Jump to content

Need some input on scan results


Recommended Posts

Hi All,

I introduced a friend to Malwarebytes today and after running a quick scan, numerous objects were found. Quite a few were PUP's, a couple trojan downloaders, things like that. Her internet was running very slow for some time but no other symptoms, no redirects or anything like that. Can one of you take a look and let me know if we need to check deeper into the system? Scan results, DDS, and Attach logs below (I removed her name from the logs for privacy). Thanks for your help.

Malwarebytes Anti-Malware (Trial) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.10.13.08

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Administrator :: USER [administrator]

Protection: Enabled

10/13/2012 1:59:12 PM

mbam-log-2012-10-13 (13-59-12).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 204764

Time elapsed: 8 minute(s), 29 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 57

HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> No action taken.

HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> No action taken.

HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> No action taken.

HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> No action taken.

HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> No action taken.

HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> No action taken.

HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> No action taken.

HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> No action taken.

HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> No action taken.

HKCR\escort.escortIEPane (PUP.Funmoods) -> No action taken.

HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.

HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> No action taken.

HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> No action taken.

HKCR\funmoods.dskBnd (PUP.Funmoods) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.

HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> No action taken.

HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> No action taken.

HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> No action taken.

HKCR\funmoodsApp.appCore (PUP.Funmoods) -> No action taken.

HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> No action taken.

HKCR\f (PUP.Funmoods) -> No action taken.

HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> No action taken.

HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> No action taken.

HKCU\SOFTWARE\I WANT THIS (PUP.GamesPlayLab) -> No action taken.

HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> No action taken.

HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> No action taken.

HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> No action taken.

HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FUNMOODS (PUP.Funmoods) -> No action taken.

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> No action taken.

HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.

HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 8

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> No action taken.

HKCU\Software\I Want This|HelperRunningVersion (PUP.GamesPlayLab) -> Data: 149 -> No action taken.

HKCU\Software\InstalledBrowserExtensions\215 Apps|2258 (PUP.CrossFire.SA) -> Data: I Want This -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods|UninstallString (PUP.Funmoods) -> Data: "C:\Program Files\Funmoods\funmoods\1.5.11.16\uninstall.exe" -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Quarantined and deleted successfully.

HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 277fe8955ec53c033f8c05b242e18e6d -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Data: 215 Apps -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 5

C:\Program Files\Funmoods\funmoods\1.5.11.16 (PUP.Funmoods) -> No action taken.

C:\Program Files\Funmoods\funmoods\1.5.11.16\bh (PUP.Funmoods) -> No action taken.

C:\Program Files\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Files Detected: 17

C:\Program Files\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll (PUP.Funmoods) -> No action taken.

C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodssrv.exe (PUP.Funmoods) -> No action taken.

C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll (PUP.Funmoods) -> No action taken.

C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsApp.dll (PUP.Funmoods) -> No action taken.

C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsEng.dll (PUP.Funmoods) -> No action taken.

C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx (PUP.Funmoods) -> No action taken.

C:\Program Files\Funmoods\funmoods\1.5.11.16\uninstall.exe (PUP.Funmoods) -> No action taken.

C:\Program Files\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Application Data\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\is259369358\IWantThis_IC_V3_US.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

C:\Program Files\I Want This\I Want This.ini (Adware.GamePlayLab) -> Quarantined and deleted successfully.

C:\Program Files\I Want This\I Want This.exe (Adware.GamePlayLab) -> Quarantined and deleted successfully.

C:\Program Files\I Want This\I Want This.ico (Adware.GamePlayLab) -> Quarantined and deleted successfully.

C:\Program Files\I Want This\I Want ThisGui.exe (Adware.GamePlayLab) -> Quarantined and deleted successfully.

C:\Program Files\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Quarantined and deleted successfully.

C:\Program Files\I Want This\Uninstall.exe (Adware.GamePlayLab) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.

(end)

DDS (Ver_2012-10-14.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by Administrator at 14:35:54 on 2012-10-13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.133 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ================

.

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://yahoo.com/

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll

BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - c:\program files\funmoods\funmoods\1.5.11.16\bh\funmoods.dll

TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll

TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - c:\program files\funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Media Finder] "c:\program files\media finder\Media Finder.exe" /opentotray

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoResolveTrack = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: ForceClassicControlPanel = dword:1

mPolicies-Explorer: NoResolveTrack = dword:1

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: mcafee.com

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.0.1 192.168.0.1

TCP: Interfaces\{9BE1FF9F-D510-49E2-A461-DDC84FA152C0} : DHCPNameServer = 192.168.0.1 192.168.0.1

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-14 385536]

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 193552]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-13 399432]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-13 676936]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-13 22856]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-6-13 34248]

.

