025D000-B0316000 (757760 bytes)
Module \SystemRoot\System32\DRIVERS\nvtvsnd.sys (NVIDIA WDM TV Sound/NVIDIA Corporation) B985E000-B9863000 (20480 bytes)
Module \SystemRoot\System32\DRIVERS\nvtunep.sys (NVIDIA WDM TVTuner/NVIDIA Corporation) B9856000-B985B000 (20480 bytes)
Module \SystemRoot\System32\DRIVERS\NVxbar.sys (NVIDIA WDM A/V Crossbar/NVIDIA Corporation) B0508000-B050B000 (12288 bytes)
Module \SystemRoot\System32\DRIVERS\nvcap.sys AFE72000-AFE8F000 (118784 bytes)
Module \SystemRoot\System32\nv4_disp.dll (NVIDIA Compatible Windows 2000 Display driver, Version 45.23 /NVIDIA Corporation) BF9D5000-BFD8E000 (3903488 bytes)
Module \SystemRoot\system32\drivers\mfebopk.sys (Buffer Overflow Protection Driver/McAfee, Inc.) B0215000-B021C000 (28672 bytes)
Module \SystemRoot\system32\drivers\mfeavfk.sys (Anti-Virus File System Filter Driver/McAfee, Inc.) AF12C000-AF13E000 (73728 bytes)
Module \SystemRoot\system32\drivers\mfesmfk.sys (System Monitor Filter Driver/McAfee, Inc.) AEB6C000-AEB75000 (36864 bytes)
Module \??\C:\DOCUME~1\Dad\LOCALS~1\Temp\mbr.sys AF0E8000-AF0EB000 (12288 bytes)
Module \??\C:\DOCUME~1\Dad\LOCALS~1\Temp\aujasnkj.sys (GMER) AE98D000-AE9A1000 (81920 bytes)
---- Processes - GMER 1.0.15 ----
Process C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee Services/McAfee, Inc.) 180
Library C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee Services/McAfee, Inc.) 0x00400000
Library c:\PROGRA~1\COMMON~1\mcafee\msc\mcutil\9_3_11~1\Mc Util.dll (McAfee Utility DLL/McAfee, Inc.) 0x62600000
Library C:\PROGRA~1\McAfee\MSC\McRes.dll (McAfee Non-Localized Resource DLL/McAfee, Inc.) 0x67200000
Library C:\PROGRA~1\McAfee\MSC\1043\McLocRes.dll (McAfee Localized Resource DLL/McAfee, Inc.) 0x66500000
Library C:\PROGRA~1\McAfee\MSC\Mccobres.dll (McAfee Co-Branded Resource DLL/McAfee, Inc.) 0x66400000
Library C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll (Sqlite3 Database Module/McAfee, Inc.) 0x62800000
Library c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll (McAfee Core Proxy Stub/McAfee, Inc.) 0x62A00000
Library c:\PROGRA~1\mcafee\msc\mcshllps.dll (McAfee McShell Proxy Stub DLL/McAfee, Inc.) 0x67300000
Library c:\PROGRA~1\mcafee\VIRUSS~1\mvsap.dll (McAfee VirusScan Application Information/McAfee, Inc.) 0x60F00000
Library C:\PROGRA~1\McAfee\VIRUSS~1\1043\vscobres.dll (McAfee Application Information Provider/McAfee, Inc.) 0x6C100000
Library c:\PROGRA~1\mcafee\msc\mcmispps.dll (McAfee MISP Proxy Stub DLL/McAfee, Inc.) 0x66A00000
Library c:\PROGRA~1\mcafee\msc\mcsubmgr\9_3_13~1\mcsubmgr. dll (McAfee Subscription manager module/McAfee, Inc.) 0x67500000
Library c:\PROGRA~1\mcafee\msc\mcmscver.dll (McMSCVer/McAfee, Inc.) 0x66D00000
Library c:\PROGRA~1\mcafee\VIRUSS~1\mcvspp.dll (McAfee VirusScan Protection Provider/McAfee, Inc.) 0x60B00000
Library c:\PROGRA~1\mcafee\msc\mcprotpv.dll (MISP Default Protection Provider/McAfee, Inc.) 0x66F00000
Library c:\PROGRA~1\mcafee\msc\mcnmcprv.dll (McAfee NMC Provider/McAfee, Inc.) 0x6B280000
Library c:\PROGRA~1\COMMON~1\mcafee\mna\MCNASV~1.DLL (McAfee Network Agent Proxy/Stub/McAfee, Inc.) 0x6B600000
Library c:\PROGRA~1\mcafee\msc\mcnmcsps.dll (McAfee NMC Server Proxy Stub/McAfee, Inc.) 0x6B380000
Library c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll (McAfee Configuration Object Tool/McAfee, Inc.) 0x61000000
Library c:\PROGRA~1\mcafee\VIRUSS~1\naiannps.dll (McAfee VirusScan Announcer Proxy Stub dll/McAfee, Inc.) 0x61A00000
Library c:\PROGRA~1\mcafee\msc\mcregobj\9_3_13~1\mcregobj. dll (MISP Registration Component/McAfee, Inc.) 0x67100000
Library C:\PROGRA~1\McAfee\MSC\McProHlp.dll (Mc Security Index/McAfee, Inc.) 0x66E00000
Library c:\PROGRA~1\mcafee\msc\mcdemenu.dll (Default Menu Provider/McAfee, Inc.) 0x66900000
Library c:\PROGRA~1\mcafee\VIRUSS~1\mvscp.dll (McAfee VirusScan - Configuration Provider/McAfee, Inc.) 0x61100000
Library c:\PROGRA~1\mcafee\msc\mcuicfg.dll (McAfee Integrated Security Platform/McAfee, Inc.) 0x67600000
Library c:\PROGRA~1\mcafee\msc\mccfgpv.dll (MISP Default Configuration Provider/McAfee, Inc.) 0x66300000
Process c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee Network Agent/McAfee, Inc.) 232
Library c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee Network Agent/McAfee, Inc.) 0x00400000

[Bonksie]

