Jump to content

JustAnotherUser

Members
  • Posts

    17
  • Joined

  • Last visited

Reputation

0 Neutral
  1. A note on IE: I'm currently using IE9. I'm not sure why it says IE8.
  2. Hi screen317, Thanks for your help. The ESET scan came up clean. Here's the log from Security Check: Results of screen317's Security Check version 0.99.13 Windows 7 Service Pack 1 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! avast! Free Antivirus WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 26 Adobe Flash Player 10.3.181.22 Adobe Reader X (10.0.1) Mozilla Firefox (x86 en-GB..) ```````````````````````````````` Process Check: objlist.exe by Laurent system32 AvastSvc.exe -?- Alwil Software Avast5 AvastUI.exe ``````````End of Log```````````` I haven't experienced any symptoms as of late.
  3. Thanks for the reply. Here are the logs that you requested: Combofix: ComboFix 11-06-11.01 - Lloyd 12/06/2011 10:51:49.5.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.2047.1017 [GMT -4:00] Running from: c:\users\Lloyd\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-05-12 to 2011-06-12 ))))))))))))))))))))))))))))))) . . 2011-06-12 15:05 . 2011-06-12 15:05 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-06-12 15:05 . 2011-06-12 15:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-09 19:38 . 2011-06-09 19:38 -------- d-----w- c:\program files\Common Files\Java 2011-06-07 01:00 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe 2011-06-07 01:00 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe 2011-06-07 00:59 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-06-03 01:53 . 2011-06-03 01:53 -------- d-----w- c:\users\Lloyd\AppData\Local\{6F3A1DC5-DACF-4456-AF8E-92D8C02060F4} 2011-05-31 02:03 . 2011-05-31 02:03 -------- d-----w- c:\users\Lloyd\AppData\Roaming\FaxCtr 2011-05-31 01:54 . 2007-02-27 04:16 103936 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdddrpp.dll 2011-05-31 01:54 . 2007-03-28 13:16 344064 ----a-w- c:\windows\system32\lxddcoin.dll 2011-05-31 01:52 . 2007-02-21 23:11 45056 ----a-w- c:\windows\system32\LXF3PMON.DLL 2011-05-31 01:52 . 2007-02-21 23:11 32768 ----a-w- c:\windows\system32\LXF3FXPU.DLL 2011-05-31 01:52 . 2007-02-21 23:14 12288 ----a-w- c:\windows\system32\LXF3PMRC.DLL 2011-05-31 01:52 . 2006-11-07 10:02 36864 ----a-w- c:\windows\system32\lxf3oem.dll 2011-05-31 01:52 . 2006-05-31 15:51 98345 ----a-w- c:\windows\system32\IMHOST32.DLL 2011-05-31 01:52 . 2006-05-31 15:51 98304 ----a-w- c:\windows\system32\IM31XPNG.DEL 2011-05-31 01:52 . 2006-05-31 15:51 69632 ----a-w- c:\windows\system32\IM31XTIF.DEL 2011-05-31 01:52 . 2006-05-31 15:51 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL 2011-05-31 01:52 . 2006-05-31 15:51 49152 ----a-w- c:\windows\system32\IM31IMG.DIL 2011-05-31 01:52 . 2011-05-31 01:52 -------- d-----w- c:\programdata\FaxCtr 2011-05-31 01:51 . 2011-05-31 01:52 -------- d-----w- c:\program files\Lexmark Fax Solutions 2011-05-31 01:49 . 2007-04-26 05:21 394160 ----a-w- c:\windows\system32\lxddcfg.exe 2011-05-31 01:49 . 2007-03-16 02:36 77906 ----a-w- c:\windows\system32\lxddcfg.dll 2011-05-31 01:35 . 2011-05-31 01:35 6670853 ----a-w- c:\programdata\SPLEB77.tmp 2011-05-31 01:23 . 2011-05-31 01:23 7280650 ----a-w- c:\programdata\SPLC7BA.tmp 2011-05-30 22:11 . 2011-05-30 22:11 -------- d-----w- c:\users\Lloyd\AppData\Local\{A406BA9F-D2FB-4665-B5B6-4BDBAECB2677} 2011-05-29 23:48 . 2011-05-29 23:50 -------- d-----w- c:\users\Lloyd\FrostWire 2011-05-29 23:46 . 2011-05-04 08:52 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2011-05-29 00:09 . 2011-05-29 00:09 -------- d-----w- c:\users\Lloyd\AppData\Roaming\Philips 2011-05-29 00:05 . 2011-05-29 00:06 -------- d-----w- c:\users\Lloyd\AppData\Local\Philips-Songbird 2011-05-29 00:05 . 2011-05-29 00:05 -------- d-----w- c:\users\Lloyd\AppData\Roaming\Philips-Songbird 2011-05-29 00:04 . 2010-05-10 00:18 15664 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-05-29 00:04 . 2010-05-10 00:18 109360 ----a-w- c:\windows\system32\GEARAspi.dll 2011-05-29 00:04 . 2011-05-29 00:04 -------- d-----w- c:\program files\Philips 2011-05-24 23:09 . 2011-05-24 23:09 -------- d-----w- c:\users\Lloyd\AppData\Local\{A6FE30C6-5BC2-4AD5-A151-12FDA4A4C55D} 2011-05-19 03:36 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-05-18 11:04 . 2011-06-05 15:02 -------- d-----w- c:\programdata\Skype Extras 2011-05-18 11:04 . 2011-05-18 11:04 -------- d-----w- c:\program files\Common Files\Skype 2011-05-18 11:00 . 2011-06-10 20:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 13:11 . 2010-12-18 04:17 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2010-12-18 04:17 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-10 12:10 . 2010-12-18 03:11 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:10 . 2010-12-18 03:11 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-05-10 12:03 . 2011-03-18 02:04 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-10 12:03 . 2010-12-18 03:12 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-05-10 12:02 . 2010-12-18 03:12 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-05-10 11:59 . 2010-12-18 03:12 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-05-10 11:59 . 2010-12-18 03:12 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-05-10 11:59 . 2010-12-18 03:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-05-09 21:17 . 2011-05-09 21:17 0 ---ha-w- c:\users\Lloyd\AppData\Local\BIT611.tmp 2011-05-04 08:52 . 2010-12-18 04:03 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-20 00:40 . 2011-04-20 00:40 968716 ----a-w- c:\programdata\SPL52F8.tmp 2011-04-20 00:34 . 2011-04-20 00:34 6516248 ----a-w- c:\programdata\SPLA2CD.tmp 2011-04-14 01:27 . 2011-04-14 01:27 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-04-14 01:27 . 2011-04-14 01:27 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-04-14 01:27 . 2011-04-14 01:27 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-04-14 01:27 . 2011-04-14 01:27 74752 ----a-w- c:\windows\system32\iesetup.dll 2011-04-14 01:27 . 2011-04-14 01:27 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-04-14 01:27 . 2011-04-14 01:27 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-04-14 01:27 . 2011-04-14 01:27 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-04-14 01:27 . 2011-04-14 01:27 367104 ----a-w- c:\windows\system32\html.iec 2011-04-14 01:27 . 2011-04-14 01:27 23552 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-14 01:27 . 2011-04-14 01:27 161792 ----a-w- c:\windows\system32\msls31.dll 2011-04-14 01:27 . 2011-04-14 01:27 152064 ----a-w- c:\windows\system32\wextract.exe 2011-04-14 01:27 . 2011-04-14 01:27 150528 ----a-w- c:\windows\system32\iexpress.exe 2011-04-14 01:27 . 2011-04-14 01:27 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-14 01:27 . 2011-04-14 01:27 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-04-14 01:27 . 2011-04-14 01:27 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-04-14 01:27 . 2011-04-14 01:27 35840 ----a-w- c:\windows\system32\imgutil.dll 2011-04-14 01:27 . 2011-04-14 01:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-04-14 01:27 . 2011-04-14 01:27 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-04-14 01:27 . 2011-04-14 01:27 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2011-04-14 01:27 . 2011-04-14 01:27 11776 ----a-w- c:\windows\system32\mshta.exe 2011-04-14 01:27 . 2011-04-14 01:27 101888 ----a-w- c:\windows\system32\admparse.dll 2011-04-10 19:55 . 2011-04-10 19:55 496732 ----a-w- c:\programdata\SPLF6E0.tmp 2011-04-09 06:02 . 2011-05-11 21:42 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:02 . 2011-05-11 21:42 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-05-14 04:04 . 2011-03-28 23:19 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdloader"="c:\users\Lloyd\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-12-03 50592] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-27 15147400] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "P17RunE"="P17RunE.dll" [2008-03-28 14848] "V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-07 32768] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064] "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656] "UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-25 210216] "Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2010-05-27 375296] "lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-05-04 291760] "lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-03-05 20480] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-05-04 312240] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . c:\users\Lloyd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ magicJack.lnk - c:\users\Lloyd\AppData\Roaming\mjusbsp\magicJackLoader.exe [2010-12-3 806168] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-18 136176] R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-04-26 99248] R3 CFcatchme;CFcatchme;c:\users\Lloyd\AppData\Local\Temp\CFcatchme.sys [x] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-18 79360] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-18 136176] R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-10-27 98560] R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-10-27 14848] R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-10-27 123648] R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-05 16240] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-18 1343400] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-12-29 238952] S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-04-26 537520] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 4869488] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008] S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 416112] S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 44432] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-10-04 36608] S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136] S3 V0230Vfx;V0230Vfx;c:\windows\system32\DRIVERS\V0230Vfx.sys [2006-03-24 6272] S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\DRIVERS\V0230VID.sys [2007-08-07 509760] . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-08-20 18:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-18 03:12] . 2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-18 03:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://news.google.ca/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\Lloyd\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Lloyd\AppData\Roaming\Mozilla\Firefox\Profiles\q4no328z.default\ . . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 Disk: SEAGATE_ rev.7705 -> Harddisk0\DR0 -> \Device\00000060 . device: opened successfully user: MBR read successfully kernel: MBR read successfully user != kernel MBR !!! sectors 71687370 (+255): user != kernel . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-06-12 11:28:15 ComboFix-quarantined-files.txt 2011-06-12 15:28 ComboFix2.txt 2011-06-08 01:54 ComboFix3.txt 2011-03-18 01:30 . Pre-Run: 8,007,237,632 bytes free Post-Run: 7,957,897,216 bytes free . - - End Of File - - CD7182F9768AE7DFB4AD6B318DBE88E6 DDS (1): . DDS (Ver_2011-06-03.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by Lloyd at 11:29:05 on 2011-06-12 Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.2047.962 [GMT -4:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Tablet\Pen\Pen_TouchService.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\FsUsbExService.Exe C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\lxddcoms.exe C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Tablet\Pen\Pen_Tablet.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Program Files\Tablet\Pen\Pen_TouchUser.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\rundll32.exe C:\Windows\V0230Mon.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Tablet\Pen\Pen_TabletUser.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Program Files\Tablet\Pen\Pen_Tablet.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Windows\system32\ctfmon.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.exe C:\Windows\system32\notepad.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://news.google.ca/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll uRun: [cdloader] "c:\users\lloyd\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry mRun: [V0230Mon.exe] c:\windows\V0230Mon.exe mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5" mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe" mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0" mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [updatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0" mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter" mRun: [Philips Device Listener] "c:\program files\philips\philips songbird resources\autolauncher\PhilipsDeviceListener.exe" mRun: [lxddmon.exe] "c:\program files\lexmark 2500 series\lxddmon.exe" mRun: [lxddamon] "c:\program files\lexmark 2500 series\lxddamon.exe" mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\users\lloyd\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicj~1.lnk - c:\users\lloyd\appdata\roaming\mjusbsp\magicJackLoader.