Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware problem - I can't get rid of this


  • Please log in to reply

#1
beznsarah

beznsarah

    New Member

  • Member
  • Pip
  • 4 posts
I've run into a spyware issue that I can't seem to beat. First I was getting (in task bar) a red circle with an X and a balloon popup that said my system was at risk. After clicking that it seems various items were auto installed etc(Spykiller pro, which I uninstalled). I downloaded and ran the following yesterday and I thought I had it beat because these found a large number of items that were removed: Super AnitSpyware, Search & Destroy, Ad-Aware 2007.

This morning I had a balloon still saying that my computer was at risk. Since then I've run the following FixWareOut, ComboFix. After all this, now my computers desktop has changed to black and there is a red box that says "Your computer is in Dangerr! Windows Security Center has detected sypwear/adware infection..... I still have the red circl with the X with balloon that says Warning Security report....

I'm attaching logs for HJT and ComboFix below. Thanks for your help in advance.
  • 0

Advertisements


#2
beznsarah

beznsarah

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
ComboFix 08-01-15.4 - Administrator 2008-01-15 9:03:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.49 [GMT -6:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\microsoft\internet explorer\Desktop.htt
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\Monique\Application Data\install.dat
C:\Program Files\kernel
C:\Program Files\Temporary
C:\WINDOWS\17PHolmes27.exe
C:\WINDOWS\Help\agt037b.hlp
C:\WINDOWS\system32\dllgh8jkd1q5.exe
C:\WINDOWS\system32\dllgh8jkd1q8.exe
C:\WINDOWS\system32\drivers\PAA17.sys
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\max1d11643v.exe
C:\WINDOWS\system32\mscore.dll
C:\WINDOWS\system32\shift.exe.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_LRITO12E5-5FA8
-------\LEGACY_LRITO30C4-2B5A
-------\LEGACY_LRITO658B-1C68
-------\LEGACY_PAA17
-------\LEGACY_SMTPDRV
-------\Driver
-------\lrito12e5-5fa8
-------\lrito30c4-2b5a
-------\lrito658b-1c68
-------\smtpdrv


((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
.

2008-01-15 07:08 . 2008-01-15 07:26 <DIR> d-------- C:\Program Files\SpyKillerPro
2008-01-14 21:28 . 2008-01-14 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-14 21:27 . 2008-01-15 07:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-14 21:27 . 2008-01-14 21:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-01-14 17:20 . 2008-01-14 17:20 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-14 17:20 . 2008-01-14 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-14 12:47 . 2008-01-14 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-14 10:20 . 2008-01-14 10:19 14,848 --a------ C:\Documents and Settings\Administrator\ntuser.exe
2008-01-14 10:20 . 2008-01-15 09:23 6,144 --a------ C:\Documents and Settings\Administrator\msftp.dll
2008-01-14 10:06 . 2008-01-14 10:07 <DIR> d-------- C:\Program Files\ANI
2008-01-14 10:05 . 2008-01-14 10:05 <DIR> d-------- C:\Program Files\D-Link
2008-01-14 10:05 . 2008-01-14 10:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-01-14 09:04 . 2008-01-14 09:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-14 09:03 . 2008-01-14 09:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-09 13:26 . 2008-01-09 14:49 <DIR> d-------- C:\Documents and Settings\Monique\Application Data\MSN6
2008-01-09 13:26 . 2008-01-09 13:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-01-07 22:13 . 2008-01-07 22:13 <DIR> d-------- C:\Program Files\Google
2007-12-20 10:10 . 2007-12-20 10:10 <DIR> d-------- C:\Program Files\Coupons

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 15:24 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-15 15:23 6,144 ----a-w C:\WINDOWS\system32\msftp.dll
2008-01-15 15:14 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-15 01:08 90,112 ----a-w C:\WINDOWS\DUMPd41a.tmp
2008-01-14 23:34 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-14 19:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 16:19 14,848 ----a-w C:\WINDOWS\system32\drivers\win32.exe
2008-01-14 16:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
1998-12-09 09:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 09:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 09:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 09:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 09:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 09:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.
Infected C:\WINDOWS\system32\svchost.exe hex repaired


