Jump to content

Recommended Posts

Apologies, I see now I was to POST the results of just the DDS scan and attach two other files. I have now done this - thanks

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Christopher Swanson at 1:08:34.51 on Sat 05/14/2011

Internet Explorer: 7.0.5730.11

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3006.2330 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\WINDOWS\system32\Mxvgautil.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe

C:\Program Files\goScreen\goScreen.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Christopher Swanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Christopher Swanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Christopher Swanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Documents and Settings\Christopher Swanson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\downloads\malwarebytes\DDS\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig?hl=en

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070608

uInternet Settings,ProxyOverride = 127.0.0.1

mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [RCHotKey] "c:\program files\ringcentral\ringcentral call controller\RCHotKey.exe"

uRun: [Google Update] "c:\documents and settings\christopher swanson\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [vKLuVrOIsaEYCN] c:\documents and settings\all users\application data\vKLuVrOIsaEYCN.exe

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [Mxvgautil] c:\windows\system32\Mxvgautil.EXE

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe

dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023

StartupFolder: c:\docume~1\christ~1\startm~1\programs\s-z\startup\goscreen.lnk - c:\program files\goscreen\goScreen.exe

uPolicies-explorer: NoDesktop = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\program files\microsoft office\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

Trusted Zone: tpfcloud.com\bmamkt

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c1/v19.111/qboax10.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {975F9329-0F5F-48D2-ADF8-AEFB19DEFB5F} - hxxp://meeting.zoho.com/agent/ZohoMeeting.cab

DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} - hxxp://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~3\MpShHook.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\christ~1\applic~1\mozilla\firefox\profiles\fmlv2tg7.default\

FF - plugin: c:\documents and settings\christopher swanson\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]

R1 MpKsl4f8e2a2a;MpKsl4f8e2a2a;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{809dc9e0-32e2-4f6f-987a-e97c21f1034d}\MpKsl4f8e2a2a.sys [2011-5-14 28752]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-5 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-4-17 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-15 47640]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-13 363344]

R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-13 20952]

R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2007-4-17 13408]

R3 xMrMINI;xMrMINI;c:\windows\system32\drivers\xMrMini.sys [2008-4-15 233984]

R3 xVGAMINI;xVGAMINI;c:\windows\system32\drivers\xVgaMini.sys [2008-4-15 234368]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]

S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2011-05-14 05:03:52 -------- d-----w- C:\- - malwarebytes

2011-05-14 04:37:35 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{809dc9e0-32e2-4f6f-987a-e97c21f1034d}\MpKsl4f8e2a2a.sys

2011-05-14 02:32:19 -------- d-----w- c:\program files\Microsoft Easy Assist

2011-05-14 02:32:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Applications

2011-05-13 19:11:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-13 19:11:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-05-13 19:10:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-13 19:10:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-13 17:24:47 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{809dc9e0-32e2-4f6f-987a-e97c21f1034d}\mpengine.dll

2011-05-07 15:09:19 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-05-07 15:09:19 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-05-07 15:09:18 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-05-07 15:09:18 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-05-07 15:09:18 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-05-07 15:09:18 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-05-07 15:09:17 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

2011-05-07 15:09:17 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-14 17:49:32 -------- d-----w- c:\documents and settings\christopher swanson\.ffei_jogl

.

==================== Find3M ====================

.

.

============= FINISH: 1:09:44.54 ===============

ark.txt

Attach.txt

Link to post
Share on other sites

Also, I am now a registered Malwarbytes customer (purchased on 5/13 around 9 PM, ID ending in-----).

It appears your organization is helping PC owners regardless of whether they use your free version or decide to purchase. Like so many others here I appreciate your service and gladly bought your software.

I thought of myself as a skilled PC user who had taken reasonable steps to avoid malware...

- have always run anti-virus software over the years (AVG, SuperAntiSpy and most recently MS Security Essentials), run use Chrome

- keep OS up to date

- use Chrome

- never click on email links

...and have helped a few friends clean malware off of their PCs over the years by taking the steps I am doing now for myself...Googling for info, finding forums and software to help me undo the damage, etc.

I am not superstitious but it's ridiculous that this headache entered my life on Friday the 13th. Jeez.

I run a small business and need to get this PC's desktop and start menu back to a healthy state.

Thanks again Team MalwareBytes!

cswacswa

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.