=============== File Associations ===============

.

ShellExec: EasyShare.exe: Preview="c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe"

.

=============== Created Last 30 ================

.

2012-10-13 18:54:15 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes

2012-10-13 18:53:28 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-10-13 18:53:25 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-13 18:53:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-10-13 13:44:17 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{993799f3-6385-4913-934b-055b6874acf1}\mpengine.dll

2012-10-12 00:05:21 6980552 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

.

==================== Find3M ====================

.

2012-08-31 03:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec

2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

============= FINISH: 14:36:49.98 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-10-14.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 6/13/2010 10:09:28 AM

System Uptime: 10/13/2012 2:24:26 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0JC474

Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 144 GiB total, 125.226 GiB free.

E: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP692: 7/16/2012 7:03:31 PM - Software Distribution Service 3.0

RP693: 7/17/2012 9:08:26 PM - Software Distribution Service 3.0

RP694: 7/18/2012 9:49:01 PM - Software Distribution Service 3.0

RP695: 7/19/2012 10:22:05 PM - System Checkpoint

RP696: 7/20/2012 9:42:56 PM - Software Distribution Service 3.0

RP697: 7/21/2012 10:38:06 PM - System Checkpoint

RP698: 7/22/2012 8:47:30 AM - Software Distribution Service 3.0

RP699: 7/23/2012 9:03:48 AM - System Checkpoint

RP700: 7/23/2012 9:18:46 PM - Software Distribution Service 3.0

RP701: 7/24/2012 9:25:20 PM - System Checkpoint

RP702: 7/25/2012 7:52:05 PM - Software Distribution Service 3.0

RP703: 7/26/2012 8:48:02 PM - System Checkpoint

RP704: 7/27/2012 7:59:57 PM - Software Distribution Service 3.0

RP705: 7/29/2012 9:29:56 AM - Software Distribution Service 3.0

RP706: 7/30/2012 6:29:21 PM - Software Distribution Service 3.0

RP707: 7/31/2012 9:01:58 PM - Software Distribution Service 3.0

RP708: 8/1/2012 9:29:32 PM - System Checkpoint

RP709: 8/2/2012 7:23:37 PM - Software Distribution Service 3.0

RP710: 8/4/2012 8:59:25 AM - Software Distribution Service 3.0

RP711: 8/5/2012 9:47:41 AM - System Checkpoint

RP712: 8/5/2012 6:23:55 PM - Software Distribution Service 3.0

RP713: 8/6/2012 8:46:25 PM - Software Distribution Service 3.0

RP714: 8/7/2012 9:15:28 PM - System Checkpoint

RP715: 8/8/2012 8:19:45 PM - Software Distribution Service 3.0

RP716: 8/9/2012 8:44:41 PM - System Checkpoint

RP717: 8/11/2012 8:38:58 AM - Software Distribution Service 3.0

RP718: 8/12/2012 2:49:22 PM - Software Distribution Service 3.0

RP719: 8/13/2012 6:33:30 PM - Software Distribution Service 3.0

RP720: 8/14/2012 8:12:26 PM - Software Distribution Service 3.0

RP721: 8/14/2012 10:05:41 PM - Software Distribution Service 3.0

RP722: 8/15/2012 8:52:16 PM - Software Distribution Service 3.0

RP723: 8/16/2012 9:48:20 PM - Software Distribution Service 3.0

RP724: 8/17/2012 10:41:39 PM - System Checkpoint

RP725: 8/18/2012 8:01:56 AM - Software Distribution Service 3.0

RP726: 8/19/2012 9:25:31 AM - Software Distribution Service 3.0

RP727: 8/20/2012 5:39:32 PM - Software Distribution Service 3.0

RP728: 8/21/2012 7:37:01 PM - Software Distribution Service 3.0

RP729: 8/22/2012 8:32:52 PM - System Checkpoint

RP730: 8/23/2012 8:50:00 PM - Software Distribution Service 3.0

RP731: 8/25/2012 8:46:42 AM - Software Distribution Service 3.0

RP732: 8/26/2012 8:56:32 AM - Software Distribution Service 3.0

RP733: 8/29/2012 7:46:06 PM - Software Distribution Service 3.0

RP734: 8/30/2012 8:52:37 PM - System Checkpoint

RP735: 8/31/2012 10:47:19 PM - Software Distribution Service 3.0

RP736: 9/2/2012 9:07:48 AM - Software Distribution Service 3.0

RP737: 9/3/2012 9:15:18 AM - System Checkpoint

RP738: 9/3/2012 9:53:10 PM - Software Distribution Service 3.0

RP739: 9/5/2012 8:55:46 PM - Software Distribution Service 3.0

RP740: 9/6/2012 8:56:24 PM - System Checkpoint

RP741: 9/7/2012 8:55:29 PM - Software Distribution Service 3.0

RP742: 9/10/2012 5:08:39 PM - Software Distribution Service 3.0

RP743: 9/11/2012 9:38:53 PM - Software Distribution Service 3.0

RP744: 9/12/2012 10:21:13 PM - Software Distribution Service 3.0

RP745: 9/13/2012 7:33:18 PM - Software Distribution Service 3.0

RP746: 9/14/2012 7:42:55 PM - System Checkpoint

RP747: 9/15/2012 8:01:13 AM - Software Distribution Service 3.0

RP748: 9/16/2012 1:46:19 AM - Software Distribution Service 3.0

RP749: 9/16/2012 7:59:33 AM - Software Distribution Service 3.0

RP750: 9/20/2012 7:57:39 PM - Software Distribution Service 3.0

RP751: 9/22/2012 8:38:52 AM - Software Distribution Service 3.0

RP752: 9/22/2012 11:07:15 PM - Software Distribution Service 3.0

RP753: 9/24/2012 7:23:56 PM - Software Distribution Service 3.0

RP754: 9/25/2012 9:32:00 PM - Software Distribution Service 3.0

RP755: 9/26/2012 9:34:27 PM - System Checkpoint

RP756: 9/27/2012 8:32:07 PM - Software Distribution Service 3.0

RP757: 9/30/2012 9:45:01 PM - Software Distribution Service 3.0

RP758: 10/1/2012 9:53:24 PM - System Checkpoint

RP759: 10/2/2012 7:31:15 PM - Software Distribution Service 3.0

RP760: 10/2/2012 7:45:13 PM - Software Distribution Service 3.0

RP761: 10/3/2012 8:04:54 PM - Software Distribution Service 3.0

RP762: 10/5/2012 7:06:51 AM - Software Distribution Service 3.0

RP763: 10/6/2012 9:24:58 AM - Software Distribution Service 3.0

RP764: 10/7/2012 9:37:15 AM - System Checkpoint

RP765: 10/8/2012 7:44:36 PM - Software Distribution Service 3.0

RP766: 10/9/2012 9:20:30 PM - Software Distribution Service 3.0

RP767: 10/9/2012 10:41:02 PM - Software Distribution Service 3.0

RP768: 10/10/2012 10:42:31 PM - System Checkpoint

RP769: 10/11/2012 7:05:06 PM - Software Distribution Service 3.0

RP770: 10/12/2012 7:27:10 PM - System Checkpoint

RP771: 10/13/2012 8:44:03 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Reader 9.4.2

AiO_Scan_CDA

Babylon toolbar on IE

BabylonObjectInstaller

Conexant D850 56K V.9x DFVc Modem

Funmoods on IE and Chrome

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB981793)

HP PSC & OfficeJet 6.1.A

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections Drivers

Malwarebytes Anti-Malware version 1.65.0.1400

McAfee Virtual Technician

Microsoft Application Error Reporting

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Plus! for Windows XP

Microsoft Security Client

Microsoft Security Essentials

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSN

Musicnotes Software Suite 1.5.3

QFolder

Rhapsody

Scan

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB982632)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 8

Windows Media Format 11 runtime

.

==== Event Viewer Messages From Past Week ========

.

10/9/2012 9:09:37 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

10/13/2012 2:24:59 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde

.

==== End Of File ===========================

Link to post
Share on other sites

Hello needhelp1! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall the following applications:

Babylon toolbar on IE

BabylonObjectInstaller

Funmoods on IE and Chrome

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Please download AdwCleaner from here and save it on your Desktop.

  1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • AdwCleaner log
  • a new fresh DDS log

Link to post
Share on other sites

Thanks for the quick reply Maniac :-)

Just a quick note: I'll be doing the communication here and log posting but my friend will be watching this thread and will be doing the actual scans of her computer and forwarding the results to me so there sometimes might be a little lag time from when you reply to when I post the results.

Link to post
Share on other sites

DDS (Ver_2012-10-14.05) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by Administrator at 16:30:11 on 2012-10-14

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.95 [GMT -5:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ================

.

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://yahoo.com/

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Media Finder] "c:\program files\media finder\Media Finder.exe" /opentotray

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoResolveTrack = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: ForceClassicControlPanel = dword:1

mPolicies-Explorer: NoResolveTrack = dword:1

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: mcafee.com

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.0.1 192.168.0.1

TCP: Interfaces\{9BE1FF9F-D510-49E2-A461-DDC84FA152C0} : DHCPNameServer = 192.168.0.1 192.168.0.1

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-14 385536]

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 193552]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-13 399432]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-13 676936]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-13 22856]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-6-13 34248]

S4 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

.

=============== File Associations ===============

.

ShellExec: EasyShare.exe: Preview="c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe"

.

=============== Created Last 30 ================

.

2012-10-14 20:58:38 -------- d-----w- c:\windows\system32\appmgmt

2012-10-14 01:09:38 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfc5b346-e16a-4544-ad20-f152fe3a2192}\mpengine.dll

2012-10-13 18:54:15 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes

2012-10-13 18:53:28 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-10-13 18:53:25 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-13 18:53:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-10-13 13:44:17 6980552 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

.

==================== Find3M ====================

.

2012-08-31 03:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec

2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

Malwarebytes Anti-Malware (Trial) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.10.14.07

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Administrator :: USER [administrator]

Protection: Enabled

10/14/2012 4:03:16 PM

mbam-log-2012-10-14 (16-03-16).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 204706

Time elapsed: 8 minute(s), 26 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 11

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\Interface\{77777777-7777-7777-7777-770077227758} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\I WANT THIS (PUP.GamesPlayLab) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 2

HKCU\Software\I Want This|HelperRunningVersion (PUP.GamesPlayLab) -> Data: 149 -> Quarantined and deleted successfully.

HKCU\Software\InstalledBrowserExtensions\215 Apps|2258 (PUP.CrossFire.SA) -> Data: I Want This -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Au_.exe (PUP.FunMoods) -> Quarantined and deleted successfully.

(end)

.

============= FINISH: 16:31:04.29 ===============

# AdwCleaner v2.005 - Logfile created 10/14/2012 at 16:26:01

# Updated 14/10/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Administrator - USER

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\user.js

Folder Found : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BabylonToolbar

Folder Found : C:\Documents and Settings\Administrator\Application Data\Babylon

Folder Found : C:\Documents and Settings\Administrator\Application Data\Media Finder

Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0

Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon

Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\Media Finder

Folder Found : C:\Program Files\BringMeSports_1cEI

***** [Registry] *****

Key Found : HKCU\Software\Cr_Installer

Key Found : HKCU\Software\InstalledBrowserExtensions

Key Found : HKCU\Software\MediaFinder

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}

Key Found : HKLM\Software\Babylon

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Found : HKLM\SOFTWARE\Classes\MF

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This

Key Found : HKU\S-1-5-21-57989841-839522115-1177238915-500\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKU\S-1-5-21-57989841-839522115-1177238915-500\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [3698 octets] - [14/10/2012 16:26:01]

########## EOF - C:\AdwCleaner[R1].txt - [3758 octets] ##########

Link to post
Share on other sites

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

In your next reply, post the following log files:

  • AdwCleaner log
  • a new fresh DDS log

Link to post
Share on other sites

General condition of the computer: Looks like Sbcglobal for email is running very slowly. Other sites seem to be okay. One thing is that when the user checked MSE earlier, virus protection for some reason was now turned off and couldn’t be started. The following message was displayed: “Windows found multiple antivirus programs on this computer but they all reporting that they are out of date or are turned off. Click recommendations for suggested actions to take”

# AdwCleaner v2.005 - Logfile created 10/15/2012 at 19:30:57

# Updated 14/10/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Administrator - USER

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\user.js

Folder Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BabylonToolbar

Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Babylon

Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Media Finder

Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon

Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Media Finder

Folder Deleted : C:\Program Files\BringMeSports_1cEI

***** [Registry] *****

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\InstalledBrowserExtensions

Key Deleted : HKCU\Software\MediaFinder

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\MF

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [3827 octets] - [14/10/2012 16:26:01]

AdwCleaner[R2].txt - [3887 octets] - [15/10/2012 19:28:27]

AdwCleaner[R3].txt - [3947 octets] - [15/10/2012 19:29:17]

AdwCleaner[R3] monday.txt - [3947 octets] - [15/10/2012 19:30:09]

AdwCleaner[R4].txt - [4074 octets] - [15/10/2012 19:30:34]

AdwCleaner[s1].txt - [3773 octets] - [15/10/2012 19:30:57]

########## EOF - C:\AdwCleaner[s1].txt - [3833 octets] ##########

DDS (Ver_2012-10-14.05) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by Administrator at 19:39:37 on 2012-10-15

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.35 [GMT -5:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ================

.

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://yahoo.com/

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoResolveTrack = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: ForceClassicControlPanel = dword:1

mPolicies-Explorer: NoResolveTrack = dword:1

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: mcafee.com

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.0.1 192.168.0.1

TCP: Interfaces\{9BE1FF9F-D510-49E2-A461-DDC84FA152C0} : DHCPNameServer = 192.168.0.1 192.168.0.1

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-14 385536]

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 193552]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-13 399432]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-13 676936]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-13 22856]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-6-13 34248]

.

=============== File Associations ===============

.

ShellExec: EasyShare.exe: Preview="c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe"

.

=============== Created Last 30 ================

.

2012-10-15 01:32:53 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cbdfadb7-508e-4d17-b06f-c6fbf29a5823}\mpengine.dll

2012-10-14 20:58:38 -------- d-----w- c:\windows\system32\appmgmt

2012-10-14 01:09:38 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-10-13 18:54:15 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes

2012-10-13 18:53:28 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-10-13 18:53:25 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-13 18:53:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2012-08-31 03:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec

2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

============= FINISH: 19:40:35.78 ===============

Link to post
Share on other sites

Please try to re-install your Microsoft Security Essentials. Then restart your computer.

After that:

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Link to post
Share on other sites

MSE was successfully re-installed. That did the trick, thanks.

One question concerning TFC though: the user tried downloading it to the desktop and followed the instructions to run it and left the computer alone. TFC seemed to hang up at the "closing running processes" stage for at least 10 minutes and never moved any further. It could't be closed or stopped manually either. Do MSE and Malwarebytes realtime protection have to be turned off for TFC to run? Should we try letting it run longer?

Link to post
Share on other sites

  • 3 weeks later...

Hi Maniac. Last steps we had were for a full scan with MBAM and MSE. Here's the one from MBAM. I told her to delete the 6 remaining items in the restore point so consider that done. MSE wil be coming next. She reports that the computer has been annoyingly slow for each click. .really delayed.

Malwarebytes Anti-Malware (PRO) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.03.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Administrator :: user [administrator]

Protection: Enabled

11/3/2012 9:09:58 AM

mbam-log-2012-11-03 SAT (10-25-57).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 252096

Time elapsed: 27 minute(s), 38 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 6

C:\System Volume Information\_restore{B4785D62-8413-45AC-A8EC-251EBBD2A61B}\RP773\A0022642.exe (PUP.FunMoods) -> No action taken.

C:\System Volume Information\_restore{B4785D62-8413-45AC-A8EC-251EBBD2A61B}\RP773\A0022637.dll (PUP.FunMoods) -> No action taken.

C:\System Volume Information\_restore{B4785D62-8413-45AC-A8EC-251EBBD2A61B}\RP773\A0022638.dll (PUP.Funmoods) -> No action taken.

C:\System Volume Information\_restore{B4785D62-8413-45AC-A8EC-251EBBD2A61B}\RP773\A0022639.dll (PUP.FunMoods) -> No action taken.

C:\System Volume Information\_restore{B4785D62-8413-45AC-A8EC-251EBBD2A61B}\RP773\A0022640.dll (PUP.FunMoods) -> No action taken.

C:\System Volume Information\_restore{B4785D62-8413-45AC-A8EC-251EBBD2A61B}\RP773\A0022641.exe (PUP.FunMoods) -> No action taken.

(end)

Link to post
Share on other sites

My friend ran the Complete Internet Repair successfully, I don't know if its supposed to produce a report.

Current symptoms: The computer now has periods of slowness, it isn't contstant. In periods of slowness it takes a long time for web pages to load, and for buttons to react to being clicked. Even programs other than Internet Explorer can be slow. During these times of slowness, the computer can be heard processing like mad so something is taking resources. There are 126 of 144 GB left of space so that seems okay.

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

ESET scan below. New thing for today: when my friend started the computer today, in the lower right in the icon tray was a red shield with an X through it stating that virus protection was off. She clicked on the icon and the generic screen came up with firewall on, updates on, virus protection off. So I had her check MSE and protection was on and updates were on. The odd thing was that the MSE green icon was next to the shield with the X through it in the icon tray. So MSE was on, firewall was on, what would set that icon off like that? For the heck of it, I also had her do an MBAM quick scan and that was clean, it just took a bit of time to open it and update. I'm guessing the answer to this last question is no but does any of this sound like rootkit activity?

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=05c7f916f212d84ebe8d5591953a5e3e

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=false

# utc_time=2012-11-08 03:30:19

# local_time=2012-11-07 09:30:19 (-0600, Central Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5121 16777214 0 96 74979999 104349085 0 0

# compatibility_mode=5891 16776549 42 92 0 5040133 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=47281

# found=0

# cleaned=0

# scan_time=1457

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.