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{489C5DDD-AB4C-48EC-B397-505BABF9B4BD}]
2008-01-15 07:06 53248 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ieobj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"auto"="C:\WINDOWS\system32\drivers\win32.exe" [2008-01-14 10:19 14848]
"ntuser"="C:\Documents and Settings\Administrator\ntuser.exe" [2008-01-14 10:19 14848]
"SpyKillerPro"="C:\Program Files\SpyKillerPro\SpyKillerPro.exe" [ ]
"quartz"="C:\WINDOWS\System32\quartz.exe" [ ]
"dmime"="C:\WINDOWS\System32\dmime.exe" [ ]
"anti_troj"="C:\WINDOWS\system32\anti_troj.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="C:\Program Files\Common Files\AOL\1130356250\EE\AOLHostManager.exe" [2004-11-03 15:03 125528]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 08:40 34904]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 15:33 99480]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 09:21 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 19:27 85696]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-16 19:27 98304]
"D-Link RangeBooster G WDA-2320"="C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe" [2007-08-29 15:15 1662976]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 11:49 49152]
"Windows Framework"="C:\WINDOWS\system32\scvh0st.exe" [ ]
"mmnext06"="C:\WINDOWS\trjdwnl.dll" [ ]
"shellbn"="C:\WINDOWS\shlext32.exe" [ ]
"Tapicfg.exe"="tapicfg.exe" []
"anti_troj"="C:\WINDOWS\system32\anti_troj.exe" [ ]
"vmlib"="vmlib.exe" []
"cssrss.exe"="cssrss.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{24E31EA9-FCE2-404F-BD80-20543565D946}"= C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~~install.dll [2008-01-15 07:06 14336]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lty48.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdh62.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
backup=C:\WINDOWS\pss\Symantec Fax Starter Edition Port.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2005-07-12 06:17 50776 C:\Program Files\America Online 9.0\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2004-10-20 08:40 34904 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 10:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a--c--- 2001-07-09 08:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
--a------ 2004-04-05 15:33 99480 C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-09-16 19:27 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-09-16 19:26 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

R0 SC247XF;SC247XF;C:\WINDOWS\system32\DRIVERS\SC247XF.sys [2001-09-13 18:47]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2007-05-24 18:15]
R3 JSWSCIMD;jswscimd Service;C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2007-07-25 08:52]
S0 Lty48;Lty48;C:\WINDOWS\system32\Drivers\Lty48.sys []
S1 kcp;kcp;C:\WINDOWS\system32\drivers\kcp.sys []
S2 oriieke37501509;oriieke37501509;C:\WINDOWS\system32\oriieke37501509.sys []
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files\D-Link\RangeBooster G WDA-2320\JSWUtil\jswpsapi.exe [2007-08-02 12:05]
S3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys []
S3 SpyKillerProFilter;1/15/20087:08:53 AM;C:\Program Files\SpyKillerPro\SSS.sys []
S3 Wdh62;Wdh62;C:\WINDOWS\System32\drivers\Wdh62.sys []
S3 Winacusb;Winacusb;C:\WINDOWS\system32\DRIVERS\winacusb.sys [2001-12-14 12:22]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 09:24:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-15 9:31:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-15 15:31:31
.
2008-01-15 09:02:26 --- E O F ---

Attached Files


  • 0

#3
beznsarah

beznsarah

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:35 AM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\drivers\win32.exe
C:\PROGRA~1\COMMON~1\AOL\113035~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\113035~1\EE\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\bez\HijackThis\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\881d7070640a4412a784782616794afa\update\update.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.4-star-fi.....27tbq>4247825
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AboutBlank Class - {489C5DDD-AB4C-48EC-B397-505BABF9B4BD} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ieobj.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130356250\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link RangeBooster G WDA-2320] C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Windows Framework] C:\WINDOWS\system32\scvh0st.exe
O4 - HKLM\..\Run: [mmnext06] C:\WINDOWS\trjdwnl.dll
O4 - HKLM\..\Run: [shellbn] C:\WINDOWS\shlext32.exe
O4 - HKLM\..\Run: [Tapicfg.exe] tapicfg.exe
O4 - HKLM\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O4 - HKLM\..\Run: [cssrss.exe] cssrss.exe
O4 - HKCU\..\Run: [auto] C:\WINDOWS\system32\drivers\win32.exe
O4 - HKCU\..\Run: [ntuser] C:\Documents and Settings\Administrator\ntuser.exe
O4 - HKCU\..\Run: [SpyKillerPro] C:\Program Files\SpyKillerPro\SpyKillerPro.exe
O4 - HKCU\..\Run: [quartz] C:\WINDOWS\System32\quartz.exe
O4 - HKCU\..\Run: [dmime] C:\WINDOWS\System32\dmime.exe
O4 - HKCU\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{29C7A482-F605-417E-BB20-701446B96854}: NameServer = 192.168.0.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows Installer Class - {24E31EA9-FCE2-404F-BD80-20543565D946} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~~install.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\RangeBooster G WDA-2320\JSWUtil\jswpsapi.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7806 bytes
  • 0

#4
beznsarah

beznsarah

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I tried a few more things. I think I got it this time, however, if someone could please verify that I'm clean I would appreciate it! Last time I thought I was good but it came back over night.

I ran ComboFix.exe again this time in Safemode. Then I ran SmitFraudFix followed by SDFix.
Here are the log files. At the very end is my new HJT log.

Thanks!!!


ComboFix 08-01-15.4 - Administrator 2008-01-15 11:29:00.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.195 [GMT -6:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\microsoft\internet explorer\Desktop.htt

.
((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
.

2008-01-15 11:20 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-15 11:20 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-15 11:20 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-15 11:20 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-15 11:20 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-15 11:20 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-15 11:15 . 2008-01-15 11:21 2,392 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-15 09:32 . 2008-01-15 09:32 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-15 08:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 21:28 . 2008-01-14 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-14 21:27 . 2008-01-15 07:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-14 21:27 . 2008-01-14 21:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-01-14 17:20 . 2008-01-14 17:20 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-14 17:20 . 2008-01-14 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-14 13:39 . 2008-01-15 09:22 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME
2008-01-14 12:47 . 2008-01-15 10:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-14 10:20 . 2008-01-14 10:19 14,848 --a------ C:\WINDOWS\system32\drivers\win32.exe
2008-01-14 10:20 . 2008-01-14 10:19 14,848 --a------ C:\Documents and Settings\Administrator\ntuser.exe
2008-01-14 10:20 . 2008-01-15 09:23 6,144 --a------ C:\WINDOWS\system32\msftp.dll
2008-01-14 10:20 . 2008-01-15 09:23 6,144 --a------ C:\Documents and Settings\Administrator\msftp.dll
2008-01-14 10:10 . 2006-11-10 04:11 134 --a------ C:\WINDOWS\system32\DWLAB.DAT
2008-01-14 10:10 . 2008-01-15 09:23 14 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{29C7A482-F605-417E-BB20-701446B96854}
2008-01-14 10:07 . 2005-10-19 18:19 1,327,189 --a------ C:\WINDOWS\system32\odSupp_M.dll
2008-01-14 10:07 . 2007-09-05 18:13 679,936 --a------ C:\WINDOWS\system32\ANIWZCS2.dll
2008-01-14 10:07 . 2007-08-14 13:26 262,144 --a------ C:\WINDOWS\system32\wnicapi.dll
2008-01-14 10:07 . 2007-08-20 17:41 233,472 --a------ C:\WINDOWS\system32\WlanApp.dll
2008-01-14 10:07 . 2007-05-12 13:33 217,088 --a------ C:\WINDOWS\system32\aIPH.dll
2008-01-14 10:07 . 2005-10-27 08:55 49,152 --a------ C:\WINDOWS\system32\JJAKEn.dll
2008-01-14 10:07 . 2005-10-19 18:19 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll
2008-01-14 10:07 . 2006-09-26 13:49 45,115 --a------ C:\WINDOWS\system32\ANICtl.dll
2008-01-14 10:06 . 2008-01-14 10:07 <DIR> d-------- C:\Program Files\ANI
2008-01-14 10:06 . 2007-08-02 12:05 405,583 --a------ C:\WINDOWS\system32\jswscsup.dll
2008-01-14 10:06 . 2005-12-13 10:38 48,128 --a------ C:\WINDOWS\system32\ANIO64.sys
2008-01-14 10:06 . 2005-10-21 15:56 36,864 --a------ C:\WINDOWS\system32\ANIOApi.dll
2008-01-14 10:06 . 2005-12-11 11:55 28,195 --a------ C:\WINDOWS\system32\ANIO.sys
2008-01-14 10:06 . 2004-10-14 10:29 16,997 --a------ C:\WINDOWS\system32\ANIO.VXD
2008-01-14 10:06 . 2004-10-14 10:29 11,904 --a------ C:\WINDOWS\system32\anio4.sys
2008-01-14 10:06 . 2007-07-25 08:52 5,529 --a------ C:\WINDOWS\system32\jswscimdp.inf
2008-01-14 10:05 . 2008-01-14 10:05 <DIR> d-------- C:\Program Files\D-Link
2008-01-14 10:05 . 2008-01-14 10:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-01-14 10:05 . 2007-06-29 02:24 467,648 --a------ C:\WINDOWS\system32\drivers\A3AB9x.sys
2008-01-14 10:05 . 2007-07-25 08:52 57,376 --a------ C:\WINDOWS\system32\jswscimd.sys
2008-01-14 10:05 . 2007-07-25 08:52 57,376 --a------ C:\WINDOWS\system32\drivers\jswscimd.sys
2008-01-14 10:05 . 2007-07-28 18:07 12,564 --a------ C:\WINDOWS\system32\jswscimdp.cat
2008-01-14 10:05 . 2007-07-28 18:07 12,135 --a------ C:\WINDOWS\system32\jswscimd.cat
2008-01-14 10:05 . 2007-07-25 08:52 2,231 --a------ C:\WINDOWS\system32\jswscimd.inf
2008-01-14 09:04 . 2008-01-14 09:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-14 09:03 . 2008-01-14 09:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-14 09:03 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-14 08:15 . 2008-01-15 09:47 <DIR> d-------- C:\Bez
2008-01-13 23:36 . 2004-08-04 06:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2008-01-13 23:34 . 2004-08-04 06:00 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-01-13 23:33 . 2004-08-04 06:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-01-13 23:32 . 2004-08-04 06:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-01-13 23:32 . 2004-08-04 06:00 229,439 --a--c--- C:\WINDOWS\system32\dllcache\multibox.dll
