Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 7.9.2025 / 12:31
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hjt log, help pls. thx
Show topics
 
Forums
Forums
HJT log, Help Pls. Thx
  Jump to:
 
Posted Message
frnresq
Junior Member
_ 		19. August 2007 @ 06:20 _ Link to this message    Send private message to this user   
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:42 AM, on 8/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Webroot\Accelerate\accelerate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Chronograph\chrono.exe
C:\WINDOWS\system32\FNTS~1\regsvr32.exe
C:\Program Files\ISM\ISMModule2.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Documents and Settings\Shane Farr\Application Data\s?curity\l?gonui.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BndDrive BHO Class - {9815DA81-2E0C-478c-90E4-06E474E704D0} - C:\Program Files\ISM\BndDrive.dll
O2 - BHO: (no name) - {B0047916-EAA1-E328-D8DA-92ABA2750797} - C:\WINDOWS\system32\llrltymg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Accelerate] C:\Program Files\Webroot\Accelerate\accelerate.exe /S
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Chronograph] "C:\Program Files\Chronograph\chrono.exe" /autorun
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [Hdps] "C:\WINDOWS\system32\FNTS~1\regsvr32.exe" -vt yazb
O4 - HKCU\..\Run: [ISMModule2] "C:\Program Files\ISM\ISMModule2.exe"
O4 - HKCU\..\Run: [Gbkx] "C:\Documents and Settings\Shane Farr\Application Data\s?curity\l?gonui.exe"
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12d32f1afc3a...ip/RdxIE601.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-lo...100/mcfscan.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 7009 bytes
[ + quote]
frnresq
Junior Member
_ 		19. August 2007 @ 06:34 _ Link to this message    Send private message to this user   
SDFix: Version 1.99

Run by Shane Farr on Sun 08/19/2007 at 10:27 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Program Files\InetGet2\popinstall.exe - Deleted
C:\WINDOWS\b122.exe - Deleted


Folder C:\Program Files\InetGet2 - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Chronograph\\chrono.exe"="C:\\Program Files\\Chronograph\\chrono.exe:*:Enabled:Chronograph"
"C:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"="C:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe:*:Enabled:PlayOnline Viewer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip
Registry Backups: - C:\SDFix\backups\backupreg.zip
Full Registry Backup: - C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE

Files with Hidden Attributes:

C:\Documents and Settings\Shane Farr\Application Data\s?curity\l?gonui.exe
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\WINDOWS\system32\F?nts\regsvr32.exe
C:\WINDOWS\S0228C9C5.tmp

Finished
[ + quote]
frnresq
Junior Member
_ 		19. August 2007 @ 06:40 _ Link to this message    Send private message to this user   
ComboFix 07-08-14.4 - "Shane Farr" 2007-08-19 10:35:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.890 [GMT -4:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\SHANEF~1\APPLIC~1.\scurit~1
C:\DOCUME~1\SHANEF~1\APPLIC~1.\scurit~1\l?gonui.exe
C:\DOCUME~1\SHANEF~1\Desktop.\internet explorer.lnk
C:\DOCUME~1\SHANEF~1\STARTM~1\Programs.\Outerinfo
C:\DOCUME~1\SHANEF~1\STARTM~1\Programs.\Outerinfo\Terms.lnk
C:\DOCUME~1\SHANEF~1\STARTM~1\Programs.\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\ISM
C:\Program Files\ISM\BndDrive.dll
C:\Program Files\ISM\bndloader.exe
C:\Program Files\ISM\dictionary.gz
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\ISMModule2.exe
C:\Program Files\ISM\targets.gz
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\winpop
C:\Program Files\winpop\UnInstall.exe
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\fnts~1\F?nts\
C:\WINDOWS\system32\fnts~1\regsvr32.exe
C:\WINDOWS\system32\llrltymg.dll
C:\WINDOWS\system32\wtsisvtr32.exe


((((((((((((((((((((((((( Files Created from 2007-07-19 to 2007-08-19 )))))))))))))))))))))))))))))))


2007-08-19 10:34 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-19 10:27 d-------- C:\WINDOWS\ERUNT
2007-08-19 10:26 d-------- C:\WINDOWS\CSC
2007-08-19 10:10 d-------- C:\HJT
2007-08-19 09:46 d-------- C:\Program Files\Lavasoft
2007-08-19 09:46 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-19 09:07 d-------- C:\WINDOWS\McAfee.com
2007-08-18 16:06 d-------- C:\Program Files\exPressit S.E. 2.2
2007-08-18 14:56 d-------- C:\Program Files\WinMX MP3
2007-08-17 05:26 d-------- C:\Program Files\DjToneXpress
2007-08-14 18:20 d-------- C:\DOCUME~1\SHANEF~1\APPLIC~1\CyberLink
2007-08-14 18:20 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-08-14 18:18 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-08-14 18:18 d-------- C:\Program Files\CyberLink
2007-08-14 17:45 d-------- C:\Temp
2007-08-14 17:45 d-------- C:\DOCUME~1\SHANEF~1\APPLIC~1\SlySoft
2007-08-14 17:44 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
2007-08-13 16:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-12 19:27 d---s---- C:\DOCUME~1\SHANEF~1\UserData
2007-08-12 15:43 d-------- C:\Program Files\Chronograph
2007-08-12 15:03 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-08-12 14:31 d-------- C:\Program Files\PlayOnline
2007-08-12 14:22 d-------- C:\Program Files\Ventrilo
2007-08-12 14:22 d-------- C:\DOCUME~1\SHANEF~1\APPLIC~1\Ventrilo
2007-08-12 14:02 d-------- C:\Program Files\SlySoft
2007-08-12 14:01 d-------- C:\Program Files\DVD Shrink
2007-08-12 14:01 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-08-12 14:00 d-------- C:\Program Files\Real
2007-08-12 14:00 d-------- C:\Program Files\Common Files\xing shared
2007-08-12 14:00 d-------- C:\Program Files\Common Files\Real
2007-08-12 14:00 d-------- C:\DOCUME~1\SHANEF~1\APPLIC~1\Real
2007-08-12 13:57 d-------- C:\My Downloads
2007-08-12 13:43 d-------- C:\Program Files\DFX
2007-08-12 13:42 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-12 13:41 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-08-12 13:40 d-------- C:\Program Files\Winamp
2007-08-12 13:38 388,096 --a------ C:\WINDOWS\unacc.exe
2007-08-12 13:37 56,832 --a------ C:\WINDOWS\Unwash6.exe
2007-08-12 13:37 d-------- C:\Program Files\Webroot
2007-08-12 13:37 d-------- C:\Program Files\Common Files\Webroot Shared
2007-08-12 13:37 d-------- C:\DOCUME~1\SHANEF~1\APPLIC~1\Webroot
2007-08-12 13:36 89,184 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2007-08-12 13:36 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2007-08-12 13:36 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2007-08-12 13:36 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2007-08-12 13:36 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2007-08-12 13:36 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-08-12 13:36 d-------- C:\Program Files\Common Files\Ahead
2007-08-12 13:36 d-------- C:\Program Files\Ahead
2007-08-12 13:30 d-------- C:\Program Files\TGTSoft
2007-08-12 13:28 d-------- C:\Program Files\InterActual
2007-08-12 13:28 d-------- C:\DOCUME~1\SHANEF~1\APPLIC~1\Roxio
2007-08-12 13:28 d-------- C:\DOCUME~1\SHANEF~1\APPLIC~1\FaxCtr
2007-08-12 13:28 d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Roxio
2007-08-12 13:27 92,920 --a------ C:\WINDOWS\DLA.EXE
2007-08-12 13:27 56,056 --a------ C:\WINDOWS\system32\DLAAPI_W.DLL
2007-08-12 13:27 51,800 --a------ C:\WINDOWS\system32\drivers\DRVNDDM.SYS
2007-08-12 13:27 28,216 --a------ C:\WINDOWS\system32\drivers\DLARTL_M.SYS
2007-08-12 13:27 12,952 --a------ C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2007-08-12 13:27 d-------- C:\WINDOWS\system32\DLA
2007-08-12 13:26 d-------- C:\Program Files\Common Files\SureThing Shared
2007-08-12 13:26 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-08-12 13:25 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-08-12 13:24 d-------- C:\Program Files\SightSpeed
2007-08-12 13:21 d-------- C:\Program Files\Roxio
2007-08-12 13:21 d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-12 13:21 d-------- C:\Program Files\Common Files\SightSpeed
2007-08-12 13:21 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
2007-08-12 13:20 d-------- C:\Program Files\DivX
2007-08-12 13:20 d-------- C:\Program Files\Common Files\Roxio Shared
2007-08-12 13:14 d-------- C:\WINDOWS\system32\URTTemp
2007-08-12 13:11 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-08-12 13:10 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2007-08-12 13:10 65,536 --a------ C:\WINDOWS\system32\lxcccfg.dll
2007-08-12 13:10 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2007-08-12 13:10 32,768 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2007-08-12 13:10 20,480 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2007-08-12 13:10 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2007-08-12 13:10 d-------- C:\Program Files\Lx_cats
2007-08-12 13:10 d-------- C:\Program Files\Lexmark Fax Solutions
2007-08-12 13:10 d-------- C:\Program Files\Lexmark 3300 Series
2007-08-12 13:10 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FaxCtr
2007-08-12 13:06 d-------- C:\WINDOWS\SoftwareDistribution
2007-08-12 13:06 d-------- C:\WINDOWS\Prefetch
2007-08-12 13:01 991,232 --a--c--- C:\WINDOWS\system32\dllcache\migrate.exe
2007-08-12 13:01 96,768 -----c--- C:\WINDOWS\system32\dllcache\dpcdll.dll
2007-08-12 13:01 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-08-12 13:01 940,544 --a--c--- C:\WINDOWS\system32\dllcache\wmspdmoe.dll
2007-08-12 13:01 940,544 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2007-08-12 13:01 937,984 --------- C:\WINDOWS\system32\winbrand.dll
2007-08-12 13:01 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2007-08-12 13:01 88,064 --------- C:\WINDOWS\system32\p2pnetsh.dll
2007-08-12 13:01 86,016 --------- C:\WINDOWS\system32\p2pgasvc.dll
2007-08-12 13:01 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2007-08-12 13:01 81,920 --------- C:\WINDOWS\system32\ieencode.dll
2007-08-12 13:01 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2007-08-12 13:01 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2007-08-12 13:01 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-08-12 13:01 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-08-12 13:01 77,824 --a--c--- C:\WINDOWS\system32\dllcache\wmpband.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-12 14:00 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-08-12 14:00 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-08-12 13:04 2722 --a------ C:\WINDOWS\pchealth\HELPCTR\PackageStore\SkuStore.bin
2007-08-12 13:02 8972 --a------ C:\WINDOWS\pchealth\HELPCTR\Config\Cntstore.bin
2003-07-16 22:26 448640 --a------ C:\WINDOWS\inf\EL2K_N64.sys
2003-07-16 22:22 147328 --a------ C:\WINDOWS\inf\EL2K_XP.sys
2003-06-03 03:47 147328 --a------ C:\WINDOWS\inf\EL2K_2K.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 09:42]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 21:10]
"LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 09:44]
"lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-07-20 20:16]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 05:36]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-08-10 12:10]
"DMXLauncher"="C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 01:07]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-07-31 09:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"Accelerate"="C:\Program Files\Webroot\Accelerate\accelerate.exe" [2003-01-30 14:40]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-12 14:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 18:37]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:56]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 14:31]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2005-03-08 10:02]
"Chronograph"="C:\Program Files\Chronograph\chrono.exe" [2007-03-13 21:47]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-08-12 07:28]
"Hdps"="C:\WINDOWS\system32\FNTS~1\regsvr32.exe" []
"Gbkx"="C:\Documents and Settings\Shane Farr\Application Data\s?curity\l?gonui.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Wireless PCI Card Configuration Utility.lnk - C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe [2007-08-12 11:52:07]

R0 viaraid;viaraid;C:\WINDOWS\system32\DRIVERS\viaraid.sys
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
R3 WMP11V27;Instant Wireless PCI Card V2.7 Driver;C:\WINDOWS\system32\DRIVERS\WMP11V27.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-19 10:37:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-19 10:37:56 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-19 10:37

--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:35 AM, on 8/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Webroot\Accelerate\accelerate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Chronograph\chrono.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Accelerate] C:\Program Files\Webroot\Accelerate\accelerate.exe /S
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Chronograph] "C:\Program Files\Chronograph\chrono.exe" /autorun
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [Hdps] "C:\WINDOWS\system32\FNTS~1\regsvr32.exe" -vt yazb
O4 - HKCU\..\Run: [Gbkx] "C:\Documents and Settings\Shane Farr\Application Data\s?curity\l?gonui.exe"
O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12d32f1afc3a...ip/RdxIE601.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-lo...100/mcfscan.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 6689 bytes
[ + quote]
Related links
Download the latest version of HijackThis now!
 
Related forum topics Posts Last post Forum room
Findgala. Sticked Failed. HJT Log 8 21. August 2013 Windows - Virus and spyware problems
Pls check my HJT - is it heathy now? 4 14. February 2012 Windows - Virus and spyware problems
Laptop freezes and need re boot. HJT help needed 6 13. February 2012 Windows - Virus and spyware problems
Hi! Can someone take a look at a HJT log please, nasty virus! 1 27. January 2012 Windows - Virus and spyware problems
HJT..... Assist Please 15 31. December 2011 Windows - Virus and spyware problems
Redirections, other random things, HJT log 2 23. May 2011 Windows - Virus and spyware problems
System slow on startup and running loud - HJT log 3 11. May 2011 Windows - Virus and spyware problems
Slow and lagging computer -HJT log 4 30. March 2011 Windows - Virus and spyware problems
computer actin up a lil (HJT log) 3 24. February 2011 Windows - Virus and spyware problems
HJT log, please check 1 24. January 2011 Windows - Virus and spyware problems

 
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hjt log, help pls. thx
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork