Jump to content

cswacswa

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I completed the last set of steps and have no other issues to report. Thank you very much for your free support. Due to your forum and support I gladly became a paying Malwarebytes customer and look forward to avoiding future malware attacks. Please close this topic.
  2. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.6000.17095 (vista_gdr.101217-1830) # OnlineScanner.ocx=1.0.0.6522 # api_version=3.0.2 # EOSSerial=046ef1300063db4ba81fa8d52c9486ed # end=stopped # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-06-01 02:56:05 # local_time=2011-05-31 10:56:05 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=6143 16777215 0 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=73575 # found=0 # cleaned=0 # scan_time=3723 esets_scanner_update returned -1 esets_gle=53251 # version=7 # iexplore.exe=7.00.6000.17095 (vista_gdr.101217-1830) # OnlineScanner.ocx=1.0.0.6522 # api_version=3.0.2 # EOSSerial=046ef1300063db4ba81fa8d52c9486ed # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-06-01 07:18:14 # local_time=2011-06-01 03:18:14 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=6143 16777215 0 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=456305 # found=0 # cleaned=0 # scan_time=9892 -------------------------------------------------------------------------- Results of screen317's Security Check version 0.99.12 Windows XP Service Pack 3 Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 Microsoft Security Essentials ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware WinCleaner OneClick Professional Clean Version 11 Trial Edition Java 6 Update 16 Out of date Java installed! Flash Player Out of Date! Adobe Flash Player 10.2.153.1 Adobe Reader 7.0.8 Out of date Adobe Reader installed! Mozilla Firefox (x86 en-US..) ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Malwarebytes' Anti-Malware mbamservice.exe Microsoft Security Essentials msseces.exe Microsoft Security Client Antimalware MsMpEng.exe ``````````End of Log```````````` Thank you again for your assistance.
  3. Combo fix and new DDS logs posted below - thank you ------------------------------------------------------------- Combofix ------------------------------------------------------------- ComboFix 11-05-19.02 - Christopher Swanson 05/21/2011 9:08.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3006.1899 [GMT -4:00] Running from: c:\documents and settings\Christopher Swanson\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Christopher Swanson\g2mdlhlpx.exe c:\documents and settings\Christopher Swanson\WINDOWS E:\Autorun.inf . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_NPF -------\Service_usnjsvc . . ((((((((((((((((((((((((( Files Created from 2011-04-21 to 2011-05-21 ))))))))))))))))))))))))))))))) . . 2011-05-20 12:12 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E04CCB04-A7BE-412D-A1B7-E6E478342960}\mpengine.dll 2011-05-15 14:42 . 2011-05-15 14:42 -------- d-----w- c:\program files\Flash Renamer 4.62 2011-05-15 06:01 . 2011-05-15 06:01 -------- d-----w- c:\program files\Lock Folder XP 2011-05-15 06:01 . 2011-05-15 06:01 -------- d-----w- c:\program files\Common Files\Everstrike Software 2011-05-15 02:11 . 2011-05-15 02:11 -------- d-----w- c:\program files\Ycopy 2011-05-14 12:12 . 2011-05-14 12:12 -------- d-----w- c:\documents and settings\Christopher Swanson\Application Data\Malwarebytes 2011-05-14 05:03 . 2011-05-14 05:04 -------- d-----w- C:\- - malwarebytes 2011-05-14 02:32 . 2011-05-14 02:32 -------- d-----w- c:\program files\Microsoft Easy Assist 2011-05-14 02:32 . 2011-05-14 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Applications 2011-05-14 02:32 . 2011-05-14 02:32 -------- d-----w- c:\documents and settings\LocalService\Application Data\cacheDir 2011-05-13 19:11 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-13 19:11 . 2011-05-13 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-05-13 19:10 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-13 19:10 . 2011-05-14 02:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-13 19:01 . 2011-05-14 02:32 -------- d-----w- c:\documents and settings\swanson 2011-05-13 18:03 . 2011-05-13 18:03 -------- d-----w- c:\documents and settings\Administrator 2011-05-07 15:09 . 2011-05-07 15:09 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-05-07 15:09 . 2011-05-07 15:09 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-05-07 15:09 . 2011-05-07 15:09 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-05-07 15:09 . 2011-05-07 15:09 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-05-07 15:09 . 2011-05-07 15:09 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll 2011-05-07 15:09 . 