2008-01-13 23:32 . 2004-08-04 06:00 111,104 --a--c--- C:\WINDOWS\system32\dllcache\mtstocom.exe
2008-01-13 23:32 . 2004-08-04 06:00 98,304 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.dll
2008-01-13 23:32 . 2004-08-04 06:00 53,248 --a--c--- C:\WINDOWS\system32\dllcache\nextlink.dll
2008-01-13 23:32 . 2004-08-04 06:00 44,544 --a--c--- C:\WINDOWS\system32\dllcache\nsepm.dll
2008-01-13 23:32 . 2001-08-17 22:36 38,912 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll
2008-01-13 23:32 . 2004-08-04 06:00 36,927 --a--c--- C:\WINDOWS\system32\dllcache\padrs411.dll
2008-01-13 23:32 . 2004-08-04 06:00 15,872 --a--c--- C:\WINDOWS\system32\dllcache\padrs404.dll
2008-01-13 23:30 . 2004-08-04 06:00 811,064 --a--c--- C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-01-13 23:29 . 2004-08-04 06:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-13 23:28 . 2004-08-04 06:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-01-13 23:27 . 2004-08-04 06:00 369,664 --a--c--- C:\WINDOWS\system32\dllcache\asp51.dll
2008-01-13 23:26 . 2004-08-04 06:00 829,440 --a--c--- C:\WINDOWS\system32\dllcache\inetmgr.dll
2008-01-13 23:25 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-01-13 23:21 . 2008-01-13 23:21 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-13 23:21 . 2008-01-13 23:21 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-01-13 23:21 . 2008-01-13 23:21 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-01-13 23:21 . 2008-01-13 23:21 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-01-13 23:21 . 2008-01-13 23:21 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-01-13 23:21 . 2008-01-13 23:21 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-01-13 23:20 . 2004-08-04 06:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-01-13 23:14 . 2004-08-04 00:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2008-01-13 23:13 . 2004-08-04 00:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2008-01-13 23:13 . 2004-08-03 23:00 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2008-01-13 23:13 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-01-13 23:05 . 2001-08-17 13:51 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2008-01-13 23:05 . 2001-08-17 13:51 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
2008-01-13 22:56 . 2004-08-04 06:00 2,012,670 --a--c--- C:\WINDOWS\system32\dllcache\NT5.CAT
2008-01-13 22:56 . 2004-08-04 06:00 1,086,058 --a--c--- C:\WINDOWS\system32\dllcache\NTPRINT.CAT
2008-01-13 22:56 . 2004-08-04 06:00 1,086,058 -ra------ C:\WINDOWS\SET86.tmp
2008-01-13 22:56 . 2004-08-04 06:00 1,042,903 --a--c--- C:\WINDOWS\system32\dllcache\SP2.CAT
2008-01-13 22:56 . 2004-08-04 06:00 1,042,903 -ra------ C:\WINDOWS\SET83.tmp
2008-01-13 22:56 . 2004-08-04 06:00 797,189 --a--c--- C:\WINDOWS\system32\dllcache\NT5IIS.CAT
2008-01-13 22:56 . 2004-08-04 06:00 502,724 --a--c--- C:\WINDOWS\system32\dllcache\NT5INF.CAT
2008-01-13 22:56 . 2004-08-04 06:00 13,753 -ra------ C:\WINDOWS\SET92.tmp
2008-01-13 16:39 . 2008-01-14 19:08 90,112 --a------ C:\WINDOWS\DUMPd41a.tmp
2008-01-09 13:26 . 2008-01-09 14:49 <DIR> d-------- C:\Documents and Settings\Monique\Application Data\MSN6
2008-01-09 13:26 . 2008-01-09 13:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-01-08 09:06 . 2008-01-08 09:06 0 --a------ C:\WINDOWS\vpc32.INI
2008-01-07 22:13 . 2008-01-07 22:13 <DIR> d-------- C:\Program Files\Google
2008-01-07 01:52 . 2008-01-07 01:52 276 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-07 01:30 . 2008-01-13 22:27 157,524 --a------ C:\WINDOWS\setupapi.old
2008-01-07 01:19 . 2008-01-14 12:45 <DIR> d--hs---- C:\WINDOWS\QnJvb2tzIEpvaG5zb24
2008-01-07 01:10 . 2008-01-07 01:12 43,785 --a------ C:\WINDOWS\system32\lrito.ini
2008-01-05 01:39 . 2008-01-05 01:42 48,173 --a------ C:\WINDOWS\system32\oriieke.ini
2008-01-05 01:39 . 2008-01-05 01:39 0 --a------ C:\WINDOWS\system32\lich.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 15:54 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-15 15:14 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-14 23:34 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-14 19:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 16:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
1998-12-09 09:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 09:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 09:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 09:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 09:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 09:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.

((((((((((((((((((((((((((((( [email protected]_ 9.29.15.74 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-15 15:45:12 8,676 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{79CF42D6-3222-4DA4-A1ED-072A194AA2FC}.bin
- 2000-08-31 14:00:00 136,704 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2006-01-09 15:36:06 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
- 2000-08-31 14:00:00 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2006-12-01 11:20:32 79,360 ----a-w C:\WINDOWS\system32\swxcacls.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"auto"="C:\WINDOWS\system32\drivers\win32.exe" [2008-01-14 10:19 14848]
"ntuser"="C:\Documents and Settings\Administrator\ntuser.exe" [2008-01-14 10:19 14848]
"quartz"="C:\WINDOWS\System32\quartz.exe" [ ]
"dmime"="C:\WINDOWS\System32\dmime.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="C:\Program Files\Common Files\AOL\1130356250\EE\AOLHostManager.exe" [2004-11-03 15:03 125528]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 08:40 34904]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 15:33 99480]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 09:21 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 19:27 85696]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-16 19:27 98304]
"D-Link RangeBooster G WDA-2320"="C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe" [2007-08-29 15:15 1662976]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 11:49 49152]
"cssrss.exe"="cssrss.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{24E31EA9-FCE2-404F-BD80-20543565D946}"= C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~~install.dll [2008-01-15 07:06 14336]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lty48.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdh62.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
backup=C:\WINDOWS\pss\Symantec Fax Starter Edition Port.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2005-07-12 06:17 50776 C:\Program Files\America Online 9.0\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2004-10-20 08:40 34904 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 10:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a--c--- 2001-07-09 08:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
--a------ 2004-04-05 15:33 99480 C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-09-16 19:27 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-09-16 19:26 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

