Jump to content

Trojan:Win32/Sirefaf.J


Recommended Posts

I've been able to restore both Malwarebytes and Security Essentials, but the trojan is still resident on my computer...somewhere, because when IE8 is open, security essentials keeps catching it anew. Am unable to send or receive email through Incredimail, and internet explorer runs very slow. Evidently this is a version of the Win32/Sirefaf trojans. Microsoft doesn't have much information about it yet. Anyone else have this problem? Please...can you help me get rid of it?

Link to post
Share on other sites

Thank you for responding to my post...I sure hope you can help. Just a note: I re-installed Malwarebytes to my computer after this event...also reinstalled Windows Security Essentials. The other log generated by DDS has a very interesting minute-to-minute log of the entire event. anyway....

Here is the MBAM log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7925

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/11/2011 4:59:41 PM

mbam-log-2011-10-11 (16-59-41).txt

Scan type: Quick scan

Objects scanned: 251135

Time elapsed: 2 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

HERE IS THE DDS LOG:

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Run by Patricia at 17:00:48 on 2011-10-11

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.1896 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\iWin Games\iWinTrusted.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\Malwarebytes2\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\System32\dmadmin.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Malwarebytes2\mbamgui.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SetPoint\SetPoint.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Winter Fun Pack 2004 for Windows XP\WinterWallToy\WinterWalltoy.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Program Files\IncrediMail\bin\IncMail.exe

C:\Program Files\IncrediMail\Bin\ImApp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe

C:\WINDOWS\SoftwareDistribution\Download\2fae83efb7c35873a4d1879672146cc6\update\update.exe

C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080416

mStart Page = hxxp://www.dell.com

mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

mWinlogon: SFCDisable=-99 (0xffffff9d)

BHO: AutorunsDisabled - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File

BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: GamesBarBHO Class: {cb0d163c-e9f4-4236-9496-0597e24b23a5} - c:\program files\gamesbar\oberontb.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: CescrtHlpr Object: {f9b72325-a029-4a39-943a-02433c978829} - c:\program files\esnips.com\esnipstoolbar\1.3.0.3\escort.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: GamesBar: {6f282b65-56bf-4bd1-a8b2-a4449a05863d} - c:\program files\gamesbar\oberontb.dll

TB: esnips Toolbar: {3132f1df-2c69-49f5-aca5-69965fc18e59} - c:\program files\esnips.com\esnipstoolbar\1.3.0.3\escorTlbr.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [CTHelper] CTHELPER.EXE

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"

mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"

mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r

mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [ClientGW]

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes2\mbamgui.exe" /starttray

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

StartupFolder: c:\docume~1\patricia\startm~1\programs\startup\autoru~1\impuls~1.lnk - c:\program files\stardock\impulse\now\ImpulseNow.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winter~1.lnk - c:\windows\installer\{038a524f-58db-438a-8391-8f7f0ca14b9e}\Icon038A524F.exe

IE: &Add animation to IncrediMail Style Box - c:\program files\incredimail\bin\resources\WebMenuImg.htm

IE: &Search

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Snip to my eSnips account - c:\program files\esnips\res\SnipIt.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - c:\program files\gamesbar\oberontb.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: mswsock.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254161647234

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{0B24F9AB-1C57-411A-B34B-1FCED9CF4390} : DhcpNameServer = 75.75.75.75 75.75.76.76

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: AutorunsDisabled - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

Notify: LMIinit - LMIinit.dll

AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

mASetup: {C97751B1-BF63-4867-87FB-49B72502DBCD} - c:\program files\microsoft office\office10\OfficeXPFirstRun.vbs

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\patricia\application data\mozilla\firefox\profiles\k8c4kvo5.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?refresh=1

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=867034&p=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\esnips.com\esnipstoolbar\1.3.0.3\components\FFHst.dll

FF - plugin: c:\documents and settings\patricia\application data\move networks\plugins\npqmp071706000001.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: iWinGames Plugin: {98e34367-8df7-42b4-837b-20b892ff0849} - c:\program files\iwin games\firefox

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\patricia\application data\Move Networks

FF - Ext: esnips: ffxtlbr@esnips.com - c:\program files\esnips.com\esnipstoolbar\1.3.0.3

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com

.

