OK It worked!
Here's the following logs:
1 - ComboFix_log.txt
2 - mbam-log-2-7-2008 (13-35-58).txt (Malwarebytes log)
3 - hijackthis_20080207.log
I'm also attaching the files.
============================================================
1 - ComboFix_log.txt
ComboFix 08-02.05.3 - MAPepin 2008-02-07 13:27:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1589 [GMT -5:00]
Running from: C:\Documents and Settings\MAPepin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\MAPepin\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\Documents and Settings\LocalService\Application Data\1001789598.exe
C:\Documents and Settings\LocalService\Application Data\1035870398.exe
C:\lo-1538082432.exe
C:\lo-1679164330.exe
C:\lo-22980135.exe
C:\lo-513865536.exe
C:\lo1289083134.exe
C:\lo482396030.exe
C:\lo636569781.exe
C:\WINDOWS\atty.ico
C:\WINDOWS\browser.exe
C:\WINDOWS\SBCDSL.exe
C:\WINDOWS\system32\6to4svcq.exe
C:\WINDOWS\system32\accessw.dll
C:\WINDOWS\system32\accesswr.exe
C:\WINDOWS\system32\apiuser32.dll
C:\WINDOWS\system32\CbEvtSvc.exe
C:\WINDOWS\system32\CcEvtSvc.exe
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\DevMngr.vxd
C:\WINDOWS\system32\drivers\Hyw71.sys
C:\WINDOWS\system32\drivers\Ytt77.sys
C:\WINDOWS\system32\iepdforu.tmp
C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\system32\userini.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\accesswr.exe
C:\Documents and Settings\LocalService\Application Data\1001789598.exe
C:\Documents and Settings\LocalService\Application Data\1035870398.exe
C:\lo-1538082432.exe
C:\lo-1679164330.exe
C:\lo-22980135.exe
C:\lo-513865536.exe
C:\lo1289083134.exe
C:\lo482396030.exe
C:\lo636569781.exe
C:\WINDOWS\atty.ico
C:\WINDOWS\browser.exe
C:\WINDOWS\SBCDSL.exe
C:\WINDOWS\system32\6to4svcq.exe
C:\WINDOWS\system32\accessw.dll
C:\WINDOWS\system32\accesswr.exe
C:\WINDOWS\system32\apiuser32.dll
C:\WINDOWS\system32\CbEvtSvc.exe
C:\WINDOWS\system32\CcEvtSvc.exe
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\DevMngr.vxd
C:\WINDOWS\system32\drivers\Qxt58.sys
C:\WINDOWS\system32\drivers\symavc32.sys . . . . failed to delete
C:\WINDOWS\system32\drivers\Ytt77.sys
C:\WINDOWS\system32\drivers\YVT48.sys
C:\WINDOWS\system32\iepdforu.tmp
C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\system32\userini.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CBEVTSVC
-------\LEGACY_CCEVTSVC
-------\LEGACY_HYW71
-------\LEGACY_MCMSCSVCWEBCLIENT
-------\LEGACY_MSSQL$MSSMLBIZMESSENGER
-------\LEGACY_NLAMSSQL$MSSMLBIZ
-------\LEGACY_RDSESSMGRWSCSVC
-------\LEGACY_SAMSSDMSERVER
-------\LEGACY_SQLBROWSERIMAPISERVICE
-------\LEGACY_YTT77
-------\LEGACY_YVT48
-------\CbEvtSvc
-------\CcEvtSvc
-------\mcmscsvcWebClient
-------\MSSQL$MSSMLBIZMessenger
-------\NlaMSSQL$MSSMLBIZ
-------\RDSessMgrwscsvc
-------\SamSsdmserver
-------\SQLBrowserImapiService
-------\Ytt77
((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.
2008-02-07 10:16 . 2008-02-07 10:16 38,400 -r-hs---- C:\WINDOWS\system32\adsldpv.exe
2008-02-07 07:47 . 2008-02-07 07:50 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-07 07:29 . 2008-02-07 12:38 167,936 --a------ C:\WINDOWS\system32\drivers\symavc32.sys
2008-02-06 17:24 . 2008-02-06 17:24 <DIR> d-------- C:\Program Files\Java
2008-02-06 17:24 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-06 17:22 . 2008-02-06 17:22 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-06 14:30 . 2008-02-06 17:54 <DIR> d-------- C:\ComboFix_a
2008-02-06 14:21 . 2004-08-04 05:00 260,272 -r-hs---- C:\cmldr
2008-02-06 14:03 . 2008-02-07 10:16 32 --a-s---- C:\WINDOWS\system32\2316743137.dat
2008-02-06 14:00 . 2008-02-06 14:00 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-06 13:57 . 2008-02-06 14:06 <DIR> d-------- C:\SDFix
2008-02-05 14:21 . 2008-02-07 13:27 0 --a------ C:\reg.reg
2008-02-04 09:38 . 2008-02-06 08:50 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-02-04 09:18 . 2008-02-06 08:50 <DIR> d-------- C:\Program Files\a-squared Free
2008-02-04 08:45 . 2008-02-04 08:45 376 --a------ C:\WINDOWS\ODBC.INI
2008-02-04 07:38 . 2008-02-06 08:53 <DIR> d-------- C:\Program Files\Opera
2008-02-01 12:02 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
2008-02-01 11:58 . 2008-02-01 11:58 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-02-01 11:58 . 2008-02-01 11:58 0 --a------ C:\WINDOWS\frontpg.ini
2008-02-01 10:56 . 2008-02-01 10:56 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-02-01 10:56 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-02-01 10:56 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-01-29 11:29 . 2008-02-06 13:03 <DIR> d-------- C:\Program Files\CCleaner
2008-01-29 10:57 . 2008-02-05 10:26 8,388,671 --a------ C:\WINDOWS\pfirewall.log.old
2008-01-29 08:15 . 2008-01-29 08:15 <DIR> d-------- C:\Documents and Settings\MAPepin\Application Data\DivX
2008-01-29 08:01 . 2008-01-04 16:58 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-01-29 08:01 . 2008-01-04 16:58 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-01-29 08:00 . 2008-01-29 08:01 <DIR> d-------- C:\Program Files\DivX
2008-01-28 15:06 . 2008-01-28 15:06 <DIR> d-------- C:\Program Files\SIW
2008-01-28 13:20 . 2008-02-05 14:29 <DIR> d-------- C:\Documents and Settings\MAPepin\Application Data\OpenOffice.org2
2008-01-28 12:27 . 2008-01-28 12:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-26 15:08 . 2008-01-26 15:08 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-01-26 14:20 . 2008-01-26 14:20 206 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-26 13:11 . 2008-01-26 13:12 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-01-26 12:41 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-26 11:52 . 2008-01-26 12:44 <DIR> d-------- C:\Documents and Settings\MAPepin\.housecall6.6
2008-01-26 11:51 . 2008-01-26 11:51 <DIR> d-------- C:\WINDOWS\Sun
2008-01-26 11:36 . 2008-01-29 08:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-24 16:40 . 2008-01-29 07:52 <DIR> d-------- C:\Documents and Settings\MAPepin\Application Data\XnView
2008-01-22 15:28 . 2008-02-06 08:52 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-01-19 03:02 . 2006-08-21 04:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-01-19 03:02 . 2006-08-21 04:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-01-19 03:02 . 2006-08-21 07:21 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-01-19 03:01 . 2008-01-19 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-18 17:13 . 2008-01-18 17:13 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Monotype Imaging
2008-01-18 17:13 . 2008-01-18 17:13 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Dell
2008-01-18 16:43 . 2008-01-18 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-18 13:43 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-18 09:56 . 2008-01-18 09:56 <DIR> d---s---- C:\Documents and Settings\MAPepin\UserData
2008-01-18 08:51 . 2008-01-18 08:51 <DIR> d-------- C:\Documents and Settings\MAPepin\Application Data\Monotype Imaging
2008-01-18 08:42 . 2008-01-18 08:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-18 08:33 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-18 08:33 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-18 08:33 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-18 07:39 . 2007-07-09 08:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-17 17:46 . 2008-01-18 09:05 <DIR> d-------- C:\Documents and Settings\MAPepin\Application Data\Yahoo!
2008-01-17 17:44 . 2008-01-17 17:44 <DIR> d-------- C:\WINDOWS\Motive
2008-01-17 17:44 . 2008-01-17 17:45 <DIR> d-------- C:\Program Files\SBC Self Support Tool
2008-01-17 17:44 . 2008-01-17 17:44 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-01-17 17:44 . 2008-01-17 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-01-17 17:44 . 2005-05-10 01:36 81,920 --------- C:\WINDOWS\system32\W32n50.dll
2008-01-17 17:44 . 2005-05-10 01:36 17,162 --------- C:\WINDOWS\system32\Pcandis5.sys
2008-01-17 17:44 . 2005-05-10 01:36 16,848 --------- C:\WINDOWS\system32\Pcandis4.sys
2008-01-17 17:44 . 2005-05-10 01:36 16,073 --------- C:\WINDOWS\system32\Pcandis3.vxd
2008-01-17 17:42 . 2008-01-17 17:42 <DIR> d-------- C:\Documents and Settings\MAPepin\Application Data\ScanSoft
2008-01-17 17:33 . 2008-01-18 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
2008-01-17 17:33 . 2002-01-05 07:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-01-17 17:33 . 2002-01-05 06:18 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2008-01-17 17:33 . 2001-10-11 11:26 65,536 --a------ C:\WINDOWS\system32\YCRWin32.dll
2008-01-17 17:11 . 2008-01-17 17:46 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-17 17:07 . 2008-01-17 17:07 <DIR> d-------- C:\Program Files\BroadJump
2008-01-17 16:41 . 2008-01-17 16:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Monotype Imaging
2008-01-17 16:41 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-17 16:41 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-17 16:41 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-17 16:41 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-17 16:21 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-17 16:21 . 2008-01-17 16:21 4,128 --a------ C:\INFCACHE.1
2008-01-17 15:55 . 2001-08-17 13:58 19,200 --a------ C:\WINDOWS\system32\drivers\hidbatt.sys
2008-01-17 15:55 . 2001-08-17 13:58 19,200 --a------ C:\WINDOWS\system32\dllcache\hidbatt.sys
2008-01-17 15:55 . 2001-08-17 13:57 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2008-01-17 15:55 . 2001-08-17 13:57 14,080 --a------ C:\WINDOWS\system32\dllcache\battc.sys
2008-01-17 15:55 . 2001-08-17 13:58 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2008-01-17 15:55 . 2001-08-17 13:58 9,344 --a------ C:\WINDOWS\system32\dllcache\compbatt.sys
2008-01-17 14:42 . 2008-01-15 22:27 <DIR> d-------- C:\Documents and Settings\MAPepin\Application Data\InstallShield
2008-01-17 14:41 . 2008-01-15 22:27 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\InstallShield
2008-01-17 14:34 . 2004-08-03 23:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-17 14:34 . 2001-08-17 14:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-17 14:34 . 2001-08-17 15:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-17 14:34 . 2008-01-17 14:34 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-01-15 22:45 . 2008-01-15 22:45 61 --a------ C:\WINDOWS\smscfg.ini
2008-01-15 22:42 . 2008-02-01 15:00 <DIR> d-------- C:\Program Files\Microsoft Small Business
2008-01-15 22:40 . 2008-01-19 03:06 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-01-15 22:36 . 2008-01-30 08:35 <DIR> d-------- C:\Program Files\Google
2008-01-15 22:36 . 2008-01-15 22:36 <DIR> d-------- C:\Program Files\BAE
2008-01-15 22:36 . 2008-02-07 12:30 17,611 --a------ C:\WINDOWS\system32\Config.MPF
2008-01-15 22:35 . 2008-01-15 22:35 <DIR> d-------- C:\Program Files\McAfee.com
2008-01-15 22:35 . 2008-01-15 22:35 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-01-15 22:35 . 2007-07-21 10:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-01-15 22:35 . 2006-03-03 12:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 03:08 6,903 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_OPT_755.mrk
2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-06-28 16:21 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-06-28 16:21 162328]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-06-28 16:21 137752]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-03-14 12:31 30248]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-03-14 12:29 46632]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-26 20:03 178712]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 10:00 1116920]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 18:23 118784]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 23:46 624248]
"Acrobat Speed Launch"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2006-10-23 02:40 46200]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"MFPMonitor"="C:\WINDOWS\twain_32\DELL\MFP1125\Monitor\Stsmon.exe" [2007-07-22 16:10 2002944]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19 129536]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 07:51 442455]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-09-24 20:12 1036288]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2008-01-17 17:44:25 217088]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35]
R2 ASFAgent;ASF Agent;C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2007-01-23 04:58]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2007-02-10 05:29]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 06:00]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
S2 SSDPSRVBITS;SSDP Discovery Service SSDPSRVBITS;C:\WINDOWS\system32\1041a.exe srv []
S2 upnphostPolicyAgent;Universal Plug and Play Device Host upnphostPolicyAgent;C:\WINDOWS\system32\adsldpv.exe srv []
S2 WmiApSrvaspnet_state;WMI Performance Adapter WmiApSrvaspnet_state;C:\WINDOWS\system32\AlertAppg.exe srv []
S3 AsfAlrt;AsfAlrt Service;C:\WINDOWS\system32\Drivers\AsfAlrt.sys [2007-01-23 04:45]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{814033b0-c88b-11dc-b481-001aa0ea5509}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9168a98-d3f9-11dc-b497-001aa0ea5509}]
\Shell\AutoRun\command - E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-16 03:35:09 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-16 03:35:08 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-07 13:29:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-07 13:31:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-07 18:31:03
ComboFix2.txt 2008-02-06 19:35:39
.
2008-02-05 22:14:06 --- E O F ---
============================================================
2 - mbam-log-2-7-2008 (13-35-58).txt
Malwarebytes' Anti-Malware 1.02
Database version: 325
Scan type: Quick Scan
Objects scanned: 21849
Time elapsed: 1 minute(s), 27 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c145cf11-124f-3562-44ac-e685d962c63c} (Trojan.Alphabet) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\drivers\symavc32.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
============================================================
3 - hijackthis_20080207.log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\twain_32\DELL\MFP1125\Monitor\Stsmon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://att.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customi ... ch/ie.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customi ... .yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell.comR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
http://www.google.com/ig/dell?hl=en&cli ... bd=0080115R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Acrobat Speed Launch] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MFPMonitor] C:\WINDOWS\twain_32\DELL\MFP1125\Monitor\Stsmon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Append to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.delex.com
O15 - Trusted Zone: *.longwaveinc.com
O15 - Trusted Zone: *.navy.mil
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=58813O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/Shar ... vSniff.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resour ... ase370.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cabO23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SSDP Discovery Service SSDPSRVBITS (SSDPSRVBITS) - Unknown owner - C:\WINDOWS\system32\1041a.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Universal Plug and Play Device Host upnphostPolicyAgent (upnphostPolicyAgent) - Unknown owner - C:\WINDOWS\system32\adsldpv.exe
O23 - Service: WMI Performance Adapter WmiApSrvaspnet_state (WmiApSrvaspnet_state) - Unknown owner - C:\WINDOWS\system32\AlertAppg.exe (file missing)
--
End of file - 10958 bytes
============================================================
Thank you
Mike
You do not have the required permissions to view the files attached to this post.