OK,
I ran CCleaner, SDFix, ComboFix, and new HJT log (logs posted below - also attached)
I thought that I had McAfee turned off but it kept popping up a warning on the ComboFix files. I chose to have it ignore each one, but it seems to me that the ComboFix ended abruptly and the computer rebooted. Maybe it was just a quick scan. Anyway, here's the logs:
===================================================
CCinstall.txt
Adobe Acrobat 8 Standard
Adobe Acrobat 8.1.0 Standard
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
AT&T Self Support Tool
AT&T Yahoo! Applications
BroadJump Client Foundation
Business Contact Manager for Outlook 2007
Calculator Powertoy for Windows XP
CCleaner (remove only)
Dell MFP 1125
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 2.0 (KB922981)
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Intel(R) PRO Alerting Agent
Intel(R) PRO Network Connections 12.1.12.4
Intel(R) PROSafe for Wired Connections
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
McAfee SecurityCenter
MFCLOC
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Accounting 2007
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Standard 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Web Access S/MIME
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
PaperPort Image Printer
PowerDVD
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
SIW version 1.73
Sonic Activation Module
Tweak UI
Update for Outlook 2007 Junk Email Filter (kb943597)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
WebFldrs XP
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
===================================================
SDFix_report.txt
SDFix: Version 1.137
Run by MAPepin on Wed 02/06/2008 at 02:01 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
CcEvtSvc
msupdate
Path:
%SystemRoot%\System32\CcEvtSvc.exe -k netsvcs
c:\windows\system32\mssrv32.exe
CcEvtSvc - Deleted
msupdate - Deleted
Infected ip6fw.sys Found!
ip6fw.sys File Locations:
"C:\WINDOWS\system32\dllcache\ip6fw.sys" 29056 08/04/2004 06:00 AM
"C:\WINDOWS\system32\drivers\ip6fw.sys" 29056 08/04/2004 06:00 AM
Infected File Listed Below:
C:\WINDOWS\system32\drivers\ip6fw.sys
File copied to Backups Folder
Attempting to replace ip6fw.sys with original version...
Original ip6fw.sys Restored
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper
Rebooting...
Service asc3550p - Deleted after Reboot
Service Ywe34 - Deleted after Reboot
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system32\expand.dll - Deleted
C:\WINDOWS\system32\drivers\Wbu31.sys - Deleted
C:\WINDOWS\system32\drivers\Xtfi41.sys - Deleted
C:\WINDOWS\system32\drivers\Ywe34.sys - Deleted
C:\WINDOWS\SYSTEM32\DLLGH8~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\203915~1.DLL - Deleted
C:\WINDOWS\system32\service\dllp.txt - Deleted
C:\WINDOWS\system32\2_exception.nls - Deleted
C:\WINDOWS\system32\dllgh8jkd1q1.exe - Deleted
C:\WINDOWS\system32\dllgh8jkd1q2.exe - Deleted
C:\WINDOWS\system32\dllgh8jkd1q5.exe - Deleted
C:\WINDOWS\system32\dllgh8jkd1q6.exe - Deleted
C:\WINDOWS\system32\dllgh8jkd1q7.exe - Deleted
C:\WINDOWS\system32\dllgh8jkd1q8.exe - Deleted
C:\WINDOWS\system32\m1ax1d12132116143v.exe - Deleted
C:\WINDOWS\system32\m1ax1d1213216143v.exe - Deleted
C:\WINDOWS\system32\n2ewma1xxsv234.exe - Deleted
C:\WINDOWS\system32\newmaxxsv234.exe - Deleted
C:\WINDOWS\system32\vedxg4am1et2.exe - Deleted
C:\WINDOWS\system32\vedxg6ame4.exe - Deleted
C:\WINDOWS\system32\vedxga1me4t1.exe - Deleted
C:\Documents and Settings\MAPepin\Application Data\Install.dat - Deleted
C:\WINDOWS\system32\CcEvtSvc.exe - Deleted
C:\WINDOWS\system32\form.txt - Deleted
C:\WINDOWS\system32\info.txt - Deleted
C:\WINDOWS\system32\kernelwind64.exe - Deleted
C:\WINDOWS\system32\kr_done1 - Deleted
C:\WINDOWS\system32\lich.dat - Deleted
C:\WINDOWS\system32\mssrv32.exe - Deleted
C:\WINDOWS\system32\svcp.csv - Deleted
C:\WINDOWS\system32\vx.tll - Deleted
C:\WINDOWS\system32\winsub.xml - Deleted
C:\WINDOWS\xpupdate.exe - Deleted
C:\WINDOWS\system32\drivers\symavc32.sys - Deleted
Could Not Remove C:\WINDOWS\SYSTEM32\231674~1.DAT
Folder C:\WINDOWS\system32\service - Removed
Removing Temp Files...
ADS Check:
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-06 14:04:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
CcEvtSvc
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\WINDOWS\\system32\\mmdssvc.exe"="C:\\WINDOWS\\system32\\mmdssvc.exe:*:Enabled:mmdssvc"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\runtime.exe"="C:\\WINDOWS\\system32\\runtime.exe:*:Disabled:runtime.exe"
"C:\\Documents and Settings\\MAPepin\\tmp.exe"="C:\\Documents and Settings\\MAPepin\\tmp.exe:*:Disabled:runtime.exe"
"C:\\Documents and Settings\\MAPepin\\Desktop\\tmp.exe"="C:\\Documents and Settings\\MAPepin\\Desktop\\tmp.exe:*:Disabled:runtime.exe"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Disabled:Internet Explorer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
C:\WINDOWS\SYSTEM32\231674~1.DAT Found
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Fri 1 Feb 2008 38,400 ..SHR --- "C:\WINDOWS\system32\6to4svcq.exe"
Thu 31 Jan 2008 17,920 A.SH. --- "C:\WINDOWS\system32\accessw.dll"
Wed 6 Feb 2008 38,400 ..SHR --- "C:\WINDOWS\system32\accesswr.exe"
Thu 17 Jan 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Thu 17 Jan 2008 211 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT4.tmp"
Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT2.tmp"
Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT6.tmp"
Fri 25 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT1.tmp"
Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6b636582f273e0b4cae6f62415c52d81\BIT8.tmp"
Wed 6 Feb 2008 8,340,783 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7a5a959f7dd6b76d854fc3c066993fad\BIT9.tmp"
Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT5.tmp"
Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT7.tmp"
Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT3.tmp"
Mon 4 Feb 2008 36,864 ...H. --- "C:\Documents and Settings\MAPepin\Application Data\Microsoft\Templates\~WRL0002.tmp"
Finished!
===================================================
ComboFix.txt
ComboFix 08-02.05.3 - MAPepin 2008-02-06 14:31:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1482 [GMT -5:00]
Running from: C:\Documents and Settings\MAPepin\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\symavc32.sys
C:\Documents and Settings\Administrator\Application Data\install.dat
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\drivers\BQJ56.sys
C:\WINDOWS\system32\x64
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_BQJ56
-------\LEGACY_CCEVTSVC
-------\CcEvtSvc
((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))
.
2008-02-06 14:21 . 2004-08-04 05:00 260,272 -r-hs---- C:\cmldr
2008-02-06 14:03 . 2008-02-06 14:03 32 --a------ C:\WINDOWS\system32\2316743137.dat
2008-02-06 14:00 . 2008-02-06 14:00 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-06 13:57 . 2008-02-06 14:06 <DIR> d-------- C:\SDFix
2008-02-06 07:35 . 2008-02-06 07:35 38,400 -r-hs---- C:\WINDOWS\system32\accesswr.exe
2008-02-05 14:21 . 2008-02-05 14:21 256,000 --a------ C:\WINDOWS\system32\apiuser32.dll
2008-02-05 14:21 . 2008-02-06 14:34 0 --a------ C:\reg.reg
2008-02-05 08:33 . 2004-08-04 06:00 24,576 --a------ C:\WINDOWS\system32\userini.exe
2008-02-04 10:49 . 2008-02-06 14:03 93,184 --a------ C:\Documents and Settings\LocalService\Application Data\1001789598.exe
2008-02-04 09:38 . 2008-02-06 08:50 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-02-04 09:18 . 2008-02-06 08:50 <DIR> d-------- C:\Program Files\a-squared Free
2008-02-04 08:45 . 2008-02-04 08:45 376 --a------ C:\WINDOWS\ODBC.INI
2008-02-04 07:38 . 2008-02-06 08:53 <DIR> d-------- C:\Program Files\Opera
2008-02-01 12:02 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
2008-02-01 11:58 . 2008-02-01 11:58 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-02-01 11:58 . 2008-02-01 11:58 0 --a------ C:\WINDOWS\frontpg.ini
2008-02-01 10:56 . 2008-02-01 10:56 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-02-01 10:56 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-02-01 10:56 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-02-01 07:38 . 2008-02-01 07:38 38,400 -r-hs---- C:\WINDOWS\system32\6to4svcq.exe
2008-01-31 13:32 . 2008-01-31 13:32 17,920 --ahs---- C:\WINDOWS\system32\accessw.dll
2008-01-31 07:33 . 2008-02-04 17:12 25,984 --a------ C:\WINDOWS\system32\drivers\Ytt77.sys
2008-01-30 18:00 . 2008-01-30 18:00 29 --a------ C:\WINDOWS\system32\iepdforu.tmp
2008-01-30 17:54 . 2008-02-06 14:03 163,840 --a------ C:\Documents and Settings\LocalService\Application Data\1035870398.exe
2008-01-29 11:29 . 2008-02-06 13:03 <DIR> d-------- C:\Program Files\CCleaner
2008-01-29 10:57 . 2008-02-05 10:26 8,388,671 --a------ C:\WINDOWS\pfirewall.log.old
2008-01-29 08:15 . 2008-01-29 08:15 <DIR> d-------- C:\Documents and Settings\MAPepin\Application Data\DivX
2008-01-29 08:01 . 2008-01-04 16:58 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-01-29 08:01 . 2008-01-04 16:58 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-01-29 08:00 . 2008-01-29 08:01 <DIR> d-------- C:\Program Files\DivX
2008-01-29 07:32 . 2008-01-29 08:54 41,472 --a------ C:\WINDOWS\system32\CbEvtSvc.exe
2008-01-28 15:06 . 2008-01-28 15:06 <DIR> d-------- C:\Program Files\SIW
2008-01-28 13:20 . 2008-02-05 14:29 <DIR> d-------- C:\Documents and Settings\MAPepin\Application Data\OpenOffice.org2
2008-01-28 12:27 . 2008-01-28 12:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-26 15:08 . 2008-01-26 15:08 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-01-26 14:20 . 2008-01-26 14:20 206 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-26 13:11 . 2008-01-26 13:12 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-01-26 12:41 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-26 11:52 . 2008-01-26 12:44 <DIR> d-------- C:\Documents and Settings\MAPepin\.housecall6.6
2008-01-26 11:51 . 2008-01-26 11:51 <DIR> d-------- C:\WINDOWS\Sun
2008-01-26 11:36 . 2008-01-29 08:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-25 16:08 . 2008-01-29 07:32 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-24 16:40 . 2008-01-29 07:52 <DIR> d-------- C:\Documents and Settings\MAPepin\Application Data\XnView
2008-01-24 15:54 . 2008-01-24 15:54 21,504 --a------ C:\lo-1679164330.exe
2008-01-24 15:52 . 2008-01-24 15:52 21,504 --a------ C:\lo1289083134.exe
2008-01-24 15:52 . 2008-01-24 15:52 21,504 --a------ C:\lo-513865536.exe
2008-01-24 15:52 . 2008-01-24 15:52 21,504 --a------ C:\lo-1538082432.exe
2008-01-24 15:41 . 2008-01-24 15:41 21,504 --a------ C:\lo636569781.exe
2008-01-24 15:40 . 2008-01-24 15:40 21,504 --a------ C:\lo482396030.exe
2008-01-24 15:38 . 2008-01-24 15:38 21,504 --a------ C:\lo-22980135.exe
2008-01-22 15:28 . 2008-02-06 08:52 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-01-22 15:28 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-19 03:02 . 2006-08-21 04:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-01-19 03:02 . 2006-08-21 04:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-01-19 03:02 . 2006-08-21 07:21 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-01-19 03:01 . 2008-01-19 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-18 16:43 . 2008-01-18 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-18 13:43 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-18 09:56 . 2008-01-18 09:56 <DIR> d---s---- C:\Documents and Settings\MAPepin\UserData
2008-01-18 08:51 . 2008-01-18 08:51 <DIR> d-------- C:\Documents and Settings\MAPepin\Application Data\Monotype Imaging
2008-01-18 08:42 . 2008-01-18 08:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-18 08:33 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-18 08:33 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-18 08:33 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-18 07:39 . 2007-07-09 08:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-17 17:46 . 2008-01-18 09:05 <DIR> d-------- C:\Documents and Settings\MAPepin\Application Data\Yahoo!
2008-01-17 17:45 . 2007-01-31 10:58 43,387 --a------ C:\WINDOWS\browser.exe
2008-01-17 17:45 . 2007-01-31 10:58 6,246 --a------ C:\WINDOWS\atty.ico
2008-01-17 17:44 . 2008-01-17 17:44 <DIR> d-------- C:\WINDOWS\Motive
2008-01-17 17:44 . 2008-01-17 17:45 <DIR> d-------- C:\Program Files\SBC Self Support Tool
2008-01-17 17:44 . 2008-01-17 17:44 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-01-17 17:44 . 2008-01-17 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-01-17 17:44 . 2005-05-10 01:36 81,920 --------- C:\WINDOWS\system32\W32n50.dll
2008-01-17 17:44 . 2005-05-10 01:36 17,162 --------- C:\WINDOWS\system32\Pcandis5.sys
2008-01-17 17:44 . 2005-05-10 01:36 16,848 --------- C:\WINDOWS\system32\Pcandis4.sys
2008-01-17 17:44 . 2005-05-10 01:36 16,073 --------- C:\WINDOWS\system32\Pcandis3.vxd
2008-01-17 17:42 . 2008-01-17 17:42 <DIR> d-------- C:\Documents and Settings\MAPepin\Application Data\ScanSoft
2008-01-17 17:33 . 2008-01-18 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
2008-01-17 17:33 . 2002-01-05 07:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-01-17 17:33 . 2002-01-05 06:18 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2008-01-17 17:33 . 2001-10-11 11:26 65,536 --a------ C:\WINDOWS\system32\YCRWin32.dll
2008-01-17 17:33 . 2002-02-21 18:56 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-01-17 17:11 . 2008-01-17 17:46 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-17 17:07 . 2008-01-17 17:07 <DIR> d-------- C:\Program Files\BroadJump
2008-01-17 16:52 . 2007-01-31 10:58 6,345 -ra------ C:\WINDOWS\system32\DevMngr.vxd
2008-01-17 16:51 . 2007-01-31 10:58 266,240 --------- C:\WINDOWS\SBCDSL.exe
2008-01-17 16:41 . 2008-01-17 16:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Monotype Imaging
2008-01-17 16:41 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-17 16:41 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-17 16:41 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-17 16:41 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-17 16:21 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-17 16:21 . 2008-01-17 16:21 4,128 --a------ C:\INFCACHE.1
2008-01-17 15:55 . 2001-08-17 13:58 19,200 --a------ C:\WINDOWS\system32\drivers\hidbatt.sys
2008-01-17 15:55 . 2001-08-17 13:58 19,200 --a------ C:\WINDOWS\system32\dllcache\hidbatt.sys
2008-01-17 15:55 . 2001-08-17 13:57 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2008-01-17 15:55 . 2001-08-17 13:57 14,080 --a------ C:\WINDOWS\system32\dllcache\battc.sys
2008-01-17 15:55 . 2001-08-17 13:58 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2008-01-17 15:55 . 2001-08-17 13:58 9,344 --a------ C:\WINDOWS\system32\dllcache\compbatt.sys
2008-01-17 14:42 . 2008-01-15 22:27 <DIR> d-------- C:\Documents and Settings\MAPepin\Application Data\InstallShield
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 03:08 6,903 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_OPT_755.mrk
2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-06-28 16:21 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-06-28 16:21 162328]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-06-28 16:21 137752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-03-14 12:31 30248]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-03-14 12:29 46632]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-26 20:03 178712]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 10:00 1116920]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 18:23 118784]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 23:46 624248]
"Acrobat Speed Launch"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2006-10-23 02:40 46200]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"MFPMonitor"="C:\WINDOWS\twain_32\DELL\MFP1125\Monitor\Stsmon.exe" [2007-07-22 16:10 2002944]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19 129536]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 07:51 442455]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-09-24 20:12 1036288]
"ubasss"="mmdssvc.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"ubasss"="mmdssvc.exe" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2008-01-17 17:44:25 217088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"BurnWin"= {C145CF11-124F-3562-44AC-E685D962C63C} - C:\WINDOWS\system32\apiuser32.dll [2008-02-05 14:21 256000]
R0 Ytt77;Ytt77;C:\WINDOWS\system32\Drivers\Ytt77.sys [2008-02-04 17:12]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35]
R2 ASFAgent;ASF Agent;C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2007-01-23 04:58]
R2 CbEvtSvc;CbEvtSvc;C:\WINDOWS\System32\CbEvtSvc.exe [2008-01-29 08:54]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2007-02-10 05:29]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 06:00]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
S2 mcmscsvcWebClient;McAfee Services mcmscsvcWebClient;C:\WINDOWS\system32\accesswr.exe srv []
S2 MSSQL$MSSMLBIZMessenger;SQL Server (MSSMLBIZ) MSSQL$MSSMLBIZMessenger;C:\WINDOWS\system32\6to4svcq.exe srv []
S2 NlaMSSQL$MSSMLBIZ;Network Location Awareness (NLA) NlaMSSQL$MSSMLBIZ;C:\WINDOWS\system32\accessw.exe srv []
S2 RDSessMgrwscsvc;Remote Desktop Help Session Manager RDSessMgrwscsvc;C:\WINDOWS\system32\activedsc.exe srv []
S2 SamSsdmserver;Security Accounts Manager SamSsdmserver;C:\WINDOWS\system32\amstreami.exe srv []
S2 SQLBrowserImapiService;SQL Server Browser SQLBrowserImapiService;C:\WINDOWS\system32\12520437r.exe srv []
S3 AsfAlrt;AsfAlrt Service;C:\WINDOWS\system32\Drivers\AsfAlrt.sys [2007-01-23 04:45]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{814033b0-c88b-11dc-b481-001aa0ea5509}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9168a98-d3f9-11dc-b497-001aa0ea5509}]
\Shell\AutoRun\command - E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
*Newly Created Service* - CCEVTSVC
*Newly Created Service* - HYW71
.
Contents of the 'Scheduled Tasks' folder
"2008-01-16 03:35:09 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-16 03:35:08 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-06 14:34:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\CcEvtSvc.exe 93184 bytes executable
C:\WINDOWS\system32\drivers\Hyw71.sys 167936 bytes executable
scan completed successfully
hidden files: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Hyw71]
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\CcEvtSvc.exe
C:\WINDOWS\system32\cscript.exe
.
**************************************************************************
.
Completion time: 2008-02-06 14:35:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-06 19:35:35
.
2008-02-05 22:14:06 --- E O F ---
===================================================
hijackthis20080206(1).txt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:40 PM, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\twain_32\DELL\MFP1125\Monitor\Stsmon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\System32\CbEvtSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\CcEvtSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://att.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customi ... ch/ie.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customi ... .yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell.comR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
http://www.google.com/ig/dell?hl=en&cli ... bd=0080115R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Acrobat Speed Launch] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MFPMonitor] C:\WINDOWS\twain_32\DELL\MFP1125\Monitor\Stsmon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ubasss] mmdssvc.exe
O4 - HKLM\..\RunServices: [ubasss] mmdssvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Append to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.delex.com
O15 - Trusted Zone: *.longwaveinc.com
O15 - Trusted Zone: *.navy.mil
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=58813O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/Shar ... vSniff.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cabO21 - SSODL: BurnWin - {C145CF11-124F-3562-44AC-E685D962C63C} - C:\WINDOWS\system32\apiuser32.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: CbEvtSvc - Unknown owner - C:\WINDOWS\System32\CbEvtSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Services mcmscsvcWebClient (mcmscsvcWebClient) - Unknown owner - C:\WINDOWS\system32\accesswr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Network Location Awareness (NLA) NlaMSSQL$MSSMLBIZ (NlaMSSQL$MSSMLBIZ) - Unknown owner - C:\WINDOWS\system32\accessw.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager RDSessMgrwscsvc (RDSessMgrwscsvc) - Unknown owner - C:\WINDOWS\system32\activedsc.exe (file missing)
O23 - Service: Security Accounts Manager SamSsdmserver (SamSsdmserver) - Unknown owner - C:\WINDOWS\system32\amstreami.exe (file missing)
O23 - Service: SQL Server Browser SQLBrowserImapiService (SQLBrowserImapiService) - Unknown owner - C:\WINDOWS\system32\12520437r.exe (file missing)
O23 - Service: SSDP Discovery Service SSDPSRVBITS (SSDPSRVBITS) - Unknown owner - C:\WINDOWS\system32\1041a.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WMI Performance Adapter WmiApSrvaspnet_state (WmiApSrvaspnet_state) - Unknown owner - C:\WINDOWS\system32\AlertAppg.exe (file missing)
--
End of file - 12232 bytes
===================================================
END
You do not have the required permissions to view the files attached to this post.