Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

not-a-virus.downloader.win32.spygame/Slow Internet Connection

Started by JohnDoe , Oct 01 2006 11:19 AM

  • Please log in to reply

#1
JohnDoe
Posted 01 October 2006 - 11:19 AM

JohnDoe

    Member

  • Member
  • PipPip
  • 15 posts
Hi all.

After downloading Ewido, I found that I had the "not-a-virus.downloader.win32.spygame" virus on my computer and I believed that Ewido successfully "immunized" it. However, my internet connection is still slow. Running a .11g network, I used to have 54 Mbps, but now my connection is between 1 and 11Mbps which leads me to believe something else is running. Please help!

Logfile of HijackThis v1.99.1
Scan saved at 12:47:46 PM, on 10/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?1659f11ff8f64ee38b9d963cd2cddbc2
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?1659f11ff8f64ee38b9d963cd2cddbc2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://mail3.rhsmith....edu/iNotes.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral....bs/pmupd806.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120446491124
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1120480006086
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
  • 0

Advertisements

#2
Wizard
Posted 15 October 2006 - 03:25 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Welcome back JohnDoe!

I cant see anything out of place with that HijackThis log.


Go to the HijackThis folder and right click HijackThis.exe

Select Rename and rename it to foo.exe

Scan fresh after renaming and save that log.


Please download Combofix to your desktop.
http://download.blee...Bs/combofix.exe

Doubleclick combo.exe to launch the application.

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt

Please post that log in the next reply along with the fresh HijackThis log.
  • 0

#3
JohnDoe
Posted 15 October 2006 - 06:31 PM

JohnDoe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thank you Crete!

I have run both HiJack this (after I changed its file name) and Combofix in SAFE mode, is that ok?



"Foo" log aka Hijack This

Logfile of HijackThis v1.99.1
Scan saved at 20:23, on 06-10-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijackthis\foo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?1659f11ff8f64ee38b9d963cd2cddbc2
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?1659f11ff8f64ee38b9d963cd2cddbc2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://mail3.rhsmith....edu/iNotes.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral....bs/pmupd806.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120446491124
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1120480006086
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec.../ols3/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe


Combofix log:

David - 06-10-15 20:24:03.26 Service Pack 2
ComboFix 06.10.16 - Running from: "C:\Documents and Settings\David\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-15 to 2006-10-15 ))))))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-15 20:23 -------- d-------- C:\Program Files\Hijackthis
2006-10-14 08:21 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-12 19:05 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-09 18:27 -------- d-------- C:\Program Files\Norton Internet Security
2006-10-07 08:09 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-10-02 22:05 -------- d-------- C:\Program Files\Trillian
2006-10-01 13:36 -------- d-------- C:\Program Files\TrojanHunter 4.6
2006-10-01 13:15 -------- d-------- C:\Documents and Settings\David\Application Data\TrojanHunter
2006-09-23 20:06 -------- d-------- C:\Documents and Settings\David\Application Data\Microsoft Games
2006-09-23 20:01 -------- d-------- C:\Program Files\QuickTime
2006-09-23 19:58 -------- d-------- C:\Program Files\Apple Software Update
2006-09-16 11:10 -------- d-------- C:\Program Files\Symantec
2006-09-15 22:04 48816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 22:04 109744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-13 19:42 -------- d-------- C:\Program Files\OfficeUpdate11
2006-09-13 01:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 17:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-09-09 21:09 -------- d-------- C:\Documents and Settings\David\Application Data\Real
2006-09-09 21:06 -------- d-------- C:\Program Files\Real
2006-09-09 21:06 -------- d-------- C:\Program Files\Common Files\xing shared
2006-09-09 21:06 -------- d-------- C:\Program Files\Common Files\Real
2006-09-09 21:06 -------- d-------- C:\Program Files\Common Files
2006-09-03 18:19 -------- d-------- C:\Program Files\GameSpy Arcade
2006-09-03 08:19 6799 --a------ C:\Documents and Settings\David\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
2006-09-01 21:46 -------- d-------- C:\Program Files\MSN Messenger
2006-08-26 14:55 -------- d-------- C:\Program Files\DraftDominator
2006-08-25 11:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-22 20:28 -------- d-------- C:\Documents and Settings\David\Application Data\AdobeUM
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 07:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-16 05:37 225664 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2006-08-07 16:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-08-07 16:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Hcontrol"="C:\\WINDOWS\\ATK0100\\Hcontrol.exe"
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Mouse Suite 98 Daemon"="ICO.EXE"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"SonyPowerCfg"="C:\\Program Files\\Sony\\VAIO Power Management\\SPMgr.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"HKSERV.EXE"="C:\\Program Files\\Sony\\HotKey Utility\\HKserv.exe"
"Switcher.exe"="C:\\Program Files\\Sony\\Wireless Switch Setting Utility\\Switcher.exe"
"ISBMgr.exe"="C:\\Program Files\\Sony\\ISB Utility\\ISBMgr.exe"
"VAIO Update 2"="\"C:\\Program Files\\Sony\\VAIO Update 2\\VAIOUpdt.exe\" /Stationary"
"VAIOSurvey"="c:\\program files\\sony\\vaio survey\\surveysa.exe"
"VAIO Recovery"="C:\\WINDOWS\\Sonysys\\VAIO Recovery\\PartSeal.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Software Update"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,34,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - David.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Norton QuickScan - David.job

Completion time: 06-10-15 20:24:43.85
C:\ComboFix.txt ... 06-10-15 20:24
  • 0

#4
Wizard
Posted 15 October 2006 - 06:45 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
C:\Program Files\GameSpy Arcade<--- That may be what ewido is flagging.


I still dont see anything that would point to malware.


Is this connection wireless?


Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

  • 0

#5
JohnDoe
Posted 15 October 2006 - 07:03 PM

JohnDoe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

C:\Program Files\GameSpy Arcade<--- That may be what ewido is flagging.


I still dont see anything that would point to malware.


Is this connection wireless?


Yes, I do have a wireless connection. I have done nothing to my network.
  • 0

#6
Wizard
Posted 15 October 2006 - 07:10 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,I also want you to post here
http://www.geekstogo...owsers-f26.html

Begin a thread discussing your connection and see if they have some diagnostics you can run.

Im not well experienced with wireless and its configurations but I would llike to continue the check for malware as you begin your post in that forum.
  • 0

#7
JohnDoe
Posted 15 October 2006 - 07:55 PM

JohnDoe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I ran f-secure. Nothing found except for two "tracking cookies"
  • 0

#8
Wizard
Posted 16 October 2006 - 03:05 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,did you start a post in the other forum yet?

Download WinPFind2.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind2 on your desktop.
  • Open the WinPFind2 folder and double-click on winpfind2.exe to start the program.
  • Keep the standard settings.
  • In the AddOn-Options group click the checkboxes for
    • HKCU_IEDesktop.def
    • Jobs.def
    • Policies.def
    • SID_Run_Policies.def
    to select them.
  • Now click the Run All Scans button on the toolbar.
  • When the scans are complete click the Simple Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button to post the information back here and I will review it when it comes in.
  • 0

#9
JohnDoe
Posted 16 October 2006 - 07:20 PM

JohnDoe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Logfile created on: 10/16/2006 21:19
WinPFind2 by OldTimer - Version 1.0.11 Folder = C:\Documents and Settings\David\Desktop\WinPFind2\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


< Processes (Non-Microsoft Only) >
c:\program files\symantec\liveupdate\aluschedulersvc.exe - (Symantec Corporation )
c:\windows\system32\ati2evxx.exe - ( )
c:\windows\system32\ati2evxx.exe - ( )
c:\program files\ati technologies\ati control panel\atiptaxx.exe - (ATI Technologies, Inc. )
c:\windows\atk0100\atkosd.exe - ( )
c:\program files\common files\symantec shared\ccapp.exe - (Symantec Corporation )
c:\program files\common files\symantec shared\ccevtmgr.exe - (Symantec Corporation )
c:\program files\common files\symantec shared\ccproxy.exe - (Symantec Corporation )
c:\program files\common files\symantec shared\ccsetmgr.exe - (Symantec Corporation )
c:\windows\atk0100\hcontrol.exe - ( )
c:\program files\sony\hotkey utility\hkserv.exe - (Sony Corporation )
c:\program files\sony\hotkey utility\hkwnd.exe - (Sony Corporation )
c:\program files\hp\hpcoretech\hpcmpmgr.exe - (Hewlett-Packard Company )
c:\program files\hewlett-packard\hp software update\hpwuschd2.exe - (Hewlett-Packard Co. )
c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe - (HP )
c:\windows\system32\ico.exe - (Primax Electronics Ltd. )
c:\program files\sony\isb utility\isbmgr.exe - (Sony Corporation )
c:\program files\java\jre1.5.0_06\bin\jusched.exe - (Sun Microsystems, Inc. )
c:\program files\norton internet security\norton antivirus\navapsvc.exe - (Symantec Corporation )
c:\program files\common files\symantec shared\security console\nscsrvce.exe - (Symantec Corporation )
c:\program files\quicktime\qttask.exe - (Apple Computer, Inc. )
c:\program files\common files\real\update_ob\realsched.exe - (RealNetworks, Inc. )
c:\program files\sony\giga pocket\rm_sv.exe - (Sony Corporation )
c:\program files\sony\giga pocket\shwserv.exe - (Sony Corporation )
c:\program files\common files\symantec shared\sndsrvc.exe - (Symantec Corporation )
c:\program files\common files\symantec shared\spbbc\spbbcsvc.exe - (Symantec Corporation )
c:\program files\sony\vaio power management\spmgr.exe - (Sony Corporation )
c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe - (Symantec Corporation )
c:\program files\sony\usbsircs\usbsircs.exe - (Sony Corporation )
c:\program files\sony\vaio update 2\vaioupdt.exe - (Sony Corporation )
c:\documents and settings\david\desktop\winpfind2\winpfind2.exe - (OldTimer Tools )

< Registry Entries >

[>> Internet Explorer Settings <<]
HKLM->Main\\Start Page - http://www.microsoft...p...ER}&ar=home
HKLM->Main\\Search Page - http://www.microsoft...amp;ar=iesearch
HKLM->Main\\Default_Page_URL - http://www.sony.com/vaiopeople
HKLM->Main\\Default_Search_URL - http://www.microsoft...amp;ar=iesearch
HKLM->Main\\Local Page - %SystemRoot%\system32\blank.htm
HKCU->Main\\Start Page - http://www.msn.com/
HKCU->Main\\Search Bar - http://g.msn.com/0SE...S01?FORM=TOOLBR
HKCU->Main\\Search Page - http://g.msn.com/0SE...S01?FORM=TOOLBR
HKCU->Main\\Local Page - C:\WINDOWS\system32\blank.htm
HKLM->Search\\CustomizeSearch - http://ie.search.msn...st/srchcust.htm
HKLM->Search\\SearchAssistant - http://ie.search.msn...st/srchasst.htm
HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )
HKCU->Internet Settings\\ProxyEnable - 0

[>> BHO's <<]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated )
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc. )
{9030D464-4C02-4ABF-8ECC-5164760863C6} - Windows Live Sign-in Helper = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation )
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - CNisExtBho Class = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation )
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - CNavExtBho Class = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation )
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN Search Toolbar Helper = C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation )

[>> Internet Explorer Bars, Toolbars and Extensions <<]

[HKLM-> Internet Explorer Bars]
{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )

[HKCU-> Internet Explorer Bars]
{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )
{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )

[HKLM-> Internet Explorer ToolBars]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - Norton Internet Security 2006 = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation )
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN Search Toolbar = C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation )
{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation )

[HKCU-> Internet Explorer ToolBars]
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Data missing or invalid = Reg Data missing or invalid (File not found)
ShellBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN Search Toolbar = C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation )
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation )
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Norton Internet Security 2006 = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation )
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Data missing or invalid = Reg Data missing or invalid (File not found)
WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN Search Toolbar = C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation )

[HKCU-> Internet Explorer CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 - Sun Java Console
{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8194 - Reg Data missing or invalid
{A75C6120-9B36-11d4-A3F0-009027427750} - 8196 - Reg Data missing or invalid
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8195 - Reg Data missing or invalid
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - 8197 - Reg Data missing or invalid
{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8193 - Windows Messenger
NextId - 8198

[HKLM-> Internet Explorer Extensions]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc. )
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} (HKCU CLSID) - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc. )
{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research = Reg Data missing or invalid (File not found)
{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation )

[HKCU-> Internet Explorer Menu Extensions]
&MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm (File not found)
E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation )
Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?1659f11ff8f64ee38b9d963cd2cddbc2 (Microsoft Corporation )
Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?1659f11ff8f64ee38b9d963cd2cddbc2 (Microsoft Corporation )

[>> Approved Shell Extensions (Non-Microsoft only) <<]

[HKLM-> Approved Shell Extensions]
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = Reg Data missing or invalid (File not found)
{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = Reg Data missing or invalid (File not found)
{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll (File not found)
{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data missing or invalid (File not found)
{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = Reg Data missing or invalid (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data missing or invalid (File not found)
{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc. )
{DEE12703-6333-4D4E-8F34-738C4DCC2E04} - RecordNow! SendToExt = C:\Program Files\Sonic\RecordNow!\shlext.dll ( )
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} - TrojanHunter Menu Shell Extension = Reg Data missing or invalid (File not found)
{ED58A35B-B554-42AF-A26C-6F3D424200D3} - Sony Power Management Extensiond = C:\Program Files\Sony\VAIO Power Management\SPMPanel.dll (Sony Corporation )
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc. )

[>> ContextMenuHandlers (Non-Microsoft only) <<]

[HKLM-> ContextMenuHandlers]
* - Symantec.Norton.Antivirus.IEContextMenu - {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation )
Folder - Symantec.Norton.Antivirus.IEContextMenu - {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation )

[>> ColumnHandlers (Non-Microsoft only) <<]

[HKLM-> ColumnHandlers]
Folder - {F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Shell Extension = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc. )

[>> File Associations Keys <<]
HKLM->SOFTWARE\Classes\.bat\\'' - batfile
HKLM->SOFTWARE\Classes\batfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.cmd\\'' - cmdfile
HKLM->SOFTWARE\Classes\cmdfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.com\\'' - comfile
HKLM->SOFTWARE\Classes\comfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.exe\\'' - exefile
HKLM->SOFTWARE\Classes\exefile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.hta\\'' - htafile
HKLM->SOFTWARE\Classes\htafile\shell\open\command\\'' - C:\WINDOWS\system32\mshta.exe "%1" %*
HKLM->SOFTWARE\Classes\.js\\'' - JSFile
HKLM->SOFTWARE\Classes\jsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.jse\\'' - JSEFile
HKLM->SOFTWARE\Classes\jsefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.scr\\'' - scrfile
HKLM->SOFTWARE\Classes\scrfile\shell\open\command\\'' - "%1" /S
HKLM->SOFTWARE\Classes\.vbe\\'' - VBEFile
HKLM->SOFTWARE\Classes\vbefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.vbs\\'' - VBSFile
HKLM->SOFTWARE\Classes\vbsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsf\\'' - WSFFile
HKLM->SOFTWARE\Classes\wsffile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsh\\'' - WSHFile
HKLM->SOFTWARE\Classes\wshfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.txt\\'' - txtfile
HKLM->SOFTWARE\Classes\txtfile\shell\open\command\\'' - %SystemRoot%\system32\NOTEPAD.EXE %1

[>> Registry Run Keys <<]
HKLM->Run\\Apoint - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd. )
HKLM->Run\\ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc. )
HKLM->Run\\BluetoothAuthenticationAgent - rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation )
HKLM->Run\\ccApp - "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation )
HKLM->Run\\Hcontrol - C:\WINDOWS\ATK0100\Hcontrol.exe ( )
HKLM->Run\\HKSERV.EXE - C:\Program Files\Sony\HotKey Utility\HKserv.exe (Sony Corporation )
HKLM->Run\\HP Component Manager - "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company )
HKLM->Run\\HP Software Update - C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co. )
HKLM->Run\\HPDJ Taskbar Utility - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP )
HKLM->Run\\IntelliPoint - "C:\Program Files\Microsoft IntelliPoint\point32.exe" (Microsoft Corporation )
HKLM->Run\\ISBMgr.exe - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation )
HKLM->Run\\Mouse Suite 98 Daemon - ICO.EXE (Primax Electronics Ltd. )
HKLM->Run\\QuickTime Task - "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc. )
HKLM->Run\\SonyPowerCfg - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation )
HKLM->Run\\SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc. )
HKLM->Run\\Switcher.exe - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation )
HKLM->Run\\TkBellExe - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc. )
HKLM->Run\\type32 - "C:\Program Files\Microsoft IntelliType Pro\type32.exe" (Microsoft Corporation )
HKLM->Run\\VAIO Recovery - C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe (Sony Electronics Inc )
HKLM->Run\\VAIO Update 2 - "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary (Sony Corporation )
HKLM->Run\\VAIOSurvey - c:\program files\sony\vaio survey\surveysa.exe (Sony Electronics )
HKLM->Run\OptionalComponents\IMAIL - Installed = 1
HKLM->Run\OptionalComponents\MAPI - Installed = 1
HKLM->Run\OptionalComponents\MSFS - Installed = 1

[>> Miscellaneous Startup Keys <<]

[AppInit DLLs]
AppInit_DLL - (File not found)

[Image File Execution Options]
Your Image File Name Here without a path - Debugger = ntsd -d

[Shell Service Object Delay Load]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation )
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation )

[Shell Execute Hooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )

[Shared Task Scheduler]
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )

[SafeBoot Option]

[HKLM Command Processor AutoRun]
HKLM->Command Processor\\AutoRun -

[HKCU Command Processor AutoRun]

[Security Providers]
SecurityProviders\\SecurityProviders - msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[BootExecute]
Session Manager\\BootExecute - autocheck autochk *;

[PendingFileRenameOperations]

[FileRenameOperations]

[ExcludeFromKnownDlls]
Session Manager\\ExcludeFromKnownDlls -

[>> Disabled MSConfig Items <<]

[>> User Agent Post Platform <<]
SV1 -

[>> Winlogon <<]
HMLM->UserInit - C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation )
HKLM->Shell - Explorer.exe (Microsoft Corporation )
HKLM->System - (File not found)
HKLM->VMApplet - rundll32 shell32,Control_RunDLL "sysdm.cpl"
Notify\AtiExtEvent - Ati2evxx.dll ( )
Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
Notify\cscdll - cscdll.dll (Microsoft Corporation )
Notify\ScCertProp - wlnotify.dll (Microsoft Corporation )
Notify\Schedule - wlnotify.dll (Microsoft Corporation )
Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
Notify\termsrv - wlnotify.dll (Microsoft Corporation )
Notify\WgaLogon - WgaLogon.dll (Microsoft Corporation )
Notify\wlballoon - wlnotify.dll (Microsoft Corporation )

[>> DNS Name Servers <<]
{177F73B7-C30F-41CB-8B3B-483E933C8AA5} - ()
{36070E1C-A3E4-402E-95FF-38E1098F6EEF} - (Intel® PRO/1000 MT Network Connection)
{3861BFED-BCAC-4B11-8B68-D7ADE1D622A1} - (D-Link AirPlus G DWL-G630 Wireless Cardbus Adapter)
{79BB6356-8851-4011-9DAC-ED76102E5C97} - (1394 Net Adapter)
{BC8F1A27-4E5D-4C4A-A7B0-2DA59720B59C} - (Intel® PRO/Wireless 2200BG Network Connection)
{CF8C85FE-45B4-4F34-94FE-62A3073E83E5} - ()

[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )

[>> Protocol Handlers (Non-Microsoft only) <<]
cetihpz - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company )
ipp - (File not found)
msdaipp - (File not found)

[>> Protocol Filters (Non-Microsoft only) <<]

< Services (Non-Microsoft Only) >
Ati HotKey Poller (Ati HotKey Poller) - C:\WINDOWS\system32\Ati2evxx.exe ( ) [Automatic - Running - Win32, running in it's own process]
Automatic LiveUpdate Scheduler (Automatic LiveUpdate Scheduler) - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Symantec Event Manager (ccEvtMgr) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Symantec Network Proxy (ccProxy) - "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Symantec Settings Manager (ccSetMgr) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Giga Pocket Hardware Detector (Giga Pocket Hardware Detector) - C:\Program Files\Sony\Giga Pocket\shwserv.exe (Sony Corporation ) [Automatic - Running - Win32, running in it's own process]
Norton AntiVirus Auto-Protect Service (navapsvc) - "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Norton Protection Center Service (NSCService) - "C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE" (Symantec Corporation ) [On Demand - Running - Win32, running in it's own process]
Symantec Network Drivers Service (SNDSrvc) - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Sony TV Tuner Manager (Sony TV Tuner Manager) - C:\Program Files\Sony\Giga Pocket\RM_SV.exe (Sony Corporation ) [On Demand - Running - Win32, running in it's own process]
Symantec SPBBCSvc (SPBBCSvc) - "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Symantec Core LC (Symantec Core LC) - "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]

< Files >

Auto-Start Folders

HKLM->Explorer\Shell Folders\\Common Startup = C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Date = 09/24/2005 02:05 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 08/13/2004 22:54 | Attr = HS])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Remocon Driver.lnk - C:\Program Files\sony\usbsircs\usbsircs.exe (Sony Corporation [Ver = 6. 2. 05. 06230 | Size = 229376 bytes | Date = 06/23/2004 21:04 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe (Microsoft Corporation [Ver = 02.05.0001.1119 | Size = 238080 bytes | Date = 09/20/2005 18:10 | Attr = ])

HKLM->Explorer\User Shell Folders\\Common Startup = %ALLUSERSPROFILE%\Start Menu\Programs\Startup

HKLM->Explorer\Shell Folders\\Startup = C:\Documents and Settings\David\Start Menu\Programs\Startup
C:\Documents and Settings\David\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 08/13/2004 22:54 | Attr = HS])

HKCU->Explorer\User Shell Folders\\Startup = %USERPROFILE%\Start Menu\Programs\Startup

Miscellaneous Auto-Start Files
System.ini->[Boot]\\Shell - Explorer.exe
Wininit.ini: Line 1 - [rename]
Wininit.ini: Line 2 - NUL=InitTermMutexedc

Miscellaneous Folders

AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 08/13/2004 15:44 | Attr = HS])

CurrentUser ApplicationData Folder
C:\Documents and Settings\David\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 08/13/2004 15:44 | Attr = HS])
C:\Documents and Settings\David\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log - ( [Ver = | Size = 6799 bytes | Date = 09/03/2006 08:19 | Attr = ])

Program Files Folder

Common Files Folder

DPF files
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com...ex/qtplugin.cab
{02CF1781-EA91-4FA5-A200-646E8241987C} - VaioInfo.CMClass - CodeBase = http://esupport.sony.com/VaioInfo.CAB
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft....k/?linkid=39204
{193C772A-87BE-4B19-A7BB-445B226FE9A1} - ewidoOnlineScan Control - CodeBase = http://download.ewid...oOnlineScan.cab
{1E2941E3-8E63-11D4-9D5A-00902742D6E0} - iNotes Class - CodeBase = http://mail3.rhsmith....edu/iNotes.cab
{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - MSN Money Charting - CodeBase = http://moneycentral....bs/pmupd806.exe
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - Office Update Installation Engine - CodeBase = http://office.micros...ntent/opuc3.cab
{6414512B-B978-451D-A0D8-FCFDF33E833C} - WUWebControl Class - CodeBase = http://update.micros...b?1120446491124
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.micros...b?1120480006086
{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - GSDACtl Class - CodeBase = http://launch.gamesp...nch/alaunch.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab
{9D190AE6-C81E-4039-8061-978EBAD10073} - F-Secure Online Scanner 3.0 - CodeBase = http://support.f-sec.../ols3/fscax.cab
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn...pDownloader.cab
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/...indows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.ma...ent/swflash.cab

Hosts file = 734 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts
# Copyright © 1993-1999 Microsoft Corp. -
# -
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. -
# -
# This file contains the mappings of IP addresses to host names. Each -
# entry should be kept on an individual line. The IP address should -
# be placed in the first column followed by the corresponding host name. -
# The IP address and the host name should be separated by at least one -
# space. -
# -
# Additionally, comments (such as these) may be inserted on individual -
# lines or following the machine name denoted by a '#' symbol. -
# -
# For example: -
# -
# 102.54.94.97 rhino.acme.com # source server -
# 38.25.63.10 x.acme.com # x client host -
-
127.0.0.1 localhost -

< Add On's >

>>>>Output for AddOn file HKCU_IEDesktop.def<<<<

KEY - HKCU\Software\Microsoft\Internet Explorer\Desktop - Include SUBKEYS
HKCU\Software\Microsoft\Internet Explorer\Desktop -
Desktop\Components -
Desktop\Components\\DeskHtmlVersion - 272
Desktop\Components\\DeskHtmlMinorVersion - 5
Desktop\Components\\Settings - 1
Desktop\Components\\GeneralFlags - 1
Desktop\Components\0 -
Desktop\Components\0\\Source - About:Home
Desktop\Components\0\\SubscribedURL - About:Home
Desktop\Components\0\\FriendlyName - My Current Home Page
Desktop\Components\0\\Flags - 2
Desktop\Components\0\\Position - 2C 00 00 00 E4 00 00 00 00 00 00 00 9C 06 00 00 74 04 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
Desktop\Components\0\\CurrentState - 04 00 00 40
Desktop\Components\0\\OriginalStateInfo - 18 00 00 00 FF FF 00 00 FF FF 00 00 FF FF FF FF FF FF FF FF 04 00 00 00
Desktop\Components\0\\RestoredStateInfo - 18 00 00 00 6A 02 00 00 23 00 00 00 A4 00 00 00 9A 00 00 00 01 00 00 00
Desktop\General -
Desktop\General\\BackupWallpaper - %SystemRoot%\VAIO SLIT Pattern Wallpaper TrueColor 1440x900.bmp
Desktop\General\\WallpaperFileTime - 00 EF 1F D3 70 55 C4 01
Desktop\General\\WallpaperLocalFileTime - 00 17 C1 26 36 55 C4 01
Desktop\General\\TileWallpaper - 0
Desktop\General\\WallpaperStyle - 2
Desktop\General\\Wallpaper - %SystemRoot%\VAIO SLIT Pattern Wallpaper TrueColor 1440x900.bmp
Desktop\General\\ComponentsPositioned - 1
Desktop\Old WorkAreas -
Desktop\Old WorkAreas\\NoOfOldWorkAreas - 1
Desktop\Old WorkAreas\\OldWorkAreaRects - 00 00 00 00 00 00 00 00 20 03 00 00 34 02 00 00
Desktop\SafeMode -
Desktop\SafeMode\General -
Desktop\SafeMode\General\\Wallpaper - %SystemRoot%\Web\SafeMode.htt
Desktop\SafeMode\General\\VisitGallery - 0
Desktop\Scheme -
Desktop\Scheme\\Edit -
Desktop\Scheme\\Display -

>>>>Output for AddOn file Jobs.def<<<<

DIR - C:\WINDOWS\tasks\*.* - Parameters = Include SubFolders
C:\WINDOWS\tasks\AppleSoftwareUpdate.job - ( [Ver = | Size = 284 bytes | Date = 10/12/2006 21:24 | Attr = ])
C:\WINDOWS\tasks\desktop.ini - ( [Ver = | Size = 65 bytes | Date = 08/04/2004 08:00 | Attr = RH ])
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - David.job - ( [Ver = | Size = 548 bytes | Date = 10/13/2006 20:48 | Attr = ])
C:\WINDOWS\tasks\Norton AntiVirus - Run Norton QuickScan - David.job - ( [Ver = | Size = 498 bytes | Date = 12/17/2005 18:23 | Attr = ])
C:\WINDOWS\tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 10/15/2006 20:26 | Attr = H ])

>>>>Output for AddOn file Policies.def<<<<

KEY - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\explorer -
policies\explorer\run -
policies\Ext -
policies\Ext\CLSID -
policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} - 1
policies\NonEnum -
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\Ratings -
policies\system -
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption -
policies\system\\legalnoticetext -
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1

KEY - HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer - Include SUBKEYS
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer not found. -

KEY - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\Associations -
policies\Explorer -
policies\Explorer\\NoDriveTypeAutoRun - 145
policies\Explorer\Run -
policies\System -

KEY - HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer - Include SUBKEYS
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer not found. -

>>>>Output for AddOn file SID_Run_Policies.def<<<<

KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run -

KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run -

KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 145

KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 145

< End of report >
  • 0

#10
Wizard
Posted 16 October 2006 - 09:11 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
I cant see anything wrong in any of these logs.

I just dont know enough about wireless and its connections.

Can you test this machine on a landline and see how it does?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP