Jump to content

Slammybowl

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Slammybowl
    Hi all, Whatever nasty I have causes Malwarebytes to disappear after about 10 seconds, and then can't be accessed again. I followed the instructions for a new post and here are the results: I ran Defogger, and when the Finished message hit, the window to disable the CD Emulation drivers was still there and active. I closed it. The program did NOT ask me to reboot. I ran DDS. Here is the first log . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 7.0.5730.13 Run by Bill Purse at 14:54:08 on 2011-07-24 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.269 [GMT -7:00] . . ============== Running Processes =============== . "\\.\globalroot\Device\svchost.exe\svchost.exe" C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\CTSvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Smith Micro\StuffIt 2010\ArcNameService.exe C:\WINDOWS\wanmpsvc.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\program files\real\realplayer\update\realsched.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NETGEAR GA311 Adapter\GA311.exe C:\WINDOWS\system32\MSOffice\update.exe C:\WINDOWS\system32\MSOffice\update.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.cnn.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [AdobeAcrobat6] c:\windows\system32\msoffice\update.exe mRun: [EM_EXEC] c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AdobeAcrobat5] c:\windows\system32\msoffice\update.exe uExplorerRun: [Policies] c:\windows\system32\msoffice\update.exe mExplorerRun: [Policies] c:\windows\system32\msoffice\update.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ga311s~1.lnk - c:\program files\netgear ga311 adapter\GA311.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: Open Client to Monitor &1 - c:\windows\web\AOpenClient.htm IE: Open Client to Monitor &2 - c:\windows\web\AOpenClient.htm IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\empirepokermaster\empirepoker\RunEPoker.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} c:\program files\partygaming\partypoker\runapp.exe - c:\program files\partygaming\partypoker\runapp.exe\inprocserver32 does not exist! LSP: mswsock.dll DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {4E330863-6A11-11D0-BFD8-006097237877} - hxxp://www.installshield.com/install/iftwclix.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163885535428 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{27351B83-5BD8-486F-9280-B8CB47732175} : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{27351B83-5BD8-486F-9280-B8CB47732175} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A0BB83B6-A081-476B-BFC6-76F3CAE45733} : DhcpNameServer = 192.168.0.1 Notify: AtiExtEvent - Ati2evxx.dll Notify: LMIinit - LMIinit.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {QDH52V31-W5WW-3427-203N-84X616XF203F} - c:\windows\system32\msoffice\update.exe Restart . ============= SERVICES / DRIVERS =============== . R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2002-2-19 8040] R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [2003-9-17 8440] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-30 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-6-3 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-3 47640] R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2003-8-15 11237] R3 gsif324;GSIF Driver for MOTU 324;c:\windows\system32\drivers\GSIF324.sys [2003-11-5 27160] R3 w324drvr;w324drvr;c:\windows\system32\drivers\w324drvr.sys [2003-11-5 141236] R3 Wave324;Wave Driver for PCI-324;c:\windows\system32\drivers\Wave324.sys [2003-11-5 44760] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-27 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-27 136176] S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2002-2-17 294784] S4 LMIRfsClientNP;LMIRfsClientNP; [x] S4 StarTechAgent;Pioneer StarTech Server;"c:\program files\pioneer interactive inc\pioneer startech\datatier.exe" --> c:\program files\pioneer interactive inc\pioneer startech\DataTier.exe [?] S4 StarTechUpdate;Pioneer StarTech Update Server;"c:\program files\pioneer interactive inc\pioneer startech\startechupdate.exe" --> c:\program files\pioneer interactive inc\pioneer startech\StarTechUpdate.exe [?] . =============== Created Last 30 ================ . 2011-07-23 17:56:37 60153 ----a-w- c:\documents and settings\bill purse\application data\SQLite3.dll 2011-07-23 17:53:04 -------- d-----w- c:\documents and settings\bill purse\local settings\application data\Smith Micro 2011-07-23 17:52:39 -------- d-----w- c:\documents and settings\all users\application data\Smith Micro 2011-07-23 17:52:26 -------- d-----w- c:\program files\Smith Micro 2011-07-23 17:37:12 -------- d-----w- c:\documents and settings\bill purse\local settings\application data\PackageAware 2011-07-23 17:32:37 -------- d-----w- c:\program files\File Type Assistant 2011-07-23 17:32:08 -------- d-----w- c:\program files\Yahoo! 2011-07-21 23:10:50 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-07-19 00:43:14 -------- d-----w- C:\lemmings 2011-07-06 17:30:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ==================== Find3M ==================== . 2011-07-15 02:14:56 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2011-07-15 02:14:56 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll 2011-07-15 02:14:55 87424 ----a-w- c:\windows\system32\LMIinit.dll 2011-07-15 02:14:55 29568 ----a-w- c:\windows\system32\LMIport.dll 2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-04 11:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-04 09:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-26 11:07:50 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-04-26 11:07:50 293376 ----a-w- c:\windows\system32\winsrv.dll 2009-09-18 18:46:39 107 ---ha-w- c:\program files\BALANCE.REG 2006-03-24 14:19:48 421888 --sh--r- c:\windows\system32\msoffice\update.exe . ============= FINISH: 14:56:03.74 =============== When I ran GMER, it did NOT warn me about rootkit activity. I unchecked the appropriate boxes, then hit scan, and after about 4 seconds, it disappeared. I guess whatever bug this is also disables that program. So the attached file is only the attach.txt in a zipped form. Please help. Thanks in advance. Bill attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.