============= SERVICES / DRIVERS ===============

.

R1 mapledxp;mapledxp;c:\windows\system32\drivers\mapledxp.sys [2010-6-19 24720]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 MpKsl7e023eb1;MpKsl7e023eb1;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d47fb1ae-84d5-4b14-a7ad-d7968a3c74c4}\MpKsl7e023eb1.sys [2011-10-11 28752]

R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2011-4-8 171200]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-7-6 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-1-11 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-9-10 47640]

R2 MBAMService;MBAMService;c:\program files\malwarebytes2\mbamservice.exe [2011-10-8 366152]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;c:\windows\microsoft.net\framework\v1.1.4322\netfxupdate.exe [2007-1-15 73728]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-8 22216]

S1 MpKsl18e7dff5;MpKsl18e7dff5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7209ba88-d7c2-46ee-a00b-97196f54398f}\mpksl18e7dff5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7209ba88-d7c2-46ee-a00b-97196f54398f}\MpKsl18e7dff5.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 cpuz132;cpuz132;\??\c:\docume~1\patricia\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\patricia\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\googleupdate.exe /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]

S3 TotRec8;Total Recorder WDM audio filter driver;\??\c:\windows\system32\drivers\totrec8.sys --> c:\windows\system32\drivers\TotRec8.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2005-8-16 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-4-15 30192]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2011-10-11 14:31:59 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d47fb1ae-84d5-4b14-a7ad-d7968a3c74c4}\MpKsl7e023eb1.sys

2011-10-11 14:31:57 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d47fb1ae-84d5-4b14-a7ad-d7968a3c74c4}\offreg.dll

2011-10-11 12:14:53 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d47fb1ae-84d5-4b14-a7ad-d7968a3c74c4}\mpengine.dll

2011-10-09 23:56:47 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-10-09 08:37:53 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2011-10-08 18:05:49 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-08 18:05:49 -------- d-----w- c:\program files\Malwarebytes2

2011-10-08 15:10:43 -------- d-----w- c:\program files\Microsoft Security Client

2011-10-08 15:02:13 -------- d-sh--w- c:\documents and settings\patricia\local settings\application data\2fa62e4b

2011-10-08 07:59:31 -------- d-----w- c:\documents and settings\patricia\local settings\application data\Axialis

2011-10-01 15:48:27 -------- d-----w- c:\program files\DVDFab 8 Qt

2011-09-22 20:52:17 -------- d-----w- c:\program files\Pirate Poppers

2011-09-16 21:30:05 -------- d-----w- c:\program files\Cursed House

.

==================== Find3M ====================

.

2011-10-08 04:19:39 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak

2011-10-08 04:19:39 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2011-10-08 04:19:38 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak

2011-10-08 04:19:38 87424 ----a-w- c:\windows\system32\LMIinit.dll

2011-10-08 04:19:38 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

2011-10-08 04:19:38 30592 ----a-w- c:\windows\system32\LMIport.dll

2011-09-10 14:49:28 2411810 ----a-w- c:\windows\Scenic- Horrorific Halloween.scr

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-19 22:05:00 621056 ----a-w- c:\windows\system32\dx7vb.dll

2011-08-19 22:05:00 36864 ----a-w- c:\windows\system32\DQAnimate2.ocx

2011-08-19 22:05:00 108784 ----a-w- c:\windows\system32\mswinsck.ocx

2011-08-01 22:54:43 87608 ----a-w- c:\documents and settings\patricia\application data\inst.exe

2011-08-01 22:54:43 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2011-08-01 22:54:43 47360 ----a-w- c:\documents and settings\patricia\application data\pcouffin.sys