2011-05-07 15:09 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-05-07 15:09 . 2011-05-07 15:09 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll 2011-05-07 15:09 . 2011-05-07 15:09 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-11 07:04 . 2010-10-08 06:20 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-05-07 15:09 . 2011-05-07 15:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RCHotKey"="c:\program files\RingCentral\RingCentral Call Controller\RCHotKey.exe" [2008-06-11 32768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048] "Mxvgautil"="c:\windows\system32\Mxvgautil.EXE" [2005-08-31 65536] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-27 149280] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880] "LFService"="c:\program files\Lock Folder XP\LFService.exe" [2009-09-15 40960] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080] . c:\documents and settings\Christopher Swanson\Start Menu\Programs\S-Z\Startup\ goScreen.lnk - c:\program files\goScreen\goScreen.exe [2007-11-1 667648] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2010-12-08 18:11 87424 ----a-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Track4Win Enterprise Server\\STServer.exe"= "c:\\WINDOWS\\system32\\javaw.exe"= "c:\\Program Files\\Track4Win Enterprise Monitor\\STMonitor.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\RingCentral\\RingCentral Call Controller\\RCUI.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"= "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"= . R1 LFSys;LFSys;c:\windows\system32\drivers\lf30xp.sys [8/3/2009 12:42 PM 68608] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [10/5/2010 7:32 AM 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [4/17/2007 2:00 PM 12856] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/13/2011 3:11 PM 363344] R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 6:43 PM 31896] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/13/2011 3:10 PM 20952] R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [4/17/2007 2:00 PM 13408] R3 xMrMINI;xMrMINI;c:\windows\system32\drivers\xMrMini.sys [4/15/2008 8:30 AM 233984] R3 xVGAMINI;xVGAMINI;c:\windows\system32\drivers\xVgaMini.sys [4/15/2008 8:30 AM 234368] S1 MpKslfc597198;MpKslfc597198;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E04CCB04-A7BE-412D-A1B7-E6E478342960}\MpKslfc597198.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E04CCB04-A7BE-412D-A1B7-E6E478342960}\MpKslfc597198.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 5:33 PM 135664] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 5:33 PM 135664] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WUAUSERV . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2011-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . 2011-05-21 c:\windows\Tasks\defrag.job - c:\windows\system32\defrag.exe [2004-08-10 00:12] . 2011-05-21 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-04 00:52] . 2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 21:33] . 2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 21:33] . 2011-05-21 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig?hl=en uInternet Settings,ProxyOverride = 127.0.0.1 IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office\OFFICE11\EXCEL.EXE/3000 Trusted Zone: tpfcloud.com\bmamkt DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {975F9329-0F5F-48D2-ADF8-AEFB19DEFB5F} - hxxp://meeting.zoho.com/agent/ZohoMeeting.cab DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} - hxxp://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab FF - ProfilePath - c:\documents and settings\Christopher Swanson\Application Data\Mozilla\Firefox\Profiles\fmlv2tg7.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-21 09:50 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2002664234-1255143822-1602771644-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters] @DACL=(02 0000) @SACL= "WinSock_Registry_Version"="2.0" "Current_NameSpace_Catalog"="NameSpace_Catalog5" "Current_Protocol_Catalog"="Protocol_Catalog9" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(676) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . - - - - - - - > 'explorer.exe'(6992) c:\windows\system32\WININET.dll c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll c:\program files\RingCentral\RingCentral Call Controller\RCHotKeyHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\DriveHQ\DriveHQ FileManager\DriveHQMenu.dll c:\program files\DriveHQ\DriveHQ Desktop Express\MyDriveHQ.dll c:\program files\DriveHQ\DriveHQ Desktop Express\HashDigital.dll c:\program files\DriveHQ\DriveHQ Desktop Express\LoadStringDll.dll c:\program files\DriveHQ\DriveHQ Desktop Express\ProgressBarDll.dll c:\program files\DriveHQ\DriveHQ Desktop Express\UIIntDll.dll c:\program files\DriveHQ\DriveHQ Desktop Express\UploadLib.dll c:\program files\DriveHQ\DriveHQ Desktop Express\funlib.dll c:\program files\DriveHQ\DriveHQ Desktop Express\vsscopyLib.dll c:\program files\Common Files\System\wab32res.