malware took other my computer

**matson** · 2011-05-01, 03:17

svchost.exe takes 100%
random advertising windows open
I am being redirected to crazy websites
and the computer is slow and the processor is working 100%
and I have a message Generic Hort Process for Win32 Services has encountered a problem and needs to close. we are sorry for the inconvenience.
I applied tdsskiller.exe (in run as mode, so no log) and he find nothing.
spybot finds click.giftload but can't erase it.
malwarebyte finds nothing.
I have a dds log and a defogger log.
I already disable tea-timer. the computer is not stable since 2 days ago. I can't use him safely. I have to restart him every 15 mn because he starts flickering (the desktop), to much process going on!!!
please help me
the dds log
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by NICOU at 22:21:45,48 on 2011-04-29
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1482 [GMT -3:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
F:\Programmes\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\NICOU\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{72451267-22A7-4C23-9DCE-A7E772A37893}
mStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{72451267-22A7-4C23-9DCE-A7E772A37893}
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\any video to dvd db toolbar\tbcore3.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\nicou\applic~1\mozilla\firefox\profiles\mtc5e0vx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/anyvideo2dvd/{5BC4B17D-66A1-4F00-BE33-AF17ECDA68F1}?q=
FF - plugin: c:\documents and settings\nicou\application data\mozilla\firefox\profiles\mtc5e0vx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-1-24 31816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-4-2 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-1-24 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-1-24 54608]
R2 StarWindServiceAE;StarWind AE Service;f:\programmes\alcohol 52\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2011-4-2 72936]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2011-4-2 33960]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2011-4-2 171400]
S2 Cubase32;Cubase32;c:\windows\system32\drivers\Cubase32.sys [2011-4-11 11808]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-4-5 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-4-5 8456]
S3 RDID1044;Roland SP-606;c:\windows\system32\drivers\rdwm1044.sys [2011-4-11 161422]
.
=============== Created Last 30 ================
.
2011-04-29 23:45:13 -------- d-sha-r- C:\cmdcons
2011-04-29 23:41:53 98816 ----a-w- c:\windows\sed.exe
2011-04-29 23:41:53 89088 ----a-w- c:\windows\MBR.exe
2011-04-29 23:41:53 256512 ----a-w- c:\windows\PEV.exe
2011-04-29 23:41:53 161792 ----a-w- c:\windows\SWREG.exe
2011-04-29 20:28:09 0 ----a-w- c:\documents and settings\nicou\ntuser.tmp
2011-04-29 01:26:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-29 01:26:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-04-28 20:20:08 -------- d-----w- c:\program files\CCleaner
2011-04-28 03:21:56 0 ----a-w- c:\windows\Xgihetiy.bin
2011-04-28 03:20:39 157184 --sha-r- c:\windows\system32\MsPMSPU.dll
2011-04-28 03:20:39 157184 --sha-r- c:\windows\system32\dispexv.dll
2011-04-28 03:20:39 157184 --sha-r- c:\windows\system32\confmspl.dll
2011-04-21 06:22:57 -------- d-----w- c:\docume~1\nicou\applic~1\Toolbar4
2011-04-21 06:22:53 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Somoto
2011-04-21 06:22:48 -------- d-----w- c:\program files\Any Video To DVD DB Toolbar
2011-04-12 17:32:59 -------- d-sh--w- c:\documents and settings\nicou\IECompatCache
2011-04-12 04:49:18 -------- d-----w- c:\docume~1\nicou\applic~1\OpenOffice.org
2011-04-12 04:43:50 -------- d-----w- c:\program files\OpenOffice.org 3
2011-04-11 18:51:08 38401 ----a-r- c:\windows\system32\RdCi1044.dll
2011-04-11 18:51:07 81920 ----a-r- c:\windows\system32\rdas1044.dll
2011-04-11 18:51:07 161422 ----a-r- c:\windows\system32\drivers\rdwm1044.sys
2011-04-11 18:51:06 57344 ----a-r- c:\windows\system32\RDCP1044.CPL
2011-04-11 18:51:06 229376 ----a-r- c:\windows\system32\RDDP1044.DAT
2011-04-11 18:51:05 51644 ----a-r- c:\windows\system32\rddv1044.dll
2011-04-11 18:09:54 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-04-11 18:09:54 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-04-11 18:08:30 85504 ----a-w- c:\windows\system32\ma_cmidn.dll
2011-04-11 18:08:29 7282 ----a-w- c:\windows\system32\MA_CMIDI.VXD
2011-04-11 18:08:29 21888 ----a-w- c:\windows\system32\drivers\ma_cmidi.sys
2011-04-11 18:08:29 17920 ----a-w- c:\windows\system32\MA_CMIDI.DLL
2011-04-11 18:08:29 14176 ----a-w- c:\windows\system32\MA_CMIDI.DRV
2011-04-11 18:08:10 -------- d-----w- c:\program files\M-Audio MA_CMIDI
2011-04-11 09:00:56 -------- d-----w- c:\program files\D16 Group
2011-04-11 08:51:41 -------- d-----w- c:\program files\Solid State Logic
2011-04-11 08:16:48 765952 ----a-w- c:\windows\system32\msvcp71d.dll
2011-04-11 08:16:48 544768 ----a-w- c:\windows\system32\msvcr71d.dll
2011-04-11 08:16:44 -------- d-----w- c:\program files\Nomad Factory
2011-04-11 07:42:37 129024 ----a-w- c:\windows\UNWISE.EXE
2011-04-11 07:35:09 24576 ----a-w- c:\windows\system32\wavlbsys.dll
2011-04-11 07:35:09 11808 ----a-w- c:\windows\system32\drivers\Cubase32.sys
2011-04-11 05:23:45 -------- d-----w- c:\docume~1\nicou\applic~1\Blue Cat Audio
2011-04-11 04:08:03 -------- d-----w- c:\docume~1\nicou\applic~1\Daichi
2011-04-11 00:29:07 -------- d-----w- c:\program files\FXpansion
2011-04-11 00:29:07 -------- d-----w- c:\docume~1\nicou\applic~1\FXpansion
2011-04-10 21:36:12 2240 ----a-w- c:\windows\LENDIG.sys
2011-04-10 20:45:07 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Identities
2011-04-10 08:19:44 -------- d-sh--w- c:\documents and settings\nicou\PrivacIE
2011-04-10 07:32:20 691551 ----a-w- c:\program files\uninstall information\{abaf1232-6213-4062-9d52-04e04a730cea}\unins000.exe
2011-04-10 07:28:47 691551 ----a-w- c:\program files\uninstall information\{842c6afc-7856-4fd9-99af-8900554acaa2}\unins000.exe
2011-04-10 06:50:29 -------- d-----w- c:\docume~1\nicou\applic~1\Smartelectronix
2011-04-10 04:02:20 -------- d-----w- c:\program files\GForce
2011-04-10 00:55:01 1025 ----a-w- c:\windows\system32\sysprs7.dll
2011-04-10 00:55:01 1025 ----a-w- c:\windows\system32\clauth2.dll
2011-04-10 00:55:01 1025 ----a-w- c:\windows\system32\clauth1.dll
2011-04-10 00:54:55 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Native Instruments
2011-04-10 00:43:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\IK Multimedia
2011-04-08 05:51:33 319487 ----a-w- c:\windows\LOOP.exe
2011-04-08 05:37:13 -------- d-----w- c:\program files\common files\KORG
2011-04-08 05:28:06 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2011-04-08 05:28:06 -------- d-----w- c:\program files\common files\iZotope
2011-04-08 04:22:27 393216 ----a-w- c:\windows\system32\NI_IRC_1_2.dll
2011-04-08 04:22:12 61440 ----a-w- c:\windows\system32\NI_DFD_1_5.dll
2011-04-08 04:22:12 1870336 ----a-w- c:\windows\system32\bconvert.dll
2011-04-08 04:22:11 -------- d-----w- c:\program files\Native Instruments
2011-04-08 04:22:11 -------- d-----w- c:\program files\common files\Native Instruments
2011-04-08 04:06:08 86016 ----a-w- c:\windows\unvise32.exe
2011-04-08 03:20:08 151552 ----a-w- c:\windows\system32\FDlg.dll
2011-04-08 01:41:58 665424 ----a-w- c:\windows\system32\wmv8dmoe.dll
2011-04-08 01:41:58 566272 ----a-w- c:\windows\system32\wmvdmoe.dll
2011-04-08 01:41:58 438608 ----a-w- c:\windows\system32\wmv8dmod.dll
2011-04-08 01:41:58 285184 ----a-w- c:\windows\system32\wmidx2.ocx
2011-04-08 01:41:58 1683792 ----a-w- c:\windows\system32\wmvcore2.dll
2011-04-08 01:34:10 1294336 ----a-w- c:\windows\system32\vorbis.acm
2011-04-07 00:07:58 -------- d-----w- C:\QUARANTINE
2011-04-06 22:39:52 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Microsoft Help
2011-04-06 22:07:29 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-04-06 21:46:46 -------- d-----w- c:\docume~1\nicou\applic~1\NetMedia Providers
2011-04-06 21:46:43 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Sony
2011-04-06 21:36:12 33340 ------w- c:\windows\system32\dbmsqlgc.dll
2011-04-06 21:36:12 24576 ------w- c:\windows\system32\dbmsgnet.dll
2011-04-06 21:35:32 -------- d-----w- c:\program files\Microsoft SQL Server
2011-04-06 21:12:06 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Installer2184
2011-04-06 20:57:05 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Installer376
2011-04-06 20:54:31 -------- d-----w- c:\program files\VideoLAN
2011-04-06 20:35:11 -------- d-----w- c:\program files\common files\Control Panels
2011-04-06 20:31:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\ALM
2011-04-06 20:30:38 2463976 ----a-w- c:\windows\system32\NPSWF32.dll
2011-04-06 20:30:38 190696 ----a-w- c:\windows\system32\NPSWF32_FlashUtil.exe
2011-04-06 20:18:24 -------- d-----w- c:\program files\Bonjour
2011-04-06 20:07:52 -------- d-----w- c:\program files\common files\Macrovision Shared
2011-04-06 19:49:57 23376 ----a-w- c:\windows\system32\dopdfmn7.dll
2011-04-06 19:49:57 20304 ----a-w- c:\windows\system32\dopdfmi7.dll
2011-04-06 19:22:25 -------- d-----w- c:\docume~1\nicou\applic~1\Serif
2011-04-06 18:41:46 -------- d-----w- c:\docume~1\nicou\applic~1\Softland
2011-04-06 18:34:59 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2011-04-06 18:34:58 -------- d-----w- c:\docume~1\nicou\applic~1\FreeVideoConverter
2011-04-05 06:19:02 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2011-04-05 06:19:02 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2011-04-05 06:19:02 2340992 ----a-w- c:\windows\system32\BootMan.exe
2011-04-05 06:19:02 18048 ----a-w- c:\windows\system32\EuEpmGdi.dll
2011-04-05 06:19:01 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2011-04-05 06:10:35 -------- d-----w- c:\program files\EASEUS
2011-04-05 03:59:14 -------- d-----w- c:\docume~1\nicou\applic~1\QuickScan
2011-04-04 23:03:44 -------- d-----w- c:\windows\system32\LogFiles
2011-04-04 23:03:42 -------- d-----w- c:\docume~1\nicou\applic~1\Malwarebytes
2011-04-04 23:03:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-04 23:03:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-04 23:03:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-04 23:03:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-04 21:13:56 -------- d-----w- C:\bin
2011-04-04 21:00:50 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-04-04 20:59:43 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2011-04-04 20:59:43 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2011-04-04 20:59:43 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2011-04-04 20:59:42 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2011-04-04 20:59:42 65536 ----a-w- c:\windows\system32\HPZinw12.exe
2011-04-04 20:59:42 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2011-04-04 20:56:23 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2011-04-04 20:56:18 49664 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2011-04-04 20:55:47 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2011-04-04 20:55:42 74240 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp054.dll
2011-04-04 20:55:40 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2011-04-04 20:53:12 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-04-04 20:53:12 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2011-04-04 20:52:53 827392 ----a-r- c:\windows\system32\hpotiop2.dll
2011-04-04 20:52:53 254026 ----a-r- c:\windows\system32\hpovst09.dll
2011-04-04 20:52:52 659456 ----a-r- c:\windows\system32\hpowiax2.dll
2011-04-04 20:52:49 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-04-04 20:52:49 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2011-04-04 20:50:17 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-04-04 20:50:17 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-04-04 06:01:53 -------- d-----w- c:\windows\pss
2011-04-04 05:41:20 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Temp
2011-04-03 21:26:45 -------- d-sh--w- c:\documents and settings\nicou\IETldCache
2011-04-03 20:06:39 7680 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-04-03 20:06:22 -------- d-----w- c:\windows\ie8updates
2011-04-03 20:05:45 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-04-03 20:05:44 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-04-03 20:05:44 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-04-03 20:05:44 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-04-03 20:05:44 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-04-03 20:05:44 1991680 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-04-03 20:05:44 11080704 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-04-03 20:04:24 -------- dc-h--w- c:\windows\ie8
2011-04-03 04:36:19 -------- d-----w- c:\docume~1\nicou\applic~1\VSRevoGroup
2011-04-03 03:23:05 -------- d-----w- c:\program files\VS Revo Group
2011-04-03 03:07:51 -------- d-----w- c:\windows\system32\scripting
2011-04-03 03:07:51 -------- d-----w- c:\windows\l2schemas
2011-04-03 03:07:50 -------- d-----w- c:\windows\system32\en
2011-04-03 03:07:50 -------- d-----w- c:\windows\system32\bits
2011-04-03 03:04:04 -------- d-----w- c:\windows\network diagnostic
2011-04-03 03:01:00 -------- d-----w- c:\windows\EHome
2011-04-03 02:41:55 -------- d-----w- c:\windows\ServicePackFiles
2011-04-03 02:40:48 -------- d-----w- c:\program files\MSXML 4.0
2011-04-03 02:37:57 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2011-04-03 02:29:27 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2011-04-03 02:29:26 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-04-03 02:29:15 357248 ------w- c:\windows\system32\dllcache\srv.sys
2011-04-03 02:29:00 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-04-03 02:28:56 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-04-03 02:28:49 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-04-03 02:27:31 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-04-03 02:27:30 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2011-04-03 02:27:24 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2011-04-03 02:27:16 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2011-04-03 02:25:41 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2011-04-03 02:25:39 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2011-04-03 02:24:41 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2011-04-03 02:24:16 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2011-04-03 02:23:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-04-03 02:23:24 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-04-03 02:22:36 -------- d-----w- c:\windows\system32\PreInstall
2011-04-03 02:11:39 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-04-03 00:00:59 72936 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-03 00:00:59 64232 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-03 00:00:59 52104 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2011-04-03 00:00:59 33960 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-03 00:00:59 171400 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-03 00:00:42 -------- d-----w- c:\program files\McAfee
2011-04-03 00:00:42 -------- d-----w- c:\program files\common files\McAfee
2011-04-02 23:51:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-02 23:51:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-02 21:08:39 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Adobe
2011-04-02 09:24:56 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\PCHealth
2011-04-02 08:21:23 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-04-02 08:21:22 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-04-02 08:21:22 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-04-02 08:21:03 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-04-02 08:20:25 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-04-02 08:17:55 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2011-04-02 08:17:53 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-04-02 06:01:01 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Mozilla
2011-04-02 05:57:05 -------- d-sh--w- c:\documents and settings\nicou\UserData
2011-04-02 05:03:25 47104 ----a-w- c:\windows\system32\WACntlPnl.cpl
2011-04-02 05:01:59 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-04-02 05:01:59 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-04-02 05:01:53 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-04-02 03:49:14 1495552 ----a-w- c:\windows\system32\epoPGPsdk.dll
2011-04-02 03:49:14 -------- d-----w- c:\program files\common files\Cisco Systems
2011-04-02 03:42:19 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
.
==================== Find3M ====================
.
2011-04-28 21:20:24 372736 ----a-w- c:\windows\eqoyafisequpal.dl
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST9120824A rev.3.05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89D7B730]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89d81a10]; MOV EAX, [0x89d81a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x89DD6AB8]
3 CLASSPNP[0xF74E7FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000075[0x89E059E8]
5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x89DC3940]
\Driver\atapi[0x89E11AE8] -> IRP_MJ_CREATE -> 0x89D7B730
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x7a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x89D7B57B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:23:58,34 ===============

spybot log

Click.GiftLoad: [SBI $89783858] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-04-28 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-04-26 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-15 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-04-26 Includes\TrojansC-02.sbi (*)
2011-04-26 Includes\TrojansC-03.sbi (*)
2011-04-18 Includes\TrojansC-04.sbi (*)
2011-04-26 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Thread: malware took other my computer

Thread Tools

Display

Threaded View

malware took other my computer

Tags for this Thread

Posting Permissions