Here is the Combofix log and new Hijackthis log. Nothing was found using the Kaspersky scanner.
ComboFix 10-01-27.03 - murisaka 9/2010 Fri 0:11.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.932.81.1033.18.1022.278 [GMT -5:00]
Running from: c:\users\Miki\Desktop\ComboFix.exe
Command switches used :: c:\users\Miki\Desktop\CFScript.txt
AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Symantec AntiVirus *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
FILE ::
"c:\windows\System32\mei006h.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\BAE
c:\program files\BAE\BAE.dll
c:\users\Miki\AppData\Roaming\uTorrent
c:\users\Miki\AppData\Roaming\uTorrent\dht.dat
c:\users\Miki\AppData\Roaming\uTorrent\dht.dat.old
c:\users\Miki\AppData\Roaming\uTorrent\Gaki no Tsukai #987 (2009.12.31SP) [24h Batsu Game] [29.97fps].mp4.torrent
c:\users\Miki\AppData\Roaming\uTorrent\resume.dat
c:\users\Miki\AppData\Roaming\uTorrent\resume.dat.old
c:\users\Miki\AppData\Roaming\uTorrent\rss.dat
c:\users\Miki\AppData\Roaming\uTorrent\rss.dat.old
c:\users\Miki\AppData\Roaming\uTorrent\settings.dat
c:\users\Miki\AppData\Roaming\uTorrent\settings.dat.old
c:\users\Miki\AppData\Roaming\uTorrent\Studio Ghibli.torrent
c:\users\Miki\AppData\Roaming\uTorrent\utorrent.lng
c:\windows\System32\mei006h.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Mei006h
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-29 )))))))))))))))))))))))))))))))
.
2010-01-29 05:22 . 2010-01-29 05:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-29 05:22 . 2010-01-29 05:22 -------- d-----w- c:\users\murisaka\AppData\Local\temp
2010-01-29 05:22 . 2010-01-29 05:22 -------- d-----w- c:\users\hide\AppData\Local\temp
2010-01-29 05:22 . 2010-01-29 05:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-28 06:11 . 2010-01-29 05:53 -------- d-----w- c:\users\Miki\AppData\Local\temp
2010-01-27 15:40 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-01-27 15:40 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-23 22:27 . 2010-01-23 22:27 -------- d-----w- c:\users\Miki\AppData\Local\Diagnostics
2010-01-23 20:59 . 2010-01-23 20:59 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-01-22 17:36 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-19 05:47 . 2010-01-19 05:47 -------- d-----w- c:\programdata\Logishrd
2010-01-19 05:47 . 2010-01-19 05:47 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-01-19 05:47 . 2010-01-19 05:47 -------- d-----w- c:\program files\Logitech
2010-01-19 05:19 . 2010-01-19 05:19 -------- d-----w- c:\users\Miki\AppData\Local\ElevatedDiagnostics
2010-01-18 05:21 . 2010-01-18 05:21 -------- d-----w- c:\program files\Trend Micro
2010-01-15 15:50 . 2010-01-15 15:50 -------- d-----w- c:\users\Miki\AppData\Local\Apple Computer
2010-01-15 15:44 . 2010-01-15 15:45 -------- d-----w- c:\program files\QuickTime
2010-01-15 15:44 . 2010-01-15 15:44 -------- d-----w- c:\programdata\Apple Computer
2010-01-15 15:42 . 2010-01-15 15:42 -------- d-----w- c:\program files\Common Files\Apple
2010-01-15 15:42 . 2010-01-15 15:42 -------- d-----w- c:\users\Miki\AppData\Local\Apple
2010-01-15 15:42 . 2010-01-15 15:42 -------- d-----w- c:\program files\Apple Software Update
2010-01-15 15:42 . 2010-01-15 15:42 -------- d-----w- c:\programdata\Apple
2010-01-13 02:17 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-01-13 02:15 . 2009-10-29 07:22 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-12 20:17 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 20:17 . 2009-07-30 04:44 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-01-12 20:17 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 17:15 . 2010-01-12 17:15 -------- d-----w- c:\users\Miki\AppData\Roaming\Malwarebytes
2010-01-12 17:15 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-12 17:15 . 2010-01-12 17:15 -------- d-----w- c:\programdata\Malwarebytes
2010-01-12 17:15 . 2010-01-12 17:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-12 17:15 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-12 17:01 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-01-12 17:01 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-01-12 17:01 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2010-01-12 17:01 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe
2010-01-12 17:01 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe
2010-01-12 17:01 . 2009-08-29 06:54 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-01-11 15:34 . 2010-01-11 15:34 159048 ----a-w- c:\users\Miki\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-11 15:32 . 2010-01-11 15:32 -------- d-----w- C:\Recovery
2010-01-11 12:14 . 2010-01-11 15:33 -------- d-----w- c:\windows\Panther
2010-01-11 11:56 . 2010-01-11 10:07 -------- dc----w- C:\$WINDOWS.~Q
2010-01-11 11:49 . 2010-01-11 11:53 -------- dc----w- C:\$INPLACE.~TR
2010-01-11 10:30 . 2010-01-15 15:15 -------- d-----w- c:\windows\system32\wbem\Performance
2010-01-11 10:05 . 2010-01-11 10:05 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-11 09:19 . 2010-01-11 09:19 -------- d-----w- c:\program files\CONEXANT
2010-01-11 09:19 . 2010-01-11 09:19 -------- d-----w- c:\program files\Synaptics
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-29 05:54 . 2010-01-11 09:20 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-28 04:06 . 2007-06-29 04:53 -------- d-----w- c:\program files\Java
2010-01-24 22:18 . 2010-01-24 22:18 1956072 ----a-w- c:\users\Miki\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-01-21 13:41 . 2008-03-15 08:19 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 05:25 . 2007-06-29 04:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-19 02:49 . 2008-04-08 03:48 -------- d-----w- c:\program files\MagicISO
2010-01-15 21:21 . 2008-03-15 08:32 60562 ----a-w- c:\users\Miki\AppData\Roaming\nvModes.dat
2010-01-14 16:12 . 2009-10-03 01:02 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-11 09:52 . 2008-03-21 04:36 -------- d-----w- c:\users\Miki\AppData\Roaming\Winamp
2010-01-11 09:52 . 2009-02-21 14:50 -------- d-----w- c:\users\Miki\AppData\Roaming\Skype
2010-01-11 09:52 . 2008-03-30 17:18 -------- d-----w- c:\users\Miki\AppData\Roaming\Thunderbird
2010-01-11 09:52 . 2008-03-16 05:47 -------- d-----w- c:\users\Miki\AppData\Roaming\Talkback
2010-01-11 09:52 . 2008-03-17 22:38 -------- d-----w- c:\users\Miki\AppData\Roaming\Roxio
2010-01-11 09:51 . 2008-03-20 03:45 -------- d-----w- c:\users\Miki\AppData\Roaming\Media Player Classic
2010-01-11 09:51 . 2008-03-15 06:52 -------- d--h--w- c:\users\Miki\AppData\Roaming\GTek
2010-01-11 09:51 . 2009-12-07 19:10 -------- d-----w- c:\users\Miki\AppData\Roaming\Foxit
2010-01-11 09:51 . 2009-09-02 00:20 -------- d-----w- c:\users\Miki\AppData\Roaming\DivX
2010-01-11 09:51 . 2009-03-03 06:18 -------- d-----w- c:\users\Miki\AppData\Roaming\Cisco
2010-01-11 09:51 . 2008-10-20 22:05 -------- d-----w- c:\users\Miki\AppData\Roaming\Creative
2010-01-11 09:51 . 2008-08-04 14:59 -------- d-----w- c:\users\Miki\AppData\Roaming\CyberLink
2010-01-11 09:51 . 2008-03-23 19:56 -------- d-----w- c:\users\Miki\AppData\Roaming\Download Manager
2010-01-11 09:51 . 2008-03-18 01:27 -------- d-----w- c:\users\Miki\AppData\Roaming\Autodesk
2010-01-11 09:51 . 2008-03-15 06:52 -------- d-----w- c:\users\Miki\AppData\Roaming\Dell
2010-01-11 09:29 . 2008-03-17 22:14 -------- d-----w- c:\programdata\Adobe Systems
2010-01-11 09:28 . 2008-10-10 03:24 -------- d-----w- c:\program files\Microsoft WSE
2010-01-11 09:28 . 2008-03-15 07:38 -------- d-----w- c:\program files\Microsoft.NET
2010-01-11 09:28 . 2007-06-29 05:18 -------- d-----w- c:\program files\Microsoft Works
2010-01-11 09:28 . 2007-06-29 04:57 -------- d-----w- c:\program files\Modem Diagnostic Tool
2010-01-11 09:28 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games
2010-01-11 09:28 . 2007-07-17 19:48 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-11 09:28 . 2007-07-17 19:12 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-11 09:28 . 2007-06-29 05:17 -------- d-----w- c:\program files\Google
2010-01-11 09:28 . 2009-12-07 19:10 -------- d-----w- c:\program files\Foxit Software
2010-01-11 09:28 . 2008-03-20 03:48 -------- d-----w- c:\program files\ffdshow
2010-01-11 09:27 . 2008-10-10 03:25 -------- d-----w- c:\program files\DWG TrueView 2009
2010-01-11 09:27 . 2009-06-03 20:49 -------- d-----w- c:\program files\DivX
2010-01-11 09:27 . 2007-06-29 05:17 -------- d-----w- c:\program files\DellSupport
2010-01-11 09:27 . 2007-06-29 04:57 -------- d-----w- c:\program files\Digital Line Detect
2010-01-11 09:27 . 2008-03-14 15:23 -------- d-----w- c:\program files\Dell Support Center
2010-01-11 09:27 . 2007-06-29 04:55 -------- d-----w- c:\program files\Dell
2010-01-11 09:27 . 2008-03-20 03:27 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2010-01-11 09:27 . 2007-06-29 05:19 -------- d-----w- c:\program files\CyberLink
2010-01-11 09:26 . 2007-06-29 05:09 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-11 09:26 . 2007-06-29 05:06 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-01-11 09:26 . 2007-06-29 05:05 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-01-11 09:26 . 2007-06-29 05:05 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-01-11 09:26 . 2009-06-03 20:51 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-01-11 09:26 . 2007-07-17 19:09 -------- d-----w- c:\program files\Common Files\L&H
2010-01-11 09:26 . 2007-06-29 04:54 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-11 09:26 . 2009-06-03 20:49 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-11 09:26 . 2008-03-17 22:47 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-01-11 09:26 . 2008-03-17 22:08 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-01-11 09:26 . 2007-06-29 05:18 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-11 09:25 . 2009-03-03 06:16 -------- d-----w- c:\program files\Cisco
2010-01-11 09:25 . 2008-10-21 06:08 -------- d-----w- c:\program files\CDisplay
2010-01-11 09:25 . 2008-09-06 05:41 -------- d-----w- c:\program files\Citrix
2010-01-11 09:25 . 2008-10-08 03:11 -------- d-----w- c:\program files\Autodesk Student Community Download Tool
2010-01-11 09:25 . 2008-03-17 22:47 -------- d-----w- c:\program files\Autodesk
2010-01-11 09:25 . 2008-10-10 03:05 -------- d-----w- c:\program files\AutoCAD Civil 3D 2009
2010-01-11 09:25 . 2008-12-01 01:16 -------- d-----w- c:\program files\Audacity
2010-01-11 09:24 . 2009-03-07 06:16 -------- d-----w- c:\program files\activePDF
2010-01-11 09:19 . 2010-01-11 09:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-12-14 09:00 . 2010-01-28 06:32 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100127.005\CCERASER.DLL
2009-12-14 09:00 . 2010-01-12 20:40 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100112.005\CCERASER.DLL
2009-12-14 09:00 . 2009-12-14 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\cceraser.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-13 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-13 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-13 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 815104]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-12-08 107112]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-08-05 135568]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-13 488984]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-02-13 252704]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-13 774680]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
c:\users\Miki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-6-28 50688]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-6-28 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [9/14/2009 11:49 PM 1153368]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2/3/2009 3:39 PM 427192]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/8/2009 10:05 AM 102448]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\netw5v32.sys [6/10/2009 4:18 PM 4231168]
S3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [8/5/2007 4:29 PM 121744]
.
Contents of the 'Scheduled Tasks' folder
2009-12-02 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-09-15 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {F8C41CBF-721F-4B99-9FC8-2F8077C4AD39} -
hxxps://drawing.constructware.com/IGC/BravaClientX.cabFF - ProfilePath - c:\users\Miki\AppData\Roaming\Mozilla\Firefox\Profiles\suhyldt7.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/FF - component: c:\users\Miki\AppData\Roaming\Mozilla\Firefox\Profiles\suhyldt7.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.10);user_pref(general.useragent.extra.zencast, );user_pref(yahoo.homepage.dontask, true.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(9304)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\System32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\Symantec AntiVirus\VPTray.exe
c:\windows\sttray.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2010-01-29 01:02:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-29 06:02
ComboFix2.txt 2010-01-28 06:11
Pre-Run: 21,360,029,696 bytes free
Post-Run: 20,799,352,832 bytes free
- - End Of File - - E0C814275133CB4E129342582C93C193
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:13:30 PM, on 1/29/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O15 - ESC Trusted Zone:
http://*.update.microsoft.comO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-l ... cfscan.cabO16 - DPF: {F8C41CBF-721F-4B99-9FC8-2F8077C4AD39} (BravaClientXView 5.2 Class) -
https://drawing.constructware.com/IGC/BravaClientX.cabO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\System32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7582 bytes