R0 SC247XF;SC247XF;C:\WINDOWS\system32\DRIVERS\SC247XF.sys [2001-09-13 18:47]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2007-05-24 18:15]
R3 JSWSCIMD;jswscimd Service;C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2007-07-25 08:52]
S0 Lty48;Lty48;C:\WINDOWS\system32\Drivers\Lty48.sys []
S1 kcp;kcp;C:\WINDOWS\system32\drivers\kcp.sys []
S2 oriieke37501509;oriieke37501509;C:\WINDOWS\system32\oriieke37501509.sys []
S3 EraserUtilDrvI4;EraserUtilDrvI4;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI4.sys [2007-11-14 03:00]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files\D-Link\RangeBooster G WDA-2320\JSWUtil\jswpsapi.exe [2007-08-02 12:05]
S3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys []
S3 SpyKillerProFilter;1/15/20087:08:53 AM;C:\Program Files\SpyKillerPro\SSS.sys []
S3 Wdh62;Wdh62;C:\WINDOWS\System32\drivers\Wdh62.sys []
S3 Winacusb;Winacusb;C:\WINDOWS\system32\DRIVERS\winacusb.sys [2001-12-14 12:22]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 11:34:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-15 11:35:43
ComboFix-quarantined-files.txt 2008-01-15 17:35:14
ComboFix2.txt 2008-01-15 15:31:51
.
2008-01-15 15:54:18 --- E O F ---




SmitFraudFix v2.274

Scan done at 14:45:01.91, Tue 01/15/2008
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{24E31EA9-FCE2-404F-BD80-20543565D946}"="Windows Installer Class"

[HKEY_CLASSES_ROOT\CLSID\{24E31EA9-FCE2-404F-BD80-20543565D946}\InProcServer32]
@="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~~install.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{24E31EA9-FCE2-404F-BD80-20543565D946}\InProcServer32]
@="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~~install.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: D-Link WDA-2320 Desktop Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{29C7A482-F605-417E-BB20-701446B96854}: NameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{29C7A482-F605-417E-BB20-701446B96854}: NameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{24E31EA9-FCE2-404F-BD80-20543565D946}"="Windows Installer Class"

[HKEY_CLASSES_ROOT\CLSID\{24E31EA9-FCE2-404F-BD80-20543565D946}\InProcServer32]
@="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~~install.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{24E31EA9-FCE2-404F-BD80-20543565D946}\InProcServer32]
@="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~~install.dll"



»»»»»»»»»»»»»»»»»»»»»»»» End




SDFix: Version 1.126

Run by Administrator on Tue 01/15/2008 at 02:51 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
kcp

Path:
\??\C:\WINDOWS\system32\drivers\kcp.sys

kcp - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Service asc3550p - Deleted after Reboot

Normal Mode:
Checking Files:

Trojan Files Found:

C:\Documents and Settings\Administrator\msftp.dll - Deleted
C:\Documents and Settings\Administrator\ntuser.exe - Deleted
C:\WINDOWS\system32\drivers\win32.exe - Deleted
C:\WINDOWS\system32\lich.dat - Deleted
C:\WINDOWS\system32\lrito.ini - Deleted
C:\WINDOWS\system32\msftp.dll - Deleted
C:\WINDOWS\system32\oriieke.ini - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 15:02:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem15.CAT 24698 bytes
C:\WINDOWS\inf\oem15.inf 21951 bytes
C:\WINDOWS\inf\oem15.PNF 49836 bytes
C:\WINDOWS\LastGood
C:\WINDOWS\LastGood\INF
C:\WINDOWS\LastGood\INF\oem15.inf 0 bytes
C:\WINDOWS\LastGood\INF\oem15.PNF 0 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 7


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Thu 20 Dec 2007 31 A..H. --- "C:\WINDOWS\uccspecc.sys"
Fri 19 Nov 2004 54,872 A..H. --- "C:\Program Files\America Online 9.0\AOLphx.exe"
Fri 19 Nov 2004 31,832 A..H. --- "C:\Program Files\America Online 9.0\rbm.exe"
Thu 7 Dec 2000 51,200 A..H. --- "C:\WINDOWS\system32\PackethSvc.exe"
Tue 27 Mar 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 27 Mar 2007 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv17.bak"
Fri 5 Aug 2005 484,592 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\00766461b1b00d8469999536d8f8d6e4\BIT38.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\02cded8b341a95a07525625c2bc327cd\BIT4.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a120212db9f8797932f46def01672fc\BITF.tmp"
Wed 29 Mar 2006 155,454 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BIT3A.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0d4a7c846fe5e74c3056c3e240c1ffeb\BIT2.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\109fef93c24da62cf8f31668d6ba9060\BIT1A.tmp"
Fri 28 Jul 2006 151,516 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1230492412c0d92c55a03b0de671f167\BIT37.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\131ae35a2f5be2cefedd349d083bb253\BIT3C.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1d8773e3b9bba05290b442f31de09a2e\BIT40.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1fb659e25c21839251d560da33cbcfad\BIT5.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\208c1a8c52f47d7b2df4baa21f58d3da\BITE.tmp"
Mon 5 Feb 2007 155,334 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\299966e551b4462ae94e39e251e277b6\BIT36.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\29f79ad83880337acafe2a37966d9d29\BIT47.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\32e99364da67a7850c38a7a4e067a1ed\BIT46.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\33831624a2e810dc854ea2f820d0dd53\BIT41.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\393673217fc83f2b990ca70aa98f1df8\BIT3E.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\40a830826de015286a7a5523023b1e09\BIT18.tmp"
Tue 2 Oct 2007 15,452,536 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT10.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT3.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\458b0ddf827cd2ca02539e5a3b1a3d3c\BIT14.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\495213e4cb2a90b1fa5505a5fab8e00b\BIT1B.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4cc8107fde988bba1481bb736cc96c29\BIT19.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4e28cc4378cd0807778e1b0917bd6312\BIT3D.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6b5f9b6e24a379bdb34ad3589556de3e\BIT20.tmp"
Mon 7 Jan 2008 2,166,832 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6c0455d67216e75859cc27e7120ab0d1\BIT2D.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8a10de02595aa748279afc6c628f49a8\BIT48.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\BIT11.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a4eec31189780c76a955690dc00fbe64\BIT3B.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\adc42e4e6905251cac80b18a8dccd42a\BIT1F.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b3e21b535dea17cce2bc6f0feca1311d\BIT45.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b6bef673c2e4e242a39946c4931e8a98\BIT1D.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b79f0480d592be3a8c6db381ffc0c693\BIT16.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c1b0851ac9312d2f7e1ab716c11967b5\BIT44.tmp"
Fri 5 Aug 2005 490,736 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c23140ab2b4cffaee396a230df8b1229\BIT35.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c87932aedce288373d0b6a6c23f00c8a\BIT3F.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c9cdbfcd49200c55d94bb81819c80f2b\BIT10.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ca6c24ab62fe8433c5d63bb11a2e5a2c\BIT15.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d424e8f655073b64c82b6f4f138d5f7e\BIT13.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d820fbd6e1527bc9c51d0c3b240b96fd\BIT1E.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\da70638ee8e6f6c7eff37e755cd6f449\BIT43.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e3c3121982c8a4d0c1605cfbcb9bb7c8\BIT1C.tmp"
Mon 5 Feb 2007 151,147 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ee52836d5c671146809a1dc54498be1f\BIT34.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f934b30a3337b488590ef3c1f3bbfd68\BIT12.tmp"
Fri 1 Jun 2007 154,945 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\BIT39.tmp"
Wed 18 Jul 2007 45,056 ...H. --- "C:\Documents and Settings\Monique\Application Data\Microsoft\Word\~WRL0005.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0091ab299e899a5920ad91739ad99c67\download\BIT13.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\080070f6461c8001578e5e4cd4bb024b\download\BITC.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0c114cf5b19927cfea8b29c83de1ed86\download\BIT19.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1950380ad27a186ad7b25c1e483494eb\download\BIT1A.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2abaeb659824de5967ddf7181c6befdb\download\BIT17.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2d7809720343ee9223ce4d88d99bf3c2\download\BIT18.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30afadc4c35db2f5d8b4c076a49edc7b\download\BITE.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4387300ca1dcf29784a47c30e67cb637\download\BITF.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4b6ccd5ccf72ffca11e7f7e0165f2082\download\BIT42.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4cbc0c1da652794a86c37dbd177bef9d\download\BIT8.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\50d0c9ff929a7477233edd0771ffdb01\download\BIT1F.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\526e15b6e1b5300357490c8089b5f84e\download\BIT1D.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52b72a8354f3c8a72b1aee0b2a11d368\download\BIT15.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5379e5c681c265eb176cf4ee378a3a96\download\BIT6.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\55b5c397ff94db07e8c1c336efaf0a7b\download\BIT9.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6f0fd10fc234123bcdf54ebca4b84cbd\download\BITD.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7b94d041c29d0b8d724c97ae0005e71b\download\BIT14.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\881d7070640a4412a784782616794afa\download\BIT1E.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\aa19f15378aa75d2b2c7ba5771e0c521\download\BIT11.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\download\BIT10.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c3c3c6d9de8be474641d4bbceb22a36f\download\BIT16.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d037d9bbbbdf880e477c3840b38c3180\download\BIT7.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d1c98689cdcd0ea9312780ffc77a2cbe\download\BITD.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d20fc1765c1d2a8e6c26cf77036ce48f\download\BITB.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d378d94379aa314a2f8a03df7faef1bc\download\BITB.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d8816d09f86abbe0c321ddc90d5c0948\download\BITA.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e7d26e5776f9930c6ad9dff351940707\download\BIT20.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f040a43a7788e207ef67f26bf9f0471f\download\BIT1C.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f1717a50ad70787e0b2e37537d202992\download\BIT1B.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f941c900a413f153861a4032214a1aec\download\BIT12.tmp"

Finished!


the latest HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:00:33 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\COMMON~1\AOL\113035~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\113035~1\EE\AOLServiceHost.exe
C:\Program Files\Symantec AntiVirus\vpc32.exe
C:\Bez\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130356250\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link RangeBooster G WDA-2320] C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [cssrss.exe] cssrss.exe
O4 - HKCU\..\Run: [quartz] C:\WINDOWS\System32\quartz.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{29C7A482-F605-417E-BB20-701446B96854}: NameServer = 192.168.0.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\RangeBooster G WDA-2320\JSWUtil\jswpsapi.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 5666 bytes
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP