XP SP3 INFECTED TODAY

[EDFL]

Clicked on bad Google result website today - no live protection running. Malwarebytes found and removed Trojan.Dropper.PE4. Ran SuperAntispyware and Spybot - no scan hits. Installed Microsoft Security Essentials - no scan hits. Now, "Due to an unidentified problem, Windows cannot display firewall settings". View settings in Windows Explorer and Control Panel have changed. Ran Malwarebytes again - this time found and removed Trojan.ZAccess and Rootkit.0Access. Thank you in advance.

dds.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Ed Lang at 23:33:05 on 2012-07-04

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.526 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\WINDOWS\System32\brsvc01a.exe

C:\WINDOWS\System32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Southwest Airlines\Ding\Ding.exe

C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\ed lang\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Omnipage] c:\program files\scansoft\omnipagese\opware32.exe

mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE

mRun: [nwiz] nwiz.exe /install

mRun: [bCMSMMSG] BCMSMMSG.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

StartupFolder: c:\docume~1\edlang~1\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe

StartupFolder: c:\docume~1\edlang~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE

StartupFolder: c:\docume~1\edlang~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\MSOFFICE.EXE

StartupFolder: c:\docume~1\edlang~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Trusted Zone: intuit.com\ttlc

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.10.1

TCP: Interfaces\{264DDFCB-BA6F-47E7-9C4E-0AF636FFAE68} : DhcpNameServer = 192.168.10.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

UnknownUnknown sqfirwgc;sqfirwgc; [x]

.

=============== Created Last 30 ================

.

2012-07-04 23:48:24 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{52bf68b2-bc89-4a42-89c3-c2519f802afb}\mpengine.dll

2012-07-04 23:42:48 -------- d-----w- c:\program files\Microsoft Security Client

.

==================== Find3M ====================

.

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

============= FINISH: 23:34:35.65 ===============

attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 12/30/2009 5:46:14 PM

System Uptime: 7/4/2012 10:14:46 PM (1 hours ago)

.

Motherboard: Dell Computer Corp. | | 0J0592

Processor: Intel® Pentium® 4 CPU 2.53GHz | Microprocessor | 2524/533mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 56 GiB total, 28.704 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP703: 4/6/2012 10:10:51 AM - System Checkpoint

RP704: 4/7/2012 1:04:48 PM - System Checkpoint

RP705: 4/8/2012 2:17:03 PM - System Checkpoint

RP706: 4/9/2012 3:37:12 PM - System Checkpoint

RP707: 4/11/2012 12:04:55 AM - System Checkpoint

RP708: 4/12/2012 10:51:43 AM - System Checkpoint

RP709: 4/12/2012 11:22:31 PM - Software Distribution Service 3.0

RP710: 4/13/2012 12:18:03 AM - Installed TurboTax 2011 wrapper

RP711: 4/15/2012 12:08:38 PM - System Checkpoint

RP712: 4/16/2012 4:37:07 PM - System Checkpoint

RP713: 4/18/2012 1:01:33 AM - System Checkpoint

RP714: 4/19/2012 10:24:27 AM - System Checkpoint

RP715: 4/20/2012 10:27:12 AM - System Checkpoint

RP716: 4/21/2012 12:07:18 PM - System Checkpoint

RP717: 4/22/2012 12:44:50 PM - System Checkpoint

RP718: 4/23/2012 1:08:05 PM - System Checkpoint

RP719: 4/24/2012 2:29:35 PM - System Checkpoint

RP720: 4/25/2012 6:31:32 PM - System Checkpoint

RP721: 4/26/2012 11:43:42 PM - System Checkpoint

RP722: 4/27/2012 11:49:27 PM - System Checkpoint

RP723: 4/29/2012 2:39:45 PM - System Checkpoint

RP724: 4/30/2012 3:29:43 PM - System Checkpoint

RP725: 5/1/2012 10:12:34 PM - System Checkpoint

RP726: 5/2/2012 10:53:08 PM - System Checkpoint

RP727: 5/4/2012 4:19:02 PM - System Checkpoint

RP728: 5/6/2012 1:42:44 PM - System Checkpoint

RP729: 5/7/2012 2:28:13 PM - System Checkpoint

RP730: 5/9/2012 12:54:10 AM - System Checkpoint

RP731: 5/10/2012 10:49:43 AM - System Checkpoint

RP732: 5/11/2012 12:25:45 PM - System Checkpoint

RP733: 5/12/2012 12:57:56 PM - System Checkpoint

RP734: 5/13/2012 5:00:06 PM - System Checkpoint

RP735: 5/14/2012 5:02:52 PM - System Checkpoint

RP736: 5/15/2012 8:30:36 PM - System Checkpoint

RP737: 5/16/2012 8:37:07 PM - System Checkpoint

RP738: 5/17/2012 11:28:12 PM - System Checkpoint

RP739: 5/19/2012 12:21:19 AM - System Checkpoint

RP740: 5/20/2012 12:35:46 AM - System Checkpoint

RP741: 5/21/2012 3:03:47 PM - System Checkpoint

RP742: 5/22/2012 5:15:52 PM - System Checkpoint

RP743: 5/23/2012 8:43:29 PM - System Checkpoint

RP744: 5/24/2012 9:05:28 PM - System Checkpoint

RP745: 5/25/2012 9:07:22 PM - System Checkpoint

RP746: 5/27/2012 12:21:48 PM - System Checkpoint

RP747: 5/28/2012 10:44:01 PM - System Checkpoint

RP748: 5/29/2012 11:23:15 PM - System Checkpoint

RP749: 5/31/2012 1:37:44 PM - System Checkpoint

RP750: 6/1/2012 9:43:53 PM - System Checkpoint

RP751: 6/2/2012 9:55:01 PM - System Checkpoint

RP752: 6/3/2012 10:34:20 PM - System Checkpoint

RP753: 6/4/2012 12:53:26 PM - Software Distribution Service 3.0

RP754: 6/5/2012 4:55:00 PM - System Checkpoint

RP755: 6/27/2012 7:40:01 PM - System Checkpoint

RP756: 6/29/2012 9:28:56 AM - System Checkpoint

RP757: 6/30/2012 10:14:33 AM - System Checkpoint

RP758: 7/1/2012 10:26:53 AM - System Checkpoint

RP759: 7/2/2012 11:24:22 AM - System Checkpoint

RP760: 7/3/2012 1:17:28 PM - System Checkpoint

RP761: 7/4/2012 1:26:25 PM - System Checkpoint

.

==== Installed Programs ======================

.

.

3ivx MPEG-4 5.0.3 (remove only)

7-Zip 9.20

Adobe Acrobat 5.0

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 9.4.3

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft PhotoBase 3

ArcSoft PhotoStudio 5

Avidemux 2.5 (32-bit)

BCM V.92 56K Modem

Bonjour

Brother 1440

Brownie

Canon CanoScan Toolbox 4.0

CanoScan LiDE20,30 Manual

Coupon Printer for Windows

Dell ResourceCD

DING!

FileZilla Client 3.3.3

FlipShare

Google Chrome

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® PRO Ethernet Adapter and Software

iSEEK AnswerWorks English Runtime

iTunes

Java Auto Updater

Java™ 6 Update 24

Logitech® Camera Driver

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 97, Professional Edition

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA Display Driver

NVIDIA Windows 2000/XP Display Drivers

OmniPage SE

QuickTime

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 8 (KB917734)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB976325)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Segoe UI

Skype Click to Call

Skype™ 5.5

SoundMAX

Spybot - Search & Destroy

SUPERAntiSpyware

TurboTax 2009

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wrapper

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wrapper

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wrapper

UMPlayer 0.98 [P3]

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB975364)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Internet Explorer 8 Multilingual User Interface (MUI)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows XP Service Pack 3

WyldFyre 7 Installed in: C:\PROGRAM FILES\WYLDFYRE\WYLDFYRE 7

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

7/4/2012 7:44:22 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

7/4/2012 11:33:08 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.

7/4/2012 10:15:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde

7/1/2012 9:22:25 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

6/27/2012 5:55:20 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

.

==== End Of File ===========================

[Maniac]

Hello EDFL and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

About your Windows Firewall error:

http://support.microsoft.com/kb/920074

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
   
2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
   
3. Click the Start Scan button.
   
   
4. If a suspicious object is detected, the default action will be Skip, click on Continue.
   
   
5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
   
6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
   
   
7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
   

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

• TDSSKiller log
  
• Malwarebytes' Anti-Malware log
  
• a new fresh DDS log file

[EDFL]

Thanks for your reply. I'm a novice, but will reformat and reinstall per your recommendation. I ran Malwarebytes again just now in safe mode (I'm not connected to the internet - cable unplugged) with 4 hits - Trojan.FakeAlert.RO, Trojan.Small, Trojan.Sirefef, Rootkit.OAccess.

I've been reading all day the links provided, plus much more online. I'm concerned about my files (Excel, Word, PDFs, photos, etc.) and worry about the risk of copying them to USB drives and then from there to the clean computer. Some have confidential/financial information, and I am following the advice concerning financial institutions.

Ed

[Maniac]

I have a solution for you.

Flash Drive Disinfector

Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  
• Wait until it has finished scanning and then exit the program.
  
• Reboot your computer when done.
  Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.
  

[EDFL]

Should I download Flash_Disinfector.exe on the infected computer before transferring files to the usb drives or on the clean computer when reinstalling files? Shoud the transfers from the infected computed to flash drives and back to the clean computer be done in safe mode?

I'm still working on the courage to reformat and reinstall on my infected computer.

[Maniac]

Download and start in a clean computer. Thus, flash memory immunized against malware. Then you can use it on the infected computer to transfer the necessary information.

[EDFL]

I've been reading more and just burned a slipstream XP disk with SP3 using nLite on my netbook (another post issue). I was worried about having no firewall protection upon installing XP SP1 from the origninal disk from Dell. Hopefully, this will work. I had to buy more flash drives to get ready. Thank you for you continued help.

Ed

[Maniac]

What is your plan now? To re-install your system?

[EDFL]

Yes, I will try to reinstall with the slipstream disk. Right now I'm copying data from my hard drive and should be ready to install later Monday morning.

[Maniac]

Okay, here you go some malware prevention tips:

http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983

Safe surfing!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!