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\lloyd\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{3C3C2E1F-C91B-4881-803C-3ED1F6E677F9} : DhcpNameServer = 192.168.2.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ================= FIREFOX =================== . FF - ProfilePath - c:\users\lloyd\appdata\roaming\mozilla\firefox\profiles\q4no328z.default\ FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\tabletplugins\npwacom.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-17 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-17 307928] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-17 19544] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-17 53592] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-6-6 42184] R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-3-14 238952] R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224] R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-2-13 4869488] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-12-10 92008] R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-2-13 416112] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-3-14 36608] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347136] R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2010-12-17 6272] R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2010-12-17 509760] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-17 136176] S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-4-26 99248] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-12-17 79360] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-17 136176] S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2011-3-14 98560] S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2011-3-14 14848] S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2011-3-14 123648] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-24 52224] S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-2-13 16240] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-18 1343400] . =============== Created Last 30 ================ . 2011-06-12 15:25:47 -------- d-sh--w- C:\$RECYCLE.BIN 2011-06-08 01:00:40 98816 ----a-w- c:\windows\sed.exe 2011-06-08 01:00:40 518144 ----a-w- c:\windows\SWREG.exe 2011-06-08 01:00:40 256512 ----a-w- c:\windows\PEV.exe 2011-06-08 01:00:40 208896 ----a-w- c:\windows\MBR.exe 2011-06-07 01:00:23 31232 ----a-w- c:\windows\system32\prevhost.exe 2011-06-07 01:00:21 2616320 ----a-w- c:\windows\explorer.exe 2011-06-07 00:59:47 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-06-03 01:53:23 -------- d-----w- c:\users\lloyd\appdata\local\{6F3A1DC5-DACF-4456-AF8E-92D8C02060F4} 2011-05-31 02:03:04 -------- d-----w- c:\users\lloyd\appdata\roaming\FaxCtr 2011-05-31 01:54:35 103936 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxdddrpp.dll 2011-05-31 01:54:11 344064 ----a-w- c:\windows\system32\lxddcoin.dll 2011-05-31 01:52:43 45056 ----a-w- c:\windows\system32\LXF3PMON.DLL 2011-05-31 01:52:43 32768 ----a-w- c:\windows\system32\LXF3FXPU.DLL 2011-05-31 01:52:23 98345 ----a-w- c:\windows\system32\IMHOST32.DLL 2011-05-31 01:52:23 98304 ----a-w- c:\windows\system32\IM31XPNG.DEL 2011-05-31 01:52:23 69632 ----a-w- c:\windows\system32\IM31XTIF.DEL 2011-05-31 01:52:23 49152 ----a-w- c:\windows\system32\IM31IMG.DIL 2011-05-31 01:52:23 36864 ----a-w- c:\windows\system32\lxf3oem.dll 2011-05-31 01:52:23 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL 2011-05-31 01:52:23 12288 ----a-w- c:\windows\system32\LXF3PMRC.DLL 2011-05-31 01:52:22 -------- d-----w- c:\programdata\FaxCtr 2011-05-31 01:51:23 -------- d-----w- c:\program files\Lexmark Fax Solutions 2011-05-31 01:49:59 77906 ----a-w- c:\windows\system32\lxddcfg.dll 2011-05-31 01:49:59 394160 ----a-w- c:\windows\system32\lxddcfg.exe 2011-05-31 01:35:33 6670853 ----a-w- c:\programdata\SPLEB77.tmp 2011-05-31 01:23:23 7280650 ----a-w- c:\programdata\SPLC7BA.tmp 2011-05-30 22:11:23 -------- d-----w- c:\users\lloyd\appdata\local\{A406BA9F-D2FB-4665-B5B6-4BDBAECB2677} 2011-05-29 23:48:35 -------- d-----w- c:\users\lloyd\FrostWire 2011-05-29 23:46:53 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll 2011-05-29 00:09:49 -------- d-----w- c:\users\lloyd\appdata\roaming\Philips 2011-05-29 00:05:59 -------- d-----w- c:\users\lloyd\appdata\roaming\Philips-Songbird 2011-05-29 00:05:59 -------- d-----w- c:\users\lloyd\appdata\local\Philips-Songbird 2011-05-29 00:04:29 15664 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-05-29 00:04:29 109360 ----a-w- c:\windows\system32\GEARAspi.dll 2011-05-29 00:04:03 -------- d-----w- c:\program files\Philips 2011-05-24 23:09:07 -------- d-----w- c:\users\lloyd\appdata\local\{A6FE30C6-5BC2-4AD5-A151-12FDA4A4C55D} 2011-05-19 03:36:32 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-05-18 11:04:51 -------- d-----w- c:\programdata\Skype Extras 2011-05-18 11:00:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ==================== Find3M ==================== . 2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-10 11:59:44 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-05-04 08:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-20 00:40:37 968716 ----a-w- c:\programdata\SPL52F8.tmp 2011-04-20 00:34:25 6516248 ----a-w- c:\programdata\SPLA2CD.tmp 2011-04-10 19:55:24 496732 ----a-w- c:\programdata\SPLF6E0.tmp 2011-04-09 06:02:25 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:02:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 Disk: SEAGATE_ rev.7705 -> Harddisk0\DR0 -> \Device\00000060 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys halmacpi.dll adpu320.sys c:\windows\system32\drivers\adpu320.sys Adaptec, Inc. Adaptec Windows Ultra320 Family Driver 1 nt!IofCallDriver[0x82C46003] -> \Device\Harddisk0\DR0[0x85C50AC8] 3 CLASSPNP[0x89E7059E] -> nt!IofCallDriver[0x82C46003] -> \Device\0000005f[0x85588678] kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } user != kernel MBR !!! sectors 71687370 (+255): user != kernel . ============= FINISH: 11:29:45.31 =============== MBAM: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6841 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 12/06/2011 11:37:58 AM mbam-log-2011-06-12 (11-37-58).txt Scan type: Quick scan Objects scanned: 153279 Time elapsed: 3 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I think I'm not experiencing any symptoms of a malware infection.
  4. ComboFix: ComboFix 11-06-06.07 - Lloyd 07/06/2011 21:03:18.4.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.2047.933 [GMT -4:00] Running from: c:\users\Lloyd\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . PEV Error: ProfilesFile PEV Error: ProfilesFolder . ((((((((((((((((((((((((( Files Created from 2011-05-08 to 2011-06-08 ))))))))))))))))))))))))))))))) . . 2011-06-08 01:49 . 2011-06-08 01:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-07 01:00 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe 2011-06-07 01:00 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe 2011-06-07 00:59 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-06-03 01:53 . 2011-06-03 01:53 -------- d-----w- c:\users\Lloyd\AppData\Local\{6F3A1DC5-DACF-4456-AF8E-92D8C02060F4} 2011-05-31 02:03 . 2011-05-31 02:03 -------- d-----w- c:\users\Lloyd\AppData\Roaming\FaxCtr 2011-05-31 01:54 . 2007-02-27 04:16 103936 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdddrpp.dll 2011-05-31 01:54 . 2007-03-28 13:16 344064 ----a-w- c:\windows\system32\lxddcoin.dll 2011-05-31 01:52 . 2007-02-21 23:11 45056 ----a-w- c:\windows\system32\LXF3PMON.DLL 2011-05-31 01:52 . 2007-02-21 23:11 32768 ----a-w- c:\windows\system32\LXF3FXPU.DLL 2011-05-31 01:52 . 2007-02-21 23:14 12288 ----a-w- c:\windows\system32\LXF3PMRC.DLL 2011-05-31 01:52 . 2006-11-07 10:02 36864 ----a-w- c:\windows\system32\lxf3oem.dll 2011-05-31 01:52 . 2006-05-31 15:51 98345 ----a-w- c:\windows\system32\IMHOST32.DLL 2011-05-31 01:52 . 2006-05-31 15:51 98304 ----a-w- c:\windows\system32\IM31XPNG.DEL 2011-05-31 01:52 . 2006-05-31 15:51 69632 ----a-w- c:\windows\system32\IM31XTIF.DEL 2011-05-31 01:52 . 2006-05-31 15:51 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL 2011-05-31 01:52 . 2006-05-31 15:51 49152 ----a-w- c:\windows\system32\IM31IMG.DIL 2011-05-31 01:52 . 2011-05-31 01:52 -------- d-----w- c:\programdata\FaxCtr 2011-05-31 01:51 . 2011-05-31 01:52 -------- d-----w- c:\program files\Lexmark Fax Solutions 2011-05-31 01:49 . 2007-04-26 05:21 394160 ----a-w- c:\windows\system32\lxddcfg.exe 2011-05-31 01:49 . 2007-03-16 02:36 77906 ----a-w- c:\windows\system32\lxddcfg.dll 2011-05-31 01:35 . 2011-05-31 01:35 6670853 ----a-w- c:\programdata\SPLEB77.tmp 2011-05-31 01:23 . 2011-05-31 01:23 7280650 ----a-w- c:\programdata\SPLC7BA.tmp 2011-05-30 22:11 . 2011-05-30 22:11 -------- d-----w- c:\users\Lloyd\AppData\Local\{A406BA9F-D2FB-4665-B5B6-4BDBAECB2677} 2011-05-29 23:48 . 2011-05-29 23:50 -------- d-----w- c:\users\Lloyd\FrostWire 2011-05-29 23:47 . 2011-05-29 23:47 -------- d-----w- c:\program files\Common Files\Java 2011-05-29 23:46 . 2011-04-14 09:08 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2011-05-29 00:09 . 2011-05-29 00:09 -------- d-----w- c:\users\Lloyd\AppData\Roaming\Philips 2011-05-29 00:05 . 2011-05-29 00:06 -------- d-----w- c:\users\Lloyd\AppData\Local\Philips-Songbird 2011-05-29 00:05 . 2011-05-29 00:05 -------- d-----w- c:\users\Lloyd\AppData\Roaming\Philips-Songbird 2011-05-29 00:04 . 2010-05-10 00:18 15664 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-05-29 00:04 . 2010-05-10 00:18 109360 ----a-w- c:\windows\system32\GEARAspi.dll 2011-05-29 00:04 . 2011-05-29 00:04 -------- d-----w- c:\program files\Philips 2011-05-24 23:09 . 2011-05-24 23:09 -------- d-----w- c:\users\Lloyd\AppData\Local\{A6FE30C6-5BC2-4AD5-A151-12FDA4A4C55D} 2011-05-19 03:36 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-05-18 11:04 . 2011-06-05 15:02 -------- d-----w- c:\programdata\Skype Extras 2011-05-18 11:04 . 2011-05-18 11:04 -------- d-----w- c:\program files\Common Files\Skype 2011-05-18 11:00 . 2011-05-29 12:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-11 21:42 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-05-11 21:42 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-05-09 21:17 . 2011-05-09 21:17 0 ---ha-w- c:\users\Lloyd\AppData\Local\BIT611.tmp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 13:11 . 2010-12-18 04:17 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2010-12-18 04:17 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-10 12:10 . 2010-12-18 03:11 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:10 . 2010-12-18 03:11 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-05-10 12:03 . 2011-03-18 02:04 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-10 12:03 . 2010-12-18 03:12 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-05-10 12:02 . 2010-12-18 03:12 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-05-10 11:59 . 2010-12-18 03:12 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-05-10 11:59 . 2010-12-18 03:12 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-05-10 11:59 . 2010-12-18 03:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-04-20 00:40 . 2011-04-20 00:40 968716 ----a-w- c:\programdata\SPL52F8.tmp 2011-04-20 00:34 . 2011-04-20 00:34 6516248 ----a-w- c:\programdata\SPLA2CD.tmp 2011-04-14 09:07 . 2010-12-18 04:03 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-14 01:27 . 2011-04-14 01:27 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-04-14 01:27 . 2011-04-14 01:27 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-04-14 01:27 . 2011-04-14 01:27 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-04-14 01:27 . 2011-04-14 01:27 74752 ----a-w- c:\windows\system32\iesetup.dll 2011-04-14 01:27 . 2011-04-14 01:27 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-04-14 01:27 . 2011-04-14 01:27 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-04-14 01:27 . 2011-04-14 01:27 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-04-14 01:27 . 2011-04-14 01:27 367104 ----a-w- c:\windows\system32\html.iec 2011-04-14 01:27 . 2011-04-14 01:27 23552 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-14 01:27 . 2011-04-14 01:27 161792 ----a-w- c:\windows\system32\msls31.dll 2011-04-14 01:27 . 2011-04-14 01:27 152064 ----a-w- c:\windows\system32\wextract.exe 2011-04-14 01:27 . 2011-04-14 01:27 150528 ----a-w- c:\windows\system32\iexpress.exe 2011-04-14 01:27 . 2011-04-14 01:27 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-14 01:27 . 2011-04-14 01:27 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-04-14 01:27 . 2011-04-14 01:27 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-04-14 01:27 . 2011-04-14 01:27 35840 ----a-w- c:\windows\system32\imgutil.dll 2011-04-14 01:27 . 2011-04-14 01:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-04-14 01:27 . 2011-04-14 01:27 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-04-14 01:27 . 2011-04-14 01:27 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2011-04-14 01:27 . 2011-04-14 01:27 11776 ----a-w- c:\windows\system32\mshta.exe 2011-04-14 01:27 . 2011-04-14 01:27 101888 ----a-w- c:\windows\system32\admparse.dll 2011-04-10 19:55 . 2011-04-10 19:55 496732 ----a-w- c:\programdata\SPLF6E0.tmp 2011-03-11 05:33 . 2011-04-14 00:57 1137664 ----a-w- c:\windows\system32\mfc42.dll 2011-03-11 05:33 . 2011-04-14 00:57 1164288 ----a-w- c:\windows\system32\mfc42u.dll 2011-05-14 04:04 . 2011-03-28 23:19 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdloader"="c:\users\Lloyd\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-12-03 50592] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-27 15147400] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "P17RunE"="P17RunE.dll" [2008-03-28 14848] "V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-07 32768] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064] "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656] "UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-25 210216] "Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2010-05-27 375296] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672] "lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-05-04 291760] "lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-03-05 20480] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-05-04 312240] . c:\users\Lloyd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ magicJack.lnk - c:\users\Lloyd\AppData\Roaming\mjusbsp\magicJackLoader.exe [2010-12-3 806168] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-18 136176] R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-04-26 99248] R3 CFcatchme;CFcatchme;c:\users\Lloyd\AppData\Local\Temp\CFcatchme.sys [x] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-18 79360] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-18 136176] R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-10-27 98560] R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-10-27 14848] R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-10-27 123648] R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-05 16240] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-18 1343400] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-12-29 238952] S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-04-26 537520] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 4869488] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008] S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 416112] S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 44432] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-10-04 36608] S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136] S3 V0230Vfx;V0230Vfx;c:\windows\system32\DRIVERS\V0230Vfx.sys [2006-03-24 6272] S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\DRIVERS\V0230VID.sys [2007-08-07 509760] . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-08-20 18:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-18 03:12] . 2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-18 03:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://news.google.ca/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\Lloyd\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Lloyd\AppData\Roaming\Mozilla\Firefox\Profiles\q4no328z.default\ . - - - - ORPHANS REMOVED - - - - . HKLM-Run-NWEReboot - (no file) . . . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 Disk: SEAGATE_ rev.7705 -> Harddisk0\DR0 -> \Device\00000060 . device: opened successfully user: MBR read successfully kernel: MBR read successfully user != kernel MBR !!! sectors 71687370 (+255): user != kernel . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-06-07 21:54:35 ComboFix-quarantined-files.txt 2011-06-08 01:54 ComboFix2.txt 2011-03-18 01:30 . Pre-Run: 7,745,728,512 bytes free Post-Run: 7,882,645,504 bytes free . - - End Of File - - E599D2175AAB91265E3506598B05CC40 DDS (First One): . DDS (Ver_2011-06-03.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25 Run by Lloyd at 21:56:17 on 2011-06-07 Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.2047.926 [GMT -4:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Tablet\Pen\Pen_TouchService.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\FsUsbExService.Exe C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\lxddcoms.exe C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Tablet\Pen\Pen_Tablet.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Program Files\Tablet\Pen\Pen_TouchUser.exe C:\Program Files\Tablet\Pen\Pen_TabletUser.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Tablet\Pen\Pen_Tablet.exe C:\Windows\System32\rundll32.exe C:\Windows\V0230Mon.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Users\Lloyd\AppData\Roaming\mjusbsp\magicJack.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\ctfmon.exe C:\Windows\Explorer.exe C:\Windows\system32\notepad.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://news.google.ca/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll uRun: [cdloader] "c:\users\lloyd\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry mRun: [V0230Mon.exe] c:\windows\V0230Mon.exe mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5" mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe" mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0" mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [updatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0" mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter" mRun: [Philips Device Listener] "c:\program files\philips\philips songbird resources\autolauncher\PhilipsDeviceListener.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [lxddmon.exe] "c:\program files\lexmark 2500 series\lxddmon.exe" mRun: [lxddamon] "c:\program files\lexmark 2500 series\lxddamon.exe" mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s StartupFolder: c:\users\lloyd\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicj~1.lnk - c:\users\lloyd\appdata\roaming\mjusbsp\magicJackLoader.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\lloyd\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{3C3C2E1F-C91B-4881-803C-3ED1F6E677F9} : DhcpNameServer = 192.168.2.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ================= FIREFOX =================== . FF - ProfilePath - c:\users\lloyd\appdata\roaming\mozilla\firefox\profiles\q4no328z.default\ FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\tabletplugins\npwacom.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-17 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-17 307928] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-17 19544] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-17 53592] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-6-6 42184] R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-3-14 238952] R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224] R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-2-13 4869488] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-12-10 92008] R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-2-13 416112] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-3-14 36608] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347136] R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2010-12-17 6272] R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2010-12-17 509760] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-17 136176] S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-4-26 99248] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-12-17 79360] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-17 136176] S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2011-3-14 98560] S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2011-3-14 14848] S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2011-3-14 123648] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-24 52224] S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-2-13 16240] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-18 1343400] . =============== Created Last 30 ================ . 2011-06-08 01:52:48 -------- d-sh--w- C:\$RECYCLE.BIN 2011-06-08 01:00:40 98816 ----a-w- c:\windows\sed.exe 2011-06-08 01:00:40 518144 ----a-w- c:\windows\SWREG.exe 2011-06-08 01:00:40 256512 ----a-w- c:\windows\PEV.exe 2011-06-08 01:00:40 208896 ----a-w- c:\windows\MBR.exe 2011-06-07 01:00:23 31232 ----a-w- c:\windows\system32\prevhost.exe 2011-06-07 01:00:21 2616320 ----a-w- c:\windows\explorer.exe 2011-06-07 00:59:47 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-06-03 01:53:23 -------- d-----w- c:\users\lloyd\appdata\local\{6F3A1DC5-DACF-4456-AF8E-92D8C02060F4} 2011-05-31 02:03:04 -------- d-----w- c:\users\lloyd\appdata\roaming\FaxCtr 2011-05-31 01:54:35 103936 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxdddrpp.dll 2011-05-31 01:54:11 344064 ----a-w- c:\windows\system32\lxddcoin.dll 2011-05-31 01:52:43 45056 ----a-w- c:\windows\system32\LXF3PMON.DLL 2011-05-31 01:52:43 32768 ----a-w- c:\windows\system32\LXF3FXPU.DLL 2011-05-31 01:52:23 98345 ----a-w- c:\windows\system32\IMHOST32.DLL 2011-05-31 01:52:23 98304 ----a-w- c:\windows\system32\IM31XPNG.DEL 2011-05-31 01:52:23 69632 ----a-w- c:\windows\system32\IM31XTIF.DEL 2011-05-31 01:52:23 49152 ----a-w- c:\windows\system32\IM31IMG.DIL 2011-05-31 01:52:23 36864 ----a-w- c:\windows\system32\lxf3oem.dll 2011-05-31 01:52:23 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL 2011-05-31 01:52:23 12288 ----a-w- c:\windows\system32\LXF3PMRC.DLL 2011-05-31 01:52:22 -------- d-----w- c:\programdata\FaxCtr 2011-05-31 01:51:23 -------- d-----w- c:\program files\Lexmark Fax Solutions 2011-05-31 01:49:59 77906 ----a-w- c:\windows\system32\lxddcfg.dll 2011-05-31 01:49:59 394160 ----a-w- c:\windows\system32\lxddcfg.exe 2011-05-31 01:35:33 6670853 ----a-w- c:\programdata\SPLEB77.tmp 2011-05-31 01:23:23 7280650 ----a-w- c:\programdata\SPLC7BA.tmp 2011-05-30 22:11:23 -------- d-----w- c:\users\lloyd\appdata\local\{A406BA9F-D2FB-4665-B5B6-4BDBAECB2677} 2011-05-29 23:48:35 -------- d-----w- c:\users\lloyd\FrostWire 2011-05-29 23:46:53 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll 2011-05-29 00:09:49 -------- d-----w- c:\users\lloyd\appdata\roaming\Philips 2011-05-29 00:05:59 -------- d-----w- c:\users\lloyd\appdata\roaming\Philips-Songbird 2011-05-29 00:05:59 -------- d-----w- c:\users\lloyd\appdata\local\Philips-Songbird 2011-05-29 00:04:29 15664 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-05-29 00:04:29 109360 ----a-w- c:\windows\system32\GEARAspi.dll 2011-05-29 00:04:03 -------- d-----w- c:\program files\Philips 2011-05-24 23:09:07 -------- d-----w- c:\users\lloyd\appdata\local\{A6FE30C6-5BC2-4AD5-A151-12FDA4A4C55D} 2011-05-19 03:36:32 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-05-18 11:04:51 -------- d-----w- c:\programdata\Skype Extras 2011-05-18 11:00:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-11 21:42:17 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-05-11 21:42:17 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-05-09 21:17:22 0 ---ha-w- c:\users\lloyd\appdata\local\BIT611.tmp . ==================== Find3M ==================== . 2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-10 11:59:44 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-04-20 00:40:37 968716 ----a-w- c:\programdata\SPL52F8.tmp 2011-04-20 00:34:25 6516248 ----a-w- c:\programdata\SPLA2CD.tmp 2011-04-14 09:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-10 19:55:24 496732 ----a-w- c:\programdata\SPLF6E0.tmp 2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll 2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 Disk: SEAGATE_ rev.7705 -> Harddisk0\DR0 -> \Device\00000060 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys halmacpi.dll adpu320.sys c:\windows\system32\drivers\adpu320.sys Adaptec, Inc. Adaptec Windows Ultra320 Family Driver 1 nt!IofCallDriver[0x82C69003] -> \Device\Harddisk0\DR0[0x85C50AC8] 3 CLASSPNP[0x89E9259E] -> nt!IofCallDriver[0x82C69003] -> \Device\0000005f[0x85588030] kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } user != kernel MBR !!! sectors 71687370 (+255): user != kernel . ============= FINISH: 21:56:58.75 =============== Am I actually infected?
  5. Thanks for the reply. Here's the Malwarebytes log. It was clean again. Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6804 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 07/06/2011 8:15:43 PM mbam-log-2011-06-07 (20-15-42).txt Scan type: Quick scan Objects scanned: 152294 Time elapsed: 10 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Here's the first DDS log: . DDS (Ver_2011-06-03.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25 Run by Lloyd at 20:29:39 on 2011-06-07 Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.2047.1103 [GMT -4:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Tablet\Pen\Pen_TouchService.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\FsUsbExService.Exe C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\lxddcoms.exe C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Tablet\Pen\Pen_Tablet.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Program Files\Tablet\Pen\Pen_TouchUser.exe C:\Windows\Explorer.EXE C:\Program Files\Tablet\Pen\Pen_TabletUser.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Tablet\Pen\Pen_Tablet.exe C:\Windows\System32\rundll32.exe C:\Windows\V0230Mon.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Users\Lloyd\AppData\Roaming\mjusbsp\magicJack.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://news.google.ca/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll uRun: [cdloader] "c:\users\lloyd\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry mRun: [V0230Mon.exe] c:\windows\V0230Mon.exe mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5" mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe" mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0" mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [NWEReboot] mRun: [updatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0" mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter" mRun: [Philips Device Listener] "c:\program files\philips\philips songbird resources\autolauncher\PhilipsDeviceListener.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [lxddmon.exe] "c:\program files\lexmark 2500 series\lxddmon.exe" mRun: [lxddamon] "c:\program files\lexmark 2500 series\lxddamon.exe" mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s StartupFolder: c:\users\lloyd\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicj~1.lnk - c:\users\lloyd\appdata\roaming\mjusbsp\magicJackLoader.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\lloyd\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{3C3C2E1F-C91B-4881-803C-3ED1F6E677F9} : DhcpNameServer = 192.168.2.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ================= FIREFOX =================== . FF - ProfilePath - c:\users\lloyd\appdata\roaming\mozilla\firefox\profiles\q4no328z.default\ FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\tabletplugins\npwacom.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-17 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-17 307928] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-17 19544] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-17 53592] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-6-6 42184] R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-3-14 238952] R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224] R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-2-13 4869488] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-12-10 92008] R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-2-13 416112] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-3-14 36608] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347136] R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2010-12-17 6272] R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2010-12-17 509760] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-17 136176] S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-4-26 99248] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-12-17 79360] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-17 136176] S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2011-3-14 98560] S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2011-3-14 14848] S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2011-3-14 123648] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-24 52224] S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-2-13 16240] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-18 1343400] . =============== Created Last 30 ================ . 2011-06-07 01:00:23 31232 ----a-w- c:\windows\system32\prevhost.exe 2011-06-07 01:00:21 2616320 ----a-w- c:\windows\explorer.exe 2011-06-07 00:59:47 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-06-03 01:53:23 -------- d-----w- c:\users\lloyd\appdata\local\{6F3A1DC5-DACF-4456-AF8E-92D8C02060F4} 2011-05-31 02:03:04 -------- d-----w- c:\users\lloyd\appdata\roaming\FaxCtr 2011-05-31 01:54:35 103936 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxdddrpp.dll 2011-05-31 01:54:11 344064 ----a-w- c:\windows\system32\lxddcoin.dll 2011-05-31 01:52:43 45056 ----a-w- c:\windows\system32\LXF3PMON.DLL 2011-05-31 01:52:43 32768 ----a-w- c:\windows\system32\LXF3FXPU.DLL 2011-05-31 01:52:23 98345 ----a-w- c:\windows\system32\IMHOST32.DLL 2011-05-31 01:52:23 98304 ----a-w- c:\windows\system32\IM31XPNG.DEL 2011-05-31 01:52:23 69632 ----a-w- c:\windows\system32\IM31XTIF.DEL 2011-05-31 01:52:23 49152 ----a-w- c:\windows\system32\IM31IMG.DIL 2011-05-31 01:52:23 36864 ----a-w- c:\windows\system32\lxf3oem.dll 2011-05-31 01:52:23 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL 2011-05-31 01:52:23 12288 ----a-w- c:\windows\system32\LXF3PMRC.DLL 2011-05-31 01:52:22 -------- d-----w- c:\programdata\FaxCtr 2011-05-31 01:51:23 -------- d-----w- c:\program files\Lexmark Fax Solutions 2011-05-31 01:49:59 77906 ----a-w- c:\windows\system32\lxddcfg.dll 2011-05-31 01:49:59 394160 ----a-w- c:\windows\system32\lxddcfg.exe 2011-05-31 01:35:33 6670853 ----a-w- c:\programdata\SPLEB77.tmp 2011-05-31 01:23:23 7280650 ----a-w- c:\programdata\SPLC7BA.tmp 2011-05-30 22:11:23 -------- d-----w- c:\users\lloyd\appdata\local\{A406BA9F-D2FB-4665-B5B6-4BDBAECB2677} 2011-05-29 23:48:35 -------- d-----w- c:\users\lloyd\FrostWire 2011-05-29 23:46:53 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll 2011-05-29 00:09:49 -------- d-----w- c:\users\lloyd\appdata\roaming\Philips 2011-05-29 00:05:59 -------- d-----w- c:\users\lloyd\appdata\roaming\Philips-Songbird 2011-05-29 00:05:59 -------- d-----w- c:\users\lloyd\appdata\local\Philips-Songbird 2011-05-29 00:04:29 15664 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-05-29 00:04:29 109360 ----a-w- c:\windows\system32\GEARAspi.dll 2011-05-29 00:04:03 -------- d-----w- c:\program files\Philips 2011-05-24 23:09:07 -------- d-----w- c:\users\lloyd\appdata\local\{A6FE30C6-5BC2-4AD5-A151-12FDA4A4C55D} 2011-05-19 03:36:32 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-05-18 11:04:51 -------- d-----w- c:\programdata\Skype Extras 2011-05-18 11:00:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-11 21:42:17 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-05-11 21:42:17 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-05-09 21:17:22 0 ---ha-w- c:\users\lloyd\appdata\local\BIT611.tmp . ==================== Find3M ==================== . 2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-10 11:59:44 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-04-20 00:40:37 968716 ----a-w- c:\programdata\SPL52F8.tmp 2011-04-20 00:34:25 6516248 ----a-w- c:\programdata\SPLA2CD.tmp 2011-04-14 09:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-10 19:55:24 496732 ----a-w- c:\programdata\SPLF6E0.tmp 2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll 2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 Disk: SEAGATE_ rev.7705 -> Harddisk0\DR0 -> \Device\00000060 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys halmacpi.dll adpu320.sys c:\windows\system32\drivers\adpu320.sys Adaptec, Inc. Adaptec Windows Ultra320 Family Driver 1 nt!IofCallDriver[0x82C69003] -> \Device\Harddisk0\DR0[0x85C50AC8] 3 CLASSPNP[0x89E9259E] -> nt!IofCallDriver[0x82C69003] -> \Device\0000005f[0x85588030] kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } user != kernel MBR !!! sectors 71687370 (+255): user != kernel . ============= FINISH: 20:31:03.18 =============== Do you need the second one? Thanks again!
  6. Hello again Malwarebytes, Just an hour ago, Avast said that cdfs.sys (c:/windows/system32/drivers/cdfs.sys) was a rootkit and recommended that I delete it immediately. I ignored it after some research, which showed that the file was a driver used by Windows for CD drives. However, most of the stuff I read said that the file was in Windows XP. I use Windows 7, so I ran a scan on both Malwarebytes and Avast. Both came up clean. I submitted the file to VirusTotal, but that also came up clean. I don't think I'm experiencing the symptoms of a malware infection, but you never know. Should I be worried about the file, or am I safe? Here's my HijackThis log if needed: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:31:06 PM, on 04/06/2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Windows\V0230Mon.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Tablet\Pen\Pen_TabletUser.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Users\Lloyd\AppData\Roaming\mjusbsp\magicJack.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Lloyd\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry O4 - HKLM\..\Run: [V0230Mon.exe] C:\Windows\V0230Mon.exe O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [updatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [Philips Device Listener] "C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKCU\..\Run: [cdloader] "C:\Users\Lloyd\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: magicJack.lnk = Lloyd\AppData\Roaming\mjusbsp\magicJackLoader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lloyd\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll O20 - AppInit_DLLs: O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- End of file - 9621 bytes
  7. Thanks for your help LDTate, I really appreciate it.
  8. The description was probably fake. stdrt.exe showed up as a Windows Media Centre program even though it was malware according to MBAM. stdrt.exe wasn't running when I turned the computer on this morning, so it seems that msvfd32.exe may have been the actual malware. However, according to this link, there's a program called 'regsrv.exe' that's also related to stdrt.exe. Should we also remove that, if it's in my computer?
  9. Hi LDTate, Here's the log from ComboFix: stdrt.exe isn't running at the moment; however, I haven't manually rebooted the computer yet (ComboFix did, though) so I'm not sure if it'll return or not. The computer appears to be working normally, though it sometimes encounters a temp sensor error when booting up and doesn't get to Windows when it happens. Also, would it be possible to re-enable autorun again? It seems like my Internet phone doesn't start up automatically when it's disabled. Thanks for your help!
  10. No threat was found. I noticed that "c:\windows\system32\msvfd32.exe" was being used by stdrt.exe. Maybe that could be an infected file?
  11. Hi again, The process disappeared once ComboFix was done, but after restarting it came back. What should I do now? Here's the log:
  12. Hi LDTate, This is the first thing I got: I clicked on 'Reanalyze' and got this:
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.