Jump to content

Security Protection virus, Malwarebytes shuts down & computer locks up....PLEASE HELP!


Recommended Posts

This whole mess started earlier this week. My wife received a virus infested email from a friend. Shortly after, the internet sites started running slower. She then received the "Security Protection" pop-ups. I already had Malwarebytes installed and ran a quick scan which only showed & fixed the Security Protection virus (2 infected files).

The computer stayed on the remainder of the night and when she woke up the next morning, it was worse than before. I ran a full system scan which revealed over 40+ infected files. I thought Malwarebytes successfully found all the viruses and the computer ran well for a few hours and then my antivirus program "Microsoft Essentials" shut down and the computer began locking up. I tried several times thru a hard-boot to run Malwarebytes again but it would run for a few seconds and then shut off.

I have ran the various logs requested from reading the other posts but when trying to run GMER, the scan wouldn't finish and would shut off too.

LOGS:::.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.6001.18702

Run by Kevin at 20:26:48 on 2011-08-31

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.681 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\2440225872:2937818478.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.comcast.net/

uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/

uInternet Settings,ProxyOverride = <local>

uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwag.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {1C3C4699-B285-475F-BE47-0B26088CE876} - No File

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwag.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {F06E2ABE-3A50-4079-BE25-FC100D9EAA25} - No File

TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwag.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [setDefaultMIDI] MIDIDef.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [EPSON Stylus CX3200] c:\windows\system32\spool\drivers\w32x86\3\e_s10ic2.exe /a "c:\windows\system32\E_S269.tmp"

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"

mRun: [VX3000] c:\windows\vVX3000.exe

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray

mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r

mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon

mRun: [updReg] c:\windows\UpdReg.EXE

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL

LSP: mswsock.dll

Trusted Zone: musicmatch.com\online

DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB

DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} - hxxp://www.worldwinner.com/games/v53/dealornodeal/dealornodeal.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://mypoints.worldwinner.com/games/v47/shared/FunGamesLoader.cab

DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_Win32.cab

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www-cdn.freerealms.com/gamedata/plugins/1.0.3.84/FreeRealmsInstaller.cab?v=1035

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab

DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://martins.coupons.smartsource.com/download/cscmv5X.cab

DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab

DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab

DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab

DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab

DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab

DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab

DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab

DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{ABF88B41-EBD8-4208-BF30-39FE0E293676} : DhcpNameServer = 192.168.2.1

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

STS: {655560a9-3ca8-4509-9632-6abbef21426b} - No File

mASetup: {4D3B13AF-559D-4427-A598-227ECC4833C2} - rundll32.exe "c:\documents and settings\jo anne\application data\remote\srjmh47.dll", UnregisterDll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\kevin\application data\mozilla\firefox\profiles\w9zwxbse.default\

FF - plugin: c:\documents and settings\jo anne\application data\move networks\plugins\npqmp071505000011.dll

FF - plugin: c:\documents and settings\jo anne\application data\move networks\plugins\npqmp071706000001.dll

FF - plugin: c:\documents and settings\kevin\application data\move networks\plugins\npqmp071505000011.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\picasa2\npPicasa3.dll

FF - plugin: c:\program files\sony online entertainment\npsoe.dll

FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\kevin\application data\Move Networks

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]

S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-6 214664]

S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165648]

S1 MpKsl12cd3926;MpKsl12cd3926;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4c76a437-2bf5-40ef-8fb7-1a9384f9f353}\mpksl12cd3926.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4c76a437-2bf5-40ef-8fb7-1a9384f9f353}\MpKsl12cd3926.sys [?]

S1 MpKsl27815720;MpKsl27815720;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d4fb8479-44a6-4cb5-bf24-8cc053dfb7f5}\mpksl27815720.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d4fb8479-44a6-4cb5-bf24-8cc053dfb7f5}\MpKsl27815720.sys [?]

S1 MpKsl27b262d3;MpKsl27b262d3;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{026a045b-8dac-4f1a-bf40-ab465ad87bfe}\MpKsl27b262d3.sys [2011-8-31 28752]

S1 MpKsl48058893;MpKsl48058893;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43f4ed0b-0cec-4007-810c-e65dc7f93c0b}\mpksl48058893.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43f4ed0b-0cec-4007-810c-e65dc7f93c0b}\MpKsl48058893.sys [?]

S1 MpKsl4a646df7;MpKsl4a646df7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f510134f-92ce-49df-b2c8-3018e2b3dbdf}\mpksl4a646df7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f510134f-92ce-49df-b2c8-3018e2b3dbdf}\MpKsl4a646df7.sys [?]

S1 MpKsl6378b6f6;MpKsl6378b6f6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{07e19a7a-fb48-4636-b420-cbf4448a181c}\mpksl6378b6f6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{07e19a7a-fb48-4636-b420-cbf4448a181c}\MpKsl6378b6f6.sys [?]

S1 MpKsl6f79e9a2;MpKsl6f79e9a2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9e4bfb5-1c00-4896-bdb7-fe4f701bfd1b}\mpksl6f79e9a2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9e4bfb5-1c00-4896-bdb7-fe4f701bfd1b}\MpKsl6f79e9a2.sys [?]

S1 MpKsl7f1f8c96;MpKsl7f1f8c96;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4924b65f-f7d9-403f-8b4a-a79aa7ff12c5}\mpksl7f1f8c96.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4924b65f-f7d9-403f-8b4a-a79aa7ff12c5}\MpKsl7f1f8c96.sys [?]

S1 MpKsl9fecdc8b;MpKsl9fecdc8b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1dc9d9f6-aadb-4bed-bb78-14e8620a430c}\mpksl9fecdc8b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1dc9d9f6-aadb-4bed-bb78-14e8620a430c}\MpKsl9fecdc8b.sys [?]

S1 MpKslb2eb2475;MpKslb2eb2475;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f510134f-92ce-49df-b2c8-3018e2b3dbdf}\mpkslb2eb2475.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f510134f-92ce-49df-b2c8-3018e2b3dbdf}\MpKslb2eb2475.sys [?]

S1 MpKslfa068e7f;MpKslfa068e7f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d795fe7c-4cb9-472a-9dcb-5cbe61098d75}\mpkslfa068e7f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d795fe7c-4cb9-472a-9dcb-5cbe61098d75}\MpKslfa068e7f.sys [?]

S1 MpKslfed5d396;MpKslfed5d396;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9da057aa-02d5-416d-89fe-73812d882beb}\mpkslfed5d396.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9da057aa-02d5-416d-89fe-73812d882beb}\MpKslfed5d396.sys [?]

S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-1-11 54760]

S2 gupdate1c98e3f7d66146;Google Update Service (gupdate1c98e3f7d66146);c:\program files\google\update\GoogleUpdate.exe [2009-2-13 133104]

S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-13 133104]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-6 79816]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-7-6 35272]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-6 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-6 40552]

.

=============== Created Last 30 ================

.

2011-08-31 23:03:50 4194304 ----a-w- c:\windows\system32\pdmzmplg.dll

2011-08-31 21:51:17 28752 -c--a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{026a045b-8dac-4f1a-bf40-ab465ad87bfe}\MpKsl27b262d3.sys

2011-08-31 19:53:20 -------- d-----w- c:\documents and settings\kevin\application data\Remote

2011-08-30 23:41:01 7152464 -c--a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{026a045b-8dac-4f1a-bf40-ab465ad87bfe}\mpengine.dll

2011-08-29 18:10:10 90112 ------w- c:\windows\Updreg.EXE

2011-08-29 18:09:22 11264 ----a-w- c:\windows\INRES.DLL

2011-08-29 18:09:22 -------- d-----w- c:\windows\system32\Data

2011-08-29 18:08:22 9728 ------w- c:\windows\system32\drivers\PfModNT.sys

2011-08-29 15:52:27 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-08-29 15:52:27 -------- d-----w- c:\windows\system32\wbem\Repository

2011-08-10 05:22:31 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-10 05:22:13 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-09 07:00:53 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll

.

==================== Find3M ====================

.

2011-08-14 10:48:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-06-18 18:09:45 348160 ----a-w- c:\windows\system32\msvcr71.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD2500JS-75NCB3 rev.10.02E04 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8725E530]<<

_asm { MOV EAX, [ESP+0x4]; MOV ECX, [EAX+0x28]; PUSH EBP; MOV EBP, [ECX+0x4]; PUSH ESI; MOV ESI, [ESP+0x10]; PUSH EDI; MOV EDI, [ESI+0x60]; MOV AL, [EDI]; CMP AL, 0x16; JNZ 0x36; PUSH ESI; }

1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x873D6AB8]

3 CLASSPNP[0xF78A4FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x8724D5F0]

\Driver\00000411[0x8734F2A0] -> IRP_MJ_CREATE -> 0x8725E530

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x872EA31B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 20:28:51.60 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 6/5/2007 7:55:19 PM

System Uptime: 8/31/2011 7:15:33 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0HJ054

Processor: Intel® Pentium® D CPU 3.20GHz | Microprocessor | 3192/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 228 GiB total, 150.855 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP662: 6/2/2011 10:15:56 AM - System Checkpoint

RP663: 6/3/2011 6:17:58 AM - Software Distribution Service 3.0

RP664: 6/4/2011 6:18:30 AM - Software Distribution Service 3.0

RP665: 6/5/2011 1:43:16 AM - Software Distribution Service 3.0

RP666: 6/6/2011 2:11:52 AM - System Checkpoint

RP667: 6/6/2011 9:15:08 AM - Software Distribution Service 3.0

RP668: 6/7/2011 9:16:07 AM - Software Distribution Service 3.0

RP669: 6/8/2011 9:38:17 AM - System Checkpoint

RP670: 6/9/2011 5:59:07 AM - Software Distribution Service 3.0

RP671: 6/10/2011 5:53:44 AM - Software Distribution Service 3.0

RP672: 6/11/2011 5:54:15 AM - Software Distribution Service 3.0

RP673: 6/12/2011 2:16:04 AM - Software Distribution Service 3.0

RP674: 6/12/2011 2:12:40 PM - Software Distribution Service 3.0

RP675: 6/13/2011 2:11:42 PM - Software Distribution Service 3.0

RP676: 6/14/2011 2:12:02 PM - Software Distribution Service 3.0

RP677: 6/15/2011 2:12:35 PM - Software Distribution Service 3.0

RP678: 6/16/2011 2:12:46 PM - Software Distribution Service 3.0

RP679: 6/17/2011 3:00:21 AM - Software Distribution Service 3.0

RP680: 6/18/2011 4:05:39 AM - System Checkpoint

RP681: 6/18/2011 8:57:08 AM - Software Distribution Service 3.0

RP682: 6/19/2011 9:27:03 AM - System Checkpoint

RP683: 6/20/2011 6:25:53 AM - Software Distribution Service 3.0

RP684: 6/20/2011 11:06:53 AM - Removed Microsoft Works Suite Add-in for Microsoft Word

RP685: 6/21/2011 9:38:36 AM - Software Distribution Service 3.0

RP686: 6/22/2011 10:28:46 AM - System Checkpoint

RP687: 6/23/2011 6:02:51 AM - Software Distribution Service 3.0

RP688: 6/24/2011 5:57:52 AM - Software Distribution Service 3.0

RP689: 6/25/2011 6:04:23 AM - System Checkpoint

RP690: 6/25/2011 9:24:19 PM - Software Distribution Service 3.0

RP691: 6/26/2011 2:21:49 AM - Software Distribution Service 3.0

RP692: 6/27/2011 3:01:05 AM - System Checkpoint

RP693: 6/27/2011 7:05:44 PM - Software Distribution Service 3.0

RP694: 6/28/2011 7:30:28 PM - System Checkpoint

RP695: 6/29/2011 3:00:16 AM - Software Distribution Service 3.0

RP696: 6/29/2011 3:35:35 AM - Software Distribution Service 3.0

RP697: 6/30/2011 9:54:25 AM - Software Distribution Service 3.0

RP698: 6/30/2011 1:14:09 PM - Configured Amazon Unbox Video

RP699: 7/1/2011 7:36:47 PM - Software Distribution Service 3.0

RP700: 7/2/2011 7:32:44 PM - Software Distribution Service 3.0

RP701: 7/3/2011 9:46:57 PM - Software Distribution Service 3.0

RP702: 7/4/2011 10:04:28 PM - System Checkpoint

RP703: 7/5/2011 3:49:43 PM - Software Distribution Service 3.0

RP704: 7/6/2011 4:15:27 PM - System Checkpoint

RP705: 7/7/2011 2:44:56 PM - Software Distribution Service 3.0

RP706: 7/8/2011 3:46:52 PM - System Checkpoint

RP707: 7/8/2011 8:29:34 PM - Software Distribution Service 3.0

RP708: 7/9/2011 8:42:37 PM - System Checkpoint

RP709: 7/10/2011 6:23:36 AM - Software Distribution Service 3.0

RP710: 7/11/2011 6:48:09 AM - System Checkpoint

RP711: 7/12/2011 5:51:47 AM - Software Distribution Service 3.0

RP712: 7/12/2011 6:08:17 PM - Software Distribution Service 3.0

RP713: 7/13/2011 7:54:23 AM - Software Distribution Service 3.0

RP714: 7/14/2011 7:48:18 AM - Software Distribution Service 3.0

RP715: 7/15/2011 7:53:19 AM - System Checkpoint

RP716: 7/15/2011 10:26:01 PM - Software Distribution Service 3.0

RP717: 7/16/2011 10:20:19 PM - Software Distribution Service 3.0

RP718: 7/18/2011 5:49:58 AM - Software Distribution Service 3.0

RP719: 7/19/2011 5:53:31 AM - System Checkpoint

RP720: 7/19/2011 8:57:19 PM - Software Distribution Service 3.0

RP721: 7/20/2011 8:57:29 PM - Software Distribution Service 3.0

RP722: 7/21/2011 10:14:53 PM - System Checkpoint

RP723: 7/22/2011 5:24:36 AM - Software Distribution Service 3.0

RP724: 7/23/2011 5:24:33 AM - Software Distribution Service 3.0

RP725: 7/24/2011 2:04:25 AM - Software Distribution Service 3.0

RP726: 7/25/2011 5:59:32 AM - Software Distribution Service 3.0

RP727: 7/26/2011 5:54:41 AM - Software Distribution Service 3.0

RP728: 7/27/2011 5:54:33 AM - Software Distribution Service 3.0

RP729: 7/28/2011 5:53:54 AM - Software Distribution Service 3.0

RP730: 7/29/2011 5:54:29 AM - Software Distribution Service 3.0

RP731: 7/30/2011 7:51:56 AM - System Checkpoint

RP732: 7/30/2011 7:54:26 PM - Software Distribution Service 3.0

RP733: 7/31/2011 1:42:11 AM - Software Distribution Service 3.0

RP734: 7/31/2011 7:54:43 PM - Software Distribution Service 3.0

RP735: 8/1/2011 9:31:55 PM - System Checkpoint

RP736: 8/2/2011 7:53:37 AM - Software Distribution Service 3.0

RP737: 8/3/2011 10:04:27 AM - System Checkpoint

RP738: 8/4/2011 7:36:08 AM - Software Distribution Service 3.0

RP739: 8/5/2011 8:48:13 AM - Software Distribution Service 3.0

RP740: 8/6/2011 10:17:00 AM - System Checkpoint

RP741: 8/7/2011 6:24:38 AM - Software Distribution Service 3.0

RP742: 8/8/2011 6:53:32 AM - System Checkpoint

RP743: 8/9/2011 3:00:16 AM - Software Distribution Service 3.0

RP744: 8/10/2011 3:00:17 AM - Software Distribution Service 3.0

RP745: 8/10/2011 3:38:04 AM - Software Distribution Service 3.0

RP746: 8/11/2011 4:01:42 AM - System Checkpoint

RP747: 8/11/2011 6:06:40 AM - Software Distribution Service 3.0

RP748: 8/12/2011 6:06:52 AM - Software Distribution Service 3.0

RP749: 8/13/2011 6:06:59 AM - Software Distribution Service 3.0

RP750: 8/14/2011 6:29:26 AM - Software Distribution Service 3.0

RP751: 8/15/2011 6:50:49 AM - System Checkpoint

RP752: 8/16/2011 5:54:27 AM - Software Distribution Service 3.0

RP753: 8/17/2011 5:55:11 AM - Software Distribution Service 3.0

RP754: 8/18/2011 6:18:39 AM - System Checkpoint

RP755: 8/18/2011 7:26:19 PM - Software Distribution Service 3.0

RP756: 8/19/2011 10:20:00 PM - System Checkpoint

RP757: 8/20/2011 6:21:36 AM - Software Distribution Service 3.0

RP758: 8/21/2011 1:48:36 AM - Software Distribution Service 3.0

RP759: 8/22/2011 2:18:55 AM - System Checkpoint

RP760: 8/22/2011 6:21:02 AM - Software Distribution Service 3.0

RP761: 8/23/2011 6:21:35 AM - Software Distribution Service 3.0

RP762: 8/23/2011 11:50:26 PM - Software Distribution Service 3.0

RP763: 8/24/2011 7:00:13 AM - Software Distribution Service 3.0

RP764: 8/25/2011 7:38:14 AM - System Checkpoint

RP765: 8/26/2011 5:26:10 AM - Software Distribution Service 3.0

RP766: 8/27/2011 9:20:55 AM - System Checkpoint

RP767: 8/28/2011 2:07:56 AM - Software Distribution Service 3.0

RP768: 8/29/2011 11:50:51 AM - Restore Operation

RP769: 8/29/2011 12:02:26 PM - Software Distribution Service 3.0

RP770: 8/30/2011 12:40:45 PM - System Checkpoint

RP771: 8/31/2011 6:06:48 PM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.1.0)

Adobe Shockwave Player 11.5

Advanced Decoder Patch

Amazon MP3 Downloader 1.0.3

Amazon Unbox Video

Andrea VoiceCenter

AOLIcon

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft PhotoImpression

ATI Control Panel

ATI Display Driver

ATI Parental Control

Bonjour

Canon Camera Access Library

Canon Camera Support Core Library

Canon Camera Window DC_DV 5 for ZoomBrowser EX

Canon Camera Window DC_DV 6 for ZoomBrowser EX

Canon Camera Window MC 6 for ZoomBrowser EX

Canon G.726 WMP-Decoder

Canon MovieEdit Task for ZoomBrowser EX

Canon RAW Image Task for ZoomBrowser EX

Canon RemoteCapture Task for ZoomBrowser EX

Canon Utilities EOS Utility

Canon Utilities PhotoStitch

Canon Utilities ZoomBrowser EX

CCleaner (remove only)

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Compatibility Pack for the 2007 Office system

Conduit Engine

Conexant D850 56K V.9x DFVc Modem

Coupon Printer for Windows

Creative MediaSource

Critical Update for Windows Media Player 11 (KB959772)

Dell CinePlayer

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Dell Game Console

DellSupport

Digital Line Detect

DivXCodecPack

Documentation & Support Launcher

Drv

ELIcon

EPSON Copy Utility

EPSON Photo Print

EPSON Printer Software

EPSON Smart Panel

EPSON TWAIN 5

EPSON User's Guide

Games, Music, & Photos Launcher

Garmin Communicator Plugin

Garmin MapInstall

Garmin USB Drivers

Garmin WebUpdater

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

GoToAssist 8.0.0.514

High Definition Audio Driver Package - KB835221

honestech VHS to DVD 3.0 SE

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Format 11 SDK (KB939209)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Inca Ball

Intel® PRO Network Connections Drivers

Intel® PROSet for Wired Connections

IrfanView (remove only)

iTunes

Java 2 Runtime Environment, SE v1.4.2_03

Java™ 6 Update 11

Java™ 6 Update 2

Java™ 6 Update 3

Java™ 6 Update 5

Java™ 6 Update 6

Java™ 6 Update 7

Junk Mail filter update

Malwarebytes' Anti-Malware version 1.51.1.1800

Microsoft .NET Framework 1.0 Hotfix (KB953295)

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Digital Image Library 9 - Blocker

Microsoft Digital Image Standard 2006

Microsoft Digital Image Standard 2006 Editor

Microsoft Digital Image Standard 2006 Library

Microsoft Encarta Encyclopedia Standard 2006

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft LifeCam

Microsoft Money 2006

Microsoft National Language Support Downlevel APIs

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Word 2002

Microsoft Works

Microsoft Works Suite 2006 Setup Launcher

MobileMe Control Panel

Modem Helper

Move Media Player

Mozilla Firefox (3.6.8)

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Musicmatch for Windows Media Player

Musicmatch® Jukebox

NetWaiting

NetZeroInstallers

OTOY

Otto

palmOne

Photo Viewer

Picasa 3

Qualxserve Service Agreement

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Roxio DLA

Roxio Express Labeler

Roxio RecordNow Audio

Roxio RecordNow Copy

Roxio RecordNow Data

Safari

ScanToWeb

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

SigmaTel Audio

Sonic Activation Module

Sonic Encoders

Sonic Update Manager

Sound Blaster Audigy ADVANCED MB

Swag Bucks Toolbar

Tasco SkyWatch (Remove only)

Unity Web Player

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB971930)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Media Player 10 (KB910393)

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Rollup 2 for Windows XP Media Center Edition 2005

Viewpoint Media Player

WD Diagnostics

WebCyberCoach 3.2 Dell

WebFldrs XP

WildTangent Web Driver

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]

Windows Media Player 11

Windows PowerShell™ 1.0

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB908246

Windows XP Media Center Edition 2005 KB925766

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

Works Upgrade

.

==== Event Viewer Messages From Past Week ========

.

8/31/2011 8:21:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

8/31/2011 7:51:07 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

8/31/2011 7:50:56 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'loader.tlb' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.

8/31/2011 7:50:34 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/31/2011 7:47:47 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ctxusbm Fips intelppm IPSec mfehidk MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

8/31/2011 7:47:47 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

8/31/2011 7:47:47 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/31/2011 7:47:47 AM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/31/2011 7:47:47 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/31/2011 7:47:47 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

8/31/2011 7:47:47 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/31/2011 7:47:47 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/31/2011 7:09:02 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'pdmzmplg.dll' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

8/31/2011 7:04:03 PM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: Access is denied.

8/31/2011 7:03:53 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'L' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.

8/31/2011 7:03:52 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

8/31/2011 5:32:56 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 9 time(s).

8/31/2011 5:32:31 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 8 time(s).

8/31/2011 5:31:33 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 7 time(s).

8/31/2011 5:31:11 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 6 time(s).

8/31/2011 5:30:35 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 5 time(s).

8/31/2011 5:29:50 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 4 time(s).

8/31/2011 5:29:05 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).

8/31/2011 5:28:20 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/31/2011 5:26:58 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/31/2011 5:24:23 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949 Name: Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_Alureon->Mbr::Alureon Detection Origin: Unknown Detection Type: Concrete Detection Source: User User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Signature Version: AV: 1.111.1106.0, AS: 1.111.1106.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.7604.0, NIS: 0.0.0.0

8/31/2011 5:17:15 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/31/2011 5:17:01 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

8/31/2011 4:51:20 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.111.1106.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally

8/31/2011 3:52:25 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.111.1106.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally

8/31/2011 3:51:30 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.111.1106.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally

8/31/2011 3:40:12 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

8/31/2011 3:40:12 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/31/2011 3:39:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Creative Labs Licensing Service service to connect.

8/31/2011 3:39:42 PM, error: Service Control Manager [7000] - The Creative Labs Licensing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/31/2011 3:38:26 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.

8/31/2011 3:38:26 PM, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/31/2011 3:38:26 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}

8/31/2011 12:46:25 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the EpsonBidirectionalService service to connect.

8/31/2011 12:46:25 PM, error: Service Control Manager [7000] - The EpsonBidirectionalService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/31/2011 11:36:17 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ctxusbm Fips intelppm mfehidk MpFilter

8/31/2011 11:09:11 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 13 time(s).

8/31/2011 11:08:21 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Print Spooler service to connect.

8/31/2011 11:08:21 AM, error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/31/2011 11:07:02 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 12 time(s).

8/31/2011 11:06:26 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 11 time(s).

8/31/2011 11:05:07 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 10 time(s).

8/29/2011 7:45:54 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.111.915.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally

8/29/2011 7:39:16 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Media Center Scheduler Service service to connect.

8/29/2011 7:39:16 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Bonjour Service service to connect.

8/29/2011 7:39:16 AM, error: Service Control Manager [7000] - The Media Center Scheduler Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/29/2011 7:39:16 AM, error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/29/2011 5:54:21 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.111.915.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally

8/29/2011 2:19:18 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.

8/29/2011 2:19:18 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/29/2011 12:02:44 AM, error: Service Control Manager [7022] - The WebClient service hung on starting.

8/29/2011 11:40:18 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

8/28/2011 6:44:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Media Center Receiver Service service to connect.

8/28/2011 6:44:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.

8/27/2011 5:27:30 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.111.775.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 3 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.