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

============= FINISH: 17:01:49.21 ===============

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Combofix Log:

ComboFix 11-10-13.05 - Patricia 10/13/2011 16:53:38.1.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2621 [GMT -7:00]

Running from: C:\Documents and Settings\Patricia\Desktop\ComboFix.exe

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt

C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt

C:\Documents and Settings\Patricia\Application Data\inst.exe

C:\Documents and Settings\Patricia\WINDOWS

C:\Program Files\GamesBar\obERontb.dll

C:\Program Files\iWin Games\iWINgameshookie.dll

C:\WINDOWS\$NtUninstallKB65042$

C:\WINDOWS\$NtUninstallKB65042$\3676003303

C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}

C:\WINDOWS\kb913800.exe

C:\WINDOWS\system32\

C:\WINDOWS\system32\d3d9caps.dat

((((((((((((((((((((((((( Files Created from 2011-09-14 to 2011-10-14 )))))))))))))))))))))))))))))))

2011-10-09 23:56:47 . 2008-04-13 18:40:46 62976 ----a-w- C:\WINDOWS\system32\drivers\cdrom.sys

2011-10-08 18:05:49 . 2011-10-08 18:15:39 -------- d-----w- C:\Program Files\Malwarebytes2

2011-10-08 18:05:49 . 2011-09-01 00:00:50 22216 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2011-10-08 15:10:43 . 2011-10-13 23:41:27 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-10-08 15:02:13 . 2011-10-11 14:43:46 -------- d-sh--w- C:\Documents and Settings\Patricia\Local Settings\Application Data\2fa62e4b

2011-10-08 07:59:31 . 2011-10-08 07:59:41 -------- d-----w- C:\Documents and Settings\Patricia\Local Settings\Application Data\Axialis

2011-10-01 15:48:27 . 2011-10-10 00:41:01 -------- d-----w- C:\Program Files\DVDFab 8 Qt

2011-09-22 20:52:17 . 2011-09-22 20:52:30 -------- d-----w- C:\Program Files\Pirate Poppers

2011-09-16 21:30:05 . 2011-09-16 21:30:25 -------- d-----w- C:\Program Files\Cursed House

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-10-08 04:19:39 . 2011-09-10 22:53:07 83360 ----a-w- C:\WINDOWS\system32\LMIRfsClientNP.dll.000.bak

2011-10-08 04:19:39 . 2011-09-10 22:53:07 83360 ----a-w- C:\WINDOWS\system32\LMIRfsClientNP.dll

2011-10-08 04:19:38 . 2011-09-10 22:53:07 52096 ----a-w- C:\WINDOWS\system32\Spool\prtprocs\w32x86\LMIproc.dll

2011-10-08 04:19:38 . 2011-09-10 22:53:07 30592 ----a-w- C:\WINDOWS\system32\LMIport.dll

2011-10-08 04:19:38 . 2011-09-10 22:53:05 87424 ----a-w- C:\WINDOWS\system32\LMIinit.dll

2011-10-08 04:19:38 . 2010-11-26 17:29:14 87424 ----a-w- C:\WINDOWS\system32\LMIinit.dll.000.bak

2011-09-26 18:41:20 . 2008-07-30 02:59:58 611328 ----a-w- C:\WINDOWS\system32\uiautomationcore.dll

2011-09-26 18:41:20 . 2005-08-16 09:18:32 220160 ----a-w- C:\WINDOWS\system32\oleacc.dll

2011-09-26 18:41:14 . 2005-08-16 09:18:32 20480 ----a-w- C:\WINDOWS\system32\oleaccrc.dll

2011-09-10 14:49:28 . 2011-09-10 14:49:28 2411810 ----a-w- C:\WINDOWS\Scenic- Horrorific Halloween.scr

2011-09-09 09:12:13 . 2005-08-16 09:18:07 599040 ----a-w- C:\WINDOWS\system32\crypt32.dll

2011-09-06 13:20:51 . 2005-08-16 09:18:43 1858944 ----a-w- C:\WINDOWS\system32\win32k.sys

2011-08-22 23:48:55 . 2005-08-16 09:18:45 916480 ----a-w- C:\WINDOWS\system32\wininet.dll

2011-08-22 23:48:54 . 2005-08-16 09:18:22 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll

2011-08-22 23:48:54 . 2005-08-16 09:18:19 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl

2011-08-22 11:56:39 . 2005-08-16 09:18:19 385024 ----a-w- C:\WINDOWS\system32\html.iec

2011-08-19 22:05:00 . 2011-08-19 22:05:00 621056 ----a-w- C:\WINDOWS\system32\dx7vb.dll

2011-08-19 22:05:00 . 2011-08-19 22:05:00 36864 ----a-w- C:\WINDOWS\system32\DQAnimate2.ocx

2011-08-19 22:05:00 . 2011-08-19 22:05:00 108784 ----a-w- C:\WINDOWS\system32\mswinsck.ocx

2011-08-17 13:49:54 . 2005-08-16 09:18:03 138496 ----a-w- C:\WINDOWS\system32\drivers\afd.sys

2011-08-01 22:54:43 . 2009-09-28 01:04:01 47360 ----a-w- C:\WINDOWS\system32\drivers\pcouffin.sys

2011-08-01 22:54:43 . 2009-09-28 01:04:01 47360 ----a-w- C:\Documents and Settings\Patricia\Application Data\pcouffin.sys

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

[-] 2009-08-07 02:24:06 . 51B92B39623F5D401A43E58483E2AB55 . 46924 . . [7.4.7600.226 (winmain_wtr_wsus3sp2(wmbla).090806-1834)] . . C:\WINDOWS\system32\wuauclt.exe

[7] 2009-08-07 02:24:06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226 (winmain_wtr_wsus3sp2(wmbla).090806-1834)] . . C:\WINDOWS\system32\dllcache\wuauclt.exe

[7] 2008-04-14 00:12:41 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe

[7] 2008-04-14 00:11:51 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\d3d9.dll

[-] 2004-08-10 10:00:00 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\d3d9.dll

[-] 2004-07-09 11:27:28 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . C:\WINDOWS\system32\d3d9.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-16 02:45:36 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 19:01:14 67584]

"CTHelper"="CTHELPER.EXE" [2005-11-08 10:30:42 16384]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 02:00:18 18944]

"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-10-09 13:09:06 100888]

"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 06:00:00 45056]

"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 16:01:06 122880]

"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 23:07:56 49152]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 16:35:42 221184]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 16:37:04 81920]

"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 16:56:08 124200]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-10-09 13:09:06 100888]

"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 06:00:00 90112]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2010-01-12 05:17:44 13666408]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2010-01-12 05:17:44 110696]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 00:11:14 61440]

"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-12 02:04:04 63048]

"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes2\mbamgui.exe" [2011-09-01 00:00:48 449608]

C:\Documents and Settings\Patricia\Start Menu\Programs\Startup\AutorunsDisabled

Impulse Now.lnk - C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe [N/A]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

SetPoint.lnk - C:\Program Files\SetPoint\SetPoint.exe [2008-4-15 679936]

Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

Winter Fun Wallpaper Changer.lnk - C:\WINDOWS\Installer\{038A524F-58DB-438A-8391-8F7F0CA14B9E}\Icon038A524F.exe [2009-9-27 14336]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 05:41:34 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]

2007-12-03 15:24:48 65536 ----a-w- c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2011-10-08 04:19:38 87424 ----a-w- C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"midi1"=mapledxp.dll

"mixer"=DrvTrNTm.dll

"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Patricia^Start Menu^Programs^Startup^Impulse Now.lnk]

path=C:\Documents and Settings\Patricia\Start Menu\Programs\Startup\Impulse Now.lnk

backup=C:\WINDOWS\pss\Impulse Now.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Patricia^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]

path=C:\Documents and Settings\Patricia\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

backup=C:\WINDOWS\pss\OpenOffice.org 3.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 08:04:34 39792 ----a-w- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2008-02-14 00:21:46 16384 ----a-w- C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]

2008-01-18 01:40:08 17920 ----a-w- C:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eSnips]

2007-12-10 21:07:42 872448 ----a-w- C:\Program Files\eSnips\ClientGW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2010-02-24 13:35:09 30192 ----a-w- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2010-03-12 20:08:54 49208 ----a-w- C:\Program Files\Hp\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

2008-08-20 17:54:08 150016 ----a-w- C:\Program Files\Hp\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12:28 1695232 --sh--w- C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-10-29 22:49:28 249064 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-04-16 02:45:36 68856 ----a-w- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]

2005-10-13 15:47:22 81920 ----a-w- C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=

"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=

"C:\\Program Files\\IncrediMail\\Bin\\IncMail.exe"=

"C:\\Program Files\\IncrediMail\\Bin\\ImApp.exe"=

"C:\\Program Files\\IncrediMail\\Bin\\ImpCnt.exe"=

"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Hitech Creations\\Aces High\\aceshigh.exe"=

"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfcCopy.exe"=

"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"=

"C:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqsudi.exe"=

"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpsapp.exe"=

"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpse.exe"=

"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgpc01.exe"=

"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgm.exe"=

"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgh.exe"=

"C:\\Program Files\\Hp\\HP Software Update\\hpwucli.exe"=

"C:\\Program Files\\Hp\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

"C:\\Program Files\\iWin Games\\iWinGames.exe"=

"C:\\Program Files\\iWin Games\\WebUpdater.exe"=

"C:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R1 mapledxp;mapledxp;C:\WINDOWS\system32\drivers\mapledxp.sys [6/19/2010 11:56:15 PM 24720]

R2 iWinTrusted;iWinTrusted;C:\Program Files\iWin Games\iWinTrusted.exe [4/8/2011 8:17:40 AM 171200]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe [7/6/2011 4:32:14 PM 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\rainfo.sys [1/11/2011 7:04:04 PM 12856]

R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes2\mbamservice.exe [10/8/2011 11:05:52 AM 366152]

R3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [10/8/2011 11:05:49 AM 22216]

R3 pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\drivers\pcouffin.sys [9/27/2009 6:04:01 PM 47360]

S1 MpKsl18e7dff5;MpKsl18e7dff5;\??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7209BA88-D7C2-46EE-A00B-97196F54398F}\MpKsl18e7dff5.sys --> c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7209BA88-D7C2-46EE-A00B-97196F54398F}\MpKsl18e7dff5.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16:28 PM 130384]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc --> C:\Program Files\Google\Update\GoogleUpdate.exe [?]

S3 TotRec8;Total Recorder WDM audio filter driver;\??\C:\WINDOWS\system32\drivers\TotRec8.sys --> C:\WINDOWS\system32\drivers\TotRec8.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);C:\WINDOWS\system32\svchost.exe -k WINRM [8/16/2005 2:18:40 AM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16:28 PM 753504]

S4 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [4/15/2008 7:45:37 PM 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

WINRM REG_MULTI_SZ WINRM

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C97751B1-BF63-4867-87FB-49B72502DBCD}]

2003-08-13 09:03:09 710 ----a-r- C:\Program Files\Microsoft Office\Office10\OfficeXPFirstRun.vbs

Contents of the 'Scheduled Tasks' folder

------- Supplementary Scan -------

uStart Page = hxxp://www.google.com/ig

mStart Page = hxxp://www.dell.com

IE: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

FF - ProfilePath - C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\k8c4kvo5.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?refresh=1

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=867034&p=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - C:\Program Files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: iWinGames Plugin: {98e34367-8df7-42b4-837b-20b892ff0849} - C:\Program Files\iWin Games\firefox

FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Documents and Settings\Patricia\Application Data\Move Networks

FF - Ext: esnips: ffxtlbr@esnips.com - C:\Program Files\eSnips.com\eSnipsToolbar\1.3.0.3

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com

- - - - ORPHANS REMOVED - - - -

HKCU-Run-msnmsgr - C:\Program Files\Windows Live\Messenger\msnmsgr.exe

HKLM-Run-ClientGW - (no file)

MSConfigStartUp-RCSystemTray - C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe

DDS Scan Log:

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Run by Patricia at 17:28:31 on 2011-10-13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2396 [GMT -7:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Malwarebytes2\mbamgui.exe

C:\Program Files\SetPoint\SetPoint.exe

svchost.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\gearsec.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\iWin Games\iWinTrusted.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\Malwarebytes2\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\dmadmin.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig

mStart Page = hxxp://www.dell.com

BHO: AutorunsDisabled - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: CescrtHlpr Object: {f9b72325-a029-4a39-943a-02433c978829} - c:\program files\esnips.com\esnipstoolbar\1.3.0.3\escort.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: esnips Toolbar: {3132f1df-2c69-49f5-aca5-69965fc18e59} - c:\program files\esnips.com\esnipstoolbar\1.3.0.3\escorTlbr.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [CTHelper] CTHELPER.EXE

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"

mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"

mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r

mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [ClientGW]

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes2\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\patricia\startm~1\programs\startup\autoru~1\impuls~1.lnk - c:\program files\stardock\impulse\now\ImpulseNow.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winter~1.lnk - c:\windows\installer\{038a524f-58db-438a-8391-8f7f0ca14b9e}\Icon038A524F.exe

IE: &Add animation to IncrediMail Style Box - c:\program files\incredimail\bin\resources\WebMenuImg.htm

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Snip to my eSnips account - c:\program files\esnips\res\SnipIt.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254161647234

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{0B24F9AB-1C57-411A-B34B-1FCED9CF4390} : DhcpNameServer = 75.75.75.75 75.75.76.76

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: AutorunsDisabled - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

mASetup: {C97751B1-BF63-4867-87FB-49B72502DBCD} - c:\program files\microsoft office\office10\OfficeXPFirstRun.vbs

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\patricia\application data\mozilla\firefox\profiles\k8c4kvo5.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?refresh=1

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=867034&p=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\esnips.com\esnipstoolbar\1.3.0.3\components\FFHst.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: iWinGames Plugin: {98e34367-8df7-42b4-837b-20b892ff0849} - c:\program files\iwin games\firefox

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\patricia\application data\Move Networks

FF - Ext: esnips: ffxtlbr@esnips.com - c:\program files\esnips.com\esnipstoolbar\1.3.0.3

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com

.

============= SERVICES / DRIVERS ===============

.

R1 mapledxp;mapledxp;c:\windows\system32\drivers\mapledxp.sys [2010-6-19 24720]

R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2011-4-8 171200]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-7-6 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-1-11 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-9-10 47640]

R2 MBAMService;MBAMService;c:\program files\malwarebytes2\mbamservice.exe [2011-10-8 366152]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-8 22216]

S1 MpKsl18e7dff5;MpKsl18e7dff5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7209ba88-d7c2-46ee-a00b-97196f54398f}\mpksl18e7dff5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7209ba88-d7c2-46ee-a00b-97196f54398f}\MpKsl18e7dff5.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 cpuz132;cpuz132;\??\c:\docume~1\patricia\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\patricia\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\googleupdate.exe /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]

S3 TotRec8;Total Recorder WDM audio filter driver;\??\c:\windows\system32\drivers\totrec8.sys --> c:\windows\system32\drivers\TotRec8.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2005-8-16 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-4-15 30192]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2011-10-13 23:47:21 -------- d-sha-r- C:\cmdcons

2011-10-13 23:44:50 98816 ----a-w- c:\windows\sed.exe

2011-10-13 23:44:50 518144 ----a-w- c:\windows\SWREG.exe

2011-10-13 23:44:50 256000 ----a-w- c:\windows\PEV.exe

2011-10-13 23:44:50 208896 ----a-w- c:\windows\MBR.exe

2011-10-13 23:44:43 -------- d-----w- C:\ComboFix

2011-10-09 23:56:47 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-10-08 18:05:49 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-08 18:05:49 -------- d-----w- c:\program files\Malwarebytes2

2011-10-08 15:10:43 -------- d-----w- c:\program files\Microsoft Security Client

2011-10-08 15:02:13 -------- d-sh--w- c:\documents and settings\patricia\local settings\application data\2fa62e4b

2011-10-08 07:59:31 -------- d-----w- c:\documents and settings\patricia\local settings\application data\Axialis

2011-10-01 15:48:27 -------- d-----w- c:\program files\DVDFab 8 Qt

2011-09-22 20:52:17 -------- d-----w- c:\program files\Pirate Poppers

2011-09-16 21:30:05 -------- d-----w- c:\program files\Cursed House

.

==================== Find3M ====================

.

2011-10-08 04:19:39 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak

2011-10-08 04:19:39 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2011-10-08 04:19:38 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak

2011-10-08 04:19:38 87424 ----a-w- c:\windows\system32\LMIinit.dll

2011-10-08 04:19:38 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

2011-10-08 04:19:38 30592 ----a-w- c:\windows\system32\LMIport.dll

2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-10 14:49:28 2411810 ----a-w- c:\windows\Scenic- Horrorific Halloween.scr

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec

2011-08-19 22:05:00 621056 ----a-w- c:\windows\system32\dx7vb.dll

2011-08-19 22:05:00 36864 ----a-w- c:\windows\system32\DQAnimate2.ocx

2011-08-19 22:05:00 108784 ----a-w- c:\windows\system32\mswinsck.ocx

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-01 22:54:43 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2011-08-01 22:54:43 47360 ----a-w- c:\documents and settings\patricia\application data\pcouffin.sys

.

============= FINISH: 17:29:08.10 ===============

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

Results of ESET Scan:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=520e971edb8c484097a77cbb8c2f2e66

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-10-20 12:16:48

# local_time=2011-10-19 05:16:48 (-0800, Pacific Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5891 16776533 42 87 0 15819512 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=204992

# found=9

# cleaned=9

# scan_time=5965

C:\Documents and Settings\Patricia\AApricot\MY PICTURES SLIDESHOW\MagicTreeClockInst.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Patricia\My Documents\Downloads\speedingupmypc(2).exe a variant of Win32/Adware.SpeedingUpMyPC application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Patricia\My Documents\Downloads\speedingupmypc(3).exe a variant of Win32/Adware.SpeedingUpMyPC application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Patricia\My Documents\Downloads\speedingupmypc.exe a variant of Win32/Adware.SpeedingUpMyPC application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP864\A0351748.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\utility\cnet_Install-Spades-Free_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\utility\MagicTreeClockInst.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\utility\Setup_FreeVideoConverter.exe Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C

C:\utility\SoftonicDownloader64386.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Security Check file:

Results of screen317's Security Check version 0.99.24

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

Microsoft Security Essentials

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 24

Java 6 Update 22

Out of date Java installed!

Adobe Flash Player ( 10.2.152.32) Flash Player Out of Date!

Mozilla Firefox (3.6.14) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

``````````End of Log````````````

Thanks so much again for your help. Please let me know if I have any other issues to be resolved. Already things have improved. I just don't know what any of these log files mean or whether I need to still be concerned.

Patricia

Link to post
Share on other sites

  • Staff

Hi,

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

ESET Online Scanner v3

Java™ 6 Update 24

Java™ 6 Update 22

Adobe Flash Player ( 10.2.152.32)

Restart your computer.

Get the latest version of Java and Adobe Flash Player.

Also update Firefox-- ensure that you are using version 7.

Let me know what issues remain.

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.