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2011-05-21 09:56:09 - machine was rebooted ComboFix-quarantined-files.txt 2011-05-21 13:56 . Pre-Run: 89,024,348,160 bytes free Post-Run: 89,925,820,416 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - AD3F96C65886680CC0BF5AAC1F467164 ------------------------------------------------------------- DDS ------------------------------------------------------------- . DDS (Ver_11-03-05.01) - NTFSx86 Run by Christopher Swanson at 10:04:02.83 on Sat 05/21/2011 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3006.2363 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wscntfy.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\WINDOWS\system32\Mxvgautil.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe C:\Program Files\goScreen\goScreen.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe C:\Documents and Settings\Christopher Swanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Christopher Swanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\downloads\malwarebytes\DDS\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ig?hl=en uInternet Settings,ProxyOverride = 127.0.0.1 BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File uRun: [RCHotKey] "c:\program files\ringcentral\ringcentral call controller\RCHotKey.exe" mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [Mxvgautil] c:\windows\system32\Mxvgautil.EXE mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe mRun: [LFService] c:\program files\lock folder xp\LFService.exe -start dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 StartupFolder: c:\docume~1\christ~1\startm~1\programs\s-z\startup\goscreen.lnk - c:\program files\goscreen\goScreen.exe IE: E&xport to Microsoft Excel - c:\program files\microsoft office\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL Trusted Zone: tpfcloud.com\bmamkt DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c1/v19.111/qboax10.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {975F9329-0F5F-48D2-ADF8-AEFB19DEFB5F} - hxxp://meeting.zoho.com/agent/ZohoMeeting.cab DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} - hxxp://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: LMIinit - LMIinit.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~3\MpShHook.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\christ~1\applic~1\mozilla\firefox\profiles\fmlv2tg7.default\ . ============= SERVICES / DRIVERS =============== . R1 LFSys;LFSys;c:\windows\system32\drivers\lf30xp.sys [2009-8-3 68608] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-5 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-4-17 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-15 47640] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-13 363344] R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-13 20952] R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2007-4-17 13408] R3 xMrMINI;xMrMINI;c:\windows\system32\drivers\xMrMini.sys [2008-4-15 233984] R3 xVGAMINI;xVGAMINI;c:\windows\system32\drivers\xVgaMini.sys [2008-4-15 234368] S1 MpKslfc597198;MpKslfc597198;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e04ccb04-a7be-412d-a1b7-e6e478342960}\mpkslfc597198.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e04ccb04-a7be-412d-a1b7-e6e478342960}\MpKslfc597198.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664] S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . =============== Created Last 30 ================ . 2011-05-21 13:50:47 -------- d-----w- c:\docume~1\christ~1\applic~1\goScreen 2011-05-21 13:07:54 -------- d-sha-r- C:\cmdcons 2011-05-21 13:06:15 89088 ----a-w- c:\windows\MBR.exe 2011-05-21 13:06:15 256512 ----a-w- c:\windows\PEV.exe 2011-05-21 13:06:15 161792 ----a-w- c:\windows\SWREG.exe 2011-05-21 13:06:14 98816 ----a-w- c:\windows\sed.exe 2011-05-20 12:12:42 6962000 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{e04ccb04-a7be-412d-a1b7-e6e478342960}\mpengine.dll 2011-05-15 14:42:53 -------- d-----w- c:\program files\Flash Renamer 4.62 2011-05-15 06:01:00 -------- d-----w- c:\program files\Lock Folder XP 2011-05-15 06:01:00 -------- d-----w- c:\program files\common files\Everstrike Software 2011-05-15 02:11:27 -------- d-----w- c:\program files\Ycopy 2011-05-14 12:12:44 -------- d-----w- c:\docume~1\christ~1\applic~1\Malwarebytes 2011-05-14 05:03:52 -------- d-----w- C:\- - malwarebytes 2011-05-14 02:32:19 -------- d-----w- c:\program files\Microsoft Easy Assist 2011-05-14 02:32:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Applications 2011-05-13 19:11:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-13 19:11:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-05-13 19:10:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-13 19:10:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-07 15:09:19 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll 2011-05-07 15:09:19 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll 2011-05-07 15:09:18 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll 2011-05-07 15:09:18 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll 2011-05-07 15:09:18 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll 2011-05-07 15:09:18 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll 2011-05-07 15:09:17 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll 2011-05-07 15:09:17 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . ==================== Find3M ==================== . 2011-05-17 13:32:12 1901 ----a-w- c:\windows\panose.bin . ============= FINISH: 10:04:13.24 ===============
  4. Thank you. I will run ComboFix next and post that asap. ---------------------------------------------- Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6631 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 5/21/2011 1:55:05 AM mbam-log-2011-05-21 (01-55-05).txt Scan type: Quick scan Objects scanned: 188916 Time elapsed: 4 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  5. Yes I do, thank you. I will continue the dialog in my correctly formatted topic, number 84854. Please close this topic. Thanks again
  6. I have been running MSE for many months. No resource issues or infections. Previously used AVG (often hogged resources) and then SuperAntiSpy (good experience) after AVG suggested I try SAS to rid a coworker's laptop of an infection that AVG missed. I switched to MSE when renewal came up for SAS. On Friday I got TDSS by clicking on a link on a site...Chrome crashed and then seconds later the fake scanner started. MS Support had me download and run MWB and told me I was all set...MWB did immediately stop TDSS but all my files were hidden and Start menu is empty. I gladly bought MWB and now hoping to get help on the MWB Forum and in the meantime researching if I should drop MSE or if I could use both. I will try both based on what I read here.
  7. I followed the initial instructions (http://forums.malwarebytes.org/index.php?showtopic=9573). Infection is no longer being reported by MWB, but when restarting PC displays hour glass when trying to use taskbar. Solution so far is to boot into Safemode. Thank you for this forum and your help. -------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6589 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 5/16/2011 11:04:27 AM mbam-log-2011-05-16 (11-04-27).txt Scan type: Quick scan Objects scanned: 188114 Time elapsed: 8 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vKLuVrOIsaEYCN (Rogue.Agent.SA) -> Value: vKLuVrOIsaEYCN -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -------------------------------------------------------------------------- . DDS (Ver_11-03-05.01) - NTFSx86 NETWORK Run by Christopher Swanson at 19:15:33.31 on Mon 05/16/2011 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3006.2281 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Christopher Swanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Christopher Swanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Christopher Swanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Christopher Swanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Christopher Swanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\downloads\malwarebytes\DDS\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ig?hl=en uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070608 uInternet Settings,ProxyOverride = 127.0.0.1 mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [RCHotKey] "c:\program files\ringcentral\ringcentral call controller\RCHotKey.exe" uRun: [Google Update] "c:\documents and settings\christopher swanson\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [Mxvgautil] c:\windows\system32\Mxvgautil.EXE mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe mRun: [LFService] c:\program files\lock folder xp\LFService.exe -start mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 StartupFolder: c:\docume~1\christ~1\startm~1\programs\s-z\startup\goscreen.lnk - c:\program files\goscreen\goScreen.exe IE: E&xport to Microsoft Excel - c:\program files\microsoft office\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL Trusted Zone: tpfcloud.com\bmamkt DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c1/v19.111/qboax10.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {975F9329-0F5F-48D2-ADF8-AEFB19DEFB5F} - hxxp://meeting.zoho.com/agent/ZohoMeeting.cab DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} - hxxp://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: LMIinit - LMIinit.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~3\MpShHook.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\christ~1\applic~1\mozilla\firefox\profiles\fmlv2tg7.default\ FF - plugin: c:\documents and settings\christopher swanson\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll . ============= SERVICES / DRIVERS =============== . S1 LFSys;LFSys;c:\windows\system32\drivers\lf30xp.sys [2009-8-3 68608] S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-5 374152] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-4-17 12856] S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-15 47640] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-13 363344] S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-13 20952] S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2007-4-17 13408] S3 xMrMINI;xMrMINI;c:\windows\system32\drivers\xMrMini.sys [2008-4-15 233984] S3 xVGAMINI;xVGAMINI;c:\windows\system32\drivers\xVgaMini.sys [2008-4-15 234368] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . =============== Created Last 30 ================ . 2011-05-15 14:42:53 -------- d-----w- c:\program files\Flash Renamer 4.62 2011-05-15 06:01:00 -------- d-----w- c:\program files\Lock Folder XP 2011-05-15 06:01:00 -------- d-----w- c:\program files\common files\Everstrike Software 2011-05-15 02:11:27 -------- d-----w- c:\program files\Ycopy 2011-05-14 12:12:44 -------- d-----w- c:\docume~1\christ~1\applic~1\Malwarebytes 2011-05-14 05:03:52 -------- d-----w- C:\- - malwarebytes 2011-05-14 02:32:19 -------- d-----w- c:\program files\Microsoft Easy Assist 2011-05-14 02:32:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Applications 2011-05-13 19:11:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-13 19:11:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-05-13 19:10:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-13 19:10:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-13 17:24:47 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{809dc9e0-32e2-4f6f-987a-e97c21f1034d}\mpengine.dll 2011-05-07 15:09:19 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll 2011-05-07 15:09:19 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll 2011-05-07 15:09:18 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll 2011-05-07 15:09:18 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll 2011-05-07 15:09:18 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll 2011-05-07 15:09:18 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll 2011-05-07 15:09:17 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll 2011-05-07 15:09:17 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . ==================== Find3M ==================== . . ============= FINISH: 19:15:46.50 =============== attach_ark.zip
  8. Please close this topic. I now realize I did not read through the instructions and posted incorrectly here. I will try posting again using the correct process. Thanks
  9. Also, I am now a registered Malwarbytes customer (purchased on 5/13 around 9 PM, ID ending in-----). It appears your organization is helping PC owners regardless of whether they use your free version or decide to purchase. Like so many others here I appreciate your service and gladly bought your software. I thought of myself as a skilled PC user who had taken reasonable steps to avoid malware... - have always run anti-virus software over the years (AVG, SuperAntiSpy and most recently MS Security Essentials), run use Chrome - keep OS up to date - use Chrome - never click on email links ...and have helped a few friends clean malware off of their PCs over the years by taking the steps I am doing now for myself...Googling for info, finding forums and software to help me undo the damage, etc. I am not superstitious but it's ridiculous that this headache entered my life on Friday the 13th. Jeez. I run a small business and need to get this PC's desktop and start menu back to a healthy state. Thanks again Team MalwareBytes! cswacswa
  10. Apologies, I see now I was to POST the results of just the DDS scan and attach two other files. I have now done this - thanks . DDS (Ver_11-03-05.01) - NTFSx86 Run by Christopher Swanson at 1:08:34.51 on Sat 05/14/2011 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3006.2330 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\WINDOWS\system32\Mxvgautil.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe C:\Program Files\goScreen\goScreen.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Christopher Swanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Christopher Swanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Christopher Swanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Documents and Settings\Christopher Swanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\downloads\malwarebytes\DDS\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ig?hl=en uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070608 uInternet Settings,ProxyOverride = 127.0.0.1 mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [RCHotKey] "c:\program files\ringcentral\ringcentral call controller\RCHotKey.exe" uRun: [Google Update] "c:\documents and settings\christopher swanson\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [vKLuVrOIsaEYCN] c:\documents and settings\all users\application data\vKLuVrOIsaEYCN.exe mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [Mxvgautil] c:\windows\system32\Mxvgautil.EXE mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 StartupFolder: c:\docume~1\christ~1\startm~1\programs\s-z\startup\goscreen.lnk - c:\program files\goscreen\goScreen.exe uPolicies-explorer: NoDesktop = 1 (0x1) IE: E&xport to Microsoft Excel - c:\program files\microsoft office\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL Trusted Zone: tpfcloud.com\bmamkt DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c1/v19.111/qboax10.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {975F9329-0F5F-48D2-ADF8-AEFB19DEFB5F} - hxxp://meeting.zoho.com/agent/ZohoMeeting.cab DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} - hxxp://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: LMIinit - LMIinit.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~3\MpShHook.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\christ~1\applic~1\mozilla\firefox\profiles\fmlv2tg7.default\ FF - plugin: c:\documents and settings\christopher swanson\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264] R1 MpKsl4f8e2a2a;MpKsl4f8e2a2a;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{809dc9e0-32e2-4f6f-987a-e97c21f1034d}\MpKsl4f8e2a2a.sys [2011-5-14 28752] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-5 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-4-17 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-15 47640] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-13 363344] R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-13 20952] R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2007-4-17 13408] R3 xMrMINI;xMrMINI;c:\windows\system32\drivers\xMrMini.sys [2008-4-15 233984] R3 xVGAMINI;xVGAMINI;c:\windows\system32\drivers\xVgaMini.sys [2008-4-15 234368] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664] S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . =============== Created Last 30 ================ . 2011-05-14 05:03:52 -------- d-----w- C:\- - malwarebytes 2011-05-14 04:37:35 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{809dc9e0-32e2-4f6f-987a-e97c21f1034d}\MpKsl4f8e2a2a.sys 2011-05-14 02:32:19 -------- d-----w- c:\program files\Microsoft Easy Assist 2011-05-14 02:32:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Applications 2011-05-13 19:11:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-13 19:11:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-05-13 19:10:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-13 19:10:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-13 17:24:47 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{809dc9e0-32e2-4f6f-987a-e97c21f1034d}\mpengine.dll 2011-05-07 15:09:19 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll 2011-05-07 15:09:19 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll 2011-05-07 15:09:18 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll 2011-05-07 15:09:18 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll 2011-05-07 15:09:18 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll 2011-05-07 15:09:18 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll 2011-05-07 15:09:17 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll 2011-05-07 15:09:17 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-04-14 17:49:32 -------- d-----w- c:\documents and settings\christopher swanson\.ffei_jogl . ==================== Find3M ==================== . . ============= FINISH: 1:09:44.54 =============== ark.txt Attach.txt
  11. Hi - thanks for this forum! I followed the pinned instructions and have included my logs. Thanks again Attach.txt DDS.txt defogger_disable.log mbam-log-2011-05-13 (15-52-49).txt mbam-log-2011-05-13 (16-29-39).txt mbam-log-2011-05-13 (20-34-48).txt mbam-log-2011-05-13 (21-09-40).txt RKreport.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.