Hi Adam,
Thanks for your help once again.
It appears that combo fix has done it's job - removing the dat file from winlogon.
I haven't tried downloading using IE6 yet.
Here are the two reports you asked for:
Combofix.txt
ComboFix 08-08-30.03 - Owner 2008-09-01 12:24:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.196 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Downloaded Program Files\bsa
C:\WINDOWS\Downloaded Program Files\bsa\boost.dll
C:\WINDOWS\Downloaded Program Files\bsa\dtype32.dll
C:\WINDOWS\Downloaded Program Files\bsa\dtype32x.dll
C:\WINDOWS\Downloaded Program Files\bsa\extres.dll
C:\WINDOWS\Downloaded Program Files\bsa\ezbsa.ctl
C:\WINDOWS\Downloaded Program Files\bsa\ezbsa.exe
C:\WINDOWS\Downloaded Program Files\bsa\help\about.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\addcover.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\blist.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\business.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\commun.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\dir.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\enddex.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\export1.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\export2.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\ez.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\help.css
C:\WINDOWS\Downloaded Program Files\bsa\help\help.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\hints.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\images\autofit.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\back.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\bname.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\bnsearch.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\boptions.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\branding.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\bullet.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\buslist.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\category.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\commun.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\exit.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\export.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\export1.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\export2.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\export3.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\export4.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\export5.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\export6.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\export7.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\ezview.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\facing.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\fdefault.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\fitall.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\fitpage.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\fitwidth.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\forward.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\head1.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\help.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\local.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\logo.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\logo.jpg
C:\WINDOWS\Downloaded Program Files\bsa\help\images\map.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\mapit.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\online1.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\online2.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\onlinlst.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\options.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\page.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\popular.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\print.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\rsearch.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\save1.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\tab1.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\tab2.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\tab3.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\tab4.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\tab5.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\tab6.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\tab7.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\tabs.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\title.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\view.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\zoomin.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\images\zoomout.gif
C:\WINDOWS\Downloaded Program Files\bsa\help\index.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\map.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\maps.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\menubar.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\obtnhead.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\online.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\order.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\popular.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\privacy.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\rlist.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\search.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\select.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\selfdex.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\specpage.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\system.htm
C:\WINDOWS\Downloaded Program Files\bsa\help\title.htm
C:\WINDOWS\Downloaded Program Files\bsa\uninst-axi.exe
C:\WINDOWS\Downloaded Program Files\bsa\xtr\images\bullet.gif
C:\WINDOWS\Downloaded Program Files\bsa\xtr\images\mapus.gif
C:\WINDOWS\Downloaded Program Files\bsa\xtr\images\search.gif
C:\WINDOWS\Downloaded Program Files\bsa\xtr\mapus.htm
C:\WINDOWS\Downloaded Program Files\bsa\xtr\tearpage.htm
C:\WINDOWS\Downloaded Program Files\bsa\xtr\userface.htm
C:\WINDOWS\Install.txt
C:\WINDOWS\system32\__c00B7E32.dat
C:\WINDOWS\system32\atsxyzd.sys
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\rtl60.bpl
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AFINDING
-------\Legacy_MACIDWE
-------\Legacy_PERFS
-------\Legacy_ROUTING
-------\Legacy_SEICTRL
-------\Legacy_SOBICYT
-------\Legacy_TDXDOWKC
-------\Legacy_WSERVING
-------\Service_seictrl
((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))
.
2008-08-16 01:46 . 2008-08-16 01:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-11 07:41 . 2008-08-11 07:41 310 --a------ C:\service.bat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-01 04:28 --------- d-----w C:\Program Files\Quicken
2008-09-01 01:07 --------- d-----w C:\Program Files\almanac
2008-08-31 00:44 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-08-25 05:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2008-08-25 05:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\PowerHouse
2008-08-21 02:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\mjusbsp
2008-08-11 13:15 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-08-11 10:55 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:12 667,136 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2007-07-03 22:23 66,248 ----a-w C:\Program Files\INSTALL.LOG
2007-03-14 02:25 280 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 22:00 200704]
"cdloader"="C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2008-07-22 12:45 50520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-03-03 20:29 2904064]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-03-03 20:29 46080]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 05:42 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 21:50 155648]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-03-11 18:18 135168]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54 241664]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-20 00:17 78960]
"BellSouthAlertManager.exe"="C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe" [2007-01-28 12:14 2061816]
"HelpCenter4.1"="C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-06-28 19:02 198184]
"nwiz"="nwiz.exe" [2004-03-03 20:29 782336 C:\WINDOWS\system32\nwiz.exe]
"nForce Tray Options"="sstray.exe" [2003-09-03 04:25 73728 C:\WINDOWS\system32\sstray.exe]
"CHotkey"="zHotkey.exe" [2004-05-18 04:30 543232 C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 19:09 36864 C:\WINDOWS\ShowWnd.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 10:34 57344 C:\WINDOWS\SOUNDMAN.EXE]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2004-10-07 10:41:07 1742384]
CorelCENTRAL 9.LNK - C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe [2005-01-27 13:54:01 589824]
CorelCENTRAL Alarms.LNK - C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe [2005-01-27 13:54:00 225280]
Desktop Application Director 9.LNK - C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe [2005-01-27 13:55:19 225280]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 23:31:38 241664]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-29 00:06:36 53248]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-10-02 15:08:08 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
S2 Ias;Ias;C:\WINDOWS\System32\svchost.exe [2004-08-04 15:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e47e0f2-f908-11dc-97b8-00038a000015}]
\Shell\AutoRun\command - J:\MigoSyncEncrypt.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0b84cf4-16f2-11dd-9800-00038a000015}]
\Shell\AutoRun\command - J:\autorun.exe
\Shell\phone\command - J:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bbc4e147-7004-11d9-91ac-00038a000015}]
\Shell\AutoRun\command - K:\JDSecure\Windows\JDSecure20.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f37577ee-642d-11da-9303-00038a000015}]
\Shell\AutoRun\command - J:\JDSecure\Windows\JDSecure31.exe
.
- - - - ORPHANS REMOVED - - - -
Notify-__c00B7E32 - C:\WINDOWS\system32\__c00B7E32.dat
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\19nex6kw.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
hxxp://www.yahoo.com/.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-09-01 12:28:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\BigFix\BigFix.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
.
**************************************************************************
.
Completion time: 2008-09-01 12:33:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-01 16:33:27
Pre-Run: 124,092,542,976 bytes free
Post-Run: 123,996,123,136 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Home Edition" /fastdetect
245 --- E O F --- 2007-11-23 01:06:06
New HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:15 PM, on 9/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.comO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] "C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe" /AUTORUN
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &AOL Toolbar search -
res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Netnews - {ACE886A5-33F8-442F-984A-6724BB4AC5DE} - news:worldnet.help.new-users (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 9094251156O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 5777923953O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 7261 bytes
Do you think that I am virus free now?
I hope so.
Thanks again - waiting to hear from you!
Ouch4