Hello,
ComboFix ran without any issues. Here is the log, followed by a new HJT log:
ComboFix 09-09-06.02 - Matt 09/06/2009 10:07.1.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1918.846 [GMT -7:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Matt\AppData\Roaming\.#
c:\users\Matt\Documents\Registry backup 6-17-09.reg
c:\windows\system32\lsprst7.dll
c:\windows\system32\prsgrc.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_kbiwkmorlmbbem
-------\Service_kbiwkmorlmbbem
((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06 )))))))))))))))))))))))))))))))
.
2009-09-04 02:49 . 2009-09-04 02:49 -------- d-----w- c:\program files\Trend Micro
2009-09-02 03:00 . 2009-09-02 03:00 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes
2009-09-02 02:59 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-02 02:59 . 2009-09-02 02:59 -------- d-----w- c:\programdata\Malwarebytes
2009-09-02 02:59 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-02 02:59 . 2009-09-02 03:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-02 02:11 . 2009-09-02 02:11 163840 ----a-w- c:\windows\svchasts.exe
2009-09-02 02:11 . 2009-09-02 02:11 -------- d-----w- C:\Windows Police Pro
2009-09-02 01:55 . 2009-09-05 04:12 -------- d-----w- c:\program files\MagicISO
2009-09-01 00:29 . 2009-09-05 04:02 -------- d-----w- c:\users\Matt\AppData\Roaming\dvdcss
2009-08-29 00:10 . 2009-08-29 00:15 -------- d-----w- C:\NewsRoverData
2009-08-29 00:09 . 2009-09-02 02:55 -------- d-----w- c:\program files\NewsRover
2009-08-27 10:01 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-25 16:19 . 2009-08-25 16:19 -------- d-----w- c:\program files\iPod
2009-08-25 16:19 . 2009-08-25 16:19 -------- d-----w- c:\program files\iTunes
2009-08-25 16:05 . 2009-08-25 16:05 -------- d-----w- c:\users\Matt\AppData\Local\sabnzbd
2009-08-25 16:04 . 2009-08-25 16:04 -------- d-----w- c:\program files\SABnzbd
2009-08-11 21:49 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-11 21:49 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-11 21:49 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-11 21:49 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-11 21:48 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-11 21:48 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-11 21:48 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-11 21:48 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-08 06:48 . 2009-08-10 07:19 -------- d-----w- c:\users\Matt\AppData\Roaming\Tor
2009-08-08 06:48 . 2009-08-10 07:19 -------- d-----w- c:\users\Matt\AppData\Roaming\Vidalia
2009-08-08 06:48 . 2009-08-08 06:48 -------- d-----w- c:\program files\Vidalia Bundle
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 04:43 . 2009-07-13 16:13 -------- d-----w- c:\users\Matt\AppData\Roaming\vlc
2009-09-06 04:42 . 2009-01-18 03:49 -------- d-----w- c:\program files\megui
2009-09-05 04:06 . 2009-01-18 03:50 -------- d-----w- c:\programdata\DVD Shrink
2009-09-05 03:54 . 2009-04-05 22:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-04 02:43 . 2009-01-18 04:10 -------- d-----w- c:\users\Matt\AppData\Roaming\uTorrent
2009-09-03 00:28 . 2009-02-19 04:16 -------- d-----w- c:\program files\Java
2009-09-02 03:01 . 2009-01-18 03:29 -------- d-----w- c:\program files\%systemdir%
2009-08-28 15:30 . 2009-01-18 21:50 -------- d-----w- c:\users\Matt\AppData\Roaming\VideoReDoPlus
2009-08-25 16:19 . 2009-01-18 21:58 -------- d-----w- c:\program files\Common Files\Apple
2009-08-12 10:03 . 2009-01-18 04:17 -------- d-----w- c:\programdata\Microsoft Help
2009-08-06 16:02 . 2009-08-06 16:02 177192 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-06 16:00 . 2009-08-06 16:00 -------- d-----w- c:\program files\Google
2009-08-05 18:01 . 2009-08-05 18:01 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-08-02 16:03 . 2009-06-05 04:38 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-27 15:10 . 2009-07-27 15:10 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-07-27 15:10 . 2009-07-27 15:09 -------- d-----w- c:\program files\Anatomy and Physiology for Speech Language and Hearing
2009-07-25 12:23 . 2009-02-19 04:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-18 23:02 . 2009-01-18 19:32 -------- d-----w- c:\program files\MozyHome
2009-07-18 16:06 . 2009-07-28 17:39 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-28 17:39 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-28 17:39 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-16 23:15 . 2009-01-18 02:24 105480 ----a-w- c:\users\Matt\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-16 19:34 . 2009-07-16 19:34 1024 ----a-w- c:\windows\system32\grcauth2.dll
2009-07-16 19:34 . 2009-07-16 19:34 1024 ----a-w- c:\windows\system32\grcauth1.dll
2009-07-16 19:34 . 2009-07-16 19:34 -------- d-----w- c:\programdata\SafeNet Sentinel
2009-07-16 19:30 . 2009-07-16 19:30 -------- d-----w- c:\program files\Common Files\SPSS
2009-07-16 19:30 . 2009-07-16 19:30 -------- d-----w- c:\programdata\SPSS
2009-07-16 19:30 . 2009-07-16 19:30 -------- d-----w- c:\program files\SPSSInc
2009-07-16 19:29 . 2009-07-16 19:29 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-07-08 23:53 . 2009-01-26 01:09 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-06-24 22:03 . 2009-07-18 23:02 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2009-06-15 15:24 . 2009-07-15 11:09 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 11:09 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 11:09 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 11:09 289792 ----a-w- c:\windows\system32\atmfd.dll
2008-04-09 23:35 . 2008-04-09 23:35 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-06-24 22:03 2835256 ----a-w- c:\program files\MozyHome\mozyshell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-06-24 22:03 2835256 ----a-w- c:\program files\MozyHome\mozyshell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Live Sync"="c:\program files\Windows Live\Sync\WindowsLiveSync.exe" [2008-12-03 1170256]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-08-08 2980800]
"Google Update"="c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-18 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-6-24 2876216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1482085074-2552192942-3415740403-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1C34144F-22BB-401C-AFA4-D68E8EED822A}"= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{3945C739-4AEF-460D-83E6-C032122DBECC}"= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{B2708A56-3CBE-4199-B290-E870174A0512}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{62A0E0F7-2E05-4B77-A06F-99D302AF9B1D}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE:SMLMProxy Module - HP1006MC.EXE
"{3BB99296-1FF0-4C9F-A4AC-8DD6A87F419A}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE:SMLMProxy Module - HP1006MC.EXE
"{CE0B54DA-36C0-4DE7-8968-C636A3D49E16}"= UDP:c:\windows\System32\lxdpcoms.exe:Z2300 Series Server
"{CA6DB23F-B263-4AE1-9DD6-A20E598FBACD}"= TCP:c:\windows\System32\lxdpcoms.exe:Z2300 Series Server
"{351B8B11-1747-4E16-8D7A-5F5FB6F5F04F}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdppswx.exe:Printer Status Window Interface
"{40092B7A-B25E-414E-BD34-296600EB3449}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdppswx.exe:Printer Status Window Interface
"{603A67FB-00B1-48E8-9C1A-8C48989470F2}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdpjswx.exe:Job Status Window Interface
"{8F620369-A595-49FA-B5EE-98B770AC4B1A}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdpjswx.exe:Job Status Window Interface
"TCP Query User{D2E7773E-7BB1-4C3E-B9F3-A16CD92D33BB}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{F6DECD0E-2941-4A75-9684-B86357CD3503}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"{D78DB140-598B-4E77-8EFB-55B076FA396F}"= UDP:c:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server
"{87ED4AB5-6544-4D11-AE5F-F02A62206542}"= TCP:c:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server
"{C7143F51-4D71-4486-979B-0311D8B233E5}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{09EF143D-0CD7-4709-B867-70F034C8E4E8}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A43EA392-DCE5-4869-A971-E2F66A5C09F3}"= UDP:5353:Adobe CSI CS4
"{C60ABD89-DB79-42BB-B27F-29D9D3B1F45C}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{5F5031D2-BA4F-44E4-BB95-BE17248E2D70}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{D330E4BA-5CA1-498A-A12C-7FBE876A6E38}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F6CD940E-FCC0-4B08-A4E9-A9B6DF702EC8}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7A31072D-6553-4D9E-B7E4-7E1BB872F508}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{123942DC-1638-46AC-8B62-31311B799310}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{ACF63650-2A6F-4BD1-88FA-DE8CC22336AD}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{45AC182B-9862-4024-8C1B-6AF8F205216A}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:SPSS Basic Script Editor
"{32B3A067-7C39-4899-99C5-65F9742399F3}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:SPSS Basic Script Editor
"{665481DE-B850-42A0-93AA-EA9A591353BA}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\statistics.com:Statistics17:com
"{29E0CB8D-ACE2-4127-8BEF-3B04BB496AE7}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\statistics.com:Statistics17:com
"{5873942F-8B23-468C-BC18-71E4C1CF01EB}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\statistics.exe:Statistics17:exe
"{809BE4D0-E9CD-43F8-BC1B-404B9B639E7F}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\statistics.exe:Statistics17:exe
"{070969D0-3BAD-4C89-AAE0-3AAFA0BC27F5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{56B5FE4B-55B1-4F8C-88A6-1E5C06325540}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{6D3B8B9E-07E1-4E8D-8944-0590DE40FE56}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{89B03B53-A0BD-49DB-BF95-A835B929B296}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
R1 archlp;archlp;c:\windows\System32\drivers\archlp.sys [1/17/2009 8:40 PM 10624]
R1 mozyFilter;mozyFilter;c:\windows\System32\drivers\mozy.sys [7/18/2009 4:02 PM 54776]
R2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
S3 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [8/17/2008 1:40 AM 217088]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder
2009-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482085074-2552192942-3415740403-1000Core.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-18 18:03]
2009-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482085074-2552192942-3415740403-1000UA.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-18 18:03]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\b7uhtjg9.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\users\Matt\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3064)
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp1.dll
c:\program files\MozyHome\mozyshell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\lxdpcoms.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\MozyHome\mozybackup.exe
c:\program files\MozyHome\mozybackup.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\TVersity\Media Server\MediaServer.exe
c:\program files\MozyHome\mozybackup.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-09-06 11:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-06 18:06
Pre-Run: 56,819,208,192 bytes free
Post-Run: 56,993,288,192 bytes free
237 --- E O F --- 2009-09-04 02:09
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:16 AM, on 9/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Windows Live Sync] "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF -
res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF -
res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF -
res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdp_device - - C:\Windows\system32\lxdpcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PS3 Media Server - Unknown owner - C:\Program Files\PS3 Media Server\win32\service\wrapper.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
--
End of file - 8276 bytes