slowone

Runs fine. No warnings. Thank you for your help!

log.txt

mbam-log-2012-05-08 (22-08-31).txt It appears to be clean. Thank you. Is that all?

RKreport2.txt

Thank you for all your help so far. ComboFix.txt

TDSSKiller.2.7.34.0_08.05.2012_07.07.39_log.txt

Thank You! RKreport1.txt

Microsoft Security Essentials reported sirefef and alureon infection. DDS.txt Attach.zip

After running malwarebytes and microsoft security essentials says it has been infected by Sirefef and Alureon. DDS.txt Attach.zip

Had a problem with the computer a few weeks ago that it had skype installed and running and had rdp bruteforce running. I have some screen shots of that stuff. Thought I was able to get rid of it using malwarebytes, windows defender and a couple other programs. Today the computer wouldn't allow me to choose to run any .exe programs and changed them to text files. Ran exehelper then proceeded to follow your list of programs in this post (http://forums.malwarebytes.org/index.php?showtopic=81385&view=findpost&p=413804) to run as well as windows defender. Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.04.06 Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking) Internet Explorer 8.0.6001.18702 Administrator :: PICKXP [administrator] 4/4/2012 10:42:38 AM mbam-log-2012-04-04 (10-42-38).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 345585 Time elapsed: 17 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Administrator at 12:12:37 on 2012-04-04 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3253.2067 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Intel\Intel Desktop Utilities\iduServ.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Intel\Intel Desktop Utilities\ipTray.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [ipTray.exe] "c:\program files\intel\intel desktop utilities\ipTray.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimageworkstation\TrueImageMonitor.exe mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimageworkstation\TimounterMonitor.exe mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: Interfaces\{1A66488B-3D6C-4115-B4B3-1D2CAF3C54DE} : NameServer = 209.18.47.61,209.18.47.62 Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll LSA: Authentication Packages = msv1_0 relog_ap . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648] R1 MpKsl507ecd44;MpKsl507ecd44;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7452a3cb-182a-46fa-961c-bb307990c08b}\MpKsl507ecd44.sys [2012-4-4 29904] R2 HPWJAService;HPWJA Service;c:\program files\hewlett-packard\web jetadmin 10\bin\HPWJAService.exe [2011-7-14 45056] R2 HPWSProAdapter;HPWSProAdapter;c:\program files\hewlett-packard\web jetadmin 10\hpwsproadapter\filesystems\core\bin\xp-x86\release\HP.Dss.App.WinService.exe [2011-6-29 9728] R2 IduService;Intel® Desktop Utilities Service;c:\program files\intel\intel desktop utilities\iduServ.exe [2010-12-15 131272] R2 MSSQL$HPWJA;SQL Server (HPWJA);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-11-24 168616] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-11-24 235520] S2 Intel® Desktop Boards FSC Application Service;Intel® Desktop Boards FSC Application Service;c:\program files\intel\fsc\FSCAppServ.exe [2010-12-15 57344] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-11-24 1691480] S3 d3odbcsv;D3 ODBC Server ;c:\d3\d3programs\d3odbcsv.exe [2010-4-28 525728] S3 D3Vme;D3 Virtual Machine Environment;c:\d3\d3programs\D3Vme.exe [2010-4-28 812440] . =============== Created Last 30 ================ . 2012-04-04 17:00:09 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7452a3cb-182a-46fa-961c-bb307990c08b}\MpKsl507ecd44.sys 2012-04-04 16:05:06 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7452a3cb-182a-46fa-961c-bb307990c08b}\mpengine.dll 2012-03-19 14:50:49 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2012-03-19 14:45:24 -------- d-----w- c:\windows\SxsCaPendDel . ==================== Find3M ==================== . 2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ============= FINISH: 12:13:08.67 =============== attach.zip