Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Wednesday 3.9.2025 / 21:32
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > i think i have a virus, not sure.
Show topics
 
Forums
Forums
I think i have a virus, not sure.
  Jump to:
 
Posted Message
frnresq
Junior Member
_ 		11. July 2007 @ 16:54 _ Link to this message    Send private message to this user   
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:51:12 PM, on 7/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\Program Files\Webroot\Accelerate\accelerate.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Chronograph\chrono.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\lxcccoms.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HJT\HiJackThis_v2.0.0.0.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [Accelerate] C:\Program Files\Webroot\Accelerate\accelerate.exe /S
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Shane Farr"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Chronograph] "C:\Program Files\Chronograph\chrono.exe" /autorun
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Shane Farr"
O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcccoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 6940 bytes



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, July 11, 2007 8:41:32 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/07/2007
Kaspersky Anti-Virus database records: 339066
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 69996
Number of viruses found: 1
Number of infected objects: 3 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:41:21

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Shane Farr\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Shane Farr\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Shane Farr\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Shane Farr\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Shane Farr\Local Settings\History\History.IE5\MSHist012007071120070712\index.dat Object is locked skipped
C:\Documents and Settings\Shane Farr\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Shane Farr\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Shane Farr\ntuser.dat.LOG Object is locked skipped
C:\Program Files\TGTSoft\StyleXP\StyleXP.cache Object is locked skipped
C:\System Volume Information\_restore{C23256BA-639E-470A-AD81-11E240E78E27}\RP34\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\Temp\$_2341233.TMP Object is locked skipped
C:\WINDOWS\Temp\$_2341234.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
D:\Program Files\WMP\Help\index.html Infected: Trojan-Downloader.HTML.Agent.bp skipped
D:\Program Files\Webroot\Accelerate\acchelp.htm Infected: Trojan-Downloader.HTML.Agent.bp skipped
D:\Webroot\Accelerate\acchelp.htm Infected: Trojan-Downloader.HTML.Agent.bp skipped

Scan process completed.
[ + quote]
Advertisement
_ 		__
Auttaja
Suspended permanently
_ 		11. July 2007 @ 19:56 _ Link to this message    Send private message to this user   
Hi :)

Remove this program usin add/remove programs in control panel

webHancer

========

Please download Deckard's System Scanner to your Desktop


* Close all applications and windows.
* Double-click on Dss.exe to run it, and follow the prompts.
* The scan may take a minute. When the scan is complete, a text file will open Main.txt and extra.txt

Please post Main.txt and Extra.txt

[ + quote]
Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list
frnresq
Junior Member
_ 		12. July 2007 @ 01:23 _ Link to this message    Send private message to this user   
Deckard's System Scanner v20070711.54
Run by Shane Farr on 2007-07-12 at 05:15:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
30: 2007-07-12 09:15:43 UTC - RP35 - Deckard's System Scanner Restore Point
29: 2007-07-11 20:18:35 UTC - RP34 - System Checkpoint
28: 2007-07-10 20:06:35 UTC - RP33 - System Checkpoint
27: 2007-07-09 19:06:35 UTC - RP32 - System Checkpoint
26: 2007-07-08 19:01:47 UTC - RP31 - Install AnyDVD


-- First Restore Point --
1: 2007-06-27 22:54:42 UTC - RP6 - Installed DirectX 9.0


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Shane Farr.exe) ------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-07-12 05:19:56
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.00.2800.1106)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Webroot\Accelerate\accelerate.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Chronograph\chrono.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\lxcccoms.exe
D:\dss.exe
C:\Program Files\Trend Micro\HijackThis\Shane Farr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Accelerate] C:\Program Files\Webroot\Accelerate\accelerate.exe /S
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Chronograph] "C:\Program Files\Chronograph\chrono.exe" /autorun
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_01) - http://java.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shock...ash/swflash.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - "C:\Program Files\AntiVir PersonalEdition Classic\sched.exe"
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - "C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe"
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - "C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"



-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 avgntmgr - c:\windows\system32\drivers\avgntmgr.sys
R0 viaraid - c:\windows\system32\drivers\viaraid.sys
R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe
R3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys

S3 EL2000 (3Com 3C2000x EtherLink XL Adapter) - c:\windows\system32\drivers\el2k_xp.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\antivir personaledition classic\sched.exe"
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe"
R2 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe"


-- Files created between 2007-06-12 and 2007-07-12 -----------------------------

2007-07-12 05:16:42 0 d-------- C:\Program Files\Trend Micro
2007-07-11 20:50:20 0 d-------- C:\HJT
2007-07-11 18:25:32 0 d-------- C:\WINDOWS\System32\Kaspersky Lab
2007-07-11 18:18:53 0 d-------- C:\WINDOWS\System32\ActiveScan
2007-07-10 19:05:45 32584 --a------ C:\WINDOWS\wt.exe
2007-07-09 16:50:38 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\AdobeUM
2007-07-09 16:50:32 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-09 16:50:32 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\Adobe
2007-07-08 15:06:01 0 d-------- C:\Movie Temp
2007-07-08 15:04:15 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\SlySoft
2007-07-08 15:03:08 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-07-08 14:56:13 0 d-------- C:\Program Files\SlySoft
2007-07-08 14:55:56 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-07-08 14:55:55 0 d-------- C:\Program Files\DVD Shrink
2007-07-04 07:35:49 0 d-------- C:\Documents and Settings\Shane Farr\Shared
2007-07-04 07:35:48 0 d-------- C:\Documents and Settings\Shane Farr\Incomplete
2007-07-04 07:35:39 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\LimeWire
2007-07-04 07:35:28 0 d-------- C:\Program Files\LimeWire
2007-07-03 20:35:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-07-03 20:34:46 0 d-------- C:\WINDOWS\Cache
2007-07-03 20:33:15 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\Roxio
2007-07-03 20:32:25 0 d-------- C:\Program Files\Roxio
2007-07-03 20:31:59 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-06-29 18:42:40 0 d-------- C:\Program Files\QuickTime
2007-06-29 18:42:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-06-29 18:36:59 0 d-------- C:\Program Files\Common Files\xing shared
2007-06-29 18:36:44 0 d-------- C:\Program Files\Common Files\Real
2007-06-29 18:36:42 0 d-------- C:\Program Files\Real
2007-06-29 18:36:12 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\Real
2007-06-29 18:33:12 0 d-------- C:\WINDOWS\Sun
2007-06-29 18:33:12 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\Sun
2007-06-29 18:32:42 0 d-------- C:\Program Files\Java
2007-06-29 18:28:37 0 d-------- C:\Program Files\Common Files\Java
2007-06-29 18:20:49 0 d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2007-06-28 21:36:04 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\CyberLink
2007-06-28 19:55:51 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-28 19:55:33 0 d-------- C:\Program Files\DFX
2007-06-28 19:36:30 0 d--h---c- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$
2007-06-28 19:33:57 0 d-------- C:\Program Files\Winamp
2007-06-28 19:32:36 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-06-28 19:29:06 0 d-------- C:\Program Files\CyberLink
2007-06-28 19:27:45 89184 --a------ C:\WINDOWS\System32\drivers\imagedrv.sys NERO IMAGEDRIVE>
2007-06-28 19:27:36 38912 --a------ C:\WINDOWS\System32\picn20.dll
2007-06-28 19:27:36 155648 --a------ C:\WINDOWS\System32\NeroCheck.exe
2007-06-28 19:27:36 544768 --a------ C:\WINDOWS\System32\imagx5.dll
2007-06-28 19:27:36 569344 --a------ C:\WINDOWS\System32\imagr5.dll
2007-06-28 19:27:36 0 d-------- C:\Program Files\Common Files\Ahead
2007-06-28 19:27:33 0 d-------- C:\Program Files\Ahead
2007-06-28 19:26:12 0 d-------- C:\Program Files\Common Files\Webroot Shared
2007-06-28 19:26:12 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\Webroot
2007-06-28 19:26:04 56832 --a------ C:\WINDOWS\Unwash6.exe
2007-06-28 19:25:11 388096 --a------ C:\WINDOWS\unacc.exe
2007-06-28 19:25:11 0 d-------- C:\Program Files\Webroot
2007-06-28 19:13:09 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\FaxCtr
2007-06-28 19:12:26 0 d-------- C:\WINDOWS\Prefetch
2007-06-28 19:06:30 0 d-------- C:\WINDOWS\ServicePackFiles
2007-06-28 19:06:30 0 d-------- C:\WINDOWS\ehome
2007-06-28 16:55:01 90112 --a------ C:\WINDOWS\unvise32.exe
2007-06-28 16:54:59 0 d-------- C:\Program Files\DivX
2007-06-27 21:12:45 0 d-------- C:\Program Files\Chronograph
2007-06-27 20:58:03 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\Macromedia
2007-06-27 20:07:00 0 d---s---- C:\Documents and Settings\Shane Farr\UserData
2007-06-27 20:01:22 0 d-------- C:\Program Files\TGTSoft
2007-06-27 20:00:43 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\WinRAR
2007-06-27 19:57:21 0 d-------- C:\Program Files\webHancer
2007-06-27 19:57:15 0 d-------- C:\Program Files\WinMX MP3
2007-06-27 19:28:14 4096 --a------ C:\WINDOWS\d3dx.dat
2007-06-27 19:04:16 0 d-------- C:\Program Files\PlayOnline
2007-06-27 19:00:42 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-06-27 19:00:18 32768 --a------ C:\WINDOWS\System32\LXPRMON.DLL
2007-06-27 19:00:18 20480 --a------ C:\WINDOWS\System32\LXPMONUI.DLL
2007-06-27 19:00:18 12288 --a------ C:\WINDOWS\System32\LXPMONRC.DLL
2007-06-27 19:00:18 98345 --a------ C:\WINDOWS\System32\IMHOST32.DLL
2007-06-27 19:00:18 339968 --a------ C:\WINDOWS\System32\IMGMAN32.DLL
2007-06-27 19:00:17 0 d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2007-06-27 19:00:09 0 d-------- C:\Program Files\Lexmark Fax Solutions
2007-06-27 18:59:43 0 d-------- C:\Program Files\Lexmark 3300 Series
2007-06-27 18:59:42 0 d-------- C:\Program Files\Lx_cats
2007-06-27 18:54:18 1769472 --a------ C:\WINDOWS\System32\dxdiagn.dll
2007-06-27 18:54:18 1703936 --a------ C:\WINDOWS\System32\d3d9.dll
2007-06-27 18:35:22 0 d---s---- C:\WINDOWS\System32\Microsoft
2007-06-27 18:33:01 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\Help
2007-06-27 18:31:08 61440 --a------ C:\WINDOWS\System32\W32N50.dll
2007-06-27 18:31:08 16068 --a------ C:\WINDOWS\System32\PCANDIS5.SYS
2007-06-27 18:31:07 1496064 --a------ C:\WINDOWS\System32\cc3250mt.dll
2007-06-27 18:31:07 25600 --a------ C:\WINDOWS\System32\borlndmm.dll
2007-06-27 18:31:04 0 d-------- C:\Program Files\Linksys
2007-06-27 18:29:45 0 d-------- C:\WINDOWS\RegisteredPackages
2007-06-27 18:28:48 114688 -----n--- C:\WINDOWS\System32\ati2sgag.exe
2007-06-27 18:28:29 0 d-------- C:\Program Files\ATI Technologies
2007-06-27 18:26:15 41852 -ra------ C:\WINDOWS\System32\UpdDrv2K.exe
2007-06-27 18:26:15 0 d-------- C:\WINDOWS\OPTIONS
2007-06-27 18:24:53 30208 --a------ C:\WINDOWS\System32\wdmioctl.dll
2007-06-27 18:24:53 1285632 --a------ C:\WINDOWS\System32\SMMedia.dll
2007-06-27 18:24:49 0 d-------- C:\WINDOWS\VirtualEar
2007-06-27 18:24:49 765952 --a------ C:\WINDOWS\system\crlds3d.dll
2007-06-27 18:24:46 49152 --a------ C:\WINDOWS\System32\DSndUp.exe adi DSndUp>
2007-06-27 18:24:46 45056 --a------ C:\WINDOWS\System32\CleanUp.exe adi CleanUp>
2007-06-27 18:24:46 0 d-------- C:\Program Files\Analog Devices
2007-06-27 18:24:30 70272 -ra------ C:\WINDOWS\System32\drivers\viaraid.sys
2007-06-27 18:24:25 0 d-------- C:\Program Files\VIA
2007-06-27 18:23:58 0 d-------- C:\Program Files\Intel
2007-06-27 18:23:34 0 d-------- C:\WINDOWS\System32\ReinstallBackups
2007-06-27 18:23:06 5824 --a------ C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
2007-06-27 18:22:34 0 d-------- C:\Program Files\VID_0E8F&PID_0003
2007-06-27 18:22:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-27 18:22:30 0 d-------- C:\Program Files\Common Files\InstallShield
2007-06-27 18:19:56 0 d--hs---- C:\WINDOWS\Installer
2007-06-27 18:19:54 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\Identities
2007-06-27 18:19:44 0 d--h----- C:\Documents and Settings\Shane Farr\Templates
2007-06-27 18:19:44 0 dr------- C:\Documents and Settings\Shane Farr\Start Menu
2007-06-27 18:19:44 0 dr-h----- C:\Documents and Settings\Shane Farr\SendTo
2007-06-27 18:19:44 0 dr-h----- C:\Documents and Settings\Shane Farr\Recent
2007-06-27 18:19:44 0 d--h----- C:\Documents and Settings\Shane Farr\PrintHood
2007-06-27 18:19:44 1572864 --ah----- C:\Documents and Settings\Shane Farr\NTUSER.DAT
2007-06-27 18:19:44 0 d--h----- C:\Documents and Settings\Shane Farr\NetHood
2007-06-27 18:19:44 0 dr------- C:\Documents and Settings\Shane Farr\My Documents
2007-06-27 18:19:44 0 d--h----- C:\Documents and Settings\Shane Farr\Local Settings
2007-06-27 18:19:44 0 dr------- C:\Documents and Settings\Shane Farr\Favorites
2007-06-27 18:19:44 0 d-------- C:\Documents and Settings\Shane Farr\Desktop
2007-06-27 18:19:44 0 d---s---- C:\Documents and Settings\Shane Farr\Cookies
2007-06-27 18:19:44 0 dr-h----- C:\Documents and Settings\Shane Farr\Application Data
2007-06-27 18:19:14 0 d--hs---- C:\System Volume Information
2007-06-27 18:19:13 233472 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-06-27 18:19:13 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-06-27 18:19:13 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-06-27 18:19:13 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-06-27 18:19:13 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-06-27 18:19:12 233472 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-06-27 18:19:12 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-06-27 18:19:12 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-06-27 18:19:12 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-06-27 18:19:12 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-06-27 18:16:22 0 d-------- C:\WINDOWS\System32\xircom
2007-06-27 18:16:22 0 d-------- C:\Program Files\microsoft frontpage
2007-06-27 18:16:11 233472 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-06-27 18:16:03 0 -rahs---- C:\MSDOS.SYS
2007-06-27 18:16:03 0 -rahs---- C:\IO.SYS
2007-06-27 18:16:03 0 --a------ C:\CONFIG.SYS
2007-06-27 18:16:03 0 --a------ C:\AUTOEXEC.BAT
2007-06-27 18:15:14 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-06-27 18:15:07 0 dr------- C:\WINDOWS\Offline Web Pages
2007-06-27 18:15:07 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-06-27 18:14:40 0 d-------- C:\WINDOWS\srchasst
2007-06-27 18:14:34 0 d-------- C:\WINDOWS\System32\Macromed
2007-06-27 18:14:34 0 d-------- C:\WINDOWS\System32\DirectX
2007-06-27 18:14:22 0 d-------- C:\Program Files\Movie Maker
2007-06-27 18:13:57 0 d-------- C:\WINDOWS\System32\Restore
2007-06-27 18:13:52 0 d-------- C:\WINDOWS\PCHEALTH
2007-06-27 18:13:46 0 d---s---- C:\WINDOWS\Tasks
2007-06-27 18:13:44 0 d-------- C:\Program Files\Common Files\MSSoap
2007-06-27 18:13:15 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat
2007-06-27 18:13:00 0 d-------- C:\WINDOWS\Registration
2007-06-27 18:12:54 0 d--h----- C:\Program Files\WindowsUpdate
2007-06-27 18:12:54 0 d-------- C:\Program Files\Online Services
2007-06-27 18:12:48 0 d-------- C:\Program Files\Messenger
2007-06-27 18:12:39 0 d-------- C:\Program Files\MSN Gaming Zone
2007-06-27 18:12:30 0 d-------- C:\Program Files\Windows NT
2007-06-27 18:12:21 0 d-------- C:\WINDOWS\System32\MsDtc
2007-06-27 18:12:19 0 d-------- C:\WINDOWS\System32\Com
2007-06-27 14:08:02 0 d-------- C:\Program Files\Common Files\ODBC
2007-06-27 14:07:59 0 dr------- C:\Program Files
2007-06-27 14:07:59 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-06-27 14:07:38 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-06-27 14:07:38 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-06-27 14:07:38 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-06-27 14:07:38 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-06-27 14:07:38 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-06-27 14:07:38 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-06-27 14:07:38 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-06-27 14:07:38 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-06-27 14:07:38 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-06-27 14:07:38 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-06-27 14:07:38 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-06-27 14:07:38 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-06-27 14:07:38 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-06-27 14:07:38 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-06-27 14:07:38 0 dr------- C:\Documents and Settings\All Users\Documents
2007-06-27 14:07:38 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-06-27 14:07:27 0 d-------- C:\WINDOWS\System32\CatRoot2
2007-06-27 14:07:27 0 d-------- C:\WINDOWS\System32\CatRoot
2007-06-27 14:07:21 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-06-27 14:07:21 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-06-27 14:07:21 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-06-27 14:07:21 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-06-27 14:07:09 0 d-------- C:\Documents and Settings
2007-06-27 14:03:34 0 d-------- C:\WINDOWS
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\WinSxS
2007-06-27 14:03:34 0 dr------- C:\WINDOWS\Web
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\twain_32
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\system32
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\wins
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\wbem
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\usmt
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\spool
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\ShellExt
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\Setup
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\ras
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\oobe
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\npp
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\mui
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\inetsrv
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\IME
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\icsxml
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\ias
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\export
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\drivers
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\drivers\etc
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\drivers\disdn
2007-06-27 14:03:34 0 dr-hs--c- C:\WINDOWS\System32\dllcache
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\dhcp
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\config
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\3com_dmi
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\3076
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\2052
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\1054
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\1042
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\1041
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\1037
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\1033
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\1031
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\1028
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\1025
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\system
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\security
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\Resources
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\repair
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\mui
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\msapps
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\msagent
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\Media
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\java
2007-06-27 14:03:34 0 d--h----- C:\WINDOWS\inf
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\ime
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\Help
2007-06-27 14:03:34 0 dr--s---- C:\WINDOWS\Fonts
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\Driver Cache
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\Debug
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\Cursors
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\Connection Wizard
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\Config
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\AppPatch
2007-06-27 14:03:34 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2007-06-27 14:07:38 62 --ahs---- C:\Documents and Settings\Shane Farr\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"LXCCCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCCtime.dll,_RunDLLEntry@16"
"lxccmon.exe"="\"C:\\Program Files\\Lexmark 3300 Series\\lxccmon.exe\""
"FaxCenterServer"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s"
"Accelerate"="C:\\Program Files\\Webroot\\Accelerate\\accelerate.exe /S"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"LanguageShortcut"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"RoxioAudioCentral"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\AudioCentral\\RxMon.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"Chronograph"="\"C:\\Program Files\\Chronograph\\chrono.exe\" /autorun"
"Window Washer"="C:\\Program Files\\Webroot\\Washer\\wwDisp.exe"
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
NtmlSvc



-- End of Deckard's System Scanner: finished at 2007-07-12 at 05:21:33 ---------
[ + quote]
frnresq
Junior Member
_ 		12. July 2007 @ 01:36 _ Link to this message    Send private message to this user   
Deckard's System Scanner v20070711.54
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 1278.73 MiB / 935.04 MiB
Pagefile Memory (total/avail): 3053.95 MiB / 2823.5 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1953.38 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 56.67 GiB free.
D: is Fixed (FAT32) - 18.64 GiB total, 0.83 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is disabled.
AUState says computer has updates disabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Shane Farr\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME-KZ6KGFHINM
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Shane Farr
LOGONSERVER=\\HOME-KZ6KGFHINM
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\SHANEF~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\SHANEF~1\LOCALS~1\Temp
USERDOMAIN=HOME-KZ6KGFHINM
USERNAME=Shane Farr
USERPROFILE=C:\Documents and Settings\Shane Farr
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Shane Farr (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Accelerate --> C:\WINDOWS\unacc.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HydraVision --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Avira AntiVir PersonalEdition Classic --> C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Chronograph 6.11 --> "C:\Program Files\Chronograph\unins000.exe"
DFX 8 for Winamp --> "C:\Program Files\Winamp\uninstall_dfx.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Easy CD & DVD Creator 6 --> MsiExec.exe /I{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}
FINAL FANTASY XI --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{678F6475-D227-432A-94FF-806178A34520}
FINAL FANTASY XI: Chains of Promathia --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3C0619B4-4A2C-4244-8077-488E420DF907}
FINAL FANTASY XI: Rise of the Zilart --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}
FINAL FANTASY XI: Treasures of Aht Urhgan --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A606C6FF-12E7-40BE-B777-D8F360FF00CD}
HijackThis 2.0.0 --> "D:\HijackThis.exe" /uninstall
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\WINDOWS\System32\KASPER~1\KASPER~1\kavuninstall.exe
Lexmark 3300 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxccUNST.EXE -NOLICENSE
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe
LimeWire 4.12.15 --> "C:\Program Files\LimeWire\uninstall.exe"
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Panda ActiveScan --> C:\WINDOWS\System32\ASUninst.exe Panda ActiveScan
PlayOnline Viewer and Tetra Master --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{47004155-7376-403E-89E9-4C9F44AAF0D0}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove DivX Codec --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Codec\UninstalDivXCodec.log
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
StyleXP (remove only) --> "C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
USB Dual Vibration Joystick --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59354E6C-B36F-49EF-9419-D904B86C9C57}\setup.exe" -l0x9
VIA VT6410 RAID Driver(Remove) --> RunDll32 SetupVIA.dll,VIA_Uninstall VIA_{BB7D68E9-93AE-4118-85FF-6DAF1FD1731D}
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Window Washer --> C:\WINDOWS\Unwash6.exe
Windows Installer 3.0 (KB884016) --> C:\WINDOWS\$MSI30UninstallMSI30-KB884016$\spuninst\spuninst.exe
WinMX MP3 4.4.6.0 --> "C:\Program Files\WinMX MP3\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wireless PCI Card Configuration Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C6956F3-B586-4674-BCD0-CCF7EC1DF766}\Setup.exe" -l0x9


-- End of Deckard's System Scanner: finished at 2007-07-12 at 05:21:33 ---------
[ + quote]
Auttaja
Suspended permanently
_ 		12. July 2007 @ 06:24 _ Link to this message    Send private message to this user   
Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) ZoneAlarm
2) Agnitum
3) Sunbelt/Kerio
4) Comodo

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

========

Update Your Windows XP.
You should update your Windows XP to SP2, NOW. This fixes a large number of security holes in your system.
It is a very large download, and is not feasible with Dial-Up. If you are on Dial-up, order the CD from the site below.You can download SP2 from here: If there is a problem with getting the SP2 to take after it's downloaded, see here : You can order an update Service Pack 2 CD from MicroSoft here : For updating with Firefox:
http://www.microsoft.com/downloads/detai...&displaylang=en

It is absolutely vital that you get this done, or you will have trouble often.
After it's installed, set Automatic updates.
We will be glad to check out your PC after SP2 is installed, to be sure everything went according to plan

========

Post then fresh hijackthis log
[ + quote]
Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list
anari11
Suspended permanently
_ 		13. July 2007 @ 07:22 _ Link to this message    Send private message to this user   
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll

O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe

these are malicious.
[ + quote]
Auttaja
Suspended permanently
_ 		13. July 2007 @ 08:42 _ Link to this message    Send private message to this user   
Hi anari!

That entries are not anymore in deckar´s log. That is true that they were malicious. So you can now remove that C:\Program Files\webHancer folder. Then there is still previous instructions, finally post fresh HijackThis log.
[ + quote]
Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list
frnresq
Junior Member
_ 		13. July 2007 @ 12:58 _ Link to this message    Send private message to this user   
here's a new HJT log if you need it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:56:45 PM, on 7/13/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Webroot\Accelerate\accelerate.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Chronograph\chrono.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\lxcccoms.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Accelerate] C:\Program Files\Webroot\Accelerate\accelerate.exe /S
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Chronograph] "C:\Program Files\Chronograph\chrono.exe" /autorun
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcccoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 6210 bytes
[ + quote]
Advertisement
_ 		__
 
_
Auttaja
Suspended permanently
_ 		13. July 2007 @ 13:22 _ Link to this message    Send private message to this user   
Yes, you still need firewall and update your system.
[ + quote]
Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > i think i have a virus, not sure.
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork