Asking for advice about my system's (XP SP2 32 bit)

I wonder if I can get some advice 'bout my system’s hijack log…
Sorry for the nuisance I might have caused. Well, this is my hijack log
Sorry if it’s too long… “bows”

Deckard’s System Scanner v20071014.68
Run by Zephyr on 2008-07-10 21:00:45
Computer is in Normal Mode.

– System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable…success.

– Last 1 Restore Point(s) –
1: 2008-07-10 14:00:50 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).

– HijackThis (run as Zephyr.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03:24, on 2008/07/10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Zephyr\Desktop\dss.exe
C:\WINDOWS\system32\conime.exe
E:\Programs\Zephyr.exe

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [ATIPTA] “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe”
O4 - HKLM..\Run: [BOC-426] C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
O4 - HKLM..\Run: [COMODO Firewall Pro] “C:\Program Files\Comodo\Firewall\cfp.exe” -h
O4 - HKLM..\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM..\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM..\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe”
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM..\Run: [ISUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User ‘Default user’)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip..{F39A8AEA-426A-49D6-9EB2-5E661814FBCC}: NameServer = 202.134.0.155,202.134.2.5
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Avira AntiVir Personal ? Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal ? Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

–
End of file - 5091 bytes

– File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe “%1” %*
.scr - scrfile - shell\open\command - “%1” %*

– Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>

– Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (Avira AntiVir Personal ? Free Antivirus Scheduler) - “c:\program files\avira\antivir personaledition classic\sched.exe” <Not Verified; Avira GmbH; AntiVir Workstation>

– Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Memory Controller
Device ID: PCI\VEN_10DE&DEV_005E&SUBSYS_1B521019&REV_A3\3&2411E6FE&0&00
Manufacturer:
Name: PCI Memory Controller
PNP Device ID: PCI\VEN_10DE&DEV_005E&SUBSYS_1B521019&REV_A3\3&2411E6FE&0&00
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0052&SUBSYS_1B521019&REV_A2\3&2411E6FE&0&09
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0052&SUBSYS_1B521019&REV_A2\3&2411E6FE&0&09
Service:

– Files created between 2008-06-10 and 2008-07-10 -----------------------------

2008-07-10 20:39:31 0 d-------- C:\WINDOWS\LastGood
2008-07-10 20:33:55 0 dr-h----- C:\Documents and Settings\Zephyr\Recent
2008-07-09 18:51:47 0 d-------- C:\Program Files\SpeedFan
2008-07-05 18:34:33 0 d-------- C:\Documents and Settings\Zephyr\Application Data\IDMComp
2008-07-05 18:25:26 0 d-------- C:\Program Files\minori
2008-07-01 18:54:27 0 d-------- C:\Documents and Settings\Zephyr\Application Data\uTorrent
2008-06-27 20:47:27 0 d-------- C:\Documents and Settings\Zephyr\Application Data\gtk-2.0
2008-06-26 05:48:20 0 d-------- C:\Program Files\Combined Community Codec Pack
2008-06-25 17:39:15 157696 --a------ C:\WINDOWS\system32\unrar.dll
2008-06-25 17:39:15 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-06-25 17:39:13 1415680 --a------ C:\WINDOWS\system32\WMV9VCM.dll <Not Verified; Microsoft Corporation; Windows Media Video 9 VCM>
2008-06-25 17:39:13 19968 --a------ C:\WINDOWS\system32\cpuinf32.dll
2008-06-25 17:03:51 0 d-------- C:\Program Files\The KMPlayer
2008-06-18 17:41:09 0 d-------- C:\Documents and Settings\Zephyr\Application Data\Sun
2008-06-18 07:15:39 0 d-------- C:\Documents and Settings\Zephyr\Application Data\IrfanView
2008-06-17 07:07:29 335 --a------ C:\WINDOWS\mozregistry.dat
2008-06-14 05:57:35 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-14 05:57:35 0 d–h----- C:\Documents and Settings\Administrator\Recent
2008-06-14 05:57:35 0 d–h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-14 05:57:35 0 d–h----- C:\Documents and Settings\Administrator\NetHood
2008-06-14 05:57:35 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-14 05:57:35 0 d–h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-14 05:57:35 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-14 05:57:35 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-14 05:57:35 0 d—s---- C:\Documents and Settings\Administrator\Cookies
2008-06-14 05:57:35 0 d—s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-14 05:57:35 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-14 05:57:34 0 d–h----- C:\Documents and Settings\Administrator\Templates
2008-06-14 05:57:34 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-14 05:57:34 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-13 16:38:40 348160 --a------ C:\WINDOWS\system32\msvcr71.dll <Not Verified; Microsoft Corporation; MicrosoftR Visual Studio .NET>
2008-06-13 16:38:40 499712 --a------ C:\WINDOWS\system32\msvcp71.dll <Not Verified; Microsoft Corporation; MicrosoftR Visual Studio .NET>
2008-06-13 16:38:39 0 d-------- C:\Program Files\Real Alternative
2008-06-13 16:38:39 0 d-------- C:\Documents and Settings\Zephyr\Application Data\Real
2008-06-13 16:38:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Real
2008-06-13 16:37:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-13 16:37:05 0 d-------- C:\Program Files\QT Lite
2008-06-10 18:00:30 0 d-------- C:\WINDOWS\pss
2008-06-10 07:34:23 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-10 07:33:37 327168 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShieldR unInstaller>

– Find3M Report ---------------------------------------------------------------

2008-07-09 18:06:22 0 d-------- C:\Documents and Settings\Zephyr\Application Data.purple
2008-07-09 13:02:33 0 d-------- C:\Program Files\Malwarebytes’ Anti-Malware
2008-06-18 16:36:40 0 d-------- C:\Documents and Settings\Zephyr\Application Data\Mozilla
2008-06-12 09:47:23 0 d-------- C:\Documents and Settings\Zephyr\Application Data\Adobe
2008-06-10 07:34:23 0 d-------- C:\Program Files\Common Files
2008-06-09 07:32:31 0 d-------- C:\Documents and Settings\Zephyr\Application Data\Sonic
2008-06-09 07:32:20 0 d-------- C:\Documents and Settings\Zephyr\Application Data\Leadertech
2008-06-09 07:11:38 0 d-------- C:\Program Files\Sonic
2008-06-09 07:10:37 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-09 07:08:58 0 d-------- C:\Program Files\Common Files\TiVo Shared
2008-06-08 15:05:42 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-08 15:05:40 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-08 12:44:06 0 d-------- C:\Documents and Settings\Zephyr\Application Data\Media Player Classic
2008-06-08 12:17:36 0 d–h----- C:\Program Files\InstallShield Installation Information
2008-06-08 12:11:12 0 d-------- C:\Program Files\ぱれっと
2008-06-08 12:06:49 0 d-------- C:\Program Files\Canon
2008-06-08 11:54:04 0 d-------- C:\Program Files\Java
2008-06-08 11:51:20 0 d-------- C:\Program Files\Common Files\Java
2008-06-08 10:54:38 0 d-------- C:\Program Files\Pidgin
2008-06-08 10:54:22 0 d-------- C:\Program Files\Common Files\GTK
2008-06-08 10:29:07 0 d-------- C:\Documents and Settings\Zephyr\Application Data\Winamp
2008-06-08 10:29:06 0 d-------- C:\Program Files\Winamp
2008-06-08 10:23:56 0 d-------- C:\Program Files\D-Tools
2008-06-08 09:57:41 0 d-------- C:\Program Files\Microsoft Works
2008-06-08 09:57:34 0 d-------- C:\Program Files\MSBuild
2008-06-08 09:25:24 0 d-------- C:\Documents and Settings\Zephyr\Application Data\Malwarebytes
2008-06-08 09:20:47 0 d-------- C:\Documents and Settings\Zephyr\Application Data\Macromedia
2008-06-08 09:15:15 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-08 09:10:20 0 d-------- C:\Program Files\IrfanView
2008-06-08 09:09:38 0 d-------- C:\Program Files\Foxit Software
2008-06-08 08:59:08 0 d-------- C:\Program Files\Avira
2008-06-08 08:51:52 0 d-------- C:\Documents and Settings\Zephyr\Application Data\Comodo
2008-06-08 08:51:50 0 d-------- C:\Program Files\Comodo
2008-06-08 08:33:52 0 d-------- C:\Documents and Settings\Zephyr\Application Data\Help
2008-06-08 08:31:07 0 d-------- C:\Program Files\ATI Technologies
2008-06-08 08:24:53 0 d-------- C:\Program Files\Realtek Sound Manager
2008-06-08 08:24:53 0 d-------- C:\Program Files\AvRack
2008-06-08 08:19:34 0 d-------- C:\Documents and Settings\Zephyr\Application Data\Identities
2008-06-08 08:15:07 0 d-------- C:\Program Files\microsoft frontpage
2008-06-08 08:14:51 0 -rahs---- C:\MSDOS.SYS
2008-06-08 08:14:51 0 -rahs---- C:\IO.SYS
2008-06-08 08:14:51 0 --a------ C:\CONFIG.SYS
2008-06-08 08:14:51 0 --a------ C:\AUTOEXEC.BAT
2008-06-08 08:13:37 0 d–h----- C:\Program Files\WindowsUpdate
2008-06-08 08:13:35 0 d-------- C:\Program Files\Online Services
2008-06-08 08:12:57 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-08 08:12:50 0 d-------- C:\Program Files\Movie Maker
2008-06-08 08:12:09 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-08 08:11:50 0 d-------- C:\Program Files\Messenger
2008-06-08 08:11:46 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-08 08:11:39 0 d-------- C:\Program Files\Windows NT

– Registry Dump ---------------------------------------------------------------

Note empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SoundMan”=“SOUNDMAN.EXE” [2004/12/22 16:09 C:\WINDOWS\SOUNDMAN.EXE]
“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005/06/28 21:05]
“BOC-426”=“C:\PROGRA~1\Comodo\CBOClean\BOC426.exe” [2008/04/10 11:08]
“COMODO Firewall Pro”=“C:\Program Files\Comodo\Firewall\cfp.exe” [2008/06/08 08:51]
“avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2008/02/12 10:06]
“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006/10/27 00:47]
“IMJPMIG8.1”=“C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe” [2004/08/04 03:32]
“MSPY2002”=“C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe” [2004/08/04 03:31]
“PHIME2002ASync”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe” [2004/08/04 03:32]
“PHIME2002A”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe” [2004/08/04 03:32]
“DAEMON Tools-1033”=“C:\Program Files\D-Tools\daemon.exe” [2004/08/22 17:05]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe” [2008/03/25 04:28]
“ISUSPM Startup”=“C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe” [2004/07/27 16:50]
“ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [2004/07/27 16:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004/08/04 05:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“appinit_dlls”= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

– End of Deckard’s System Scanner: finished at 2008-07-10 21:04:34 ------------

Greetings!

It looks clean. However, I do want to know what ‘minori’ is, as I’ve never heard of it.
You might want to get rid of those (will save you a few MB RAM):
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe”

I think all the IME-entries and ctfmon.exe is necessary for MS Office to work properly.

Cheers,
Ragwing

If you want to disable the Java Update Scheduler, better than editing the registry manually go to “control panel > java > update” tab. About soundman:

http://www.processlibrary.com/directory/files/soundman.exe/

You can use the task manager (Ctrl+Alt+Del) and go to the “processes” tab to check how much memory each of your processes uses.

You don’t need to edit it manually by using the registry. As it’s from the HijackThis-log, you can just fix it from there…

Oh I guess so. But I’d still prefer doing it the way Java expects it to be done. Anyway I don’t think jusched takes up too many resources.

[ at ] Ragwig: minori is a Japanese game production house. It’s just a game folder.