Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:16:42 AM, on 8/19/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Lexmark 3300 Series\lxccmon.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Roxio\Media Experience\DMXLauncher.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\Webroot\Accelerate\accelerate.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\Chronograph\chrono.exe C:\WINDOWS\system32\FNTS~1\regsvr32.exe C:\Program Files\ISM\ISMModule2.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Documents and Settings\Shane Farr\Application Data\s?curity\l?gonui.exe C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\lxcccoms.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\WINDOWS\system32\wuauclt.exe C:\HJT\HijackThis.exe O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: BndDrive BHO Class - {9815DA81-2E0C-478c-90E4-06E474E704D0} - C:\Program Files\ISM\BndDrive.dll O2 - BHO: (no name) - {B0047916-EAA1-E328-D8DA-92ABA2750797} - C:\WINDOWS\system32\llrltymg.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Accelerate] C:\Program Files\Webroot\Accelerate\accelerate.exe /S O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [Chronograph] "C:\Program Files\Chronograph\chrono.exe" /autorun O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [Hdps] "C:\WINDOWS\system32\FNTS~1\regsvr32.exe" -vt yazb O4 - HKCU\..\Run: [ISMModule2] "C:\Program Files\ISM\ISMModule2.exe" O4 - HKCU\..\Run: [Gbkx] "C:\Documents and Settings\Shane Farr\Application Data\s?curity\l?gonui.exe" O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12d32f1afc3a547f3617/netzip/RdxIE601.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5100/mcfscan.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- End of file - 7009 bytes
SDFix: Version 1.99 Run by Shane Farr on Sun 08/19/2007 at 10:27 AM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\Program Files\InetGet2\popinstall.exe - Deleted C:\WINDOWS\b122.exe - Deleted Folder C:\Program Files\InetGet2 - Removed Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\Chronograph\\chrono.exe"="C:\\Program Files\\Chronograph\\chrono.exe:*:Enabled:Chronograph" "C:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"="C:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe:*:EnabledlayOnline Viewer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Registry Backups: - C:\SDFix\backups\backupreg.zip Full Registry Backup: - C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE Files with Hidden Attributes: C:\Documents and Settings\Shane Farr\Application Data\s?curity\l?gonui.exe C:\Program Files\Common Files\Yazzle1552OinAdmin.exe C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe C:\WINDOWS\system32\F?nts\regsvr32.exe C:\WINDOWS\S0228C9C5.tmp Finished
ComboFix 07-08-14.4 - "Shane Farr" 2007-08-19 10:35:13.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.890 [GMT -4:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\SHANEF~1\APPLIC~1.\scurit~1 C:\DOCUME~1\SHANEF~1\APPLIC~1.\scurit~1\l?gonui.exe C:\DOCUME~1\SHANEF~1\Desktop.\internet explorer.lnk C:\DOCUME~1\SHANEF~1\STARTM~1\Programs.\Outerinfo C:\DOCUME~1\SHANEF~1\STARTM~1\Programs.\Outerinfo\Terms.lnk C:\DOCUME~1\SHANEF~1\STARTM~1\Programs.\Outerinfo\Uninstall.lnk C:\Program Files\Common Files\Yazzle1552OinAdmin.exe C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe C:\Program Files\ISM C:\Program Files\ISM\BndDrive.dll C:\Program Files\ISM\bndloader.exe C:\Program Files\ISM\dictionary.gz C:\Program Files\ISM\ism.exe C:\Program Files\ISM\ISMModule2.exe C:\Program Files\ISM\targets.gz C:\Program Files\ISM\Uninstall.exe C:\Program Files\outerinfo C:\Program Files\outerinfo\Terms.rtf C:\Program Files\winpop C:\Program Files\winpop\UnInstall.exe C:\WINDOWS\system32\fnts~1 C:\WINDOWS\system32\fnts~1\F?nts\ C:\WINDOWS\system32\fnts~1\regsvr32.exe C:\WINDOWS\system32\llrltymg.dll C:\WINDOWS\system32\wtsisvtr32.exe ((((((((((((((((((((((((( Files Created from 2007-07-19 to 2007-08-19 ))))))))))))))))))))))))))))))) 2007-08-19 10:34 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-19 10:27 <DIR> d-------- C:\WINDOWS\ERUNT 2007-08-19 10:26 <DIR> d-------- C:\WINDOWS\CSC 2007-08-19 10:10 <DIR> d-------- C:\HJT 2007-08-19 09:46 <DIR> d-------- C:\Program Files\Lavasoft 2007-08-19 09:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-08-19 09:07 <DIR> d-------- C:\WINDOWS\McAfee.com 2007-08-18 16:06 <DIR> d-------- C:\Program Files\exPressit S.E. 2.2 2007-08-18 14:56 <DIR> d-------- C:\Program Files\WinMX MP3 2007-08-17 05:26 <DIR> d-------- C:\Program Files\DjToneXpress 2007-08-14 18:20 <DIR> d-------- C:\DOCUME~1\SHANEF~1\APPLIC~1\CyberLink 2007-08-14 18:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink 2007-08-14 18:18 24,064 --------- C:\WINDOWS\system32\msxml3a.dll 2007-08-14 18:18 <DIR> d-------- C:\Program Files\CyberLink 2007-08-14 17:45 <DIR> d-------- C:\Temp 2007-08-14 17:45 <DIR> d-------- C:\DOCUME~1\SHANEF~1\APPLIC~1\SlySoft 2007-08-14 17:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft 2007-08-13 16:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-08-12 19:27 <DIR> d---s---- C:\DOCUME~1\SHANEF~1\UserData 2007-08-12 15:43 <DIR> d-------- C:\Program Files\Chronograph 2007-08-12 15:03 4,096 --a------ C:\WINDOWS\d3dx.dat 2007-08-12 14:31 <DIR> d-------- C:\Program Files\PlayOnline 2007-08-12 14:22 <DIR> d-------- C:\Program Files\Ventrilo 2007-08-12 14:22 <DIR> d-------- C:\DOCUME~1\SHANEF~1\APPLIC~1\Ventrilo 2007-08-12 14:02 <DIR> d-------- C:\Program Files\SlySoft 2007-08-12 14:01 <DIR> d-------- C:\Program Files\DVD Shrink 2007-08-12 14:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink 2007-08-12 14:00 <DIR> d-------- C:\Program Files\Real 2007-08-12 14:00 <DIR> d-------- C:\Program Files\Common Files\xing shared 2007-08-12 14:00 <DIR> d-------- C:\Program Files\Common Files\Real 2007-08-12 14:00 <DIR> d-------- C:\DOCUME~1\SHANEF~1\APPLIC~1\Real 2007-08-12 13:57 <DIR> d-------- C:\My Downloads 2007-08-12 13:43 <DIR> d-------- C:\Program Files\DFX 2007-08-12 13:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-12 13:41 90,112 --a------ C:\WINDOWS\unvise32.exe 2007-08-12 13:40 <DIR> d-------- C:\Program Files\Winamp 2007-08-12 13:38 388,096 --a------ C:\WINDOWS\unacc.exe 2007-08-12 13:37 56,832 --a------ C:\WINDOWS\Unwash6.exe 2007-08-12 13:37 <DIR> d-------- C:\Program Files\Webroot 2007-08-12 13:37 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared 2007-08-12 13:37 <DIR> d-------- C:\DOCUME~1\SHANEF~1\APPLIC~1\Webroot 2007-08-12 13:36 89,184 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys 2007-08-12 13:36 569,344 --a------ C:\WINDOWS\system32\imagr5.dll 2007-08-12 13:36 544,768 --a------ C:\WINDOWS\system32\imagx5.dll 2007-08-12 13:36 38,912 --a------ C:\WINDOWS\system32\picn20.dll 2007-08-12 13:36 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll 2007-08-12 13:36 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-08-12 13:36 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-08-12 13:36 <DIR> d-------- C:\Program Files\Ahead 2007-08-12 13:30 <DIR> d-------- C:\Program Files\TGTSoft 2007-08-12 13:28 <DIR> d-------- C:\Program Files\InterActual 2007-08-12 13:28 <DIR> d-------- C:\DOCUME~1\SHANEF~1\APPLIC~1\Roxio 2007-08-12 13:28 <DIR> d-------- C:\DOCUME~1\SHANEF~1\APPLIC~1\FaxCtr 2007-08-12 13:28 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Roxio 2007-08-12 13:27 92,920 --a------ C:\WINDOWS\DLA.EXE 2007-08-12 13:27 56,056 --a------ C:\WINDOWS\system32\DLAAPI_W.DLL 2007-08-12 13:27 51,800 --a------ C:\WINDOWS\system32\drivers\DRVNDDM.SYS 2007-08-12 13:27 28,216 --a------ C:\WINDOWS\system32\drivers\DLARTL_M.SYS 2007-08-12 13:27 12,952 --a------ C:\WINDOWS\system32\drivers\DLACDBHM.SYS 2007-08-12 13:27 <DIR> d-------- C:\WINDOWS\system32\DLA 2007-08-12 13:26 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared 2007-08-12 13:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield 2007-08-12 13:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic 2007-08-12 13:24 <DIR> d-------- C:\Program Files\SightSpeed 2007-08-12 13:21 <DIR> d-------- C:\Program Files\Roxio 2007-08-12 13:21 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared 2007-08-12 13:21 <DIR> d-------- C:\Program Files\Common Files\SightSpeed 2007-08-12 13:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio 2007-08-12 13:20 <DIR> d-------- C:\Program Files\DivX 2007-08-12 13:20 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared 2007-08-12 13:14 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2007-08-12 13:11 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint 2007-08-12 13:10 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL 2007-08-12 13:10 65,536 --a------ C:\WINDOWS\system32\lxcccfg.dll 2007-08-12 13:10 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL 2007-08-12 13:10 32,768 --a------ C:\WINDOWS\system32\LXPRMON.DLL 2007-08-12 13:10 20,480 --a------ C:\WINDOWS\system32\LXPMONUI.DLL 2007-08-12 13:10 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL 2007-08-12 13:10 <DIR> d-------- C:\Program Files\Lx_cats 2007-08-12 13:10 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions 2007-08-12 13:10 <DIR> d-------- C:\Program Files\Lexmark 3300 Series 2007-08-12 13:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FaxCtr 2007-08-12 13:06 <DIR> d-------- C:\WINDOWS\SoftwareDistribution 2007-08-12 13:06 <DIR> d-------- C:\WINDOWS\Prefetch 2007-08-12 13:01 991,232 --a--c--- C:\WINDOWS\system32\dllcache\migrate.exe 2007-08-12 13:01 96,768 -----c--- C:\WINDOWS\system32\dllcache\dpcdll.dll 2007-08-12 13:01 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys 2007-08-12 13:01 940,544 --a--c--- C:\WINDOWS\system32\dllcache\wmspdmoe.dll 2007-08-12 13:01 940,544 --a------ C:\WINDOWS\system32\wmspdmoe.dll 2007-08-12 13:01 937,984 --------- C:\WINDOWS\system32\winbrand.dll 2007-08-12 13:01 9,728 --------- C:\WINDOWS\system32\comsdupd.exe 2007-08-12 13:01 88,064 --------- C:\WINDOWS\system32\p2pnetsh.dll 2007-08-12 13:01 86,016 --------- C:\WINDOWS\system32\p2pgasvc.dll 2007-08-12 13:01 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll 2007-08-12 13:01 81,920 --------- C:\WINDOWS\system32\ieencode.dll 2007-08-12 13:01 81,408 --------- C:\WINDOWS\system32\wscsvc.dll 2007-08-12 13:01 8,192 --------- C:\WINDOWS\system32\smbinst.exe 2007-08-12 13:01 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll 2007-08-12 13:01 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys 2007-08-12 13:01 77,824 --a--c--- C:\WINDOWS\system32\dllcache\wmpband.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-12 14:00 499712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-08-12 14:00 348160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-08-12 13:04 2722 --a------ C:\WINDOWS\pchealth\HELPCTR\PackageStore\SkuStore.bin 2007-08-12 13:02 8972 --a------ C:\WINDOWS\pchealth\HELPCTR\Config\Cntstore.bin 2003-07-16 22:26 448640 --a------ C:\WINDOWS\inf\EL2K_N64.sys 2003-07-16 22:22 147328 --a------ C:\WINDOWS\inf\EL2K_XP.sys 2003-06-03 03:47 147328 --a------ C:\WINDOWS\inf\EL2K_2K.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 09:42] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 21:10] "LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 09:44] "lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-07-20 20:16] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 05:36] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-08-10 12:10] "DMXLauncher"="C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 01:07] "RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-07-31 09:00] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "Accelerate"="C:\Program Files\Webroot\Accelerate\accelerate.exe" [2003-01-30 14:40] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-12 14:00] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 18:37] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:56] "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 14:31] "Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2005-03-08 10:02] "Chronograph"="C:\Program Files\Chronograph\chrono.exe" [2007-03-13 21:47] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-08-12 07:28] "Hdps"="C:\WINDOWS\system32\FNTS~1\regsvr32.exe" [] "Gbkx"="C:\Documents and Settings\Shane Farr\Application Data\s?curity\l?gonui.exe" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Wireless PCI Card Configuration Utility.lnk - C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe [2007-08-12 11:52:07] R0 viaraid;viaraid;C:\WINDOWS\system32\DRIVERS\viaraid.sys R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl R3 WMP11V27;Instant Wireless PCI Card V2.7 Driver;C:\WINDOWS\system32\DRIVERS\WMP11V27.sys ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-19 10:37:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-19 10:37:56 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-19 10:37 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:39:35 AM, on 8/19/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Lexmark 3300 Series\lxccmon.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Roxio\Media Experience\DMXLauncher.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\Webroot\Accelerate\accelerate.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\Chronograph\chrono.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\lxcccoms.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\internet explorer\iexplore.exe C:\HJT\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Accelerate] C:\Program Files\Webroot\Accelerate\accelerate.exe /S O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [Chronograph] "C:\Program Files\Chronograph\chrono.exe" /autorun O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [Hdps] "C:\WINDOWS\system32\FNTS~1\regsvr32.exe" -vt yazb O4 - HKCU\..\Run: [Gbkx] "C:\Documents and Settings\Shane Farr\Application Data\s?curity\l?gonui.exe" O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12d32f1afc3a547f3617/netzip/RdxIE601.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5100/mcfscan.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- End of file - 6689 bytes
