Logfile of HijackThis v1.99.1 Scan saved at 13:06:25, on 11.04.2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\WINDOWS\System32\Font32\csrss.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\Eset\nod32kui.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\mscompls.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Remi\LOCALS~1\Temp\Rar$EX00.016\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\winhelp\smss.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O1 - Hosts: 169.247.164.210 www.symantec.com O1 - Hosts: 169.247.164.210 symantec.com O1 - Hosts: 169.247.164.210 securityresponse.symantec.com O1 - Hosts: 169.247.164.210 symantecstore.com O1 - Hosts: 254.87.138.8 www.symantecstore.com O1 - Hosts: 254.87.138.8 service1.symantec.com O1 - Hosts: 254.87.138.8 sarc.com O1 - Hosts: 254.87.138.8 www.sarc.com O1 - Hosts: 245.41.75.56 www.sophos.com O1 - Hosts: 245.41.75.56 sophos.com O1 - Hosts: 245.41.75.56 www.mcafee.com O1 - Hosts: 245.41.75.56 mcafee.com O1 - Hosts: 202.135.49.109 customer.symantec.com O1 - Hosts: 202.135.49.109 liveupdate.symantec.com O1 - Hosts: 202.135.49.109 liveupdate.symantecliveupdate.com O1 - Hosts: 202.135.49.109 www.viruslist.com O1 - Hosts: 159.230.24.161 viruslist.com O1 - Hosts: 159.230.24.161 f-secure.com O1 - Hosts: 159.230.24.161 www.f-secure.com O1 - Hosts: 159.230.24.161 f-prot.com O1 - Hosts: 151.184.215.210 www.f-prot.com O1 - Hosts: 151.184.215.210 kaspersky.com O1 - Hosts: 151.184.215.210 kaspersky-labs.com O1 - Hosts: 151.184.215.210 www.avp.com O1 - Hosts: 108.23.61.7 avp.com O1 - Hosts: 108.23.61.7 www.kaspersky.com O1 - Hosts: 108.23.61.7 www.networkassociates.com O1 - Hosts: 108.23.61.7 networkassociates.com O1 - Hosts: 100.232.125.56 www.ca.com O1 - Hosts: 100.232.125.56 www3.ca.com O1 - Hosts: 100.232.125.56 ca.com O1 - Hosts: 100.232.125.56 mast.mcafee.com O1 - Hosts: 185.72.227.108 my-etrust.com O1 - Hosts: 185.72.227.108 www.my-etrust.com O1 - Hosts: 185.72.227.108 dispatch.mcafee.com O1 - Hosts: 185.72.227.108 secure.nai.com O1 - Hosts: 142.40.201.161 nai.com O1 - Hosts: 142.40.201.161 www.nai.com O1 - Hosts: 142.40.201.161 vil.nai.com O1 - Hosts: 142.40.201.161 update.symantec.com O1 - Hosts: 134.120.137.210 updates.symantec.com O1 - Hosts: 134.120.137.210 us.mcafee.com O1 - Hosts: 134.120.137.210 mcafee.net O1 - Hosts: 134.120.137.210 rads.mcafee.com O1 - Hosts: 91.88.112.7 download.mcafee.com O1 - Hosts: 91.88.112.7 trendmicro.com O1 - Hosts: 91.88.112.7 www.trendmicro.com O1 - Hosts: 91.88.112.7 housecall.trendmicro.com O1 - Hosts: 48.183.86.59 pandasoftware.com O1 - Hosts: 48.183.86.59 www.pandasoftware.com O1 - Hosts: 48.183.86.59 www.trendmicro.com O1 - Hosts: 48.183.86.59 free.grisoft.com O1 - Hosts: 39.136.22.108 www.grisoft.com O1 - Hosts: 39.136.22.108 grisoft.com O1 - Hosts: 39.136.22.108 clamav.net O1 - Hosts: 39.136.22.108 www.clamav.net O1 - Hosts: 124.231.124.160 free-av.com O1 - Hosts: 124.231.124.160 www.free-av.com O1 - Hosts: 124.231.124.160 www.avast.com O1 - Hosts: 124.231.124.160 avast.com O1 - Hosts: 243.185.188.209 cert.org O1 - Hosts: 243.185.188.209 www.cert.org O1 - Hosts: 243.185.188.209 www.microsoft.com O1 - Hosts: 243.185.188.209 microsoft.com O1 - Hosts: 73.24.35.7 www.virustotal.com O1 - Hosts: 73.24.35.7 virustotal.com O1 - Hosts: 73.24.35.7 www.teamanti-virus.org O1 - Hosts: 73.24.35.7 teamanti-virus.org O1 - Hosts: 30.247.9.59 www.drsolomon.com O1 - Hosts: 30.247.9.59 drsolomon.com O1 - Hosts: 30.247.9.59 www.virusbtn.com O1 - Hosts: 30.247.9.59 virusbtn.com O1 - Hosts: 22.73.200.108 update.microsoft.com O1 - Hosts: 22.73.200.108 windowsupdate.microsoft.com O1 - Hosts: 22.73.200.108 www.avgbulgaria.com O1 - Hosts: 22.73.200.108 avgbulgaria.com O1 - Hosts: 234.40.175.160 www.vet.com.au O1 - Hosts: 234.40.175.160 vet.com.au O1 - Hosts: 234.40.175.160 antivirus.about.com O1 - Hosts: 234.40.175.160 www.avg-antivirus.net O1 - Hosts: 191.135.149.212 avg-antivirus.net O1 - Hosts: 191.135.149.212 nod32.com O1 - Hosts: 191.135.149.212 www.nod32.com O1 - Hosts: 191.135.149.212 virus-radar.com O1 - Hosts: 182.89.85.6 www.virus-radar.com O1 - Hosts: 182.89.85.6 bitdefender.com O1 - Hosts: 182.89.85.6 www.bitdefender.com O1 - Hosts: 182.89.85.6 www.freebyte.com O1 - Hosts: 13.183.187.59 freebyte.com O1 - Hosts: 13.183.187.59 www.zonelabs.com O1 - Hosts: 13.183.187.59 zonelabs.com O1 - Hosts: 13.183.187.59 download.zonelabs.com O1 - Hosts: 4.137.251.108 smb.sygate.com O1 - Hosts: 4.137.251.108 www.agnitum.com O1 - Hosts: 4.137.251.108 agnitum.com O1 - Hosts: 4.137.251.108 kasperskyusa.com O1 - Hosts: 216.232.97.160 www.kasperskyusa.com O1 - Hosts: 216.232.97.160 www.kaspersky.com.au O1 - Hosts: 216.232.97.160 kaspersky.com.au O1 - Hosts: 216.232.97.160 www.kaspersky.co.uk O1 - Hosts: 173.71.72.212 kaspersky.co.uk O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [PK Guard 32] C:\WINDOWS\System32\winhelp\smss.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [AVUpdate] C:\WINDOWS\System32\Font32\csrss.exe O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\RunServices: [PK Guard 32] C:\WINDOWS\System32\winhelp\smss.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [VoipBuster] "C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [PK Guard 32] C:\WINDOWS\System32\winhelp\smss.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\RunServices: [PK Guard 32] C:\WINDOWS\System32\winhelp\smss.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe