HiJack This Log

whompuscat · 2006/12/29

In reference to post http://www.windowsbbs.com/showthread.php?p=324633#post324633

Here is my log....

Logfile of HijackThis v1.99.1
Scan saved at 12:56:27 PM, on 12/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\abelhadigital.com\HostsMan\hm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Say the Time\SayTime.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Say the Time\SayTime.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\YPOPs\YPOPs.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sony.aol.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe "
O4 - HKLM\..\Run: [HostsMan] C:\Program Files\abelhadigital.com\HostsMan\hm.exe -s
O4 - HKLM\..\Run: [Say the Time] C:\Program Files\Say the Time\SayTime.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe "
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe "
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Startup: YPOPs.lnk = ?
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: &Define - file://C:\Program Files\IEToys\Webster.htm
O8 - Extra context menu item: &Delete Images - file://C:\Program Files\IEToys\CleanDom.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Encyclopedia &Lookup - file://C:\Program Files\IEToys\WebEncyc.htm
O8 - Extra context menu item: HTML So&urce - file://C:\Program Files\IEToys\HTMLSrc.htm
O8 - Extra context menu item: I&mage List - file://C:\Program Files\IEToys\ImageList.htm
O8 - Extra context menu item: Linkif&y && Open - file://C:\Program Files\IEToys\Linkify.htm
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\system32\oline.dll
O9 - Extra button: Clear all browsing history - {FFFFFF9F-A66E-4D5D-996F-1A4450298FFF} - C:\Program Files\IEToys\ClearTracks.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://cgi7.igl.net
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160410065625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160410118171
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient/PTGameLauncher.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot= "SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt= "Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot= "SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt= "\Addons\Packages\Mobile\Gateway" /DisplayName= "VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

I also still have that noun proc.exe is in Documents and Settings/Joyce/Application Data/elseabout (the other 2 files in this folder are locks idle inside.exe and zfcsmhu.exe

TeMerc · 2006/12/29

Welcome to the forum whompuscat.

I also still have that noun proc.exe is in Documents and Settings/Joyce/Application Data/elseabout (the other 2 files in this folder are locks idle inside.exe and zfcsmhu.exe
Click to expand...

Those need to be deleted, the first two are the LOP infection. You can delete the entire 'elseabout' folder. That last file produces no hits via Google and is definitely suspect. I would like to run another file finding tool to see what else is on the system.

You can fix the following items with HJT. Btw, do you have anything unchecked in MSCONFIG? Let me know.

Open Hijackthis, select the [Do a system scan only] button and look over the following entries I have listed, check the boxes [] next to them and press the [Fix Checked] button. When you are doing this, make sure you have No IE windows, nor any other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sony.aol.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Reboot the system and then Download combofix.exe

Double click combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

No need for a new HJT log as yet.

whompuscat · 2006/12/29

Before I do that let me post a new log. I downloaded Super Ad Blocker which claims it removes all traces of the LOP infection. I ran it and it found 4 LOP files and deleted them. I have attached a file showing what files this program found and deleted, then I rebooted and deleted the folders.

Yes I do selective startup, should I run a log with msconfig set to Normal startup? Here is my new log.

Logfile of HijackThis v1.99.1
Scan saved at 7:04:30 PM, on 12/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\abelhadigital.com\HostsMan\hm.exe
C:\Program Files\Say the Time\SayTime.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Say the Time\SayTime.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\YPOPs\YPOPs.exe
C:\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sony.aol.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe "
O4 - HKLM\..\Run: [HostsMan] C:\Program Files\abelhadigital.com\HostsMan\hm.exe -s
O4 - HKLM\..\Run: [Say the Time] C:\Program Files\Say the Time\SayTime.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe "
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe "
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Startup: YPOPs.lnk = ?
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: &Define - file://C:\Program Files\IEToys\Webster.htm
O8 - Extra context menu item: &Delete Images - file://C:\Program Files\IEToys\CleanDom.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Encyclopedia &Lookup - file://C:\Program Files\IEToys\WebEncyc.htm
O8 - Extra context menu item: HTML So&urce - file://C:\Program Files\IEToys\HTMLSrc.htm
O8 - Extra context menu item: I&mage List - file://C:\Program Files\IEToys\ImageList.htm
O8 - Extra context menu item: Linkif&y && Open - file://C:\Program Files\IEToys\Linkify.htm
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\system32\oline.dll
O9 - Extra button: Clear all browsing history - {FFFFFF9F-A66E-4D5D-996F-1A4450298FFF} - C:\Program Files\IEToys\ClearTracks.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://cgi7.igl.net
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160410065625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160410118171
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient/PTGameLauncher.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot= "SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt= "Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot= "SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt= "\Addons\Packages\Mobile\Gateway" /DisplayName= "VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

Do you still advise performing the steps in your previous post?

whompuscat · 2006/12/29

I went ahead and followed the instructions you posted earlier. Here is the log from the combofix.exe

PART 1

Joyce - 06-12-29 20:16:25.66 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Joyce\Desktop "

((((((((((((((((((((((((((((((( Files Created from 2006-11-29 to 2006-12-29 ))))))))))))))))))))))))))))))))))

2006-12-29 20:08 3,888 --a------ C:\WINDOWS\system32\drivers\NTHANDLE.SYS
2006-12-29 20:04 <DIR> d-------- C:\Program Files\WhoLockMe
2006-12-29 14:57 <DIR> d-------- C:\Program Files\SuperAdBlocker.com
2006-12-29 14:57 <DIR> d-------- C:\Documents and Settings\Joyce\Application Data\SuperAdBlocker.com
2006-12-29 13:34 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-29 13:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-12-28 12:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2006-12-28 04:57 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2006-12-27 17:14 <DIR> d-------- C:\WINDOWS\Minidump
2006-12-27 16:36 <DIR> d-------- C:\Documents and Settings\Joyce\Application Data\FarStone
2006-12-27 16:31 37,409 --a------ C:\WINDOWS\system32\drivers\fsRamDsk.sys
2006-12-27 16:24 36,864 --------- C:\WINDOWS\system32\unVHDDrvExe.exe
2006-12-27 16:24 36,864 --------- C:\WINDOWS\system32\inVHDDrvExe.exe
2006-12-27 16:17 <DIR> d-------- C:\VCd
2006-12-27 14:13 <DIR> d-------- C:\Documents and Settings\Joyce\Application Data\CyberLink
2006-12-27 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2006-12-27 14:09 <DIR> d-------- C:\Program Files\CyberLink
2006-12-26 14:43 35,144 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2006-12-26 14:43 15,440 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2006-12-26 14:43 11,984 --a------ C:\WINDOWS\system32\drivers\RegKill.sys
2006-12-26 04:18 <DIR> d-------- C:\Documents and Settings\Joyce\Application Data\Photodex
2006-12-26 03:49 <DIR> d-------- C:\Program Files\InterVideo Information Service
2006-12-26 03:49 <DIR> d-------- C:\Program Files\Common Files\Ulead
2006-12-26 03:48 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2006-12-26 03:47 <DIR> d-------- C:\Program Files\InterVideo
2006-12-26 03:43 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2006-12-26 03:43 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-12-26 03:43 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2006-12-26 03:43 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2006-12-26 03:43 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2006-12-26 03:43 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-12-26 03:43 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2006-12-26 03:43 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-12-26 03:43 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2006-12-26 03:42 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2006-12-26 02:47 <DIR> d-------- C:\Ydec
2006-12-25 22:13 <DIR> d-------- C:\My Downloads
2006-12-21 21:41 <DIR> d-------- C:\ALL_THE_KINGS_M
2006-12-20 12:13 <DIR> d-------- C:\HiJack This
2006-12-19 17:09 276,792 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2006-12-19 17:09 25,400 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2006-12-19 17:09 247,096 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2006-12-19 04:28 <DIR> d-------- C:\Documents and Settings\Joyce\Application Data\Windows Desktop Search
2006-12-19 04:25 <DIR> d-------- C:\Program Files\Windows Desktop Search
2006-12-19 04:10 356,352 --a------ C:\Documents and Settings\Joyce\cwshredder.dll
2006-12-19 03:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2006-12-19 03:51 <DIR> d-------- C:\Program Files\MSBuild
2006-12-19 03:43 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2006-12-19 03:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2006-12-18 20:24 8 -r-hs---- C:\WINDOWS\system32\D6EC9553F3.sys
2006-12-18 20:24 4,388 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-12-18 20:23 <DIR> d-------- C:\Program Files\Corel
2006-12-16 02:19 <DIR> d-------- C:\WINDOWS\Lhsp
2006-12-16 02:18 <DIR> d-------- C:\WINDOWS\speech
2006-12-15 12:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2006-12-13 18:07 25,600 --a------ C:\Documents and Settings\Joyce\usbsermptxp.sys
2006-12-13 18:07 22,768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2006-12-13 18:07 22,768 --a------ C:\Documents and Settings\Joyce\usbsermpt.sys
2006-12-13 17:41 11,984 --a------ C:\WINDOWS\system32\drivers\ElbyDelay.sys
2006-12-13 14:24 89,296 --a------ C:\WINDOWS\system32\ElbyCDIO.dll
2006-12-13 03:26 <DIR> d-------- C:\Documents and Settings\Joyce\Application Data\Smith Micro
2006-12-12 11:01 <DIR> d-------- C:\Documents and Settings\Joyce\Application Data\aignes
2006-12-12 10:34 <DIR> d-------- C:\Program Files\AM-DeadLink
2006-12-12 10:11 <DIR> d-------- C:\converter for .odt files
2006-12-10 03:58 86,016 --a------ C:\WINDOWS\unvise32.exe
2006-12-10 03:58 <DIR> d-------- C:\Program Files\Say the Time
2006-12-08 07:50 640,512 --a------ C:\WINDOWS\system32\ad2mcmpgdec.dll
2006-12-08 07:50 386,560 --a------ C:\WINDOWS\system32\ad2mpegin.dll
2006-12-07 13:59 <DIR> d-------- C:\Documents and Settings\Joyce\Application Data\Ahead
2006-12-07 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2006-12-07 12:36 <DIR> d-------- C:\Program Files\Nero
2006-12-06 23:14 <DIR> d-------- C:\Program Files\Overland
2006-12-06 23:10 <DIR> d-------- C:\temp
2006-12-06 01:04 <DIR> d-------- C:\WINDOWS\system32\DRM
2006-12-06 01:03 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-12-06 01:00 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2006-12-06 01:00 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2006-12-06 01:00 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2006-12-05 14:26 <DIR> d-------- C:\Program Files\Common Files\Intuit
2006-12-05 00:34 <DIR> d-------- C:\Program Files\DFX
2006-12-01 13:53 624,240 --a------ C:\WINDOWS\system32\ImageControl.dll
2006-11-30 06:23 <DIR> d-------- C:\Program Files\abelhadigital.com
2006-11-29 14:30 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2006-11-29 14:26 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2006-11-29 14:26 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2006-11-29 13:11 <DIR> d-------- C:\Documents and Settings\Joyce\Application Data\abelhadigital.com
2006-11-29 13:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\abelhadigital.com
2006-11-29 06:02 <DIR> d-------- C:\Program Files\IEToys

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-29 15:53 -------- d-------- C:\Program Files\SpywareBlaster
2006-12-29 15:10 -------- d-------- C:\Program Files\Serials 2005
2006-12-29 14:56 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-12-29 13:35 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-12-28 03:24 -------- d-------- C:\Program Files\Elaborate Bytes
2006-12-27 14:09 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-27 14:09 -------- d-------- C:\Program Files\PowerDVD
2006-12-27 04:44 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-12-27 04:44 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-12-27 04:44 -------- d-------- C:\Program Files\Symantec
2006-12-26 04:53 -------- d---s---- C:\Documents and Settings\Joyce\Application Data\Microsoft
2006-12-26 04:37 -------- d-------- C:\Program Files\Adobe
2006-12-26 04:20 -------- d-------- C:\Program Files\Photodex
2006-12-26 03:49 -------- d-------- C:\Program Files\Common Files
2006-12-26 03:44 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-12-26 02:10 17489 --a------ C:\WINDOWS\system32\cfguxvba.dll
2006-12-25 14:13 -------- d-------- C:\Program Files\Common Files\Adobe
2006-12-25 14:13 -------- d-------- C:\Documents and Settings\Joyce\Application Data\AdobeUM
2006-12-25 14:12 -------- d-------- C:\Documents and Settings\Joyce\Application Data\Adobe
2006-12-19 04:02 -------- d-------- C:\Program Files\Common Files\System
2006-12-19 03:52 -------- d-------- C:\Program Files\Microsoft Works
2006-12-19 03:51 -------- d-------- C:\Program Files\Microsoft Office
2006-12-18 20:22 -------- d-------- C:\Documents and Settings\Joyce\Application Data\LimeWire
2006-12-18 20:07 -------- d-------- C:\Program Files\LimeWire
2006-12-16 03:17 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-16 01:30 -------- d-------- C:\Program Files\Windows Media Player
2006-12-15 18:21 -------- d-------- C:\Program Files\Yahoo!
2006-12-13 17:26 -------- d-------- C:\Program Files\Outlook Express
2006-12-11 01:48 -------- d-------- C:\Program Files\Spyware Medic
2006-12-10 20:24 -------- d-------- C:\Program Files\XoftSpy
2006-12-09 09:04 -------- d-------- C:\Program Files\eCleaner
2006-12-07 13:59 -------- d-------- C:\Program Files\Common Files\Ahead
2006-12-06 23:09 -------- d-------- C:\Program Files\HP
2006-12-06 22:57 -------- d-------- C:\Program Files\Hewlett-Packard
2006-12-04 14:19 -------- d-------- C:\Program Files\Java
2006-12-04 13:09 -------- d-------- C:\Program Files\Address & Phone Book
2006-12-01 13:53 2684528 --a------ C:\WINDOWS\system32\AxCtp2.dll
2006-11-29 15:29 -------- d-------- C:\Program Files\Windows Live Safety Center
2006-11-27 02:45 60416 --------- C:\WINDOWS\system32\tzchange.exe
2006-11-26 13:15 -------- d-------- C:\Program Files\Norton Internet Security
2006-11-26 12:45 -------- d-------- C:\Program Files\Internet Explorer
2006-11-22 16:04 -------- d-------- C:\Documents and Settings\Joyce\Application Data\ICAClient
2006-11-19 23:30 -------- d-------- C:\Program Files\Zone Labs
2006-11-17 08:17 -------- d-------- C:\Program Files\TuneUp Utilities 2006
2006-11-16 15:13 -------- d-------- C:\Program Files\YPOPs
2006-11-13 19:20 -------- d-------- C:\Documents and Settings\Joyce\Application Data\Sony Corporation
2006-11-13 00:02 1866240 --a------ C:\WINDOWS\system32\mstscax.dll
2006-11-11 18:31 83 ---hs---- C:\Documents and Settings\Joyce\Application Data\.zreglib
2006-11-11 13:40 -------- d-------- C:\Documents and Settings\Joyce\Application Data\Nero
2006-11-10 09:23 -------- d-------- C:\Program Files\Games
2006-11-10 09:18 -------- d-------- C:\Program Files\ReflexiveArcade
2006-11-07 23:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-07 02:06 600576 --a------ C:\WINDOWS\system32\mstsc.exe
2006-11-06 11:35 531568 --a------ C:\WINDOWS\system32\RmActivate_isv.exe
2006-11-06 11:35 523376 --a------ C:\WINDOWS\system32\RmActivate.exe
2006-11-06 11:35 519280 --a------ C:\WINDOWS\system32\SecProc_isv.dll
2006-11-06 11:35 518768 --a------ C:\WINDOWS\system32\SecProc.dll
2006-11-06 11:35 358000 --a------ C:\WINDOWS\system32\RmActivate_ssp.exe
2006-11-06 11:35 354416 --a------ C:\WINDOWS\system32\RmActivate_ssp_isv.exe
2006-11-06 11:35 323696 --a------ C:\WINDOWS\system32\msdrm.dll
2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\SecProc_ssp_isv.dll
2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\SecProc_ssp.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-30 08:21 -------- d-------- C:\Program Files\MSN Messenger
2006-10-29 03:04 437760 --a------ C:\WINDOWS\rapidui.exe
2006-10-29 03:04 -------- d-------- C:\Program Files\RinjaniSoft
2006-10-29 02:23 -------- d-------- C:\Program Files\Mozilla Thunderbird
2006-10-27 21:05 38464 --a------ C:\Documents and Settings\Joyce\Application Data\Comma Separated Values (Windows).ADR
2006-10-26 19:58 30512 --a------ C:\WINDOWS\system32\mdimon.dll
2006-10-26 14:10 33088 --a------ C:\WINDOWS\system32\FM20ENU.DLL
2006-10-26 14:10 1190688 --a------ C:\WINDOWS\system32\FM20.DLL
2006-10-26 13:45 293376 --a------ C:\WINDOWS\system32\WISPTIS.EXE
2006-10-26 13:45 207360 --a------ C:\WINDOWS\system32\INKED.DLL
2006-10-19 14:55 258048 --------- C:\WINDOWS\system32\oeph.dll
2006-10-19 14:46 11264 --------- C:\WINDOWS\system32\oephRes.dll
2006-10-19 07:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --a------ C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\WMASF.dll
2006-10-18 21:47 212992 --a------ C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll

whompuscat · 2006/12/29

Combofix.exe ..........

Part 2

2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 22:53 98304 --------- C:\WINDOWS\system32\mssitlb.dll
2006-10-17 22:53 76288 --------- C:\WINDOWS\system32\searchfilterhost.exe
2006-10-17 22:53 735232 --------- C:\WINDOWS\system32\propsys.dll
2006-10-17 22:53 65536 --------- C:\WINDOWS\system32\propdefs.dll
2006-10-17 22:53 52224 --------- C:\WINDOWS\system32\msstrc.dll
2006-10-17 22:53 51200 --------- C:\WINDOWS\system32\msscntrs.dll
2006-10-17 22:53 331264 --------- C:\WINDOWS\system32\mssph.dll
2006-10-17 22:53 32256 --------- C:\WINDOWS\system32\mssprxy.dll
2006-10-17 22:53 287744 --------- C:\WINDOWS\system32\searchindexer.exe
2006-10-17 22:53 26624 --------- C:\WINDOWS\system32\rtffilt.dll
2006-10-17 22:53 247296 --------- C:\WINDOWS\system32\srchadmin.dll
2006-10-17 22:53 23552 --------- C:\WINDOWS\system32\msscb.dll
2006-10-17 22:53 215552 --------- C:\WINDOWS\system32\msshsq.dll
2006-10-17 22:53 204288 --------- C:\WINDOWS\system32\searchprotocolhost.exe
2006-10-17 22:53 158720 --------- C:\WINDOWS\system32\mssphtb.dll
2006-10-17 22:53 1497600 --------- C:\WINDOWS\system32\tquery.dll
2006-10-17 22:53 1394688 --------- C:\WINDOWS\system32\mssrch.dll
2006-10-17 22:53 110592 --------- C:\WINDOWS\system32\xmlfilter.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-14 19:10 1339568 --a------ C:\Program Files\Common Files\SP31006.exe
2006-10-14 00:41 0 --a------ C:\Documents and Settings\Joyce\Application Data\wklnhst.dat
2006-10-13 11:30 668976 --a------ C:\WINDOWS\system32\OGACheckControl.DLL
2006-10-13 06:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 06:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 06:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-12 12:30 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2006-10-11 10:24 58880 --a------ C:\WINDOWS\system32\pnrpnsp.dll
2006-10-11 10:24 553984 --a------ C:\WINDOWS\system32\p2psvc.dll
2006-10-11 10:24 313344 --a------ C:\WINDOWS\system32\p2pgraph.dll
2006-10-11 10:24 153088 --a------ C:\WINDOWS\system32\p2p.dll
2006-10-11 10:24 116224 --a------ C:\WINDOWS\system32\p2pnetsh.dll
2006-10-11 10:24 104960 --a------ C:\WINDOWS\system32\p2pgasvc.dll
2006-10-09 17:28 503808 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-10-09 17:28 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-10-09 16:15 1669632 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-10-09 16:12 456192 --a------ C:\WINDOWS\system32\encdec.dll
2006-10-09 16:12 291840 --a------ C:\WINDOWS\system32\sbe.dll
2006-10-09 16:12 235008 --a------ C:\WINDOWS\system32\psisdecd.dll
2006-10-05 16:22 24072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AnyDVD "= "C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe "
"MsnMsgr "= "\ "C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background "
"ctfmon.exe "= "C:\\WINDOWS\\system32\\ctfmon.exe "
"AWMON "= "\ "C:\\Program Files\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe\" "
"RoboForm "= "\ "C:\\Program Files\\Siber Systems\\AI RoboForm\\RoboTaskBarIcon.exe\" "
"SuperAdBlocker "= "C:\\Program Files\\SuperAdBlocker.com\\Super Ad Blocker\\SAdBlock.exe "
"Yahoo! Pager "= "\ "C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ypagerps2 "= "cmd.exe /C del \ "C:\\Program Files\\Yahoo!\\Messenger\\ypagerps2.DLL\" "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA "= "C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe "
"VAIO Recovery "= "C:\\WINDOWS\\Sonysys\\VAIO Recovery\\PartSeal.exe "
"IAAnotif "= "C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe "
"Logitech Utility "= "Logi_MwX.Exe "
"VAIO Update 2 "= "\ "C:\\Program Files\\Sony\\VAIO Update 2\\VAIOUpdt.exe\" /Stationary "
"Windows Defender "= "\ "C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide "
"ccApp "= "\ "C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\" "
"osCheck "= "\ "C:\\Program Files\\Norton Internet Security\\osCheck.exe\" "
"HostsMan "= "C:\\Program Files\\abelhadigital.com\\HostsMan\\hm.exe -s "
"Say the Time "= "C:\\Program Files\\Say the Time\\SayTime.exe "
"ehTray "= "C:\\WINDOWS\\ehome\\ehtray.exe "
"DiscUpdateManager "= "C:\\Program Files\\DISC\\DiscUpdateMgr.exe "
"!AVG Anti-Spyware "= "\ "C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized "
"GrooveMonitor "= "\ "C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\" "
"PartSeal "= "C:\\WINDOWS\\Sonysys\\VAIO Recovery\\PartSeal.exe "
"VirtualCloneDrive "= "\ "C:\\Program Files\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"1A:Stardock TrayMonitor "=" "

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "
"Flags "=dword:00000002
"Position "=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:04,00,00,40
"OriginalStateInfo "=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo "=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1} "= "Browseui preloader "
"{8C7461EF-2B13-11d2-BE35-3078302C2030} "= "Component Categories cache daemon "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023} "= "Trend Micro Anti-Spyware Shell Extension "
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "= "AVG Anti-Spyware 7.5 "
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} "= "Microsoft AntiMalware ShellExecuteHook "
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} "= "Eudora's Shell Extension "
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "= "Groove GFS Stub Execution Hook "
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "=" "
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7} "=" "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000008
"NoSaveSettings "=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001
"undockwithoutlogon "=dword:00000001
"InstallVisualStyle "=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme "=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000008
"NoCDBurning "=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
"CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
"WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
"SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "
"WPDShServiceObj "= "{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"backup "= "C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item "= "Adobe Gamma Loader "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup "= "C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item "= "Adobe Reader Speed Launch "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"backup "= "C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item "= "HP Digital Imaging Monitor "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
"backup "= "C:\\WINDOWS\\pss\\HP Image Zone Fast Start.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe -s "
"item "= "HP Image Zone Fast Start "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
"backup "= "C:\\WINDOWS\\pss\\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\MICROS~4\\Office12\\ONENOTEM.EXE /tsr "
"item "= "Microsoft Office OneNote 2003 Quick Launch "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrintKey-Pro.lnk]
"path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\PrintKey-Pro\\PrintKey-Pro.lnk "
"backup "= "C:\\WINDOWS\\pss\\PrintKey-Pro.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\WARECE~1\\PRINTK~1\\PKey_Pro.exe "
"item "= "PrintKey-Pro "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
"path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Windows Desktop Search.lnk "
"backup "= "C:\\WINDOWS\\pss\\Windows Desktop Search.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\WI459E~1\\WINDOW~1.EXE /startup "
"item "= "Windows Desktop Search "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Joyce^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"backup "= "C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup "
"location "= "Startup "
"command "= "C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item "= "Adobe Gamma "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Joyce^Start Menu^Programs^Startup^ClipCache Pro.lnk]
"path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\ClipCache\\ClipCache Pro.lnk "
"backup "= "C:\\WINDOWS\\pss\\ClipCache Pro.lnkStartup "
"location "= "Startup "
"command "= "C:\\PROGRA~1\\CLIPCA~1\\clipc.exe /wait 3 "
"item "= "ClipCache Pro "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "avgas "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1A:Stardock TrayMonitor]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "=" "
"hkey "= "HKLM "
"command "=" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "apdproxy "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\apdproxy.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "NMBgMonitor "
"hkey "= "HKCU "
"inimapping "= "0 "
"command "= "\ "C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\" "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "bittorrent "
"hkey "= "HKCU "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "CloneCDTray "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "ctfmon "
"hkey "= "HKCU "
"command "= "C:\\WINDOWS\\system32\\ctfmon.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DISCover "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\DISC\\DISCover.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDBitSet]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DVDBitSet "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\HP DVD\\Umbrella\\DVDBitSet.exe /NOUI "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DVDTray "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\HP DVD\\Umbrella\\DVDTray.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExecAfterFirstBoot]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "Latest Information "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\SONYSYS\\EFlyer\\ExecAfterFirstBoot.exe /fC:\\WINDOWS\\SONYSYS\\Docs\\Latest Information.pdf /d4 "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FolderShare]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "FolderShare "
"hkey "= "HKCU "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "AOLHostManager "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Common Files\\AOL\\1160405561\\ee\\AOLHostManager.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "hpcmpmgr "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "HPWuSchd2 "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\INTRA BEND]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "noun proc "
"hkey "= "HKCU "
"command "= "C:\\DOCUME~1\\Joyce\\APPLIC~1\\ELSEAB~1\\noun proc.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LgWDskTp]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "LgWDskTp "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Wireless Desktop\\LgWDskTp.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "mimboot "
"hkey "= "HKLM "
"command "= "C:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mimboot.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MOD]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "muamgr "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Microangelo\\muamgr.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "msmsgs "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\Messenger\\msmsgs.exe\" /background "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "NeroCheck "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "=" "
"hkey "= "HKLM "
"command "=" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "qttask "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAMDrive]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "RDTask "
"hkey "= "HKLM "
"command "= "\ "C:\\VCd\\05091518\\Files\\Vhd\\RDTask.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "PDVDServ "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "rfagent "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\RFA Platinum\\rfagent.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Settings Internet Clock Peak]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "Bin camp "
"hkey "= "HKLM "
"command "= "C:\\Documents and Settings\\All Users\\Application Data\\lesssizesettingsinternet\\Bin camp.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "SMSystemAnalyzer "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "jusched "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "surveysa "
"hkey "= "HKLM "
"command "= "c:\\program files\\sony\\vaio survey\\surveysa.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDrive]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "vdtask "
"hkey "= "HKLM "
"command "= "C:\\VCd\\05091518\\Files\\VDP\\vdtask.exe /AutoRestore "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "WMPNSCFG "
"hkey "= "HKCU "
"command "= "C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe "
"inimapping "= "0 "

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SABWinLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\EZ Outlook Backup Premium.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Joyce.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

Completion time: 06-12-29 20:18:41.43
C:\ComboFix.txt ... 06-12-29 20:18

whompuscat · 2006/12/29

Pretty niffy little program. I'm surprised to still see references to some things that have been uninstalled/deleted. I ran RFA, it would seem to me that RFA would have gotten rid of all registry keys for programs that no longer existed.

Also, when I went into msconfig to disable something I did get access denied and the "wholockme" program said it was explorer.exe (listed twice)and MSASCui.exe (bit defender).

And in msconfig selective startup I have several items that are blank, all I know is they are listed as MS run once programs. How do I clean out the msconfig menu, it still has items in there that have been uninstalled/deleted?

TeMerc · 2006/12/29

It does appear as tho the files were removed bu SAS. Just don't purchase it. In my opinion, what you already have on board is sufficient, perhaps add a couple of minor items for prevention.

While SAS removed the files, it did not remove the registry entries, those will need manual removal.

SAS in a nights of worth of malware testing on my test box totally missed some really obvious infections. It missed start up programs and file installs. So many I removed it before the nites testing was done. I was not impressed.

I also notice lots of apps which you either tried or had. Time to go and remove some folders I think, based on your comments about things you already removed.

There are several files which I could not find much, if any info on. We should in all likelihood remove them, but do some checking before you do. check the file properties for them and see if you recognize them.

All these below can be manually deleted:
C:\WINDOWS\system32\unVHDDrvExe.exe
C:\WINDOWS\system32\inVHDDrvExe.exe
C:\VCd
C:\Ydec
C:\Documents and Settings\Joyce\cwshredder.dll
C:\WINDOWS\Lhsp
C:\WINDOWS\unvise32.exe
C:\WINDOWS\system32\DRM
C:\WINDOWS\system32\cfguxvba.dll

As for the registry entries left behind from LOP:
Lets first back up your registry. This is just a precautionary step, and you can delete the saved file once we are done.

Click the 'Start' button, select 'Run', hit 'Enter'.

When box appears, type 'regedit', hit 'Enter'.

Navigate to the following key, by unticking the '+' next to each subkey:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg

In the right hand side of the window, look for:
Settings Internet Clock Peak

Right-click it, and select 'Delete'

Do the same for the following :
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
Delete 'INTRA BEND''

Close your registry editor.

That should be it. Let me know how that goes.

Oh, quick note on CWShredder; it has not been worth it's space on your system since Merijn sold it to Intermute and then it went to Trend Micro. Good for nothing except maybe really old, probably never to be seen again variants of CoolWebSearch.

whompuscat · 2006/12/30

I did not delete the .dll files, deleting .dll files unless I know they are bad is not something I normally do and since nothing came up in the search for the cfguxvba.dll I was a little hesitant about deleting it. The cwshredder although you say just takes up space I assume that deleting that would cause error messages when Trend Micro starts so I'm going to leave that one also. The Lhsp is my text to speech program, and the ydec is a decoder, so those I left, all the others were left over from previously uninstalled programs.

The registry entries you listed were not on the right hand side instead were sub folders in the startupreg folder but I did delete them. In looking at the rest of the things in the startupreg folder I see subfolders of software that has been uninstalled, should I delete these also? BitTorrent, FolderShare and VirtualDrive are ones that I recognize as previously installed programs.

You mention "perhaps add a couple of minor items for prevention ", what do you suggest? I actually thought I was heavily armed but evidently not enough. I normally also have ie spyads installed but for some reason that slipped by me this time, will install it now, after that what else?

Thanks so much for your help.

TeMerc · 2006/12/30

whompuscat said:

I did not delete the .dll files, deleting .dll files unless I know they are bad is not something I normally do and since nothing came up in the search for the cfguxvba.dll I was a little hesitant about deleting it.
Click to expand...

Aside from cwshredder, the other .dll needs to be deleted, I have no doubt it is not supposed to be on your system. Same goes with the other items. Worse case scenario is we restore them from recycle bin.

The registry entries you listed were not on the right hand side instead were sub folders in the startupreg folder but I did delete them. In looking at the rest of the things in the startupreg folder I see subfolders of software that has been uninstalled, should I delete these also? BitTorrent, FolderShare and VirtualDrive are ones that I recognize as previously installed programs.
Click to expand...

Yes, these can all be removed.

You mention "perhaps add a couple of minor items for prevention ", what do you suggest? I actually thought I was heavily armed but evidently not enough. I normally also have ie spyads installed but for some reason that slipped by me this time, will install it now, after that what else?
Click to expand...

I was thinking along the lines of a hosts file to complment IE-Spyads and WinPatrol, which you can also use as a very effective start up manager as well instead of using MSCONFIG.

whompuscat · 2006/12/30

Ok I will delete the other .dll file and install IE Spyads and Winpatrol and delete the other files out of the registry.

I already use a customs host file, I use the HostsMan program. Thanks again.

TeMerc · 2006/12/30

Great, keep us informed if anything should begin to faulter. we'll leave this thread open for a bit..

Log in or Sign up

HiJack This Log

whompuscat Inactive Thread Starter

TeMerc Inactive Alumni

whompuscat Inactive Thread Starter

whompuscat Inactive Thread Starter

whompuscat Inactive Thread Starter

whompuscat Inactive Thread Starter

TeMerc Inactive Alumni

whompuscat Inactive Thread Starter

TeMerc Inactive Alumni

whompuscat Inactive Thread Starter

TeMerc Inactive Alumni

Share This Page

Log in or Sign up

HiJack This Log

whompuscat Inactive Thread Starter

TeMerc Inactive Alumni

whompuscat Inactive Thread Starter

whompuscat Inactive Thread Starter

whompuscat Inactive Thread Starter

whompuscat Inactive Thread Starter

TeMerc Inactive Alumni

whompuscat Inactive Thread Starter

TeMerc Inactive Alumni

whompuscat Inactive Thread Starter

TeMerc Inactive Alumni

Share This Page

Useful Searches