Page 1 of 5 12345 LastLast
Results 1 to 10 of 44

Thread: malware took other my computer

  1. #1
    Guest
    Join Date
    May 2011
    Posts
    57

    Default malware took other my computer

    svchost.exe takes 100%
    random advertising windows open
    I am being redirected to crazy websites
    and the computer is slow and the processor is working 100%
    and I have a message Generic Hort Process for Win32 Services has encountered a problem and needs to close. we are sorry for the inconvenience.
    I applied tdsskiller.exe (in run as mode, so no log) and he find nothing.
    spybot finds click.giftload but can't erase it.
    malwarebyte finds nothing.
    I have a dds log and a defogger log.
    I already disable tea-timer. the computer is not stable since 2 days ago. I can't use him safely. I have to restart him every 15 mn because he starts flickering (the desktop), to much process going on!!!
    please help me
    the dds log
    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by NICOU at 22:21:45,48 on 2011-04-29
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1482 [GMT -3:00]
    .
    AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\WINDOWS\system32\HPZipm12.exe
    F:\Programmes\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\NICOU\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{72451267-22A7-4C23-9DCE-A7E772A37893}
    mStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{72451267-22A7-4C23-9DCE-A7E772A37893}
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\any video to dvd db toolbar\tbcore3.dll
    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
    mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
    mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
    mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Notify: AtiExtEvent - Ati2evxx.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\nicou\applic~1\mozilla\firefox\profiles\mtc5e0vx.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/anyvideo2dvd/{5BC4B17D-66A1-4F00-BE33-AF17ECDA68F1}?q=
    FF - plugin: c:\documents and settings\nicou\application data\mozilla\firefox\profiles\mtc5e0vx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-1-24 31816]
    R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-4-2 103744]
    R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-1-24 144704]
    R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-1-24 54608]
    R2 StarWindServiceAE;StarWind AE Service;f:\programmes\alcohol 52\starwind\StarWindServiceAE.exe [2009-12-23 370688]
    R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
    R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2011-4-2 72936]
    R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2011-4-2 33960]
    R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2011-4-2 171400]
    S2 Cubase32;Cubase32;c:\windows\system32\drivers\Cubase32.sys [2011-4-11 11808]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-4-5 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-4-5 8456]
    S3 RDID1044;Roland SP-606;c:\windows\system32\drivers\rdwm1044.sys [2011-4-11 161422]
    .
    =============== Created Last 30 ================
    .
    2011-04-29 23:45:13 -------- d-sha-r- C:\cmdcons
    2011-04-29 23:41:53 98816 ----a-w- c:\windows\sed.exe
    2011-04-29 23:41:53 89088 ----a-w- c:\windows\MBR.exe
    2011-04-29 23:41:53 256512 ----a-w- c:\windows\PEV.exe
    2011-04-29 23:41:53 161792 ----a-w- c:\windows\SWREG.exe
    2011-04-29 20:28:09 0 ----a-w- c:\documents and settings\nicou\ntuser.tmp
    2011-04-29 01:26:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-04-29 01:26:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2011-04-28 20:20:08 -------- d-----w- c:\program files\CCleaner
    2011-04-28 03:21:56 0 ----a-w- c:\windows\Xgihetiy.bin
    2011-04-28 03:20:39 157184 --sha-r- c:\windows\system32\MsPMSPU.dll
    2011-04-28 03:20:39 157184 --sha-r- c:\windows\system32\dispexv.dll
    2011-04-28 03:20:39 157184 --sha-r- c:\windows\system32\confmspl.dll
    2011-04-21 06:22:57 -------- d-----w- c:\docume~1\nicou\applic~1\Toolbar4
    2011-04-21 06:22:53 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Somoto
    2011-04-21 06:22:48 -------- d-----w- c:\program files\Any Video To DVD DB Toolbar
    2011-04-12 17:32:59 -------- d-sh--w- c:\documents and settings\nicou\IECompatCache
    2011-04-12 04:49:18 -------- d-----w- c:\docume~1\nicou\applic~1\OpenOffice.org
    2011-04-12 04:43:50 -------- d-----w- c:\program files\OpenOffice.org 3
    2011-04-11 18:51:08 38401 ----a-r- c:\windows\system32\RdCi1044.dll
    2011-04-11 18:51:07 81920 ----a-r- c:\windows\system32\rdas1044.dll
    2011-04-11 18:51:07 161422 ----a-r- c:\windows\system32\drivers\rdwm1044.sys
    2011-04-11 18:51:06 57344 ----a-r- c:\windows\system32\RDCP1044.CPL
    2011-04-11 18:51:06 229376 ----a-r- c:\windows\system32\RDDP1044.DAT
    2011-04-11 18:51:05 51644 ----a-r- c:\windows\system32\rddv1044.dll
    2011-04-11 18:09:54 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2011-04-11 18:09:54 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
    2011-04-11 18:08:30 85504 ----a-w- c:\windows\system32\ma_cmidn.dll
    2011-04-11 18:08:29 7282 ----a-w- c:\windows\system32\MA_CMIDI.VXD
    2011-04-11 18:08:29 21888 ----a-w- c:\windows\system32\drivers\ma_cmidi.sys
    2011-04-11 18:08:29 17920 ----a-w- c:\windows\system32\MA_CMIDI.DLL
    2011-04-11 18:08:29 14176 ----a-w- c:\windows\system32\MA_CMIDI.DRV
    2011-04-11 18:08:10 -------- d-----w- c:\program files\M-Audio MA_CMIDI
    2011-04-11 09:00:56 -------- d-----w- c:\program files\D16 Group
    2011-04-11 08:51:41 -------- d-----w- c:\program files\Solid State Logic
    2011-04-11 08:16:48 765952 ----a-w- c:\windows\system32\msvcp71d.dll
    2011-04-11 08:16:48 544768 ----a-w- c:\windows\system32\msvcr71d.dll
    2011-04-11 08:16:44 -------- d-----w- c:\program files\Nomad Factory
    2011-04-11 07:42:37 129024 ----a-w- c:\windows\UNWISE.EXE
    2011-04-11 07:35:09 24576 ----a-w- c:\windows\system32\wavlbsys.dll
    2011-04-11 07:35:09 11808 ----a-w- c:\windows\system32\drivers\Cubase32.sys
    2011-04-11 05:23:45 -------- d-----w- c:\docume~1\nicou\applic~1\Blue Cat Audio
    2011-04-11 04:08:03 -------- d-----w- c:\docume~1\nicou\applic~1\Daichi
    2011-04-11 00:29:07 -------- d-----w- c:\program files\FXpansion
    2011-04-11 00:29:07 -------- d-----w- c:\docume~1\nicou\applic~1\FXpansion
    2011-04-10 21:36:12 2240 ----a-w- c:\windows\LENDIG.sys
    2011-04-10 20:45:07 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Identities
    2011-04-10 08:19:44 -------- d-sh--w- c:\documents and settings\nicou\PrivacIE
    2011-04-10 07:32:20 691551 ----a-w- c:\program files\uninstall information\{abaf1232-6213-4062-9d52-04e04a730cea}\unins000.exe
    2011-04-10 07:28:47 691551 ----a-w- c:\program files\uninstall information\{842c6afc-7856-4fd9-99af-8900554acaa2}\unins000.exe
    2011-04-10 06:50:29 -------- d-----w- c:\docume~1\nicou\applic~1\Smartelectronix
    2011-04-10 04:02:20 -------- d-----w- c:\program files\GForce
    2011-04-10 00:55:01 1025 ----a-w- c:\windows\system32\sysprs7.dll
    2011-04-10 00:55:01 1025 ----a-w- c:\windows\system32\clauth2.dll
    2011-04-10 00:55:01 1025 ----a-w- c:\windows\system32\clauth1.dll
    2011-04-10 00:54:55 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Native Instruments
    2011-04-10 00:43:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\IK Multimedia
    2011-04-08 05:51:33 319487 ----a-w- c:\windows\LOOP.exe
    2011-04-08 05:37:13 -------- d-----w- c:\program files\common files\KORG
    2011-04-08 05:28:06 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
    2011-04-08 05:28:06 -------- d-----w- c:\program files\common files\iZotope
    2011-04-08 04:22:27 393216 ----a-w- c:\windows\system32\NI_IRC_1_2.dll
    2011-04-08 04:22:12 61440 ----a-w- c:\windows\system32\NI_DFD_1_5.dll
    2011-04-08 04:22:12 1870336 ----a-w- c:\windows\system32\bconvert.dll
    2011-04-08 04:22:11 -------- d-----w- c:\program files\Native Instruments
    2011-04-08 04:22:11 -------- d-----w- c:\program files\common files\Native Instruments
    2011-04-08 04:06:08 86016 ----a-w- c:\windows\unvise32.exe
    2011-04-08 03:20:08 151552 ----a-w- c:\windows\system32\FDlg.dll
    2011-04-08 01:41:58 665424 ----a-w- c:\windows\system32\wmv8dmoe.dll
    2011-04-08 01:41:58 566272 ----a-w- c:\windows\system32\wmvdmoe.dll
    2011-04-08 01:41:58 438608 ----a-w- c:\windows\system32\wmv8dmod.dll
    2011-04-08 01:41:58 285184 ----a-w- c:\windows\system32\wmidx2.ocx
    2011-04-08 01:41:58 1683792 ----a-w- c:\windows\system32\wmvcore2.dll
    2011-04-08 01:34:10 1294336 ----a-w- c:\windows\system32\vorbis.acm
    2011-04-07 00:07:58 -------- d-----w- C:\QUARANTINE
    2011-04-06 22:39:52 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Microsoft Help
    2011-04-06 22:07:29 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
    2011-04-06 21:46:46 -------- d-----w- c:\docume~1\nicou\applic~1\NetMedia Providers
    2011-04-06 21:46:43 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Sony
    2011-04-06 21:36:12 33340 ------w- c:\windows\system32\dbmsqlgc.dll
    2011-04-06 21:36:12 24576 ------w- c:\windows\system32\dbmsgnet.dll
    2011-04-06 21:35:32 -------- d-----w- c:\program files\Microsoft SQL Server
    2011-04-06 21:12:06 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Installer2184
    2011-04-06 20:57:05 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Installer376
    2011-04-06 20:54:31 -------- d-----w- c:\program files\VideoLAN
    2011-04-06 20:35:11 -------- d-----w- c:\program files\common files\Control Panels
    2011-04-06 20:31:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\ALM
    2011-04-06 20:30:38 2463976 ----a-w- c:\windows\system32\NPSWF32.dll
    2011-04-06 20:30:38 190696 ----a-w- c:\windows\system32\NPSWF32_FlashUtil.exe
    2011-04-06 20:18:24 -------- d-----w- c:\program files\Bonjour
    2011-04-06 20:07:52 -------- d-----w- c:\program files\common files\Macrovision Shared
    2011-04-06 19:49:57 23376 ----a-w- c:\windows\system32\dopdfmn7.dll
    2011-04-06 19:49:57 20304 ----a-w- c:\windows\system32\dopdfmi7.dll
    2011-04-06 19:22:25 -------- d-----w- c:\docume~1\nicou\applic~1\Serif
    2011-04-06 18:41:46 -------- d-----w- c:\docume~1\nicou\applic~1\Softland
    2011-04-06 18:34:59 119568 ----a-w- c:\windows\system32\VB6FR.DLL
    2011-04-06 18:34:58 -------- d-----w- c:\docume~1\nicou\applic~1\FreeVideoConverter
    2011-04-05 06:19:02 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
    2011-04-05 06:19:02 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
    2011-04-05 06:19:02 2340992 ----a-w- c:\windows\system32\BootMan.exe
    2011-04-05 06:19:02 18048 ----a-w- c:\windows\system32\EuEpmGdi.dll
    2011-04-05 06:19:01 13192 ----a-w- c:\windows\system32\epmntdrv.sys
    2011-04-05 06:10:35 -------- d-----w- c:\program files\EASEUS
    2011-04-05 03:59:14 -------- d-----w- c:\docume~1\nicou\applic~1\QuickScan
    2011-04-04 23:03:44 -------- d-----w- c:\windows\system32\LogFiles
    2011-04-04 23:03:42 -------- d-----w- c:\docume~1\nicou\applic~1\Malwarebytes
    2011-04-04 23:03:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-04 23:03:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-04-04 23:03:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-04 23:03:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-04 21:13:56 -------- d-----w- C:\bin
    2011-04-04 21:00:50 -------- d-----w- c:\program files\common files\Hewlett-Packard
    2011-04-04 20:59:43 94208 ----a-w- c:\windows\system32\HPZipt12.dll
    2011-04-04 20:59:43 57344 ----a-w- c:\windows\system32\HPZisn12.dll
    2011-04-04 20:59:43 204800 ----a-w- c:\windows\system32\HPZipr12.dll
    2011-04-04 20:59:42 69632 ----a-w- c:\windows\system32\HPZipm12.exe
    2011-04-04 20:59:42 65536 ----a-w- c:\windows\system32\HPZinw12.exe
    2011-04-04 20:59:42 278584 ----a-w- c:\windows\system32\HPZidr12.dll
    2011-04-04 20:56:23 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
    2011-04-04 20:56:18 49664 ----a-r- c:\windows\system32\drivers\HPZid412.sys
    2011-04-04 20:55:47 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
    2011-04-04 20:55:42 74240 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp054.dll
    2011-04-04 20:55:40 38400 ----a-w- c:\windows\system32\hpz3l054.dll
    2011-04-04 20:53:12 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2011-04-04 20:53:12 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
    2011-04-04 20:52:53 827392 ----a-r- c:\windows\system32\hpotiop2.dll
    2011-04-04 20:52:53 254026 ----a-r- c:\windows\system32\hpovst09.dll
    2011-04-04 20:52:52 659456 ----a-r- c:\windows\system32\hpowiax2.dll
    2011-04-04 20:52:49 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2011-04-04 20:52:49 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
    2011-04-04 20:50:17 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-04-04 20:50:17 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
    2011-04-04 06:01:53 -------- d-----w- c:\windows\pss
    2011-04-04 05:41:20 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Temp
    2011-04-03 21:26:45 -------- d-sh--w- c:\documents and settings\nicou\IETldCache
    2011-04-03 20:06:39 7680 ------w- c:\windows\system32\dllcache\iecompat.dll
    2011-04-03 20:06:22 -------- d-----w- c:\windows\ie8updates
    2011-04-03 20:05:45 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2011-04-03 20:05:44 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2011-04-03 20:05:44 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
    2011-04-03 20:05:44 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-04-03 20:05:44 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2011-04-03 20:05:44 1991680 ------w- c:\windows\system32\dllcache\iertutil.dll
    2011-04-03 20:05:44 11080704 ------w- c:\windows\system32\dllcache\ieframe.dll
    2011-04-03 20:04:24 -------- dc-h--w- c:\windows\ie8
    2011-04-03 04:36:19 -------- d-----w- c:\docume~1\nicou\applic~1\VSRevoGroup
    2011-04-03 03:23:05 -------- d-----w- c:\program files\VS Revo Group
    2011-04-03 03:07:51 -------- d-----w- c:\windows\system32\scripting
    2011-04-03 03:07:51 -------- d-----w- c:\windows\l2schemas
    2011-04-03 03:07:50 -------- d-----w- c:\windows\system32\en
    2011-04-03 03:07:50 -------- d-----w- c:\windows\system32\bits
    2011-04-03 03:04:04 -------- d-----w- c:\windows\network diagnostic
    2011-04-03 03:01:00 -------- d-----w- c:\windows\EHome
    2011-04-03 02:41:55 -------- d-----w- c:\windows\ServicePackFiles
    2011-04-03 02:40:48 -------- d-----w- c:\program files\MSXML 4.0
    2011-04-03 02:37:57 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
    2011-04-03 02:29:27 272128 ------w- c:\windows\system32\dllcache\bthport.sys
    2011-04-03 02:29:26 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2011-04-03 02:29:15 357248 ------w- c:\windows\system32\dllcache\srv.sys
    2011-04-03 02:29:00 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
    2011-04-03 02:28:56 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
    2011-04-03 02:28:49 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2011-04-03 02:27:31 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
    2011-04-03 02:27:30 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
    2011-04-03 02:27:24 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
    2011-04-03 02:27:16 153088 ------w- c:\windows\system32\dllcache\triedit.dll
    2011-04-03 02:25:41 331776 ------w- c:\windows\system32\dllcache\msadce.dll
    2011-04-03 02:25:39 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
    2011-04-03 02:24:41 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
    2011-04-03 02:24:16 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
    2011-04-03 02:23:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-04-03 02:23:24 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
    2011-04-03 02:22:36 -------- d-----w- c:\windows\system32\PreInstall
    2011-04-03 02:11:39 -------- d-----w- c:\windows\system32\SoftwareDistribution
    2011-04-03 00:00:59 72936 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-04-03 00:00:59 64232 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-04-03 00:00:59 52104 ----a-w- c:\windows\system32\drivers\mfetdik.sys
    2011-04-03 00:00:59 33960 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-04-03 00:00:59 171400 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-04-03 00:00:42 -------- d-----w- c:\program files\McAfee
    2011-04-03 00:00:42 -------- d-----w- c:\program files\common files\McAfee
    2011-04-02 23:51:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-04-02 23:51:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-04-02 21:08:39 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Adobe
    2011-04-02 09:24:56 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\PCHealth
    2011-04-02 08:21:23 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
    2011-04-02 08:21:22 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
    2011-04-02 08:21:22 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2011-04-02 08:21:03 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2011-04-02 08:20:25 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
    2011-04-02 08:17:55 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
    2011-04-02 08:17:53 45568 ------w- c:\windows\system32\dllcache\wab.exe
    2011-04-02 06:01:01 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Mozilla
    2011-04-02 05:57:05 -------- d-sh--w- c:\documents and settings\nicou\UserData
    2011-04-02 05:03:25 47104 ----a-w- c:\windows\system32\WACntlPnl.cpl
    2011-04-02 05:01:59 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2011-04-02 05:01:59 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
    2011-04-02 05:01:53 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2011-04-02 03:49:14 1495552 ----a-w- c:\windows\system32\epoPGPsdk.dll
    2011-04-02 03:49:14 -------- d-----w- c:\program files\common files\Cisco Systems
    2011-04-02 03:42:19 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
    .
    ==================== Find3M ====================
    .
    2011-04-28 21:20:24 372736 ----a-w- c:\windows\eqoyafisequpal.dl
    2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST9120824A rev.3.05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89D7B730]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89d81a10]; MOV EAX, [0x89d81a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x89DD6AB8]
    3 CLASSPNP[0xF74E7FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000075[0x89E059E8]
    5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x89DC3940]
    \Driver\atapi[0x89E11AE8] -> IRP_MJ_CREATE -> 0x89D7B730
    error: Read A device attached to the system is not functioning.
    kernel: MBR read successfully
    _asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x7a; }
    detected disk devices:
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x89D7B57B
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 22:23:58,34 ===============

    spybot log

    Click.GiftLoad: [SBI $89783858] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe


    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2011-04-28 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2011-03-18 Includes\Adware.sbi (*)
    2011-03-22 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-12-14 Includes\Dialer.sbi (*)
    2011-03-08 Includes\DialerC.sbi (*)
    2011-02-24 Includes\HeavyDuty.sbi (*)
    2011-03-29 Includes\Hijackers.sbi (*)
    2011-03-29 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2010-12-14 Includes\Keyloggers.sbi (*)
    2011-03-08 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2011-04-05 Includes\Malware.sbi (*)
    2011-04-26 Includes\MalwareC.sbi (*)
    2011-02-24 Includes\PUPS.sbi (*)
    2011-03-15 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2011-03-08 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2011-02-24 Includes\Spyware.sbi (*)
    2011-03-15 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti
    2010-12-28 Includes\Trojans.sbi (*)
    2011-04-26 Includes\TrojansC-02.sbi (*)
    2011-04-26 Includes\TrojansC-03.sbi (*)
    2011-04-18 Includes\TrojansC-04.sbi (*)
    2011-04-26 Includes\TrojansC-05.sbi (*)
    2011-03-08 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.


    Your infected with a nasty Rootkit


    Download aswMBR.exe ( 511KB ) to your desktop.

    Double click the aswMBR.exe to run it

    Click the "Scan" button to start scan


    On completion of the scan click save log, save it to your desktop and post in your next reply
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Guest
    Join Date
    May 2011
    Posts
    57

    Default

    Thank You Ken545, here is the log

    aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
    Run date: 2011-05-06 16:16:55
    -----------------------------
    16:16:55.453 OS Version: Windows 5.1.2600 Service Pack 3
    16:16:55.453 Number of processors: 1 586 0x2402
    16:16:55.453 ComputerName: MOHICAN UserName: NICOU
    16:16:56.125 Initialize success
    16:16:57.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    16:16:57.609 Disk 0 Vendor: ST9120824A 3.05 Size: 114473MB BusType: 3
    16:16:57.609 Device \Driver\atapi -> DriverStartIo 89d7b57b
    16:16:59.609 Disk 0 MBR read successfully
    16:16:59.609 Disk 0 MBR scan
    16:16:59.609 Disk 0 TDL4@MBR code has been found
    16:16:59.609 Disk 0 MBR hidden
    16:16:59.609 Disk 0 MBR [TDL4] **ROOTKIT**
    16:16:59.625 Disk 0 trace - called modules:
    16:16:59.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89d7b730]<<
    16:16:59.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89dd6ab8]
    16:16:59.625 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\00000075[0x89de25d0]
    16:16:59.640 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> [0x89dc3940]
    16:16:59.640 \Driver\atapi[0x89e11ae8] -> IRP_MJ_CREATE -> 0x89d7b730
    16:16:59.640 Scan finished successfully
    16:17:07.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\NICOU\Desktop\MBR.dat"
    16:17:07.968 The log file has been saved successfully to "C:\Documents and Settings\NICOU\Desktop\aswMBR.txt"




    do you think you can solve the problem?

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    You most likely have more malware present but let remove the Rootkit first

    Re-Run aswMBR

    Click Scan

    On completion of the scan

    Click the Fix for TDL4




    Save the log as before and post in your next reply


    After your computer boots back up , run DDS again and post a new log also
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Guest
    Join Date
    May 2011
    Posts
    57

    Default

    So I ran the program as you said and at the fix step the computer got stuck for a while. so restarted and scanned again this time nothing showed up, I guess the fix worked
    her ethe log of the program after the restart

    aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
    Run date: 2011-05-06 23:30:25
    -----------------------------
    23:30:25.921 OS Version: Windows 5.1.2600 Service Pack 3
    23:30:25.921 Number of processors: 1 586 0x2402
    23:30:25.921 ComputerName: MOHICAN UserName: NICOU
    23:30:26.812 Initialize success
    23:30:29.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    23:30:29.500 Disk 0 Vendor: ST9120824A 3.05 Size: 114473MB BusType: 3
    23:30:31.500 Disk 0 MBR read successfully
    23:30:31.500 Disk 0 MBR scan
    23:30:31.500 Disk 0 unknown MBR code
    23:30:33.500 Disk 0 scanning sectors +234436545
    23:30:33.531 Disk 0 scanning C:\WINDOWS\system32\drivers
    23:30:40.109 Service scanning
    23:30:41.406 Disk 0 trace - called modules:
    23:30:41.421 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    23:30:41.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89db9ab8]
    23:30:41.437 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\00000075[0x89e673b8]
    23:30:41.437 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89e66940]
    23:30:41.437 Scan finished successfully
    23:31:24.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\NICOU\Desktop\MBR.dat"
    23:31:24.515 The log file has been saved successfully to "C:\Documents and Settings\NICOU\Desktop\aswMBR2.txt"

  6. #6
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    Please read through what I post as it will speed up the cleaning process


    After your computer boots back up , run DDS again and post a new log also



    Please download ATF Cleaner by Atribune to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
    Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.






    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please



    1. Post a New DDS log
    2. Post the log from Malwarebytes
    3. Let me know how your computer is behaving as far as redirects
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Guest
    Join Date
    May 2011
    Posts
    57

    Default

    DDS log

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by NICOU at 15:12:11,48 on 2011-05-07
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1460 [GMT -3:00]
    .
    AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\WINDOWS\system32\HPZipm12.exe
    F:\Programmes\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\SoftwareDistribution\Download\Install\windows-kb890830-v3.18-delta.exe
    c:\e466385720fc0e1b7b71b0d0c6\mrtstub.exe
    C:\WINDOWS\system32\MRT.exe
    C:\Documents and Settings\NICOU\Desktop\dds.scr
    \\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{72451267-22A7-4C23-9DCE-A7E772A37893}
    mStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{72451267-22A7-4C23-9DCE-A7E772A37893}
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
    mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
    mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
    mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Notify: AtiExtEvent - Ati2evxx.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\nicou\applic~1\mozilla\firefox\profiles\mtc5e0vx.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/anyvideo2dvd/{5BC4B17D-66A1-4F00-BE33-AF17ECDA68F1}?q=
    FF - plugin: c:\documents and settings\nicou\application data\mozilla\firefox\profiles\mtc5e0vx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-1-24 31816]
    R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-4-2 103744]
    R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-1-24 144704]
    R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-1-24 54608]
    R2 StarWindServiceAE;StarWind AE Service;f:\programmes\alcohol 52\starwind\StarWindServiceAE.exe [2009-12-23 370688]
    R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
    R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2011-4-2 72936]
    R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2011-4-2 33960]
    R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2011-4-2 171400]
    S2 Cubase32;Cubase32;c:\windows\system32\drivers\Cubase32.sys [2011-4-11 11808]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-4-5 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-4-5 8456]
    S3 RDID1044;Roland SP-606;c:\windows\system32\drivers\rdwm1044.sys [2011-4-11 161422]
    .
    =============== Created Last 30 ================
    .
    2011-05-07 18:11:37 -------- d-----w- C:\e466385720fc0e1b7b71b0d0c6
    2011-05-02 19:29:51 -------- d-----w- c:\program files\ESET
    2011-05-02 19:07:36 -------- d-----w- C:\_OTL
    2011-04-29 23:45:13 -------- d-sha-r- C:\cmdcons
    2011-04-29 23:41:53 98816 ----a-w- c:\windows\sed.exe
    2011-04-29 23:41:53 89088 ----a-w- c:\windows\MBR.exe
    2011-04-29 23:41:53 256512 ----a-w- c:\windows\PEV.exe
    2011-04-29 23:41:53 161792 ----a-w- c:\windows\SWREG.exe
    2011-04-29 01:26:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-04-29 01:26:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2011-04-28 20:20:08 -------- d-----w- c:\program files\CCleaner
    2011-04-28 03:21:56 0 ----a-w- c:\windows\Xgihetiy.bin
    2011-04-28 03:20:39 157184 --sha-r- c:\windows\system32\MsPMSPU.dll
    2011-04-28 03:20:39 157184 --sha-r- c:\windows\system32\dispexv.dll
    2011-04-28 03:20:39 157184 --sha-r- c:\windows\system32\confmspl.dll
    2011-04-21 06:22:57 -------- d-----w- c:\docume~1\nicou\applic~1\Toolbar4
    2011-04-21 06:22:53 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Somoto
    2011-04-21 06:22:48 -------- d-----w- c:\program files\Any Video To DVD DB Toolbar
    2011-04-12 17:32:59 -------- d-sh--w- c:\documents and settings\nicou\IECompatCache
    2011-04-12 04:49:18 -------- d-----w- c:\docume~1\nicou\applic~1\OpenOffice.org
    2011-04-12 04:43:50 -------- d-----w- c:\program files\OpenOffice.org 3
    2011-04-11 18:51:08 38401 ----a-r- c:\windows\system32\RdCi1044.dll
    2011-04-11 18:51:07 81920 ----a-r- c:\windows\system32\rdas1044.dll
    2011-04-11 18:51:07 161422 ----a-r- c:\windows\system32\drivers\rdwm1044.sys
    2011-04-11 18:51:06 57344 ----a-r- c:\windows\system32\RDCP1044.CPL
    2011-04-11 18:51:06 229376 ----a-r- c:\windows\system32\RDDP1044.DAT
    2011-04-11 18:51:05 51644 ----a-r- c:\windows\system32\rddv1044.dll
    2011-04-11 18:09:54 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2011-04-11 18:09:54 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
    2011-04-11 18:08:30 85504 ----a-w- c:\windows\system32\ma_cmidn.dll
    2011-04-11 18:08:29 7282 ----a-w- c:\windows\system32\MA_CMIDI.VXD
    2011-04-11 18:08:29 21888 ----a-w- c:\windows\system32\drivers\ma_cmidi.sys
    2011-04-11 18:08:29 17920 ----a-w- c:\windows\system32\MA_CMIDI.DLL
    2011-04-11 18:08:29 14176 ----a-w- c:\windows\system32\MA_CMIDI.DRV
    2011-04-11 18:08:10 -------- d-----w- c:\program files\M-Audio MA_CMIDI
    2011-04-11 09:00:56 -------- d-----w- c:\program files\D16 Group
    2011-04-11 08:51:41 -------- d-----w- c:\program files\Solid State Logic
    2011-04-11 08:16:48 765952 ----a-w- c:\windows\system32\msvcp71d.dll
    2011-04-11 08:16:48 544768 ----a-w- c:\windows\system32\msvcr71d.dll
    2011-04-11 08:16:44 -------- d-----w- c:\program files\Nomad Factory
    2011-04-11 07:42:37 129024 ----a-w- c:\windows\UNWISE.EXE
    2011-04-11 07:35:09 24576 ----a-w- c:\windows\system32\wavlbsys.dll
    2011-04-11 07:35:09 11808 ----a-w- c:\windows\system32\drivers\Cubase32.sys
    2011-04-11 05:23:45 -------- d-----w- c:\docume~1\nicou\applic~1\Blue Cat Audio
    2011-04-11 04:08:03 -------- d-----w- c:\docume~1\nicou\applic~1\Daichi
    2011-04-11 00:29:07 -------- d-----w- c:\program files\FXpansion
    2011-04-11 00:29:07 -------- d-----w- c:\docume~1\nicou\applic~1\FXpansion
    2011-04-10 21:36:12 2240 ----a-w- c:\windows\LENDIG.sys
    2011-04-10 20:45:07 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Identities
    2011-04-10 08:19:44 -------- d-sh--w- c:\documents and settings\nicou\PrivacIE
    2011-04-10 07:32:20 691551 ----a-w- c:\program files\uninstall information\{abaf1232-6213-4062-9d52-04e04a730cea}\unins000.exe
    2011-04-10 07:28:47 691551 ----a-w- c:\program files\uninstall information\{842c6afc-7856-4fd9-99af-8900554acaa2}\unins000.exe
    2011-04-10 06:50:29 -------- d-----w- c:\docume~1\nicou\applic~1\Smartelectronix
    2011-04-10 04:02:20 -------- d-----w- c:\program files\GForce
    2011-04-10 00:55:01 1025 ----a-w- c:\windows\system32\sysprs7.dll
    2011-04-10 00:55:01 1025 ----a-w- c:\windows\system32\clauth2.dll
    2011-04-10 00:55:01 1025 ----a-w- c:\windows\system32\clauth1.dll
    2011-04-10 00:54:55 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Native Instruments
    2011-04-10 00:43:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\IK Multimedia
    2011-04-08 05:51:33 319487 ----a-w- c:\windows\LOOP.exe
    2011-04-08 05:37:13 -------- d-----w- c:\program files\common files\KORG
    2011-04-08 05:28:06 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
    2011-04-08 05:28:06 -------- d-----w- c:\program files\common files\iZotope
    2011-04-08 04:22:27 393216 ----a-w- c:\windows\system32\NI_IRC_1_2.dll
    2011-04-08 04:22:12 61440 ----a-w- c:\windows\system32\NI_DFD_1_5.dll
    2011-04-08 04:22:12 1870336 ----a-w- c:\windows\system32\bconvert.dll
    2011-04-08 04:22:11 -------- d-----w- c:\program files\Native Instruments
    2011-04-08 04:22:11 -------- d-----w- c:\program files\common files\Native Instruments
    2011-04-08 04:06:08 86016 ----a-w- c:\windows\unvise32.exe
    2011-04-08 03:20:08 151552 ----a-w- c:\windows\system32\FDlg.dll
    2011-04-08 01:41:58 665424 ----a-w- c:\windows\system32\wmv8dmoe.dll
    2011-04-08 01:41:58 566272 ----a-w- c:\windows\system32\wmvdmoe.dll
    2011-04-08 01:41:58 438608 ----a-w- c:\windows\system32\wmv8dmod.dll
    2011-04-08 01:41:58 285184 ----a-w- c:\windows\system32\wmidx2.ocx
    2011-04-08 01:41:58 1683792 ----a-w- c:\windows\system32\wmvcore2.dll
    2011-04-08 01:34:10 1294336 ----a-w- c:\windows\system32\vorbis.acm
    .
    ==================== Find3M ====================
    .
    2011-04-02 23:51:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-04-02 23:51:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-03-31 14:18:18 23376 ----a-w- c:\windows\system32\dopdfmn7.dll
    2011-03-31 14:18:16 20304 ----a-w- c:\windows\system32\dopdfmi7.dll
    2011-03-25 23:04:16 18048 ----a-w- c:\windows\system32\EuEpmGdi.dll
    2011-03-25 23:03:44 2340992 ----a-w- c:\windows\system32\BootMan.exe
    2011-03-24 13:57:54 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
    2011-03-24 13:57:54 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
    2011-03-24 13:57:54 13192 ----a-w- c:\windows\system32\epmntdrv.sys
    2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 06:55:19 149504 ----a-w- c:\windows\system32\SET10.tmp
    2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\SET2A.tmp
    2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\SET2F.tmp
    2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-08 13:33:55 978944 ------w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
    .
    ============= FINISH: 15:14:11,32 ===============


    Attach log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2011-04-02 01:55:41
    System Uptime: 2011-05-07 15:07:23 (0 hours ago)
    .
    Motherboard: Hewlett-Packard | | 309B
    Processor: AMD Turion(tm) 64 Mobile Technology ML-37 | U23 | 1989/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 35 GiB total, 18,63 GiB free.
    D: is FIXED (FAT32) - 8 GiB total, 1,247 GiB free.
    E: is CDROM ()
    F: is FIXED (NTFS) - 20 GiB total, 17,968 GiB free.
    G: is FIXED (NTFS) - 48 GiB total, 13,82 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 2011-04-28 00:45:00 - System Checkpoint
    RP2: 2011-04-29 01:04:13 - System Checkpoint
    RP3: 2011-04-30 15:18:16 - System Checkpoint
    RP4: 2011-05-02 16:08:28 - OTL Restore Point
    RP5: 2011-05-07 15:09:25 - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Add or Remove Adobe Creative Suite 3 Master Collection
    Adobe After Effects CS3 Presets
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Creative Suite 3 Master Collection
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 9 ActiveX
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader X (10.0.1)
    Adobe Setup
    Adobe SING CS3
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Video Profiles
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    AHV content for Acrobat and Flash
    AiO_Scan_CDA
    AiOSoftwareNPI
    Alpha 3
    Any Video To DVD DB Toolbar
    Arturia Moog Modular V v1.1
    Athlon 64 Processor Driver
    ATI Control Panel
    ATI Display Driver
    Audio Damage DubStation VST v1.0.2.0
    AudioRealism Bass Line 2 (remove only)
    Bass Station 1.50
    Bias Sound Soap 2 DX RTAS VST v2.01
    BufferChm
    C4100
    c4100_Help
    CCleaner
    Conexant AC-Link Audio
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    cp_LightScribeConfig
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    cp_PosterPrintConfig
    cp_UpdateProjectsConfig
    CS-80V
    CueTour
    CustomerResearchQFolder
    Dash Signature daAlfa2k VSTi v2.24c
    Destinations
    DocProc
    DocProcQFolder
    DocumentViewer
    DocumentViewerQFolder
    doPDF 7.2 printer
    EASEUS Partition Master 8.0.1 Home Edition
    Edirol HQ Orchestral v1.01
    Edirol Hyper Canvas v1.53
    Edirol Super Quartet v1.52 TALiO
    ESET Online Scanner v3
    eSupportQFolder
    Fax_CDA
    FL Studio 6
    Free Video Converter V 2.92
    GForce impOSCar v1.10 VSTi RTAS
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 7.0
    HP Document Viewer 7.0
    HP Imaging Device Functions 7.0
    HP Photosmart and Deskjet 7.0.A
    HP Photosmart Premier Software 6.5
    HP QuickPlay 2.0
    HP Software Update
    HP Solution Center 7.0
    HP Wireless Assistant 2.00 C1
    HPPhotoSmartExpress
    HPProductAssistant
    HpSdpAppCoreApp
    InstantShareDevices
    InstantShareDevicesMFC
    iZotope iDrum
    iZotope iDrum Factory Content
    iZotope pHATmatik PRO
    iZotope Vinyl
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 22
    JX220 (remove only)
    JXSynth 1.2 (remove only)
    Korg Legacy Collection v1.1.2
    LightScribe 1.4.56.1
    Linplug Albino VSTi v2.01
    LinPlug daOrgan
    LinPlug DeltaIII VSTi v3.0.5
    LinPlug Organ 3
    LUXONIX Ravity(S) v1.4
    MA_CMIDI
    Malwarebytes' Anti-Malware
    MarketResearch
    McAfee VirusScan Enterprise
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0
    Microsoft Application Error Reporting
    Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox 4.0.1 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    N.I Pro-53 v3.0-OxYGeN
    Native Instruments Absynth v3.0.2
    Native Instruments B4 v2.0.0.7
    Native Instruments FM7 VSTi DXI RTAS v1.1.3.4
    Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS
    Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS
    Native.Instruments.Absynth.RegUser.Presets.Addon
    NewCopy_CDA
    NomadFactory Analog Mastering Tools VST RTAS v1.0
    OCR Software by I.R.I.S 7.0
    OpenOffice.org 3.3
    OptionalContentQFolder
    PanoStandAlone
    PDF Settings
    pdfsam
    PhotoGallery
    ProductContextNPI
    PSP VintageWarmer2 2.1.4
    Quadrafuzz v1.0
    Quick Launch Buttons 5.20 G1
    RandMap
    Readme
    ReFX Junox2 VSTi v1.4
    Revo Uninstaller 1.91
    Rob Papen Predator V1.1 b
    SampleTank 2.5
    Scan
    ScannerCopy
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2482017)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Serif PagePlus SE 1.0
    SH-1001
    SkinsHP1
    SlideShow
    Soft Data Fax Modem with SmartCP
    SolutionCenter
    Sonic Audio Module
    Sonic Copy Module
    Sonic Data Module
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic Update Manager
    Sonic_PrimoSDK
    Sony ACID Pro 6.0
    Sony Media Manager 2.2
    Sony Sound Forge 7.0
    SoundFonts.it GS-201 Tape Echo v1.0 VST
    Spybot - Search & Destroy
    SSL LMC-1 v1.0
    SSL X-ISM v1.1
    Status
    Steinberg Magneto VST v1.5
    Sylenth1 v1.01.3
    Synapse Junglist VSTi v3.2
    Synaptics Pointing Device Driver
    T-RackS 24
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    Toolbox
    Toraverb
    TourSetup
    TrayApp
    Unload
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    V-Station 1.50
    VLC media player 1.1.8
    Waldorf PPG Wave 2.V v1.2
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    WinRAR archiver
    Wireless Home Network Setup
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2011-05-05 15:07:17, error: System Error [1003] - Error code 1000000a, parameter1 00000004, parameter2 00000002, parameter3 00000001, parameter4 804fb051.
    2011-05-02 16:07:43, error: Service Control Manager [7034] - The StarWind AE Service service terminated unexpectedly. It has done this 1 time(s).
    2011-05-02 16:07:42, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
    2011-05-02 16:07:42, error: Service Control Manager [7034] - The McAfee Task Manager service terminated unexpectedly. It has done this 1 time(s).
    2011-05-02 16:07:42, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).
    2011-05-02 16:07:37, error: Service Control Manager [7034] - The McAfee Framework Service service terminated unexpectedly. It has done this 1 time(s).
    2011-05-02 16:07:37, error: Service Control Manager [7034] - The M-Audio CMIDI Installer service terminated unexpectedly. It has done this 1 time(s).
    2011-05-02 16:07:37, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
    2011-05-02 16:07:37, error: Service Control Manager [7034] - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated unexpectedly. It has done this 1 time(s).
    2011-05-02 16:07:36, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
    2011-05-02 15:42:12, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service hpqwmiex with arguments "-Service" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
    2011-05-02 14:40:42, error: Service Control Manager [7000] - The Cubase32 service failed to start due to the following error: The system cannot find the device specified.
    2011-04-30 15:47:53, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service hpqwmiex with arguments "-Service" in order to run the server: {4BE1F202-E872-4127-8E3F-A24A4A021203}
    .
    ==== End Of File ===========================

  8. #8
    Guest
    Join Date
    May 2011
    Posts
    57

    Default

    Malwarebytes log

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6528

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    2011-05-07 15:44:58
    mbam-log-2011-05-07 (15-44-58).txt

    Scan type: Quick scan
    Objects scanned: 148722
    Time elapsed: 3 minute(s), 49 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    On the other hand, the redirect seems to stop. so far, nothing happened, yet.
    So what is the next step?

  9. #9
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    Thanks for the logs. Your Master Boot Record was infected by a rootkit and aswMBR removed it so things should be better , but lets check further


    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #10
    Guest
    Join Date
    May 2011
    Posts
    57

    Default

    I already installed Combo Fix. So here the log

    ComboFix 11-04-29.02 - NICOU 2011-05-07 19:54:42.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1621 [GMT -3:00]
    Running from: c:\documents and settings\NICOU\Desktop\ComboFix.exe
    AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    .
    - REDUCED FUNCTIONALITY MODE -
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-07 18:29 . 2011-05-07 18:29 -------- d-----w- c:\windows\system32\XPSViewer
    2011-05-07 18:29 . 2011-05-07 18:29 -------- d-----w- c:\program files\MSBuild
    2011-05-07 18:28 . 2011-05-07 18:28 -------- d-----w- c:\program files\Reference Assemblies
    2011-05-07 18:28 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2011-05-07 18:28 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2011-05-07 18:28 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2011-05-07 18:28 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
    2011-05-07 18:28 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2011-05-07 18:28 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
    2011-05-07 18:28 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
    2011-05-07 18:28 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2011-05-07 18:28 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2011-05-07 18:28 . 2011-05-07 18:28 -------- d-----w- C:\ce10f287d9ee23a3100d2f7320fdee
    2011-05-02 19:29 . 2011-05-02 19:29 -------- d-----w- c:\program files\ESET
    2011-05-02 19:07 . 2011-05-02 19:07 -------- d-----w- C:\_OTL
    2011-04-29 01:26 . 2011-04-29 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2011-04-29 01:26 . 2011-04-29 01:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-04-28 20:20 . 2011-04-28 20:20 -------- d-----w- c:\program files\CCleaner
    2011-04-28 12:08 . 2011-04-28 12:08 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
    2011-04-28 12:08 . 2011-04-28 12:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Toolbar4
    2011-04-28 12:08 . 2011-04-28 12:08 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
    2011-04-28 03:21 . 2011-04-28 03:21 0 ----a-w- c:\windows\Xgihetiy.bin
    2011-04-28 03:20 . 2011-04-28 03:20 157184 --sha-r- c:\windows\system32\MsPMSPU.dll
    2011-04-28 03:20 . 2011-04-28 03:20 157184 --sha-r- c:\windows\system32\dispexv.dll
    2011-04-28 03:20 . 2011-04-28 03:20 157184 --sha-r- c:\windows\system32\confmspl.dll
    2011-04-21 06:22 . 2011-04-21 06:22 -------- d-----w- c:\documents and settings\NICOU\Application Data\Toolbar4
    2011-04-21 06:22 . 2011-04-21 06:22 -------- d-----w- c:\documents and settings\NICOU\Local Settings\Application Data\Somoto
    2011-04-21 06:22 . 2011-04-29 23:53 -------- d-----w- c:\program files\Any Video To DVD DB Toolbar
    2011-04-12 17:32 . 2011-04-12 17:32 -------- d-sh--w- c:\documents and settings\NICOU\IECompatCache
    2011-04-12 04:49 . 2011-04-12 04:49 -------- d-----w- c:\documents and settings\NICOU\Application Data\OpenOffice.org
    2011-04-12 04:43 . 2011-04-12 04:44 -------- d-----w- c:\program files\OpenOffice.org 3
    2011-04-11 18:51 . 2004-04-20 13:30 38401 ----a-r- c:\windows\system32\RdCi1044.dll
    2011-04-11 18:51 . 2004-04-20 13:30 161422 ----a-r- c:\windows\system32\drivers\rdwm1044.sys
    2011-04-11 18:51 . 2004-04-20 13:30 81920 ----a-r- c:\windows\system32\rdas1044.dll
    2011-04-11 18:51 . 2004-04-20 13:30 57344 ----a-r- c:\windows\system32\RDCP1044.CPL
    2011-04-11 18:51 . 2004-04-20 13:30 229376 ----a-r- c:\windows\system32\RDDP1044.DAT
    2011-04-11 18:51 . 2004-04-20 13:30 51644 ----a-r- c:\windows\system32\rddv1044.dll
    2011-04-11 18:09 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2011-04-11 18:09 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
    2011-04-11 18:08 . 2005-06-14 16:44 85504 ----a-w- c:\windows\system32\ma_cmidn.dll
    2011-04-11 18:08 . 2005-06-14 16:44 7282 ----a-w- c:\windows\system32\MA_CMIDI.VXD
    2011-04-11 18:08 . 2005-06-14 16:44 21888 ----a-w- c:\windows\system32\drivers\ma_cmidi.sys
    2011-04-11 18:08 . 2005-06-14 16:44 17920 ----a-w- c:\windows\system32\MA_CMIDI.DLL
    2011-04-11 18:08 . 2005-06-14 16:44 14176 ----a-w- c:\windows\system32\MA_CMIDI.DRV
    2011-04-11 18:08 . 2011-04-11 18:08 -------- d-----w- c:\program files\M-Audio MA_CMIDI
    2011-04-11 09:00 . 2011-04-11 09:00 -------- d-----w- c:\program files\D16 Group
    2011-04-11 08:51 . 2011-04-11 08:51 -------- d-----w- c:\program files\Solid State Logic
    2011-04-11 08:16 . 2003-03-18 21:04 765952 ----a-w- c:\windows\system32\msvcp71d.dll
    2011-04-11 08:16 . 2003-03-18 21:03 544768 ----a-w- c:\windows\system32\msvcr71d.dll
    2011-04-11 08:16 . 2011-04-11 08:16 -------- d-----w- c:\program files\Nomad Factory
    2011-04-11 07:42 . 1998-04-30 17:56 129024 ----a-w- c:\windows\UNWISE.EXE
    2011-04-11 07:35 . 1996-08-12 13:59 24576 ----a-w- c:\windows\system32\wavlbsys.dll
    2011-04-11 07:35 . 1996-07-29 20:53 11808 ----a-w- c:\windows\system32\drivers\Cubase32.sys
    2011-04-11 05:23 . 2011-04-11 05:23 -------- d-----w- c:\documents and settings\NICOU\Application Data\Blue Cat Audio
    2011-04-11 04:08 . 2011-04-11 04:08 -------- d-----w- c:\documents and settings\NICOU\Application Data\Daichi
    2011-04-11 00:29 . 2011-04-11 00:29 -------- d-----w- c:\program files\FXpansion
    2011-04-11 00:29 . 2011-04-11 00:29 -------- d-----w- c:\documents and settings\NICOU\Application Data\FXpansion
    2011-04-10 21:36 . 2006-09-14 04:21 2240 ----a-w- c:\windows\LENDIG.sys
    2011-04-10 20:45 . 2011-04-10 20:45 -------- d-----w- c:\documents and settings\NICOU\Local Settings\Application Data\Identities
    2011-04-10 08:19 . 2011-04-10 08:19 -------- d-sh--w- c:\documents and settings\NICOU\PrivacIE
    2011-04-10 07:32 . 2011-04-10 07:31 691551 ----a-w- c:\program files\Uninstall Information\{ABAF1232-6213-4062-9D52-04E04A730CEA}\unins000.exe
    2011-04-10 07:28 . 2011-04-10 07:26 691551 ----a-w- c:\program files\Uninstall Information\{842C6AFC-7856-4fd9-99AF-8900554ACAA2}\unins000.exe
    2011-04-10 06:50 . 2011-04-10 06:50 -------- d-----w- c:\documents and settings\NICOU\Application Data\Smartelectronix
    2011-04-10 04:02 . 2011-04-10 04:02 -------- d-----w- c:\program files\GForce
    2011-04-10 00:55 . 2011-04-10 00:55 1025 ----a-w- c:\windows\system32\sysprs7.dll
    2011-04-10 00:55 . 2011-04-10 00:55 1025 ----a-w- c:\windows\system32\clauth2.dll
    2011-04-10 00:55 . 2011-04-10 00:55 1025 ----a-w- c:\windows\system32\clauth1.dll
    2011-04-10 00:54 . 2011-04-10 00:54 -------- d-----w- c:\documents and settings\NICOU\Local Settings\Application Data\Native Instruments
    2011-04-10 00:43 . 2011-04-10 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\IK Multimedia
    2011-04-10 00:43 . 2011-04-10 00:43 -------- d-----w- c:\documents and settings\NICOU\Application Data\InstallShield
    2011-04-08 05:51 . 2004-02-16 05:45 319487 ----a-w- c:\windows\LOOP.exe
    2011-04-08 05:37 . 2011-04-08 05:37 -------- d-----w- c:\program files\Common Files\KORG
    2011-04-08 05:28 . 2011-04-08 05:28 -------- d-----w- c:\program files\Common Files\iZotope
    2011-04-08 05:28 . 2006-04-06 22:41 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
    2011-04-08 04:22 . 2006-10-04 17:13 393216 ----a-w- c:\windows\system32\NI_IRC_1_2.dll
    2011-04-08 04:22 . 2006-10-04 17:13 61440 ----a-w- c:\windows\system32\NI_DFD_1_5.dll
    2011-04-08 04:22 . 2006-10-04 17:13 1870336 ----a-w- c:\windows\system32\bconvert.dll
    2011-04-08 04:22 . 2011-04-08 06:07 -------- d-----w- c:\program files\Native Instruments
    2011-04-08 04:22 . 2011-04-08 04:22 -------- d-----w- c:\program files\Common Files\Native Instruments
    2011-04-08 04:06 . 1999-12-17 13:13 86016 ----a-w- c:\windows\unvise32.exe
    2011-04-08 03:20 . 2003-02-24 20:27 151552 ----a-w- c:\windows\system32\FDlg.dll
    2011-04-08 01:41 . 2002-10-09 16:21 566272 ----a-w- c:\windows\system32\wmvdmoe.dll
    2011-04-08 01:41 . 2001-10-19 18:40 1683792 ----a-w- c:\windows\system32\wmvcore2.dll
    2011-04-08 01:41 . 2001-10-19 18:40 438608 ----a-w- c:\windows\system32\wmv8dmod.dll
    2011-04-08 01:41 . 2001-10-19 18:40 665424 ----a-w- c:\windows\system32\wmv8dmoe.dll
    2011-04-08 01:41 . 2001-10-19 06:05 285184 ----a-w- c:\windows\system32\wmidx2.ocx
    2011-04-08 01:34 . 2002-07-07 22:14 1294336 ----a-w- c:\windows\system32\vorbis.acm
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-06 22:07 . 2011-04-06 22:07 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
    2011-04-02 23:51 . 2011-04-02 23:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-04-02 23:51 . 2011-04-02 23:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-03-31 14:18 . 2011-04-06 19:49 23376 ----a-w- c:\windows\system32\dopdfmn7.dll
    2011-03-31 14:18 . 2011-04-06 19:49 20304 ----a-w- c:\windows\system32\dopdfmi7.dll
    2011-03-25 23:04 . 2011-04-05 06:19 18048 ----a-w- c:\windows\system32\EuEpmGdi.dll
    2011-03-25 23:03 . 2011-04-05 06:19 2340992 ----a-w- c:\windows\system32\BootMan.exe
    2011-03-24 13:57 . 2011-04-05 06:19 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
    2011-03-24 13:57 . 2011-04-05 06:19 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
    2011-03-24 13:57 . 2011-04-05 06:19 13192 ----a-w- c:\windows\system32\epmntdrv.sys
    2011-03-07 05:33 . 2004-08-04 08:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37 . 2004-08-04 08:00 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21 . 2004-08-04 08:00 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:06 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06 . 2004-08-04 08:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-02-22 23:06 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:41 . 2004-08-04 08:00 385024 ------w- c:\windows\system32\html.iec
    2011-02-17 13:18 . 2004-08-04 08:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-17 13:18 . 2004-08-04 08:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-02-17 12:32 . 2011-04-03 02:23 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56 . 2004-08-04 08:00 290432 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-09 13:53 . 2004-08-04 08:00 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2004-08-04 08:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-08 13:33 . 2004-08-04 08:00 978944 ------w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33 . 2004-08-04 08:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2011-04-29 05:18 . 2011-04-02 08:18 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
    "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-24 111952]
    "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
    "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
    "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "midi1"=ma_cmidn.dll
    "wave1"=rddv1044.dll
    "midi2"=rddv1044.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
    backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 19:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    .
    R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-08-22 231424]
    S2 Cubase32;Cubase32;c:\windows\system32\drivers\Cubase32.sys [2011-04-11 11808]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-04-05 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-04-05 8456]
    S3 RDID1044;Roland SP-606;c:\windows\system32\drivers\rdwm1044.sys [2011-04-11 161422]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2011-04-06 436792]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{72451267-22A7-4C23-9DCE-A7E772A37893}
    mStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{72451267-22A7-4C23-9DCE-A7E772A37893}
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    FF - ProfilePath - c:\documents and settings\NICOU\Application Data\Mozilla\Firefox\Profiles\mtc5e0vx.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/anyvideo2dvd/{5BC4B17D-66A1-4F00-BE33-AF17ECDA68F1}?q=
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-07 19:57
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,d5,6d,78,57,14,53,48,ac,ec,1e,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,d5,6d,78,57,14,53,48,ac,ec,1e,\
    .
    [HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
    @DACL=(02 0000)
    @SACL=
    "WinSock_Registry_Version"="2.0"
    "Current_Protocol_Catalog"="Protocol_Catalog9"
    "Current_NameSpace_Catalog"="NameSpace_Catalog5"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(808)
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'lsass.exe'(864)
    c:\windows\system32\rddv1044.dll
    .
    - - - - - - - > 'explorer.exe'(1036)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    Completion time: 2011-05-07 19:59:27
    ComboFix-quarantined-files.txt 2011-05-07 22:59
    ComboFix2.txt 2011-04-29 23:58
    .
    Pre-Run: 19*328*946*176 bytes free
    Post-Run: 19*342*860*288 bytes free
    .
    - - End Of File - - 12890BE47A1A9F4F08C57192E2A68B65


    ps: other than that I have an icon in the system tray that says that automatic update is not on. sometimes, the firewall is disable. sine the virus fake xp update that icon is on.

    Thank you

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •