Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 8:51:12 PM, on 7/11/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\webHancer\Programs\whagent.exe C:\Program Files\Webroot\Accelerate\accelerate.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\Chronograph\chrono.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\lxcccoms.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\HJT\HiJackThis_v2.0.0.0.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe O4 - HKLM\..\Run: [Accelerate] C:\Program Files\Webroot\Accelerate\accelerate.exe /S O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Shane Farr" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [Chronograph] "C:\Program Files\Chronograph\chrono.exe" /autorun O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Shane Farr" O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcccoms.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- End of file - 6940 bytes ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, July 11, 2007 8:41:32 PM Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 12/07/2007 Kaspersky Anti-Virus database records: 339066 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ F:\ G:\ Scan Statistics: Total number of scanned objects: 69996 Number of viruses found: 1 Number of infected objects: 3 / 0 Number of suspicious objects: 0 Duration of the scan process: 00:41:21 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Shane Farr\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Shane Farr\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Shane Farr\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Shane Farr\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Shane Farr\Local Settings\History\History.IE5\MSHist012007071120070712\index.dat Object is locked skipped C:\Documents and Settings\Shane Farr\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Shane Farr\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Shane Farr\ntuser.dat.LOG Object is locked skipped C:\Program Files\TGTSoft\StyleXP\StyleXP.cache Object is locked skipped C:\System Volume Information\_restore{C23256BA-639E-470A-AD81-11E240E78E27}\RP34\change.log Object is locked skipped C:\WINDOWS\Debug\oakley.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\Temp\$_2341233.TMP Object is locked skipped C:\WINDOWS\Temp\$_2341234.TMP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped D:\Program Files\WMP\Help\index.html Infected: Trojan-Downloader.HTML.Agent.bp skipped D:\Program Files\Webroot\Accelerate\acchelp.htm Infected: Trojan-Downloader.HTML.Agent.bp skipped D:\Webroot\Accelerate\acchelp.htm Infected: Trojan-Downloader.HTML.Agent.bp skipped Scan process completed.
Hi Remove this program usin add/remove programs in control panel webHancer ======== Please download Deckard's System Scanner to your Desktop * Close all applications and windows. * Double-click on Dss.exe to run it, and follow the prompts. * The scan may take a minute. When the scan is complete, a text file will open Main.txt and extra.txt Please post Main.txt and Extra.txt
Deckard's System Scanner v20070711.54 Run by Shane Farr on 2007-07-12 at 05:15:40 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 30: 2007-07-12 09:15:43 UTC - RP35 - Deckard's System Scanner Restore Point 29: 2007-07-11 20:18:35 UTC - RP34 - System Checkpoint 28: 2007-07-10 20:06:35 UTC - RP33 - System Checkpoint 27: 2007-07-09 19:06:35 UTC - RP32 - System Checkpoint 26: 2007-07-08 19:01:47 UTC - RP31 - Install AnyDVD -- First Restore Point -- 1: 2007-06-27 22:54:42 UTC - RP6 - Installed DirectX 9.0 Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Shane Farr.exe) ------------------------------------------ Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of HijackThis v1.99.1 Scan saved at 2007-07-12 05:19:56 Platform: Windows XP Service Pack 1 (5.01.2600) MSIE: Internet Explorer (6.00.2800.1106) Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\explorer.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\SMax4.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Webroot\Accelerate\accelerate.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\Chronograph\chrono.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\lxcccoms.exe D:\dss.exe C:\Program Files\Trend Micro\HijackThis\Shane Farr.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [Accelerate] C:\Program Files\Webroot\Accelerate\accelerate.exe /S O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [Chronograph] "C:\Program Files\Chronograph\chrono.exe" /autorun O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_01) - http://java.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - "C:\Program Files\AntiVir PersonalEdition Classic\sched.exe" O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - "C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe" O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StyleXPService - Unknown owner - "C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe" -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 avgntmgr - c:\windows\system32\drivers\avgntmgr.sys <Not Verified; AVIRA GmbH; AntiVir®> R0 viaraid - c:\windows\system32\drivers\viaraid.sys <Not Verified; VIA Technologies inc,.ltd; VT6410 RAID MINIPORT DRIVER> R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> R3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 EL2000 (3Com 3C2000x EtherLink XL Adapter) - c:\windows\system32\drivers\el2k_xp.sys <Not Verified; 3Com Corporation; 3Com Gigabit NIC (3C2000 Family)> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler> R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module> R2 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe" <Not Verified; ; StyleXPService Module> -- Files created between 2007-06-12 and 2007-07-12 ----------------------------- 2007-07-12 05:16:42 0 d-------- C:\Program Files\Trend Micro 2007-07-11 20:50:20 0 d-------- C:\HJT 2007-07-11 18:25:32 0 d-------- C:\WINDOWS\System32\Kaspersky Lab 2007-07-11 18:18:53 0 d-------- C:\WINDOWS\System32\ActiveScan 2007-07-10 19:05:45 32584 --a------ C:\WINDOWS\wt.exe 2007-07-09 16:50:38 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\AdobeUM 2007-07-09 16:50:32 0 d-------- C:\Program Files\Common Files\Adobe 2007-07-09 16:50:32 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\Adobe 2007-07-08 15:06:01 0 d-------- C:\Movie Temp 2007-07-08 15:04:15 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\SlySoft 2007-07-08 15:03:08 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft 2007-07-08 14:56:13 0 d-------- C:\Program Files\SlySoft 2007-07-08 14:55:56 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-07-08 14:55:55 0 d-------- C:\Program Files\DVD Shrink 2007-07-04 07:35:49 0 d-------- C:\Documents and Settings\Shane Farr\Shared 2007-07-04 07:35:48 0 d-------- C:\Documents and Settings\Shane Farr\Incomplete 2007-07-04 07:35:39 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\LimeWire 2007-07-04 07:35:28 0 d-------- C:\Program Files\LimeWire 2007-07-03 20:35:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2007-07-03 20:34:46 0 d-------- C:\WINDOWS\Cache 2007-07-03 20:33:15 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\Roxio 2007-07-03 20:32:25 0 d-------- C:\Program Files\Roxio 2007-07-03 20:31:59 0 d-------- C:\Program Files\Common Files\Roxio Shared 2007-06-29 18:42:40 0 d-------- C:\Program Files\QuickTime 2007-06-29 18:42:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-06-29 18:36:59 0 d-------- C:\Program Files\Common Files\xing shared 2007-06-29 18:36:44 0 d-------- C:\Program Files\Common Files\Real 2007-06-29 18:36:42 0 d-------- C:\Program Files\Real 2007-06-29 18:36:12 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\Real 2007-06-29 18:33:12 0 d-------- C:\WINDOWS\Sun 2007-06-29 18:33:12 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\Sun 2007-06-29 18:32:42 0 d-------- C:\Program Files\Java 2007-06-29 18:28:37 0 d-------- C:\Program Files\Common Files\Java 2007-06-29 18:20:49 0 d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic 2007-06-28 21:36:04 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\CyberLink 2007-06-28 19:55:51 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-06-28 19:55:33 0 d-------- C:\Program Files\DFX 2007-06-28 19:36:30 0 d--h---c- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$ 2007-06-28 19:33:57 0 d-------- C:\Program Files\Winamp 2007-06-28 19:32:36 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink 2007-06-28 19:29:06 0 d-------- C:\Program Files\CyberLink 2007-06-28 19:27:45 89184 --a------ C:\WINDOWS\System32\drivers\imagedrv.sys <Not Verified; Ahead Software AG and its licensors; NERO IMAGEDRIVE> 2007-06-28 19:27:36 38912 --a------ C:\WINDOWS\System32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS> 2007-06-28 19:27:36 155648 --a------ C:\WINDOWS\System32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck> 2007-06-28 19:27:36 544768 --a------ C:\WINDOWS\System32\imagx5.dll <Not Verified; Pegasus Software, LLC; ImagXpress> 2007-06-28 19:27:36 569344 --a------ C:\WINDOWS\System32\imagr5.dll <Not Verified; Pegasus Software,LLC; ImagXpress> 2007-06-28 19:27:36 0 d-------- C:\Program Files\Common Files\Ahead 2007-06-28 19:27:33 0 d-------- C:\Program Files\Ahead 2007-06-28 19:26:12 0 d-------- C:\Program Files\Common Files\Webroot Shared 2007-06-28 19:26:12 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\Webroot 2007-06-28 19:26:04 56832 --a------ C:\WINDOWS\Unwash6.exe <Not Verified; Webroot Software, Inc.; > 2007-06-28 19:25:11 388096 --a------ C:\WINDOWS\unacc.exe <Not Verified; Webroot Software, Inc.; > 2007-06-28 19:25:11 0 d-------- C:\Program Files\Webroot 2007-06-28 19:13:09 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\FaxCtr 2007-06-28 19:12:26 0 d-------- C:\WINDOWS\Prefetch 2007-06-28 19:06:30 0 d-------- C:\WINDOWS\ServicePackFiles 2007-06-28 19:06:30 0 d-------- C:\WINDOWS\ehome 2007-06-28 16:55:01 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE> 2007-06-28 16:54:59 0 d-------- C:\Program Files\DivX 2007-06-27 21:12:45 0 d-------- C:\Program Files\Chronograph 2007-06-27 20:58:03 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\Macromedia 2007-06-27 20:07:00 0 d---s---- C:\Documents and Settings\Shane Farr\UserData 2007-06-27 20:01:22 0 d-------- C:\Program Files\TGTSoft 2007-06-27 20:00:43 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\WinRAR 2007-06-27 19:57:21 0 d-------- C:\Program Files\webHancer 2007-06-27 19:57:15 0 d-------- C:\Program Files\WinMX MP3 2007-06-27 19:28:14 4096 --a------ C:\WINDOWS\d3dx.dat 2007-06-27 19:04:16 0 d-------- C:\Program Files\PlayOnline 2007-06-27 19:00:42 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint 2007-06-27 19:00:18 32768 --a------ C:\WINDOWS\System32\LXPRMON.DLL 2007-06-27 19:00:18 20480 --a------ C:\WINDOWS\System32\LXPMONUI.DLL 2007-06-27 19:00:18 12288 --a------ C:\WINDOWS\System32\LXPMONRC.DLL <Not Verified; Lexmark International, Inc.; Lexmark Fax Solutions Software Print Monitor> 2007-06-27 19:00:18 98345 --a------ C:\WINDOWS\System32\IMHOST32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit> 2007-06-27 19:00:18 339968 --a------ C:\WINDOWS\System32\IMGMAN32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit> 2007-06-27 19:00:17 0 d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr 2007-06-27 19:00:09 0 d-------- C:\Program Files\Lexmark Fax Solutions 2007-06-27 18:59:43 0 d-------- C:\Program Files\Lexmark 3300 Series 2007-06-27 18:59:42 0 d-------- C:\Program Files\Lx_cats 2007-06-27 18:54:18 1769472 --a------ C:\WINDOWS\System32\dxdiagn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-06-27 18:54:18 1703936 --a------ C:\WINDOWS\System32\d3d9.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-06-27 18:35:22 0 d---s---- C:\WINDOWS\System32\Microsoft 2007-06-27 18:33:01 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\Help 2007-06-27 18:31:08 61440 --a------ C:\WINDOWS\System32\W32N50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> 2007-06-27 18:31:08 16068 --a------ C:\WINDOWS\System32\PCANDIS5.SYS <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> 2007-06-27 18:31:07 1496064 --a------ C:\WINDOWS\System32\cc3250mt.dll <Not Verified; Inprise Corporation; Borland C++ Builder 5.0> 2007-06-27 18:31:07 25600 --a------ C:\WINDOWS\System32\borlndmm.dll <Not Verified; Inprise Corporation; Borland Memory Manager> 2007-06-27 18:31:04 0 d-------- C:\Program Files\Linksys 2007-06-27 18:29:45 0 d-------- C:\WINDOWS\RegisteredPackages 2007-06-27 18:28:48 114688 -----n--- C:\WINDOWS\System32\ati2sgag.exe <Not Verified; ; ATI Smart> 2007-06-27 18:28:29 0 d-------- C:\Program Files\ATI Technologies 2007-06-27 18:26:15 41852 -ra------ C:\WINDOWS\System32\UpdDrv2K.exe <Not Verified; 3Com Corporation; UpdDrv2k.exe> 2007-06-27 18:26:15 0 d-------- C:\WINDOWS\OPTIONS 2007-06-27 18:24:53 30208 --a------ C:\WINDOWS\System32\wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl> 2007-06-27 18:24:53 1285632 --a------ C:\WINDOWS\System32\SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio> 2007-06-27 18:24:49 0 d-------- C:\WINDOWS\VirtualEar 2007-06-27 18:24:49 765952 --a------ C:\WINDOWS\system\crlds3d.dll <Not Verified; Sensaura Ltd; Sensaura 3DPA> 2007-06-27 18:24:46 49152 --a------ C:\WINDOWS\System32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp> 2007-06-27 18:24:46 45056 --a------ C:\WINDOWS\System32\CleanUp.exe <Not Verified; adi; adi CleanUp> 2007-06-27 18:24:46 0 d-------- C:\Program Files\Analog Devices 2007-06-27 18:24:30 70272 -ra------ C:\WINDOWS\System32\drivers\viaraid.sys <Not Verified; VIA Technologies inc,.ltd; VT6410 RAID MINIPORT DRIVER> 2007-06-27 18:24:25 0 d-------- C:\Program Files\VIA 2007-06-27 18:23:58 0 d-------- C:\Program Files\Intel 2007-06-27 18:23:34 0 d-------- C:\WINDOWS\System32\ReinstallBackups 2007-06-27 18:23:06 5824 --a------ C:\WINDOWS\System32\drivers\ASUSHWIO.SYS 2007-06-27 18:22:34 0 d-------- C:\Program Files\VID_0E8F&PID_0003 2007-06-27 18:22:34 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-06-27 18:22:30 0 d-------- C:\Program Files\Common Files\InstallShield 2007-06-27 18:19:56 0 d--hs---- C:\WINDOWS\Installer 2007-06-27 18:19:54 0 d-------- C:\Documents and Settings\Shane Farr\Application Data\Identities 2007-06-27 18:19:44 0 d--h----- C:\Documents and Settings\Shane Farr\Templates 2007-06-27 18:19:44 0 dr------- C:\Documents and Settings\Shane Farr\Start Menu 2007-06-27 18:19:44 0 dr-h----- C:\Documents and Settings\Shane Farr\SendTo 2007-06-27 18:19:44 0 dr-h----- C:\Documents and Settings\Shane Farr\Recent 2007-06-27 18:19:44 0 d--h----- C:\Documents and Settings\Shane Farr\PrintHood 2007-06-27 18:19:44 1572864 --ah----- C:\Documents and Settings\Shane Farr\NTUSER.DAT 2007-06-27 18:19:44 0 d--h----- C:\Documents and Settings\Shane Farr\NetHood 2007-06-27 18:19:44 0 dr------- C:\Documents and Settings\Shane Farr\My Documents 2007-06-27 18:19:44 0 d--h----- C:\Documents and Settings\Shane Farr\Local Settings 2007-06-27 18:19:44 0 dr------- C:\Documents and Settings\Shane Farr\Favorites 2007-06-27 18:19:44 0 d-------- C:\Documents and Settings\Shane Farr\Desktop 2007-06-27 18:19:44 0 d---s---- C:\Documents and Settings\Shane Farr\Cookies 2007-06-27 18:19:44 0 dr-h----- C:\Documents and Settings\Shane Farr\Application Data 2007-06-27 18:19:14 0 d--hs---- C:\System Volume Information 2007-06-27 18:19:13 233472 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT 2007-06-27 18:19:13 0 d--h----- C:\Documents and Settings\LocalService\Local Settings 2007-06-27 18:19:13 0 d---s---- C:\Documents and Settings\LocalService\Cookies 2007-06-27 18:19:13 0 d-------- C:\Documents and Settings\LocalService\Application Data 2007-06-27 18:19:13 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft 2007-06-27 18:19:12 233472 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT 2007-06-27 18:19:12 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings 2007-06-27 18:19:12 0 d---s---- C:\Documents and Settings\NetworkService\Cookies 2007-06-27 18:19:12 0 d-------- C:\Documents and Settings\NetworkService\Application Data 2007-06-27 18:19:12 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft 2007-06-27 18:16:22 0 d-------- C:\WINDOWS\System32\xircom 2007-06-27 18:16:22 0 d-------- C:\Program Files\microsoft frontpage 2007-06-27 18:16:11 233472 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT 2007-06-27 18:16:03 0 -rahs---- C:\MSDOS.SYS 2007-06-27 18:16:03 0 -rahs---- C:\IO.SYS 2007-06-27 18:16:03 0 --a------ C:\CONFIG.SYS 2007-06-27 18:16:03 0 --a------ C:\AUTOEXEC.BAT 2007-06-27 18:15:14 0 d--hs---- C:\Documents and Settings\All Users\DRM 2007-06-27 18:15:07 0 dr------- C:\WINDOWS\Offline Web Pages 2007-06-27 18:15:07 0 d---s---- C:\WINDOWS\Downloaded Program Files 2007-06-27 18:14:40 0 d-------- C:\WINDOWS\srchasst 2007-06-27 18:14:34 0 d-------- C:\WINDOWS\System32\Macromed 2007-06-27 18:14:34 0 d-------- C:\WINDOWS\System32\DirectX 2007-06-27 18:14:22 0 d-------- C:\Program Files\Movie Maker 2007-06-27 18:13:57 0 d-------- C:\WINDOWS\System32\Restore 2007-06-27 18:13:52 0 d-------- C:\WINDOWS\PCHEALTH 2007-06-27 18:13:46 0 d---s---- C:\WINDOWS\Tasks 2007-06-27 18:13:44 0 d-------- C:\Program Files\Common Files\MSSoap 2007-06-27 18:13:15 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat 2007-06-27 18:13:00 0 d-------- C:\WINDOWS\Registration 2007-06-27 18:12:54 0 d--h----- C:\Program Files\WindowsUpdate 2007-06-27 18:12:54 0 d-------- C:\Program Files\Online Services 2007-06-27 18:12:48 0 d-------- C:\Program Files\Messenger 2007-06-27 18:12:39 0 d-------- C:\Program Files\MSN Gaming Zone 2007-06-27 18:12:30 0 d-------- C:\Program Files\Windows NT 2007-06-27 18:12:21 0 d-------- C:\WINDOWS\System32\MsDtc 2007-06-27 18:12:19 0 d-------- C:\WINDOWS\System32\Com 2007-06-27 14:08:02 0 d-------- C:\Program Files\Common Files\ODBC 2007-06-27 14:07:59 0 dr------- C:\Program Files 2007-06-27 14:07:59 0 d-------- C:\Program Files\Common Files\SpeechEngines 2007-06-27 14:07:38 0 d--h----- C:\Documents and Settings\Default User\Templates 2007-06-27 14:07:38 0 dr------- C:\Documents and Settings\Default User\Start Menu 2007-06-27 14:07:38 0 dr-h----- C:\Documents and Settings\Default User\SendTo 2007-06-27 14:07:38 0 d--h----- C:\Documents and Settings\Default User\Recent 2007-06-27 14:07:38 0 d--h----- C:\Documents and Settings\Default User\PrintHood 2007-06-27 14:07:38 0 d--h----- C:\Documents and Settings\Default User\NetHood 2007-06-27 14:07:38 0 d-------- C:\Documents and Settings\Default User\My Documents 2007-06-27 14:07:38 0 dr-h----- C:\Documents and Settings\Default User\Local Settings 2007-06-27 14:07:38 0 d-------- C:\Documents and Settings\Default User\Favorites 2007-06-27 14:07:38 0 d-------- C:\Documents and Settings\Default User\Desktop 2007-06-27 14:07:38 0 d---s---- C:\Documents and Settings\Default User\Cookies 2007-06-27 14:07:38 0 d--h----- C:\Documents and Settings\All Users\Templates 2007-06-27 14:07:38 0 dr------- C:\Documents and Settings\All Users\Start Menu 2007-06-27 14:07:38 0 d-------- C:\Documents and Settings\All Users\Favorites 2007-06-27 14:07:38 0 dr------- C:\Documents and Settings\All Users\Documents 2007-06-27 14:07:38 0 d-------- C:\Documents and Settings\All Users\Desktop 2007-06-27 14:07:27 0 d-------- C:\WINDOWS\System32\CatRoot2 2007-06-27 14:07:27 0 d-------- C:\WINDOWS\System32\CatRoot 2007-06-27 14:07:21 0 dr-h----- C:\Documents and Settings\Default User\Application Data 2007-06-27 14:07:21 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft 2007-06-27 14:07:21 0 dr-h----- C:\Documents and Settings\All Users\Application Data 2007-06-27 14:07:21 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft 2007-06-27 14:07:09 0 d-------- C:\Documents and Settings 2007-06-27 14:03:34 0 d-------- C:\WINDOWS 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\WinSxS 2007-06-27 14:03:34 0 dr------- C:\WINDOWS\Web 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\twain_32 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\system32 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\wins 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\wbem 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\usmt 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\spool 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\ShellExt 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\Setup 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\ras 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\oobe 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\npp 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\mui 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\inetsrv 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\IME 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\icsxml 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\ias 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\export 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\drivers 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\drivers\etc 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\drivers\disdn 2007-06-27 14:03:34 0 dr-hs--c- C:\WINDOWS\System32\dllcache 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\dhcp 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\config 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\3com_dmi 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\3076 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\2052 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\1054 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\1042 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\1041 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\1037 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\1033 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\1031 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\1028 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\System32\1025 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\system 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\security 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\Resources 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\repair 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\mui 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\msapps 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\msagent 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\Media 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\java 2007-06-27 14:03:34 0 d--h----- C:\WINDOWS\inf 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\ime 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\Help 2007-06-27 14:03:34 0 dr--s---- C:\WINDOWS\Fonts 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\Driver Cache 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\Debug 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\Cursors 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\Connection Wizard 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\Config 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\AppPatch 2007-06-27 14:03:34 0 d-------- C:\WINDOWS\addins -- Find3M Report --------------------------------------------------------------- 2007-06-27 14:07:38 62 --ahs---- C:\Documents and Settings\Shane Farr\Application Data\desktop.ini -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe" "SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray" "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "LXCCCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCCtime.dll,_RunDLLEntry@16" "lxccmon.exe"="\"C:\\Program Files\\Lexmark 3300 Series\\lxccmon.exe\"" "FaxCenterServer"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s" "Accelerate"="C:\\Program Files\\Webroot\\Accelerate\\accelerate.exe /S" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "LanguageShortcut"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\"" "avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\"" "RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\"" "RoxioAudioCentral"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\AudioCentral\\RxMon.exe\"" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide" "Chronograph"="\"C:\\Program Files\\Chronograph\\chrono.exe\" /autorun" "Window Washer"="C:\\Program Files\\Webroot\\Washer\\wwDisp.exe" "AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs* NtmlSvc -- End of Deckard's System Scanner: finished at 2007-07-12 at 05:21:33 ---------
Deckard's System Scanner v20070711.54 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 1.0 Architecture: X86; Language: English CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz CPU 1: Intel(R) Pentium(R) 4 CPU 2.40GHz Percentage of Memory in Use: 26% Physical Memory (total/avail): 1278.73 MiB / 935.04 MiB Pagefile Memory (total/avail): 3053.95 MiB / 2823.5 MiB Virtual Memory (total/avail): 2047.88 MiB / 1953.38 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 74.52 GiB total, 56.67 GiB free. D: is Fixed (FAT32) - 18.64 GiB total, 0.83 GiB free. F: is CDROM (No Media) G: is CDROM (No Media) -- Security Center ------------------------------------------------------------- AUOptions is disabled. AUState says computer has updates disabled. -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Shane Farr\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=HOME-KZ6KGFHINM ComSpec=C:\WINDOWS\system32\cmd.exe HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Shane Farr LOGONSERVER=\\HOME-KZ6KGFHINM NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0209 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\SHANEF~1\LOCALS~1\Temp TMP=C:\DOCUME~1\SHANEF~1\LOCALS~1\Temp USERDOMAIN=HOME-KZ6KGFHINM USERNAME=Shane Farr USERPROFILE=C:\Documents and Settings\Shane Farr windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Shane Farr (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} Accelerate --> C:\WINDOWS\unacc.exe Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001} AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD" ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean ATI HydraVision --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe" Avira AntiVir PersonalEdition Classic --> C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Chronograph 6.11 --> "C:\Program Files\Chronograph\unins000.exe" DFX 8 for Winamp --> "C:\Program Files\Winamp\uninstall_dfx.exe" DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe" Easy CD & DVD Creator 6 --> MsiExec.exe /I{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9} FINAL FANTASY XI --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{678F6475-D227-432A-94FF-806178A34520} FINAL FANTASY XI: Chains of Promathia --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3C0619B4-4A2C-4244-8077-488E420DF907} FINAL FANTASY XI: Rise of the Zilart --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE} FINAL FANTASY XI: Treasures of Aht Urhgan --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A606C6FF-12E7-40BE-B777-D8F360FF00CD} HijackThis 2.0.0 --> "D:\HijackThis.exe" /uninstall Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Kaspersky Online Scanner --> C:\WINDOWS\System32\KASPER~1\KASPER~1\kavuninstall.exe Lexmark 3300 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxccUNST.EXE -NOLICENSE Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe LimeWire 4.12.15 --> "C:\Program Files\LimeWire\uninstall.exe" Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Panda ActiveScan --> C:\WINDOWS\System32\ASUninst.exe Panda ActiveScan PlayOnline Viewer and Tetra Master --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{47004155-7376-403E-89E9-4C9F44AAF0D0} PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328} RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Remove DivX Codec --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Codec\UninstalDivXCodec.log Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" StyleXP (remove only) --> "C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe" USB Dual Vibration Joystick --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59354E6C-B36F-49EF-9419-D904B86C9C57}\setup.exe" -l0x9 VIA VT6410 RAID Driver(Remove) --> RunDll32 SetupVIA.dll,VIA_Uninstall VIA_{BB7D68E9-93AE-4118-85FF-6DAF1FD1731D} Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe" Window Washer --> C:\WINDOWS\Unwash6.exe Windows Installer 3.0 (KB884016) --> C:\WINDOWS\$MSI30UninstallMSI30-KB884016$\spuninst\spuninst.exe WinMX MP3 4.4.6.0 --> "C:\Program Files\WinMX MP3\unins000.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe Wireless PCI Card Configuration Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C6956F3-B586-4674-BCD0-CCF7EC1DF766}\Setup.exe" -l0x9 -- End of Deckard's System Scanner: finished at 2007-07-12 at 05:21:33 ---------
Looking over your log, it seems you don't have any evidence of a third party firewall. As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors: 1) ZoneAlarm 2) Agnitum 3) Sunbelt/Kerio 4) Comodo If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time. ======== Update Your Windows XP. You should update your Windows XP to SP2, NOW. This fixes a large number of security holes in your system. It is a very large download, and is not feasible with Dial-Up. If you are on Dial-up, order the CD from the site below.You can download SP2 from here: If there is a problem with getting the SP2 to take after it's downloaded, see here : You can order an update Service Pack 2 CD from MicroSoft here : For updating with Firefox: http://www.microsoft.com/downloads/...70-D51C-4BE5-A15B-74430E9E2AD4&displaylang=en It is absolutely vital that you get this done, or you will have trouble often. After it's installed, set Automatic updates. We will be glad to check out your PC after SP2 is installed, to be sure everything went according to plan ======== Post then fresh hijackthis log
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe these are malicious.
Hi anari! That entries are not anymore in deckar´s log. That is true that they were malicious. So you can now remove that C:\Program Files\webHancer folder. Then there is still previous instructions, finally post fresh HijackThis log.
here's a new HJT log if you need it. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:56:45 PM, on 7/13/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Webroot\Accelerate\accelerate.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\Chronograph\chrono.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\lxcccoms.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [Accelerate] C:\Program Files\Webroot\Accelerate\accelerate.exe /S O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [Chronograph] "C:\Program Files\Chronograph\chrono.exe" /autorun O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcccoms.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- End of file - 6210 bytes
