I tried a few more things. I think I got it this time, however, if someone could please verify that I'm clean I would appreciate it! Last time I thought I was good but it came back over night.
I ran ComboFix.exe again this time in Safemode. Then I ran SmitFraudFix followed by SDFix.
Here are the log files. At the very end is my new HJT log.
Thanks!!!
ComboFix 08-01-15.4 - Administrator 2008-01-15 11:29:00.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.195 [GMT -6:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Application Data\microsoft\internet explorer\Desktop.htt
.
((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
.
2008-01-15 11:20 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-15 11:20 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-15 11:20 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-15 11:20 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-15 11:20 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-15 11:20 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-15 11:15 . 2008-01-15 11:21 2,392 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-15 09:32 . 2008-01-15 09:32 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-15 08:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 21:28 . 2008-01-14 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-14 21:27 . 2008-01-15 07:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-14 21:27 . 2008-01-14 21:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-01-14 17:20 . 2008-01-14 17:20 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-14 17:20 . 2008-01-14 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-14 13:39 . 2008-01-15 09:22 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME
2008-01-14 12:47 . 2008-01-15 10:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-14 10:20 . 2008-01-14 10:19 14,848 --a------ C:\WINDOWS\system32\drivers\win32.exe
2008-01-14 10:20 . 2008-01-14 10:19 14,848 --a------ C:\Documents and Settings\Administrator\ntuser.exe
2008-01-14 10:20 . 2008-01-15 09:23 6,144 --a------ C:\WINDOWS\system32\msftp.dll
2008-01-14 10:20 . 2008-01-15 09:23 6,144 --a------ C:\Documents and Settings\Administrator\msftp.dll
2008-01-14 10:10 . 2006-11-10 04:11 134 --a------ C:\WINDOWS\system32\DWLAB.DAT
2008-01-14 10:10 . 2008-01-15 09:23 14 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{29C7A482-F605-417E-BB20-701446B96854}
2008-01-14 10:07 . 2005-10-19 18:19 1,327,189 --a------ C:\WINDOWS\system32\odSupp_M.dll
2008-01-14 10:07 . 2007-09-05 18:13 679,936 --a------ C:\WINDOWS\system32\ANIWZCS2.dll
2008-01-14 10:07 . 2007-08-14 13:26 262,144 --a------ C:\WINDOWS\system32\wnicapi.dll
2008-01-14 10:07 . 2007-08-20 17:41 233,472 --a------ C:\WINDOWS\system32\WlanApp.dll
2008-01-14 10:07 . 2007-05-12 13:33 217,088 --a------ C:\WINDOWS\system32\aIPH.dll
2008-01-14 10:07 . 2005-10-27 08:55 49,152 --a------ C:\WINDOWS\system32\JJAKEn.dll
2008-01-14 10:07 . 2005-10-19 18:19 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll
2008-01-14 10:07 . 2006-09-26 13:49 45,115 --a------ C:\WINDOWS\system32\ANICtl.dll
2008-01-14 10:06 . 2008-01-14 10:07 <DIR> d-------- C:\Program Files\ANI
2008-01-14 10:06 . 2007-08-02 12:05 405,583 --a------ C:\WINDOWS\system32\jswscsup.dll
2008-01-14 10:06 . 2005-12-13 10:38 48,128 --a------ C:\WINDOWS\system32\ANIO64.sys
2008-01-14 10:06 . 2005-10-21 15:56 36,864 --a------ C:\WINDOWS\system32\ANIOApi.dll
2008-01-14 10:06 . 2005-12-11 11:55 28,195 --a------ C:\WINDOWS\system32\ANIO.sys
2008-01-14 10:06 . 2004-10-14 10:29 16,997 --a------ C:\WINDOWS\system32\ANIO.VXD
2008-01-14 10:06 . 2004-10-14 10:29 11,904 --a------ C:\WINDOWS\system32\anio4.sys
2008-01-14 10:06 . 2007-07-25 08:52 5,529 --a------ C:\WINDOWS\system32\jswscimdp.inf
2008-01-14 10:05 . 2008-01-14 10:05 <DIR> d-------- C:\Program Files\D-Link
2008-01-14 10:05 . 2008-01-14 10:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-01-14 10:05 . 2007-06-29 02:24 467,648 --a------ C:\WINDOWS\system32\drivers\A3AB9x.sys
2008-01-14 10:05 . 2007-07-25 08:52 57,376 --a------ C:\WINDOWS\system32\jswscimd.sys
2008-01-14 10:05 . 2007-07-25 08:52 57,376 --a------ C:\WINDOWS\system32\drivers\jswscimd.sys
2008-01-14 10:05 . 2007-07-28 18:07 12,564 --a------ C:\WINDOWS\system32\jswscimdp.cat
2008-01-14 10:05 . 2007-07-28 18:07 12,135 --a------ C:\WINDOWS\system32\jswscimd.cat
2008-01-14 10:05 . 2007-07-25 08:52 2,231 --a------ C:\WINDOWS\system32\jswscimd.inf
2008-01-14 09:04 . 2008-01-14 09:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-14 09:03 . 2008-01-14 09:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-14 09:03 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-14 08:15 . 2008-01-15 09:47 <DIR> d-------- C:\Bez
2008-01-13 23:36 . 2004-08-04 06:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2008-01-13 23:34 . 2004-08-04 06:00 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-01-13 23:33 . 2004-08-04 06:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-01-13 23:32 . 2004-08-04 06:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-01-13 23:32 . 2004-08-04 06:00 229,439 --a--c--- C:\WINDOWS\system32\dllcache\multibox.dll
2008-01-13 23:32 . 2004-08-04 06:00 111,104 --a--c--- C:\WINDOWS\system32\dllcache\mtstocom.exe
2008-01-13 23:32 . 2004-08-04 06:00 98,304 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.dll
2008-01-13 23:32 . 2004-08-04 06:00 53,248 --a--c--- C:\WINDOWS\system32\dllcache\nextlink.dll
2008-01-13 23:32 . 2004-08-04 06:00 44,544 --a--c--- C:\WINDOWS\system32\dllcache\nsepm.dll
2008-01-13 23:32 . 2001-08-17 22:36 38,912 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll
2008-01-13 23:32 . 2004-08-04 06:00 36,927 --a--c--- C:\WINDOWS\system32\dllcache\padrs411.dll
2008-01-13 23:32 . 2004-08-04 06:00 15,872 --a--c--- C:\WINDOWS\system32\dllcache\padrs404.dll
2008-01-13 23:30 . 2004-08-04 06:00 811,064 --a--c--- C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-01-13 23:29 . 2004-08-04 06:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-13 23:28 . 2004-08-04 06:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-01-13 23:27 . 2004-08-04 06:00 369,664 --a--c--- C:\WINDOWS\system32\dllcache\asp51.dll
2008-01-13 23:26 . 2004-08-04 06:00 829,440 --a--c--- C:\WINDOWS\system32\dllcache\inetmgr.dll
2008-01-13 23:25 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-01-13 23:21 . 2008-01-13 23:21 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-13 23:21 . 2008-01-13 23:21 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-01-13 23:21 . 2008-01-13 23:21 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-01-13 23:21 . 2008-01-13 23:21 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-01-13 23:21 . 2008-01-13 23:21 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-01-13 23:21 . 2008-01-13 23:21 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-01-13 23:20 . 2004-08-04 06:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-01-13 23:14 . 2004-08-04 00:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2008-01-13 23:13 . 2004-08-04 00:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2008-01-13 23:13 . 2004-08-03 23:00 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2008-01-13 23:13 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-01-13 23:05 . 2001-08-17 13:51 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2008-01-13 23:05 . 2001-08-17 13:51 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
2008-01-13 22:56 . 2004-08-04 06:00 2,012,670 --a--c--- C:\WINDOWS\system32\dllcache\NT5.CAT
2008-01-13 22:56 . 2004-08-04 06:00 1,086,058 --a--c--- C:\WINDOWS\system32\dllcache\NTPRINT.CAT
2008-01-13 22:56 . 2004-08-04 06:00 1,086,058 -ra------ C:\WINDOWS\SET86.tmp
2008-01-13 22:56 . 2004-08-04 06:00 1,042,903 --a--c--- C:\WINDOWS\system32\dllcache\SP2.CAT
2008-01-13 22:56 . 2004-08-04 06:00 1,042,903 -ra------ C:\WINDOWS\SET83.tmp
2008-01-13 22:56 . 2004-08-04 06:00 797,189 --a--c--- C:\WINDOWS\system32\dllcache\NT5IIS.CAT
2008-01-13 22:56 . 2004-08-04 06:00 502,724 --a--c--- C:\WINDOWS\system32\dllcache\NT5INF.CAT
2008-01-13 22:56 . 2004-08-04 06:00 13,753 -ra------ C:\WINDOWS\SET92.tmp
2008-01-13 16:39 . 2008-01-14 19:08 90,112 --a------ C:\WINDOWS\DUMPd41a.tmp
2008-01-09 13:26 . 2008-01-09 14:49 <DIR> d-------- C:\Documents and Settings\Monique\Application Data\MSN6
2008-01-09 13:26 . 2008-01-09 13:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-01-08 09:06 . 2008-01-08 09:06 0 --a------ C:\WINDOWS\vpc32.INI
2008-01-07 22:13 . 2008-01-07 22:13 <DIR> d-------- C:\Program Files\Google
2008-01-07 01:52 . 2008-01-07 01:52 276 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-07 01:30 . 2008-01-13 22:27 157,524 --a------ C:\WINDOWS\setupapi.old
2008-01-07 01:19 . 2008-01-14 12:45 <DIR> d--hs---- C:\WINDOWS\QnJvb2tzIEpvaG5zb24
2008-01-07 01:10 . 2008-01-07 01:12 43,785 --a------ C:\WINDOWS\system32\lrito.ini
2008-01-05 01:39 . 2008-01-05 01:42 48,173 --a------ C:\WINDOWS\system32\oriieke.ini
2008-01-05 01:39 . 2008-01-05 01:39 0 --a------ C:\WINDOWS\system32\lich.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 15:54 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-15 15:14 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-14 23:34 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-14 19:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 16:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
1998-12-09 09:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 09:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 09:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 09:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 09:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 09:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.
((((((((((((((((((((((((((((( snapshot@2008-01-15_ 9.29.15.74 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-15 15:45:12 8,676 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{79CF42D6-3222-4DA4-A1ED-072A194AA2FC}.bin
- 2000-08-31 14:00:00 136,704 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2006-01-09 15:36:06 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
- 2000-08-31 14:00:00 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2006-12-01 11:20:32 79,360 ----a-w C:\WINDOWS\system32\swxcacls.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"auto"="C:\WINDOWS\system32\drivers\win32.exe" [2008-01-14 10:19 14848]
"ntuser"="C:\Documents and Settings\Administrator\ntuser.exe" [2008-01-14 10:19 14848]
"quartz"="C:\WINDOWS\System32\quartz.exe" [ ]
"dmime"="C:\WINDOWS\System32\dmime.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="C:\Program Files\Common Files\AOL\1130356250\EE\AOLHostManager.exe" [2004-11-03 15:03 125528]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 08:40 34904]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 15:33 99480]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 09:21 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 19:27 85696]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-16 19:27 98304]
"D-Link RangeBooster G WDA-2320"="C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe" [2007-08-29 15:15 1662976]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 11:49 49152]
"cssrss.exe"="cssrss.exe" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{24E31EA9-FCE2-404F-BD80-20543565D946}"= C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~~install.dll [2008-01-15 07:06 14336]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lty48.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdh62.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
backup=C:\WINDOWS\pss\Symantec Fax Starter Edition Port.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2005-07-12 06:17 50776 C:\Program Files\America Online 9.0\AOL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2004-10-20 08:40 34904 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 10:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a--c--- 2001-07-09 08:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
--a------ 2004-04-05 15:33 99480 C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-09-16 19:27 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-09-16 19:26 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe
R0 SC247XF;SC247XF;C:\WINDOWS\system32\DRIVERS\SC247XF.sys [2001-09-13 18:47]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2007-05-24 18:15]
R3 JSWSCIMD;jswscimd Service;C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2007-07-25 08:52]
S0 Lty48;Lty48;C:\WINDOWS\system32\Drivers\Lty48.sys []
S1 kcp;kcp;C:\WINDOWS\system32\drivers\kcp.sys []
S2 oriieke37501509;oriieke37501509;C:\WINDOWS\system32\oriieke37501509.sys []
S3 EraserUtilDrvI4;EraserUtilDrvI4;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI4.sys [2007-11-14 03:00]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files\D-Link\RangeBooster G WDA-2320\JSWUtil\jswpsapi.exe [2007-08-02 12:05]
S3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys []
S3 SpyKillerProFilter;1/15/20087:08:53 AM;C:\Program Files\SpyKillerPro\SSS.sys []
S3 Wdh62;Wdh62;C:\WINDOWS\System32\drivers\Wdh62.sys []
S3 Winacusb;Winacusb;C:\WINDOWS\system32\DRIVERS\winacusb.sys [2001-12-14 12:22]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-15 11:34:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-15 11:35:43
ComboFix-quarantined-files.txt 2008-01-15 17:35:14
ComboFix2.txt 2008-01-15 15:31:51
.
2008-01-15 15:54:18 --- E O F ---
SmitFraudFix v2.274
Scan done at 14:45:01.91, Tue 01/15/2008
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{24E31EA9-FCE2-404F-BD80-20543565D946}"="Windows Installer Class"
[HKEY_CLASSES_ROOT\CLSID\{24E31EA9-FCE2-404F-BD80-20543565D946}\InProcServer32]
@="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~~install.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{24E31EA9-FCE2-404F-BD80-20543565D946}\InProcServer32]
@="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~~install.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: D-Link WDA-2320 Desktop Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{29C7A482-F605-417E-BB20-701446B96854}: NameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{29C7A482-F605-417E-BB20-701446B96854}: NameServer=192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{24E31EA9-FCE2-404F-BD80-20543565D946}"="Windows Installer Class"
[HKEY_CLASSES_ROOT\CLSID\{24E31EA9-FCE2-404F-BD80-20543565D946}\InProcServer32]
@="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~~install.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{24E31EA9-FCE2-404F-BD80-20543565D946}\InProcServer32]
@="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~~install.dll"
»»»»»»»»»»»»»»»»»»»»»»»» End
SDFix: Version 1.126
Run by Administrator on Tue 01/15/2008 at 02:51 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
kcp
Path:
\??\C:\WINDOWS\system32\drivers\kcp.sys
kcp - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Service asc3550p - Deleted after Reboot
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Documents and Settings\Administrator\msftp.dll - Deleted
C:\Documents and Settings\Administrator\ntuser.exe - Deleted
C:\WINDOWS\system32\drivers\win32.exe - Deleted
C:\WINDOWS\system32\lich.dat - Deleted
C:\WINDOWS\system32\lrito.ini - Deleted
C:\WINDOWS\system32\msftp.dll - Deleted
C:\WINDOWS\system32\oriieke.ini - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-15 15:02:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem15.CAT 24698 bytes
C:\WINDOWS\inf\oem15.inf 21951 bytes
C:\WINDOWS\inf\oem15.PNF 49836 bytes
C:\WINDOWS\LastGood
C:\WINDOWS\LastGood\INF
C:\WINDOWS\LastGood\INF\oem15.inf 0 bytes
C:\WINDOWS\LastGood\INF\oem15.PNF 0 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 7
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Thu 20 Dec 2007 31 A..H. --- "C:\WINDOWS\uccspecc.sys"
Fri 19 Nov 2004 54,872 A..H. --- "C:\Program Files\America Online 9.0\AOLphx.exe"
Fri 19 Nov 2004 31,832 A..H. --- "C:\Program Files\America Online 9.0\rbm.exe"
Thu 7 Dec 2000 51,200 A..H. --- "C:\WINDOWS\system32\PackethSvc.exe"
Tue 27 Mar 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 27 Mar 2007 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv17.bak"
Fri 5 Aug 2005 484,592 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\00766461b1b00d8469999536d8f8d6e4\BIT38.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\02cded8b341a95a07525625c2bc327cd\BIT4.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a120212db9f8797932f46def01672fc\BITF.tmp"
Wed 29 Mar 2006 155,454 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT3A.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0d4a7c846fe5e74c3056c3e240c1ffeb\BIT2.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\109fef93c24da62cf8f31668d6ba9060\BIT1A.tmp"
Fri 28 Jul 2006 151,516 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1230492412c0d92c55a03b0de671f167\BIT37.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\131ae35a2f5be2cefedd349d083bb253\BIT3C.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1d8773e3b9bba05290b442f31de09a2e\BIT40.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1fb659e25c21839251d560da33cbcfad\BIT5.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\208c1a8c52f47d7b2df4baa21f58d3da\BITE.tmp"
Mon 5 Feb 2007 155,334 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\299966e551b4462ae94e39e251e277b6\BIT36.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\29f79ad83880337acafe2a37966d9d29\BIT47.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\32e99364da67a7850c38a7a4e067a1ed\BIT46.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\33831624a2e810dc854ea2f820d0dd53\BIT41.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\393673217fc83f2b990ca70aa98f1df8\BIT3E.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\40a830826de015286a7a5523023b1e09\BIT18.tmp"
Tue 2 Oct 2007 15,452,536 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT10.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT3.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\458b0ddf827cd2ca02539e5a3b1a3d3c\BIT14.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\495213e4cb2a90b1fa5505a5fab8e00b\BIT1B.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4cc8107fde988bba1481bb736cc96c29\BIT19.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4e28cc4378cd0807778e1b0917bd6312\BIT3D.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6b5f9b6e24a379bdb34ad3589556de3e\BIT20.tmp"
Mon 7 Jan 2008 2,166,832 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6c0455d67216e75859cc27e7120ab0d1\BIT2D.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8a10de02595aa748279afc6c628f49a8\BIT48.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\BIT11.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a4eec31189780c76a955690dc00fbe64\BIT3B.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\adc42e4e6905251cac80b18a8dccd42a\BIT1F.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b3e21b535dea17cce2bc6f0feca1311d\BIT45.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b6bef673c2e4e242a39946c4931e8a98\BIT1D.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b79f0480d592be3a8c6db381ffc0c693\BIT16.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c1b0851ac9312d2f7e1ab716c11967b5\BIT44.tmp"
Fri 5 Aug 2005 490,736 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c23140ab2b4cffaee396a230df8b1229\BIT35.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c87932aedce288373d0b6a6c23f00c8a\BIT3F.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c9cdbfcd49200c55d94bb81819c80f2b\BIT10.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ca6c24ab62fe8433c5d63bb11a2e5a2c\BIT15.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d424e8f655073b64c82b6f4f138d5f7e\BIT13.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d820fbd6e1527bc9c51d0c3b240b96fd\BIT1E.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\da70638ee8e6f6c7eff37e755cd6f449\BIT43.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e3c3121982c8a4d0c1605cfbcb9bb7c8\BIT1C.tmp"
Mon 5 Feb 2007 151,147 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ee52836d5c671146809a1dc54498be1f\BIT34.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f934b30a3337b488590ef3c1f3bbfd68\BIT12.tmp"
Fri 1 Jun 2007 154,945 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\BIT39.tmp"
Wed 18 Jul 2007 45,056 ...H. --- "C:\Documents and Settings\Monique\Application Data\Microsoft\Word\~WRL0005.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0091ab299e899a5920ad91739ad99c67\download\BIT13.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\080070f6461c8001578e5e4cd4bb024b\download\BITC.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0c114cf5b19927cfea8b29c83de1ed86\download\BIT19.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1950380ad27a186ad7b25c1e483494eb\download\BIT1A.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2abaeb659824de5967ddf7181c6befdb\download\BIT17.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2d7809720343ee9223ce4d88d99bf3c2\download\BIT18.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30afadc4c35db2f5d8b4c076a49edc7b\download\BITE.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4387300ca1dcf29784a47c30e67cb637\download\BITF.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4b6ccd5ccf72ffca11e7f7e0165f2082\download\BIT42.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4cbc0c1da652794a86c37dbd177bef9d\download\BIT8.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\50d0c9ff929a7477233edd0771ffdb01\download\BIT1F.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\526e15b6e1b5300357490c8089b5f84e\download\BIT1D.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52b72a8354f3c8a72b1aee0b2a11d368\download\BIT15.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5379e5c681c265eb176cf4ee378a3a96\download\BIT6.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\55b5c397ff94db07e8c1c336efaf0a7b\download\BIT9.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6f0fd10fc234123bcdf54ebca4b84cbd\download\BITD.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7b94d041c29d0b8d724c97ae0005e71b\download\BIT14.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\881d7070640a4412a784782616794afa\download\BIT1E.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\aa19f15378aa75d2b2c7ba5771e0c521\download\BIT11.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\download\BIT10.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c3c3c6d9de8be474641d4bbceb22a36f\download\BIT16.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d037d9bbbbdf880e477c3840b38c3180\download\BIT7.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d1c98689cdcd0ea9312780ffc77a2cbe\download\BITD.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d20fc1765c1d2a8e6c26cf77036ce48f\download\BITB.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d378d94379aa314a2f8a03df7faef1bc\download\BITB.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d8816d09f86abbe0c321ddc90d5c0948\download\BITA.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e7d26e5776f9930c6ad9dff351940707\download\BIT20.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f040a43a7788e207ef67f26bf9f0471f\download\BIT1C.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f1717a50ad70787e0b2e37537d202992\download\BIT1B.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f941c900a413f153861a4032214a1aec\download\BIT12.tmp"
Finished!
the latest HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:00:33 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\COMMON~1\AOL\113035~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\113035~1\EE\AOLServiceHost.exe
C:\Program Files\Symantec AntiVirus\vpc32.exe
C:\Bez\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130356250\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link RangeBooster G WDA-2320] C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [cssrss.exe] cssrss.exe
O4 - HKCU\..\Run: [quartz] C:\WINDOWS\System32\quartz.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{29C7A482-F605-417E-BB20-701446B96854}: NameServer = 192.168.0.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\RangeBooster G WDA-2320\JSWUtil\jswpsapi.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 5666 bytes
Sign In
Create Account