Library c:\PROGRA~1\COMMON~1\mcafee\msc\mcutil\9_3_11~1\Mc Util.dll (McAfee Utility DLL/McAfee, Inc.) 0x62600000
Library c:\PROGRA~1\mcafee\msc\mcnmcsrv.dll (McAfee NMC Server/McAfee, Inc.) 0x6C600000
Library c:\PROGRA~1\mcafee\msc\mcndsv.dll (McAfee ND Network Agent Plug-In/McAfee, Inc.) 0x10000000
Library C:\PROGRA~1\McAfee\MSC\McRes.dll (McAfee Non-Localized Resource DLL/McAfee, Inc.) 0x67200000
Library C:\PROGRA~1\McAfee\MSC\1043\McLocRes.dll (McAfee Localized Resource DLL/McAfee, Inc.) 0x66500000
Library C:\PROGRA~1\McAfee\MSC\Mccobres.dll (McAfee Co-Branded Resource DLL/McAfee, Inc.) 0x66400000
Library c:\PROGRA~1\mcafee\msc\mcsubmgr\9_3_13~1\mcsubmgr. dll (McAfee Subscription manager module/McAfee, Inc.) 0x67500000
Library c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll (McAfee Core Proxy Stub/McAfee, Inc.) 0x62A00000
Library c:\PROGRA~1\mcafee\msc\mcshllps.dll (McAfee McShell Proxy Stub DLL/McAfee, Inc.) 0x67300000
Library c:\PROGRA~1\COMMON~1\mcafee\mna\MCNASV~1.DLL (McAfee Network Agent Proxy/Stub/McAfee, Inc.) 0x6B600000
Library c:\PROGRA~1\mcafee\msc\mcnmcsps.dll (McAfee NMC Server Proxy Stub/McAfee, Inc.) 0x6B380000
Library c:\PROGRA~1\mcafee\msc\mcregobj\9_3_13~1\mcregobj. dll (MISP Registration Component/McAfee, Inc.) 0x67100000
Library c:\PROGRA~1\mcafee\msc\mcmismgr.dll (McAfee Misc Manager/McAfee, Inc.) 0x66700000
Library c:\PROGRA~1\COMMON~1\mcafee\mna\mcuj.dll (McAfee Unified Join/McAfee, Inc.) 0x6B500000
Process c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) 260
Library c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) 0x00400000
Library c:\PROGRA~1\mcafee\VIRUSS~1\escnplug.dll (McAfee Internet email scanner plug-in module/McAfee, Inc.) 0x60300000
Library C:\PROGRA~1\McAfee\VIRUSS~1\1043\EsPlgRes.dll (McAfee Internet e-mail scanner plug-in resource/McAfee, Inc.) 0x60400000
Library c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll (McAfee Configuration Object Tool/McAfee, Inc.) 0x61000000
Library c:\PROGRA~1\mcafee\msc\mcsubmgr\9_3_13~1\mcsubmgr. dll (McAfee Subscription manager module/McAfee, Inc.) 0x67500000
Library c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll (McAfee Core Proxy Stub/McAfee, Inc.) 0x62A00000
Library C:\Program Files\McAfee\VirusScan\mvslog.dll (McAfee VirusScan Log Helper/McAfee, Inc.) 0x61300000
Process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (On-Access Scanner service/McAfee, Inc.) 332
Library C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (On-Access Scanner service/McAfee, Inc.) 0x00400000
Library C:\PROGRA~1\McAfee\VIRUSS~1\LockDown.dll (Provides self-protection functionality/McAfee, Inc.) 0x140E0000
Library C:\PROGRA~1\McAfee\VIRUSS~1\mytilus3.dll (Common Shell3 - Scanners' interface to the 5000 series engine/McAfee, Inc.) 0x14180000
Library C:\PROGRA~1\McAfee\VIRUSS~1\mytilus3_worker.dll (Common Shell2 - Scanners' interface to the 5000 series engine/McAfee, Inc.) 0x14710000
Library C:\PROGRA~1\McAfee\VIRUSS~1\mytilus3_server.dll (Common Shell3 - Scanners' interface to the 5000 series engine/McAfee, Inc.) 0x14810000
Library C:\PROGRA~1\McAfee\VIRUSS~1\RES00\McShield.dll (Resources for McShield/McAfee, Inc.) 0x14100000
Library C:\PROGRA~1\McAfee\VIRUSS~1\FTL.Dll (File Filter Library/McAfee, Inc.) 0x14080000
Library C:\PROGRA~1\McAfee\VIRUSS~1\naiann.dll (McAfee VirusScan Announcer/McAfee, Inc.) 0x61900000
Library c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll (McAfee Core Proxy Stub/McAfee, Inc.) 0x62A00000
Library c:\PROGRA~1\mcafee\VIRUSS~1\mcvsps.dll (McAfee VirusScan Proxy Stub dll/McAfee, Inc.) 0x60D00000
Library c:\PROGRA~1\mcafee\VIRUSS~1\naiannps.dll (McAfee VirusScan Announcer Proxy Stub dll/McAfee, Inc.) 0x61A00000
Library c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll (McAfee Configuration Object Tool/McAfee, Inc.) 0x61000000
Library c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll (McAfee Event Broker/McAfee, Inc.) 0x62B00000
Library C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll (McAfee VirusScan Log Helper/McAfee, Inc.) 0x61300000
Library C:\Program Files\McAfee\VirusScan\Engine\5301.4018\mcscan32.d ll (AV Scanning Engine/McAfee, Inc.) 0x12000000
Library C:\Program Files\McAfee\VirusScan\Engine\5301.4018\mc5300up.0 01 (AV Scanning Engine/McAfee, Inc.) 0x02390000
Library c:\PROGRA~1\mcafee\msc\mcmispps.dll (McAfee MISP Proxy Stub DLL/McAfee, Inc.) 0x66A00000
Library C:\PROGRA~1\McAfee\VIRUSS~1\mfebopa.dll (Buffer Overflow Protection Service/McAfee, Inc.) 0x603D0000
Library C:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll (Host Intrusion Detection Link Driver Communication/McAfee, Inc.) 0x66240000
Library C:\PROGRA~1\McAfee\VIRUSS~1\mfeavfa.dll (Anti Virus File System Filter Driver API/McAfee, Inc.) 0x6EFF0000
Process C:\Program Files\Messenger\msmsgs.exe (Windows Messenger/Microsoft Corporation) 580
Library C:\Program Files\McAfee\SiteAdvisor\saHook.dll 0x00AB0000
Process C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 45.23/NVIDIA Corporation) 592
Library C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 45.23/NVIDIA Corporation) 0x00400000
Library C:\Program Files\McAfee\SiteAdvisor\saHook.dll 0x10000000
Process C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (Windows Service for TomTom HOME/TomTom) 960
