Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6403
Windows 6.0.6000
Internet Explorer 8.0.6001.18882
4/23/2011 4:21:40 AM
mbam-log-2011-04-23 (04-21-40).txt
Scan type: Quick scan
Objects scanned: 192063
Time elapsed: 8 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\richb2\AppData\Local\qud.exe" -a "firefox.exe) Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\richb2\AppData\Local\qud.exe" -a "firefox.exe -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\richb2\AppData\Local\qud.exe" -a "iexplore.exe) Good: (iexplore.exe) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-23 04:29:46
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.V54O
Running: lh8bb9kt.exe; Driver: C:\Users\Admin\AppData\Local\Temp\kwlyqpow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
---- Threads - GMER 1.0.15 ----
Thread System [4:412] 8A197140
Thread System [4:420] 8A197140
Thread System [4:424] 8A1CF520
Thread System [4:428] 8A1CF520
Thread System [4:436] 8A1D1580
Thread System [4:440] 8A1D1580
Thread System [4:444] 8A1D1580
Thread System [4:452] 8A1CF520
---- EOF - GMER 1.0.15 ----
attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/4/2007 12:45:35 AM
System Uptime: 4/23/2011 4:23:20 AM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Leonite2
Processor: Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz | Socket 775 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 289 GiB total, 159.393 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.005 GiB free.
E: is CDROM ()
G: is FIXED (NTFS) - 298 GiB total, 283.672 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Hosts File Hijack ======================
.
Hosts: 127.0.0.1 www.avast.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.bitdefender.com
Hosts: 127.0.0.1 www.eset.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.pandasecurity.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.virustotal.com
.
==== Installed Programs ======================
.
µTorrent
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.1
Adobe Shockwave Player 11.5
AnalogX AutoTune
AnswerWorks 5.0 English Runtime
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Audacity 1.2.6
Awave Studio v10.1
Band-in-a-Box 2008.5 (Build 263)
Becker CPA Review CD-ROM Course and PassMaster - 2008 Edition
Bisk CPA Review Software 13.10
Bonjour
CloneCD
Compatibility Pack for the 2007 Office system
Creative MediaSource 5
Digital Voice Editor 3
DiskCheckup V2.1
DivX Content Uploader
DivX Web Player
DzSoft Favorites Search 2.1
EarMaster Pro 5
Enhanced Multimedia Keyboard Solution
ESET Online Scanner v3
FreeMind
FretPro V.2.00
Garmin City Navigator North America NT 2010.20
Garmin WebUpdater
Google Desktop
Google Toolbar for Internet Explorer
Guitar Freak Workstation with SightReader
H-Series_ASIO32
Hardware Diagnostic Tools
HD Tune Pro 4.01
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Picasso Media Center Add-In
HP Product Detection
HP Total Care Advisor
HP Update
ieSpell
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Intel® Viiv™ Software
iSkysoft DVD to iPod Converter(Build 1.5.23)
iTunes
J2SE Runtime Environment 5.0 Update 12
Java Auto Updater
Kaspersky Anti-Virus 7.0
LAME v3.98.2 for Audacity
LG USB Modem driver
LightScribe 1.4.142.1
LiveUpdate 3.2 (Symantec Corporation)
Macrium Reflect - Free Edition
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Mega Manager
Megaupload Toolbar
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft IntelliPoint 6.1
Microsoft Office Basic Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Musicnotes Software Suite 1.5.5
muvee autoProducer 6.0
My HP Games
NETGEAR Live Parental Controls Management Utility 2.0b44
NETGEAR Live Parental Controls User Utility 1.0b38
NirSoft BlueScreenView
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
PG Music DirectX Plugins 1.3.4.1
Picasa 2
Power Tab Editor 1.7
PSSWCORE
Python 2.4.3
QMC
QuickBooks Pro 2007
QuickBooks Product Listing Service
Quicken 2008
QuickTime
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
River Past Audio Converter
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Safari
SampleTestInstall
Shockwave
Sibelius Scorch (ActiveX Only)
Skype Toolbars
Skype™ 5.0
Snapfish Media Detector
Snitch
Soft Data Fax Modem with SmartCP
Spybot - Search & Destroy
Stock Investor Professional
Streamripper (Remove only)
SupportSoft Assisted Service
TaxCut New Jersey 2007
TaxCut New York 2007
TaxCut Premium + State 2007
TeamViewer 3
Transcribe! 8.10
Ulead VideoStudio SE DVD
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Video Piggy
Viewpoint Media Player
Virtual Sound Canvas DXi
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Winamp
Winamp Remote
Windows Installer Clean Up
Windows Movie Maker 2.6
WinPcap 4.1.1
WinRAR archiver
WinZip 11.2
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer
ZENcast Organizer
ZillaTube 3.1
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)
.
==== End Of File ===========================
dds.txt
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Admin at 4:33:58.96 on Sat 04/23/2011
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.5.0_12
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.917 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer3\TeamViewer_Host.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\vVX6000.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Admin\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_12\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: CocoonSoftware Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: CocoonSoftware Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SnapfishMediaDetector] c:\program files\snapfish media detector\SnapfishMediaDetector.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [CCUTRAYICON] FactoryMode
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_12\bin\ssv.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 7.0\SCIEPlgn.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - {4DC701A0-93AD-11D4-A15B-AF07886E4A07} - c:\progra~1\dzsoft\favori~1\FavSeek.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1303530075634
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
Hosts: 127.0.0.1 www.avast.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.bitdefender.com
Hosts: 127.0.0.1 www.eset.com
Hosts: 127.0.0.1 www.f-secure.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-5 64288]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2010-3-17 15328]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2007-4-4 20760]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2010-3-17 220128]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2007-9-28 600912]
R2 TeamViewer;TeamViewer 3;c:\program files\teamviewer3\TeamViewer_Host.exe [2008-3-12 181544]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-1-25 25088]
S2 AVP;Kaspersky Anti-Virus 7.0;c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe [2007-6-28 218376]
S2 gupdate;gupdate; [x]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-11-1 30192]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2008-5-11 39048]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2007-4-10 2385896]
S3 ZMHHPAudioSrv;ZOOM H Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmhhpau.sys [2010-4-16 32000]
.
=============== Created Last 30 ================
.
2011-04-23 03:21:42 -------- d-----w- C:\_OTM
2011-04-22 23:42:43 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{f9c6cc1f-2a06-4892-a269-ee12ad9e30aa}\mpengine.dll
2011-04-22 10:26:03 -------- d--h--w- C:\$AVG
2011-04-22 03:04:45 -------- d-----w- c:\progra~2\AVG Security Toolbar
2011-04-22 02:55:27 -------- d-----w- c:\progra~2\AVG10
2011-04-22 02:50:11 -------- d-----w- c:\program files\AVG
2011-04-22 02:37:05 -------- d-----w- c:\progra~2\MFAData
2011-04-21 19:40:16 -------- d-s---w- C:\ComboFix
2011-04-20 20:29:18 -------- d-----w- C:\_OTL
2011-04-20 17:54:28 -------- d-----w- c:\users\admin\appdata\local\Musicnotes
2011-04-20 00:05:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-20 00:05:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-13 18:26:48 -------- d-----w- c:\program files\Streamripper
2011-04-11 01:12:49 -------- d-----w- c:\progra~2\Musicnotes
2011-04-11 00:54:03 -------- d-----w- c:\users\admin\appdata\local\OpenCandy
2011-04-11 00:53:59 -------- d-----w- c:\users\admin\appdata\roaming\OpenCandy
2011-04-11 00:53:59 -------- d-----w- c:\program files\Musicnotes
2011-04-02 20:18:43 -------- d-----w- c:\program files\common files\Sonic Shared
2011-04-02 02:16:25 -------- d-----w- c:\progra~2\McAfee Security Scan
2011-04-02 02:16:22 -------- d-----w- c:\program files\McAfee Security Scan
.
==================== Find3M ====================
.
2011-02-14 03:53:25 320000 ----a-w- c:\windows\system32\CF6700.exe
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 4:35:37.98 ===============
www.malwarebytes.org
Database version: 6403
Windows 6.0.6000
Internet Explorer 8.0.6001.18882
4/23/2011 4:21:40 AM
mbam-log-2011-04-23 (04-21-40).txt
Scan type: Quick scan
Objects scanned: 192063
Time elapsed: 8 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\richb2\AppData\Local\qud.exe" -a "firefox.exe) Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\richb2\AppData\Local\qud.exe" -a "firefox.exe -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\richb2\AppData\Local\qud.exe" -a "iexplore.exe) Good: (iexplore.exe) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-23 04:29:46
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.V54O
Running: lh8bb9kt.exe; Driver: C:\Users\Admin\AppData\Local\Temp\kwlyqpow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
---- Threads - GMER 1.0.15 ----
Thread System [4:412] 8A197140
Thread System [4:420] 8A197140
Thread System [4:424] 8A1CF520
Thread System [4:428] 8A1CF520
Thread System [4:436] 8A1D1580
Thread System [4:440] 8A1D1580
Thread System [4:444] 8A1D1580
Thread System [4:452] 8A1CF520
---- EOF - GMER 1.0.15 ----
attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/4/2007 12:45:35 AM
System Uptime: 4/23/2011 4:23:20 AM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Leonite2
Processor: Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz | Socket 775 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 289 GiB total, 159.393 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.005 GiB free.
E: is CDROM ()
G: is FIXED (NTFS) - 298 GiB total, 283.672 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Hosts File Hijack ======================
.
Hosts: 127.0.0.1 www.avast.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.bitdefender.com
Hosts: 127.0.0.1 www.eset.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.microsoft.com
Hosts: 127.0.0.1 www.pandasecurity.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.virustotal.com
.
==== Installed Programs ======================
.
µTorrent
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.1
Adobe Shockwave Player 11.5
AnalogX AutoTune
AnswerWorks 5.0 English Runtime
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Audacity 1.2.6
Awave Studio v10.1
Band-in-a-Box 2008.5 (Build 263)
Becker CPA Review CD-ROM Course and PassMaster - 2008 Edition
Bisk CPA Review Software 13.10
Bonjour
CloneCD
Compatibility Pack for the 2007 Office system
Creative MediaSource 5
Digital Voice Editor 3
DiskCheckup V2.1
DivX Content Uploader
DivX Web Player
DzSoft Favorites Search 2.1
EarMaster Pro 5
Enhanced Multimedia Keyboard Solution
ESET Online Scanner v3
FreeMind
FretPro V.2.00
Garmin City Navigator North America NT 2010.20
Garmin WebUpdater
Google Desktop
Google Toolbar for Internet Explorer
Guitar Freak Workstation with SightReader
H-Series_ASIO32
Hardware Diagnostic Tools
HD Tune Pro 4.01
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Picasso Media Center Add-In
HP Product Detection
HP Total Care Advisor
HP Update
ieSpell
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Intel® Viiv™ Software
iSkysoft DVD to iPod Converter(Build 1.5.23)
iTunes
J2SE Runtime Environment 5.0 Update 12
Java Auto Updater
Kaspersky Anti-Virus 7.0
LAME v3.98.2 for Audacity
LG USB Modem driver
LightScribe 1.4.142.1
LiveUpdate 3.2 (Symantec Corporation)
Macrium Reflect - Free Edition
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Mega Manager
Megaupload Toolbar
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft IntelliPoint 6.1
Microsoft Office Basic Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Musicnotes Software Suite 1.5.5
muvee autoProducer 6.0
My HP Games
NETGEAR Live Parental Controls Management Utility 2.0b44
NETGEAR Live Parental Controls User Utility 1.0b38
NirSoft BlueScreenView
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
PG Music DirectX Plugins 1.3.4.1
Picasa 2
Power Tab Editor 1.7
PSSWCORE
Python 2.4.3
QMC
QuickBooks Pro 2007
QuickBooks Product Listing Service
Quicken 2008
QuickTime
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
River Past Audio Converter
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Safari
SampleTestInstall
Shockwave
Sibelius Scorch (ActiveX Only)
Skype Toolbars
Skype™ 5.0
Snapfish Media Detector
Snitch
Soft Data Fax Modem with SmartCP
Spybot - Search & Destroy
Stock Investor Professional
Streamripper (Remove only)
SupportSoft Assisted Service
TaxCut New Jersey 2007
TaxCut New York 2007
TaxCut Premium + State 2007
TeamViewer 3
Transcribe! 8.10
Ulead VideoStudio SE DVD
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Video Piggy
Viewpoint Media Player
Virtual Sound Canvas DXi
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Winamp
Winamp Remote
Windows Installer Clean Up
Windows Movie Maker 2.6
WinPcap 4.1.1
WinRAR archiver
WinZip 11.2
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer
ZENcast Organizer
ZillaTube 3.1
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)
.
==== End Of File ===========================
dds.txt
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Admin at 4:33:58.96 on Sat 04/23/2011
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.5.0_12
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.917 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer3\TeamViewer_Host.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\vVX6000.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Admin\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_12\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: CocoonSoftware Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: CocoonSoftware Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SnapfishMediaDetector] c:\program files\snapfish media detector\SnapfishMediaDetector.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [CCUTRAYICON] FactoryMode
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_12\bin\ssv.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 7.0\SCIEPlgn.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - {4DC701A0-93AD-11D4-A15B-AF07886E4A07} - c:\progra~1\dzsoft\favori~1\FavSeek.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1303530075634
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
Hosts: 127.0.0.1 www.avast.com
Hosts: 127.0.0.1 www.avg.com
Hosts: 127.0.0.1 www.bitdefender.com
Hosts: 127.0.0.1 www.eset.com
Hosts: 127.0.0.1 www.f-secure.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-5 64288]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2010-3-17 15328]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2007-4-4 20760]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2010-3-17 220128]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2007-9-28 600912]
R2 TeamViewer;TeamViewer 3;c:\program files\teamviewer3\TeamViewer_Host.exe [2008-3-12 181544]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-1-25 25088]
S2 AVP;Kaspersky Anti-Virus 7.0;c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe [2007-6-28 218376]
S2 gupdate;gupdate; [x]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-11-1 30192]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2008-5-11 39048]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2007-4-10 2385896]
S3 ZMHHPAudioSrv;ZOOM H Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmhhpau.sys [2010-4-16 32000]
.
=============== Created Last 30 ================
.
2011-04-23 03:21:42 -------- d-----w- C:\_OTM
2011-04-22 23:42:43 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{f9c6cc1f-2a06-4892-a269-ee12ad9e30aa}\mpengine.dll
2011-04-22 10:26:03 -------- d--h--w- C:\$AVG
2011-04-22 03:04:45 -------- d-----w- c:\progra~2\AVG Security Toolbar
2011-04-22 02:55:27 -------- d-----w- c:\progra~2\AVG10
2011-04-22 02:50:11 -------- d-----w- c:\program files\AVG
2011-04-22 02:37:05 -------- d-----w- c:\progra~2\MFAData
2011-04-21 19:40:16 -------- d-s---w- C:\ComboFix
2011-04-20 20:29:18 -------- d-----w- C:\_OTL
2011-04-20 17:54:28 -------- d-----w- c:\users\admin\appdata\local\Musicnotes
2011-04-20 00:05:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-20 00:05:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-13 18:26:48 -------- d-----w- c:\program files\Streamripper
2011-04-11 01:12:49 -------- d-----w- c:\progra~2\Musicnotes
2011-04-11 00:54:03 -------- d-----w- c:\users\admin\appdata\local\OpenCandy
2011-04-11 00:53:59 -------- d-----w- c:\users\admin\appdata\roaming\OpenCandy
2011-04-11 00:53:59 -------- d-----w- c:\program files\Musicnotes
2011-04-02 20:18:43 -------- d-----w- c:\program files\common files\Sonic Shared
2011-04-02 02:16:25 -------- d-----w- c:\progra~2\McAfee Security Scan
2011-04-02 02:16:22 -------- d-----w- c:\program files\McAfee Security Scan
.
==================== Find3M ====================
.
2011-02-14 03:53:25 320000 ----a-w- c:\windows\system32\CF6700.exe
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 4:35:37.98 ===============