Library C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (Windows Service for TomTom HOME/TomTom) 0x00400000
Process C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Photoshop Album Starter Edition 3.0 component/Adobe Systems Incorporated) 964
Library C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Photoshop Album Starter Edition 3.0 component/Adobe Systems Incorporated) 0x00400000
Library C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdboot.dll (Adobe Photoshop Album Starter Edition 3.0 component/Adobe Systems Incorporated) 0x10000000
Library C:\Program Files\McAfee\SiteAdvisor\saHook.dll 0x00A80000
Library C:\WINDOWS\system32\ConnAPI.DLL (Nokia Connectivity API/Nokia.) 0x00AC0000
Library C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\moxplugins\nokiamanager.mox (Adobe Media Object Exchange Plugin/Adobe Systems Incorporated) 0x00AA0000
Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1204
Library C:\WINDOWS\system32\P1120Sti.dll (Still Image (STI) Driver/Creative Technology Ltd.) 0x00D30000
Process C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Ad-Aware Tray Application/Lavasoft) 1316
Library C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Ad-Aware Tray Application/Lavasoft) 0x00400000
Library C:\Program Files\Lavasoft\Ad-Aware\Resources.dll 0x10000000
Library C:\Program Files\McAfee\SiteAdvisor\saHook.dll 0x003E0000
Process C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Ad-Aware Service Application/Lavasoft) 1528
Library C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Ad-Aware Service Application/Lavasoft) 0x00400000
Library C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll 0x10000000
Library C:\Program Files\Lavasoft\Ad-Aware\Resources.dll 0x00CD0000
Library C:\Program Files\Lavasoft\Ad-Aware\lavalicense.dll (License solution (desktop edition)/Lavasoft) 0x013D0000
Library C:\Program Files\Lavasoft\Ad-Aware\ceapi.dll (CEAPI Dynamic Link Library/Lavasoft) 0x01D20000
Library C:\Program Files\Lavasoft\Ad-Aware\unrar.dll 0x01DD0000
Library C:\Program Files\Lavasoft\Ad-Aware\lavamessage.dll (Messaging system for client notification delivery/Lavasoft) 0x02CB0000
Process C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1608
Library C:\WINDOWS\system32\hpzlnt09.dll (HP) 0x00A00000
Library C:\WINDOWS\system32\pdf995mon.dll 0x50400000
Library C:\Program Files\McAfee\SiteAdvisor\saHook.dll 0x00D90000
Library C:\WINDOWS\system32\msonpmon.dll (Microsoft Office OneNote 2007 Printer Driver/Microsoft Corporation) 0x00DB0000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.d ll (Microsoft® Document Imaging/Microsoft Corporation) 0x00E20000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\msonpppr .dll (Microsoft Office OneNote 2007 Printer Driver/Microsoft Corporation) 0x00E40000
Library C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpzpm30 9.dll (Printer Property UI dll/HP) 0x60600000
Library C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpz2ku0 9.dll (HPDJ Driver/HP) 0x01330000
Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1876
Library C:\WINDOWS\System32\strmfilt.dll (Stream Filter Library/Microsoft Corporation) 0x61550000
Process C:\Documents and Settings\Dad\Bureaublad\5hyv4li5.exe 1940
Library C:\Documents and Settings\Dad\Bureaublad\5hyv4li5.exe 0x00400000
Library C:\Program Files\McAfee\SiteAdvisor\saHook.dll 0x10000000
Process C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 1972
Library C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 0x00400000
Process C:\Program Files\McAfee\SiteAdvisor\McSACore.exe 2008
Library C:\Program Files\McAfee\SiteAdvisor\McSACore.exe 0x00400000
Library C:\Program Files\McAfee\SiteAdvisor\saHook.dll 0x10000000
Library c:\PROGRA~1\mcafee\SITEAD~1\apengine.dll 0x00940000
Library c:\PROGRA~1\mcafee\SITEAD~1\saupkeep.dll 0x00CD0000
Library C:\Program Files\McAfee\SiteAdvisor\SACore.dll 0x015B0000
Library C:\Program Files\McAfee\SiteAdvisor\SASet.dll 0x69F00000
Library c:\PROGRA~1\mcafee\SITEAD~1\MCSACO~1.DLL 0x69400000
Library c:\PROGRA~1\mcafee\msc\mcregobj\9_3_13~1\mcregobj. dll (MISP Registration Component/McAfee, Inc.) 0x67100000
Library c:\PROGRA~1\COMMON~1\mcafee\msc\mcutil\9_3_11~1\Mc Util.dll (McAfee Utility DLL/McAfee, Inc.) 0x62600000
Library c:\PROGRA~1\mcafee\SITEAD~1\McFrmWk.dll 0x69900000
Library c:\PROGRA~1\mcafee\SITEAD~1\CntScan.dll 0x01850000
Process C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (System Tray application for TomTom HOME/TomTom) 2084
Library C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (System Tray application for TomTom HOME/TomTom) 0x00400000
Library C:\Program Files\McAfee\SiteAdvisor\saHook.dll 0x10000000
Process C:\WINDOWS\system32\ctfmon.exe (CTF Loader/Microsoft Corporation) 2120
Library C:\Program Files\McAfee\SiteAdvisor\saHook.dll 0x00B60000
Process C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (McAfee SystemGuards Service/McAfee, Inc.) 2344
Library C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (McAfee SystemGuards Service/McAfee, Inc.) 0x00400000
Library c:\PROGRA~1\mcafee\msc\mcmispps.dll (McAfee MISP Proxy Stub DLL/McAfee, Inc.) 0x66A00000
Library C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll (McAfee VirusScan Log Helper/McAfee, Inc.) 0x61300000
Library C:\PROGRA~1\McAfee\VIRUSS~1\mfesmfa.dll (System Monitor Filter Driver API/McAfee, Inc.) 0x6A830000

[Bonksie]

Library C:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll (Host Intrusion Detection Link Driver Communication/McAfee, Inc.) 0x66240000
Library c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapi.dll (McAfee HackerWatch/McAfee, Inc.) 0x62E00000
Library c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll (McAfee Configuration Object Tool/McAfee, Inc.) 0x61000000
Process C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Camera Access Library 8/Canon Inc.) 2520
Library C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Camera Access Library 8/Canon Inc.) 0x00400000
Process C:\WINDOWS\Explorer.EXE (Windows Verkenner/Microsoft Corporation) 2768
Library C:\Program Files\McAfee\SiteAdvisor\saHook.dll 0x00B40000
Library c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll (VSCore Script Scanner/McAfee, Inc.) 0x14490000
Library C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.) 0x00960000
Process C:\WINDOWS\System32\wbem\unsecapp.exe (WMI/Microsoft Corporation) 2828
Library C:\Program Files\McAfee\SiteAdvisor\saHook.dll 0x00BC0000
Process c:\PROGRA~1\mcafee\msc\mcupdmgr.exe (McAfee Update Manager Service/McAfee, Inc.) 3028
Library c:\PROGRA~1\mcafee\msc\mcupdmgr.exe (McAfee Update Manager Service/McAfee, Inc.) 0x00400000
Library c:\PROGRA~1\COMMON~1\mcafee\msc\mcutil\9_3_11~1\Mc Util.dll (McAfee Utility DLL/McAfee, Inc.) 0x62600000
Library c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll (McAfee Core Proxy Stub/McAfee, Inc.) 0x62A00000
Library c:\PROGRA~1\mcafee\msc\mcshllps.dll (McAfee McShell Proxy Stub DLL/McAfee, Inc.) 0x67300000
Library c:\PROGRA~1\mcafee\msc\mcmscver.dll (McMSCVer/McAfee, Inc.) 0x66D00000
Library C:\PROGRA~1\McAfee\MSC\McRes.dll (McAfee Non-Localized Resource DLL/McAfee, Inc.) 0x67200000
Library C:\PROGRA~1\McAfee\MSC\1043\McLocRes.dll (McAfee Localized Resource DLL/McAfee, Inc.) 0x66500000
Library C:\PROGRA~1\McAfee\MSC\Mccobres.dll (McAfee Co-Branded Resource DLL/McAfee, Inc.) 0x66400000
Library c:\PROGRA~1\mcafee\VIRUSS~1\mvsap.dll (McAfee VirusScan Application Information/McAfee, Inc.) 0x60F00000
Library c:\PROGRA~1\mcafee\SITEAD~1\saupkeep.dll 0x10000000
Library c:\PROGRA~1\mcafee\msc\mcsubmgr\9_3_13~1\mcsubmgr. dll (McAfee Subscription manager module/McAfee, Inc.) 0x67500000
Library c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll (McAfee Event Broker/McAfee, Inc.) 0x62B00000
Library c:\PROGRA~1\mcafee\msc\mcnmcver.dll (McNMCVer/McAfee, Inc.) 0x6B480000
Library c:\PROGRA~1\mcafee\mqc\qcmisp.dll (QuickClean MISP Providers/McAfee, Inc.) 0x65300000
Library c:\PROGRA~1\mcafee\mqc\QcLite.dll (McAfee QuickClean DLL/McAfee, Inc.) 0x65200000
Library c:\PROGRA~1\mcafee\VIRUSS~1\mvsver.dll (McAfee Version information Tool/McAfee, Inc.) 0x61800000
Library c:\PROGRA~1\COMMON~1\mcafee\mcproxy\proxyver.dll (McAfee Proxy Version/McAfee, Inc.) 0x62300000
Library c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapi.dll (McAfee HackerWatch/McAfee, Inc.) 0x62E00000
Library c:\PROGRA~1\COMMON~1\mcafee\fwdriver\fwdrvver.dll (McAfee Firewall Driver Version Helper/McAfee, Inc.) 0x63700000
Library c:\PROGRA~1\mcafee\VIRUSS~1\mytilus3.dll (Common Shell3 - Scanners' interface to the 5000 series engine/McAfee, Inc.) 0x14180000
Library c:\PROGRA~1\mcafee\VIRUSS~1\mytilus3_worker.dll (Common Shell2 - Scanners' interface to the 5000 series engine/McAfee, Inc.) 0x14710000
Library c:\PROGRA~1\mcafee\VIRUSS~1\RES00\McShield.dll (Resources for McShield/McAfee, Inc.) 0x14100000
Library C:\Program Files\McAfee\VirusScan\Engine\5301.4018\mcscan32.d ll (AV Scanning Engine/McAfee, Inc.) 0x12000000
Library C:\Program Files\McAfee\VirusScan\Engine\5301.4018\mc5300up.0 01 (AV Scanning Engine/McAfee, Inc.) 0x02890000
Process C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (ServiceLayer Module/Nokia.) 3504
Library C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (ServiceLayer Module/Nokia.) 0x00400000
Library C:\WINDOWS\system32\NclTools.dll (NCL Tools/Nokia.) 0x10000000
Library C:\Program Files\McAfee\SiteAdvisor\saHook.dll 0x008B0000
Library C:\Program Files\Common Files\PCSuite\Transports\NCLIrDAMM.dll (Infrared/Nokia Corp.) 0x008E0000
Library C:\Program Files\Common Files\PCSuite\Transports\NCLRSMM.dll (Serial cable/Nokia) 0x00D50000
Library C:\Program Files\Common Files\PCSuite\Transports\NclMSBTMM.dll (Bluetooth (Microsoft)/Nokia.) 0x00D90000
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\System32\DRIVERS\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [BOOT] AliIde
Service C:\WINDOWS\System32\DRIVERS\amdagp.sys (AMD Win2000 AGP Filter/Advanced Micro Devices, Inc.) [BOOT] amdagp
Service C:\WINDOWS\System32\DRIVERS\asc.sys (AdvanSys SCSI Controller Driver/Advanced System Products, Inc.) [BOOT] asc
Service C:\WINDOWS\System32\DRIVERS\asc3550.sys (AdvanSys Ultra-Wide PCI SCSI Driver/Advanced System Products, Inc.) [BOOT] asc3550
Service C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Camera Access Library 8/Canon Inc.) [AUTO] CCALib8
Service (CDR4 CD and DVD Place Holder Driver (see PxHelp)/Sonic Solutions) [SYSTEM] Cdr4_xp
Service (CDRAL Place Holder Driver (see PxHelp)/Sonic Solutions) [SYSTEM] Cdralw2k
Service (CD-UDF NT Filesystem Driver/Roxio) [SYSTEM] cdudf_xp
Service C:\WINDOWS\System32\Drivers\CEUSBAUD.sys (CEUSBAUD.sys/CEntrance, Inc.) [MANUAL] CEUSBAUD
Service C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD PCI IDE-busstuurprogramma/CMD Technology, Inc.) [BOOT] CmdIde
Service C:\WINDOWS\system32\drivers\cmuda.sys (C-Media Audio WDM Driver/C-Media Inc) [MANUAL] cmuda
Service C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Disk Array Controller Driver/Mylex Corporation) [BOOT] dac2w2k
Service (DVDVR XP Filesystem Reader Driver/Roxio) [SYSTEM] DVDVRRdr_xp
Service (DVD-RAM AddOn Driver/Roxio) [MANUAL] dvd_2K
Service C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel(R) PRO/100 Adapter NDIS 5.1 driver/Intel Corporation) [MANUAL] E100B
Service C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (CD/DVD Class Filter Driver/GEAR Software Inc.) [MANUAL] GEARAspiWDM
Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT
Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module/Apple Inc.) [MANUAL] iPod Service
Service C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService
Service C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Ad-Aware Service Application/Lavasoft) [AUTO] Lavasoft Ad-Aware Service
Service C:\WINDOWS\system32\DRIVERS\Lbd.sys (Boot Driver/Lavasoft AB) [BOOT] Lbd
Service C:\DOCUME~1\Dad\LOCALS~1\Temp\mbr.sys [MANUAL] mbr
Service C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [AUTO] McAfee SiteAdvisor Service
Service C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee Services/McAfee, Inc.) [AUTO] mcmscsvc
Service c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee Network Agent/McAfee, Inc.) [AUTO] McNASvc
Service C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee VirusScan - On Demand Scan/McAfee, Inc.) [MANUAL] McODS
Service c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) [AUTO] McProxy
Service C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (On-Access Scanner service/McAfee, Inc.) [AUTO] McShield
Service C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (McAfee SystemGuards Service/McAfee, Inc.) [MANUAL] McSysmon
Service C:\WINDOWS\system32\drivers\mfeavfk.sys (Anti-Virus File System Filter Driver/McAfee, Inc.) [MANUAL] mfeavfk
Service C:\WINDOWS\system32\drivers\mfebopk.sys (Buffer Overflow Protection Driver/McAfee, Inc.) [MANUAL] mfebopk
Service C:\WINDOWS\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) [SYSTEM] mfehidk
Service C:\WINDOWS\system32\drivers\mferkdk.sys (VSCore Code Analysis Driver/McAfee, Inc.) [MANUAL] mferkdk
Service C:\WINDOWS\system32\drivers\mfesmfk.sys (System Monitor Filter Driver/McAfee, Inc.) [MANUAL] mfesmfk
Service (CD-R/RW AddOn MMC Driver (W2K)/Roxio) [MANUAL] mmc_2K
Service C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) [SYSTEM] MPFP
Service C:\WINDOWS\System32\DRIVERS\mraid35x.sys (MegaRAID RAID Controller Driver for Windows Whistler 32/American Megatrends Inc.) [BOOT] mraid35x
Service C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 45.23 /NVIDIA Corporation) [MANUAL] nv
Service C:\WINDOWS\System32\DRIVERS\nvcap.sys [AUTO] nvcap
Service C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 45.23/NVIDIA Corporation) [AUTO] NVSvc
Service C:\WINDOWS\System32\DRIVERS\nvtunep.sys (NVIDIA WDM TVTuner/NVIDIA Corporation) [AUTO] nvTUNEP
Service C:\WINDOWS\System32\DRIVERS\nvtvsnd.sys (NVIDIA WDM TV Sound/NVIDIA Corporation) [AUTO] nvtvSND
Service C:\WINDOWS\System32\DRIVERS\NVxbar.sys (NVIDIA WDM A/V Crossbar/NVIDIA Corporation) [AUTO] NVXBAR
Service Outlook
Service C:\WINDOWS\system32\DRIVERS\P1120Vid.sys (Video Streaming and Capture Device Driver/Creative Technology Ltd.) [MANUAL] P1120VID
Service C:\WINDOWS\system32\drivers\pfc.sys (Padus(R) ASPI Shell/Padus, Inc.) [MANUAL] pfc
Service C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service (Win2000 Framework for Packet Write Driver/Roxio) [SYSTEM] pwd_2k
Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service C:\WINDOWS\System32\DRIVERS\ql1080.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [BOOT] ql1080
Service C:\WINDOWS\System32\DRIVERS\ql12160.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [BOOT] ql12160
Service C:\WINDOWS\System32\DRIVERS\ql1280.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [BOOT] ql1280
Service RemoteRegistry
Service C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv
Service C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (ServiceLayer Module/Nokia.) [MANUAL] ServiceLayer
Service C:\WINDOWS\System32\DRIVERS\sisagp.sys (SiS NT AGP Filter/Silicon Integrated Systems Corporation) [BOOT] sisagp
Service SYSTEM32\DRIVERS\siside.sys?NST\ControlSet001\Serv ices [BOOT] SiSide
Service C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec AIC-6x60 series SCSI miniport/Adaptec, Inc.) [BOOT] Sparrow
Service C:\WINDOWS\system32\DRIVERS\ssm_bus.sys (SAMSUNG Mobile USB Device II 1.0 Driver/MCCI) [MANUAL] ssm_bus
Service C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys (SAMSUNG Mobile USB Modem II 1.0 Filter Driver/MCCI) [MANUAL] ssm_mdfl
Service C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys (SAMSUNG Mobile USB Modem II 1.0 Driver/MCCI) [MANUAL] ssm_mdm
Service C:\WINDOWS\System32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip
Service C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc. SCSI Miniport Driver/Symbios Logic Inc.) [BOOT] symc810
Service C:\WINDOWS\System32\DRIVERS\symc8xx.sys (Symbios 8XX SCSI Miniport Driver/LSI Logic) [BOOT] symc8xx
Service C:\WINDOWS\System32\DRIVERS\sym_hi.sys (Symbios Hi-Perf SCSI Miniport Driver/LSI Logic) [BOOT] sym_hi
Service C:\WINDOWS\System32\DRIVERS\sym_u3.sys (Symbios Ultra3 SCSI Miniport Driver/LSI Logic) [BOOT] sym_u3
Service TlntSvr
Service C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (Windows Service for TomTom HOME/TomTom) [AUTO] TomTomHOMEService
Service (CD-UDF NT Filesystem Reader Driver/Roxio) [SYSTEM] UdfReadr_xp
Service C:\WINDOWS\system32\DRIVERS\UimBus.sys (Image Mounter SCSI Port Driver/Windows (R) 2000 DDK provider) [SYSTEM] UimBus
Service C:\WINDOWS\System32\Drivers\Uim_IM.sys [SYSTEM] Uim_IM
Service SYSTEM32\DRIVERS\ulsata.sys?lled: [BOOT] UlSata
Service C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise ULTRA66 Minipoort Driver/Promise Technology, Inc.) [BOOT] ultra
Service C:\WINDOWS\System32\DRIVERS\viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] ViaIde
Service SYSTEM32\DRIVERS\viaidexp.sys?T\ControlSet001\Serv ices\via [BOOT] viaide1
Service SYSTEM32\DRIVERS\viasraid.sys?CriticalDeviceDataba se\?viai [BOOT] viasraid
Service C:\WINDOWS\System32\DRIVERS\WDMCAPI.sys [BOOT] WDMCAPI
Service C:\WINDOWS\System32\DRIVERS\wdmwanmp.sys [MANUAL] WDMWANMP
Service Wmi
Service C:\WINDOWS\System32\x10nets.exe (X10 Module/X10) [MANUAL] x10nets
---- EOF - GMER 1.0.15 ----

Regards,
Graham

[Jintan]

Hmm - something is wrong with how Gmer is reading the boot drivers there:

Service SYSTEM32\DRIVERS\siside.sys?NST\ControlSet001\Serv ices [BOOT] SiSide
Service SYSTEM32\DRIVERS\ulsata.sys?lled: [BOOT] UlSata
Service SYSTEM32\DRIVERS\viaidexp.sys?T\ControlSet001\Serv ices\via [BOOT] viaide1
Service SYSTEM32\DRIVERS\viasraid.sys?CriticalDeviceDataba se\?viai [BOOT] viasraid

If you recognize it, can you tell me what the Bureaublad folder is for please?

Process C:\Documents and Settings\Dad\Bureaublad\5hyv4li5.exe 1940
Library C:\Documents and Settings\Dad\Bureaublad\5hyv4li5.exe 0x00400000

Edit add - nevermind that. Dutch for "desktop" and that file is Gmer.

Go to Start - Run, type cmd (and press OK). At the prompt type or copy/paste the following, pressing Enter after each:

cd\
mbr.exe -t

Still with the command window open click on the Icon in the top left hand corner of the Command Prompt and choose Edit > Select All and then Edit > Copy. Rightclick on your Desktop and create a text file. Open it and position your mouse inside the file, rightclick again and choose Paste. Save the file and post the contents here.

[Bonksie]

Hi Jintan:

Here is the mbr.exe -t scan log . . .


Microsoft Windows XP [versie 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Dad>cd\
C:\>mbr.exe -t
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


Regards,
Graham.

[Jintan]

Going to have to get a different view, and then address whatever function or driver(s) there are involved. Could also be McAfee, altered by malware, but let's check.


Go here and download USEC.at's radix_installer_trial.zip. Then unzip that and click the radixgui.exe to open the scan display.

Then without making any changes click the Check button to start the scan. Once it has completed click the Save Log button and save that to a location you can return to. Then click the "X" to close the Radix scanner.


!!!Caution - the Radix scanner has many settings and options, including many that can cause quick and permanent corruption to your operating system. Avoid the temptation to try any other options, scans or settings when using it.

Those logs tend to be very large, so zip a copy of this one, and send it to jintan@malwarecrypt.com as an attachment. Please place "Submitted Files -Bonksie/cth/rdx" as the email Subject.

[Bonksie]

I've sent the USEC log in zipped form to the address given. There seems to be a lot going on in that scan log.

McAfee updated itself yesterday. The processor is now running a bit better than it has been for the past week. Now, instead of running at 100% (with no apps open), it fluctuates between 100 and about 60%.

[Jintan]

I received the log file, thanks. They are terribly long. I have asked the vendor to consider other options, but need to follow through on that. An important "kernell"-related ntdll.dll function that is "hooked", and many McAfee "hooks" as well. However, not all of McAfee's appear to be what security software would be doing - changing registry keys and creating files. Too similar to the effects I have seen on other systems where a core security software boot driver has been altered. The only way to test this right now though would be to install McAfee, which I recommend you do. Just be sure to save any registration number/key necessary to reinstall it. Other than that I can't "target" any malicious functions as the logs are not revealing those sources.

If you do go with the uninstall of McAfee, also go here and follow the steps under:

Step 2 - Download and run MCPR.exe

Be sure to reboot after running that.

Then run and post back new Gmer scans (both the "Scan" button run as well as the "Non-MS files" one). Also run a new Radix scan and send that to me as a zipped attachment please.

[Bonksie]

The computer seems much happier after the McAfee cleanup.

Here are the Gmer scans. The first is very short (when compared with the first time it was run).

====================================

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-10 09:52:49
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF76C787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF76C7BFE]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
Device \FileSystem\Fastfat \Fat AEE7BD20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----

======================================

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-10 09:56:07
Windows 5.1.2600 Service Pack 3

---- Modules - GMER 1.0.15 ----
Module aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) F798B000-F798D000 (8192 bytes)
Module cmdide.sys (CMD PCI IDE-busstuurprogramma/CMD Technology, Inc.) F798D000-F798F000 (8192 bytes)
Module viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) F7991000-F7993000 (8192 bytes)
Module sparrow.sys (Adaptec AIC-6x60 series SCSI miniport/Adaptec, Inc.) F7717000-F771C000 (20480 bytes)
Module symc810.sys (Symbios Logic Inc. SCSI Miniport Driver/Symbios Logic Inc.) F78A3000-F78A7000 (16384 bytes)
Module asc.sys (AdvanSys SCSI Controller Driver/Advanced System Products, Inc.) F771F000-F7726000 (28672 bytes)
Module asc3550.sys (AdvanSys Ultra-Wide PCI SCSI Driver/Advanced System Products, Inc.) F78AF000-F78B3000 (16384 bytes)
Module mraid35x.sys (MegaRAID RAID Controller Driver for Windows Whistler 32/American Megatrends Inc.) F7727000-F772C000 (20480 bytes)
Module symc8xx.sys (Symbios 8XX SCSI Miniport Driver/LSI Logic) F7737000-F773F000 (32768 bytes)
Module sym_hi.sys (Symbios Hi-Perf SCSI Miniport Driver/LSI Logic) F773F000-F7746000 (28672 bytes)
Module sym_u3.sys (Symbios Ultra3 SCSI Miniport Driver/LSI Logic) F7747000-F774F000 (32768 bytes)
Module ultra.sys (Promise ULTRA66 Minipoort Driver/Promise Technology, Inc.) F7667000-F7670000 (36864 bytes)
Module ql1080.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) F7677000-F7681000 (40960 bytes)
Module ql1280.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) F7687000-F7693000 (49152 bytes)
Module ql12160.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) F7697000-F76A3000 (49152 bytes)
Module dac2w2k.sys (Mylex Disk Array Controller Driver/Mylex Corporation) F7852000-F787E000 (180224 bytes)
Module Lbd.sys (Boot Driver/Lavasoft AB) F76C7000-F76D6000 (61440 bytes)
Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F76D7000-F76E0000 (36864 bytes)
Module WDMCAPI.sys BAF70000-BB000000 (589824 bytes)
Module viasraid.sys (VIA Serial ATA RAID MINIPORT DRIVER FOR WINXP/VIA Technologies inc,.ltd) BAF5D000-BAF70000 (77824 bytes)
Module viaidexp.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.) F7999000-F799B000 (8192 bytes)
Module ulsata.sys (Promise Ultra/Sata Series Driver for WinXP/Promise Technology, Inc.) F76F7000-F7707000 (65536 bytes)
Module siside.sys (SiS PCI Mini IDE Driver/Silicon Integrated Systems Corp.) F799B000-F799D000 (8192 bytes)
Module sisagp.sys (SiS NT AGP Filter/Silicon Integrated Systems Corporation) F7586000-F7590000 (40960 bytes)
Module amdagp.sys (AMD Win2000 AGP Filter/Advanced Micro Devices, Inc.) F7536000-F7541000 (45056 bytes)
Module \SystemRoot\System32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 45.23 /NVIDIA Corporation) BA199000-BA2D1000 (1277952 bytes)
Module \SystemRoot\System32\DRIVERS\e100b325.sys (Intel(R) PRO/100 Adapter NDIS 5.1 driver/Intel Corporation) BA13D000-BA161000 (147456 bytes)
Module \SystemRoot\system32\drivers\pfc.sys (Padus(R) ASPI Shell/Padus, Inc.) BAE43000-BAE46000 (12288 bytes)
Module \SystemRoot\System32\Drivers\pwd_2k.SYS (Win2000 Framework for Packet Write Driver/Roxio) BA0E9000-BA106000 (118784 bytes)
Module \SystemRoot\System32\Drivers\GEARAspiWDM.sys (CD/DVD Class Filter Driver/GEAR Software Inc.) BADD3000-BADDA000 (28672 bytes)
Module \SystemRoot\system32\drivers\cmuda.sys (C-Media Audio WDM Driver/C-Media Inc) B9F9B000-BA0E9000 (1368064 bytes)
Module \SystemRoot\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) BADC3000-BADC8000 (20480 bytes)
Module \SystemRoot\System32\DRIVERS\wdmwanmp.sys F779F000-F77A6000 (28672 bytes)
Module \SystemRoot\System32\Drivers\dvd_2K.SYS (DVD-RAM AddOn Driver/Roxio) F77A7000-F77AD000 (24576 bytes)
Module \SystemRoot\System32\Drivers\Cdr4_xp.SYS (CDR4 CD and DVD Place Holder Driver (see PxHelp)/Sonic Solutions) BA34B000-BA34C000 (4096 bytes)
Module \SystemRoot\System32\Drivers\Cdralw2k.SYS (CDRAL Place Holder Driver (see PxHelp)/Sonic Solutions) BA34A000-BA34B000 (4096 bytes)
Module \SystemRoot\System32\Drivers\cdudf_xp.SYS (CD-UDF NT Filesystem Driver/Roxio) B0D09000-B0D49000 (262144 bytes)
Module \SystemRoot\System32\Drivers\DVDVRRdr_xp.SYS (DVDVR XP Filesystem Reader Driver/Roxio) B0CAB000-B0CCF000 (147456 bytes)
Module \SystemRoot\System32\Drivers\UdfReadr_xp.SYS (CD-UDF NT Filesystem Reader Driver/Roxio) B0C64000-B0C99000 (217088 bytes)
Module \SystemRoot\System32\Drivers\UimFIO.SYS F79D3000-F79D5000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\P1120Vid.sys (Video Streaming and Capture Device Driver/Creative Technology Ltd.) B0932000-B09EB000 (757760 bytes)
Module \SystemRoot\System32\DRIVERS\nvtvsnd.sys (NVIDIA WDM TV Sound/NVIDIA Corporation) F777F000-F7784000 (20480 bytes)
Module \SystemRoot\System32\DRIVERS\nvtunep.sys (NVIDIA WDM TVTuner/NVIDIA Corporation) BAE03000-BAE08000 (20480 bytes)
Module \SystemRoot\System32\DRIVERS\NVxbar.sys (NVIDIA WDM A/V Crossbar/NVIDIA Corporation) B0C36000-B0C39000 (12288 bytes)
Module \SystemRoot\System32\DRIVERS\nvcap.sys B0547000-B0564000 (118784 bytes)
Module \SystemRoot\System32\nv4_disp.dll (NVIDIA Compatible Windows 2000 Display driver, Version 45.23 /NVIDIA Corporation) BF9D5000-BFD8E000 (3903488 bytes)
Module \??\C:\DOCUME~1\Dad\LOCALS~1\Temp\aujasnkj.sys (GMER) AEE98000-AEEAC000 (81920 bytes)
---- Processes - GMER 1.0.15 ----
Process C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (Windows Service for TomTom HOME/TomTom) 228
Library C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (Windows Service for TomTom HOME/TomTom) 0x00400000
Process C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Camera Access Library 8/Canon Inc.) 1296
Library C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Camera Access Library 8/Canon Inc.) 0x00400000
Process C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Ad-Aware Service Application/Lavasoft) 1408
Library C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Ad-Aware Service Application/Lavasoft) 0x00400000
Library C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll 0x10000000
Library C:\Program Files\Lavasoft\Ad-Aware\Resources.dll 0x00CD0000
Library C:\Program Files\Lavasoft\Ad-Aware\lavalicense.dll (License solution (desktop edition)/Lavasoft) 0x013D0000
Library C:\Program Files\Lavasoft\Ad-Aware\ceapi.dll (CEAPI Dynamic Link Library/Lavasoft) 0x01D20000
Library C:\Program Files\Lavasoft\Ad-Aware\unrar.dll 0x01DD0000
Library C:\Program Files\Lavasoft\Ad-Aware\lavamessage.dll (Messaging system for client notification delivery/Lavasoft) 0x02C20000
Process C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1560
Library C:\WINDOWS\system32\hpzlnt09.dll (HP) 0x10000000
Library C:\WINDOWS\system32\pdf995mon.dll 0x50400000
Library C:\WINDOWS\system32\msonpmon.dll (Microsoft Office OneNote 2007 Printer Driver/Microsoft Corporation) 0x00990000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.d ll (Microsoft® Document Imaging/Microsoft Corporation) 0x00AD0000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\msonpppr .dll (Microsoft Office OneNote 2007 Printer Driver/Microsoft Corporation) 0x00AF0000
Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1816
Library C:\WINDOWS\System32\strmfilt.dll (Stream Filter Library/Microsoft Corporation) 0x61550000
Process C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 1896
Library C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 0x00400000
Process C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 45.23/NVIDIA Corporation) 1944
Library C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 45.23/NVIDIA Corporation) 0x00400000
Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 2036
Library C:\WINDOWS\system32\P1120Sti.dll (Still Image (STI) Driver/Creative Technology Ltd.) 0x10000000
Process C:\Documents and Settings\Dad\Bureaublad\5hyv4li5.exe 2560
Library C:\Documents and Settings\Dad\Bureaublad\5hyv4li5.exe 0x00400000
Process C:\WINDOWS\Explorer.EXE (Windows Verkenner/Microsoft Corporation) 2792
Library C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.) 0x00D40000
Process C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Photoshop Album Starter Edition 3.0 component/Adobe Systems Incorporated) 3324
Library C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Photoshop Album Starter Edition 3.0 component/Adobe Systems Incorporated) 0x00400000
Library C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdboot.dll (Adobe Photoshop Album Starter Edition 3.0 component/Adobe Systems Incorporated) 0x10000000
Library C:\WINDOWS\system32\ConnAPI.DLL (Nokia Connectivity API/Nokia.) 0x00AA0000
Library C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\moxplugins\nokiamanager.mox (Adobe Media Object Exchange Plugin/Adobe Systems Incorporated) 0x00A80000
Process C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Ad-Aware Tray Application/Lavasoft) 3348
Library C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Ad-Aware Tray Application/Lavasoft) 0x00400000
Library C:\Program Files\Lavasoft\Ad-Aware\Resources.dll 0x10000000
Process C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (System Tray application for TomTom HOME/TomTom) 3468
Library C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (System Tray application for TomTom HOME/TomTom) 0x00400000
Process C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (ServiceLayer Module/Nokia.) 3772

[Bonksie]

Library C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (ServiceLayer Module/Nokia.) 0x00400000
Library C:\WINDOWS\system32\NclTools.dll (NCL Tools/Nokia.) 0x10000000
Library C:\Program Files\Common Files\PCSuite\Transports\NCLIrDAMM.dll (Infrared/Nokia Corp.) 0x008C0000
Library C:\Program Files\Common Files\PCSuite\Transports\NCLRSMM.dll (Serial cable/Nokia) 0x01030000
Library C:\Program Files\Common Files\PCSuite\Transports\NclMSBTMM.dll (Bluetooth (Microsoft)/Nokia.) 0x00910000
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\System32\DRIVERS\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [BOOT] AliIde
Service C:\WINDOWS\System32\DRIVERS\amdagp.sys (AMD Win2000 AGP Filter/Advanced Micro Devices, Inc.) [BOOT] amdagp
Service C:\WINDOWS\System32\DRIVERS\asc.sys (AdvanSys SCSI Controller Driver/Advanced System Products, Inc.) [BOOT] asc
Service C:\WINDOWS\System32\DRIVERS\asc3550.sys (AdvanSys Ultra-Wide PCI SCSI Driver/Advanced System Products, Inc.) [BOOT] asc3550
Service C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Camera Access Library 8/Canon Inc.) [AUTO] CCALib8
Service (CDR4 CD and DVD Place Holder Driver (see PxHelp)/Sonic Solutions) [SYSTEM] Cdr4_xp
Service (CDRAL Place Holder Driver (see PxHelp)/Sonic Solutions) [SYSTEM] Cdralw2k
Service (CD-UDF NT Filesystem Driver/Roxio) [SYSTEM] cdudf_xp
Service C:\WINDOWS\System32\Drivers\CEUSBAUD.sys (CEUSBAUD.sys/CEntrance, Inc.) [MANUAL] CEUSBAUD
Service C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD PCI IDE-busstuurprogramma/CMD Technology, Inc.) [BOOT] CmdIde
Service C:\WINDOWS\system32\drivers\cmuda.sys (C-Media Audio WDM Driver/C-Media Inc) [MANUAL] cmuda
Service C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Disk Array Controller Driver/Mylex Corporation) [BOOT] dac2w2k
Service (DVDVR XP Filesystem Reader Driver/Roxio) [SYSTEM] DVDVRRdr_xp
Service (DVD-RAM AddOn Driver/Roxio) [MANUAL] dvd_2K
Service C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel(R) PRO/100 Adapter NDIS 5.1 driver/Intel Corporation) [MANUAL] E100B
Service C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (CD/DVD Class Filter Driver/GEAR Software Inc.) [MANUAL] GEARAspiWDM
Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT
Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module/Apple Inc.) [MANUAL] iPod Service
Service C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService
Service C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Ad-Aware Service Application/Lavasoft) [AUTO] Lavasoft Ad-Aware Service
Service C:\WINDOWS\system32\DRIVERS\Lbd.sys (Boot Driver/Lavasoft AB) [BOOT] Lbd
Service C:\DOCUME~1\Dad\LOCALS~1\Temp\mbr.sys [MANUAL] mbr
Service (CD-R/RW AddOn MMC Driver (W2K)/Roxio) [MANUAL] mmc_2K
Service C:\WINDOWS\System32\DRIVERS\mraid35x.sys (MegaRAID RAID Controller Driver for Windows Whistler 32/American Megatrends Inc.) [BOOT] mraid35x
Service C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 45.23 /NVIDIA Corporation) [MANUAL] nv
Service C:\WINDOWS\System32\DRIVERS\nvcap.sys [AUTO] nvcap
Service C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 45.23/NVIDIA Corporation) [AUTO] NVSvc
Service C:\WINDOWS\System32\DRIVERS\nvtunep.sys (NVIDIA WDM TVTuner/NVIDIA Corporation) [AUTO] nvTUNEP
Service C:\WINDOWS\System32\DRIVERS\nvtvsnd.sys (NVIDIA WDM TV Sound/NVIDIA Corporation) [AUTO] nvtvSND
Service C:\WINDOWS\System32\DRIVERS\NVxbar.sys (NVIDIA WDM A/V Crossbar/NVIDIA Corporation) [AUTO] NVXBAR
Service Outlook
Service C:\WINDOWS\system32\DRIVERS\P1120Vid.sys (Video Streaming and Capture Device Driver/Creative Technology Ltd.) [MANUAL] P1120VID
Service C:\WINDOWS\system32\drivers\pfc.sys (Padus(R) ASPI Shell/Padus, Inc.) [MANUAL] pfc
Service C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service (Win2000 Framework for Packet Write Driver/Roxio) [SYSTEM] pwd_2k
Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service C:\WINDOWS\System32\DRIVERS\ql1080.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [BOOT] ql1080
Service C:\WINDOWS\System32\DRIVERS\ql12160.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [BOOT] ql12160
Service C:\WINDOWS\System32\DRIVERS\ql1280.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [BOOT] ql1280
Service RemoteRegistry
Service C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv
Service C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (ServiceLayer Module/Nokia.) [MANUAL] ServiceLayer
Service C:\WINDOWS\System32\DRIVERS\sisagp.sys (SiS NT AGP Filter/Silicon Integrated Systems Corporation) [BOOT] sisagp
Service SYSTEM32\DRIVERS\siside.sys?NST\ControlSet001\Serv ices [BOOT] SiSide
Service C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec AIC-6x60 series SCSI miniport/Adaptec, Inc.) [BOOT] Sparrow
Service C:\WINDOWS\system32\DRIVERS\ssm_bus.sys (SAMSUNG Mobile USB Device II 1.0 Driver/MCCI) [MANUAL] ssm_bus
Service C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys (SAMSUNG Mobile USB Modem II 1.0 Filter Driver/MCCI) [MANUAL] ssm_mdfl
Service C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys (SAMSUNG Mobile USB Modem II 1.0 Driver/MCCI) [MANUAL] ssm_mdm
Service C:\WINDOWS\System32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip
Service C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc. SCSI Miniport Driver/Symbios Logic Inc.) [BOOT] symc810
Service C:\WINDOWS\System32\DRIVERS\symc8xx.sys (Symbios 8XX SCSI Miniport Driver/LSI Logic) [BOOT] symc8xx
Service C:\WINDOWS\System32\DRIVERS\sym_hi.sys (Symbios Hi-Perf SCSI Miniport Driver/LSI Logic) [BOOT] sym_hi
Service C:\WINDOWS\System32\DRIVERS\sym_u3.sys (Symbios Ultra3 SCSI Miniport Driver/LSI Logic) [BOOT] sym_u3
Service TlntSvr
Service C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (Windows Service for TomTom HOME/TomTom) [AUTO] TomTomHOMEService
Service (CD-UDF NT Filesystem Reader Driver/Roxio) [SYSTEM] UdfReadr_xp
Service C:\WINDOWS\system32\DRIVERS\UimBus.sys (Image Mounter SCSI Port Driver/Windows (R) 2000 DDK provider) [SYSTEM] UimBus
Service C:\WINDOWS\System32\Drivers\Uim_IM.sys [SYSTEM] Uim_IM
Service SYSTEM32\DRIVERS\ulsata.sys?lled: [BOOT] UlSata
Service C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise ULTRA66 Minipoort Driver/Promise Technology, Inc.) [BOOT] ultra
Service C:\WINDOWS\System32\DRIVERS\viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] ViaIde
Service SYSTEM32\DRIVERS\viaidexp.sys?T\ControlSet001\Serv ices\via [BOOT] viaide1
Service SYSTEM32\DRIVERS\viasraid.sys?CriticalDeviceDataba se\?viai [BOOT] viasraid
Service C:\WINDOWS\System32\DRIVERS\WDMCAPI.sys [BOOT] WDMCAPI
Service C:\WINDOWS\System32\DRIVERS\wdmwanmp.sys [MANUAL] WDMWANMP
Service Wmi
Service C:\WINDOWS\System32\x10nets.exe (X10 Module/X10) [MANUAL] x10nets
---- EOF - GMER 1.0.15 ----

I will send the Radix as requested.

[Bonksie]

Jintan:

The second Radix scan has been sent to you.

Cheers!

[Jintan]

Received, and all the questionable hooks are gone. Now what to do next, as they were all related to your security software as well, is the question. Still these incorrect reads on the boot drivers as well.


Download Gmer's mbr.exe from here and place it on your C drive (so the file is then C:\mbr.exe).

Go to Start - Run, type cmd (and press OK). At the prompt type or copy/paste the following, pressing Enter after each:

cd\
mbr.exe -t

Still with the command window open click on the Icon in the top left hand corner of the Command Prompt and choose Edit > Select All and then Edit > Copy. Rightclick on your Desktop and create a text file. Open it and position your mouse inside the file, rightclick again and choose Paste. Save the file and post the contents here please.

[Jintan]

Quote:

Now what to do next, as they were all related to your security software as well, is the question.

Some really lousy sentence structure in that one. Really gotta work on that.

[Bonksie]

Your keyboard fingers are moving quicker than the creative side of your brain . . .

Was McAfee "damaged" by some malware?

Here is the latest mbr scan.

Microsoft Windows XP [versie 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Dad>cd\
C:\>mbr.exe -t
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pc
iide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
C:\>

[Jintan]

The idea is that perhaps McAfee was "altered" by some action. That MBR read shows as okay, but these results are still not clear:

Service SYSTEM32\DRIVERS\siside.sys?NST\ControlSet001\Serv ices [BOOT] SiSide
Service SYSTEM32\DRIVERS\ulsata.sys?lled: [BOOT] UlSata
Service SYSTEM32\DRIVERS\viaidexp.sys?T\ControlSet001\Serv ices\via [BOOT] viaide1
Service SYSTEM32\DRIVERS\viasraid.sys?CriticalDeviceDataba se\?viai [BOOT] viasraid

Suggests some form of hook on those different boot drivers.

Go here, scroll down and download RootRepeal.zip to your Desktop. Unzip that, rename the file to rooti.com, then click that to open the scanner.

With it set on the Drivers tab, click Scan. Once that completes click Save Report, give that a name you will recall and save it to your desktop. Repeat those steps for the following tabs as well:

Stealth Objects
Hidden Services

Then post those three logs please.