Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Possibly needing help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Possibly needing help

Unread postby j.evitts » December 18th, 2006, 12:09 pm

My system is booting extremely slow and I'm finding random logs in my C: drive. The file name is C:\b19ee7b986c9ba44393d followed by a text file titled msxml4-KB927978-enu. I'm not going to post the entire text as it's rather long, but I've found multiple folders with similar names to the above in the same area.

So far I've run Norton AV, SpyBot S+D, Adaware, CCleaner, and HijackThis from both safe mode and regular boot. I've also run Housecall. Originally I found two viruses that I was able to get rid of (or at least they've gone into hiding), but my system seems to just get worse daily. Here's the HijackThis log froma few minutes ago.

Logfile of HijackThis v1.99.1
Scan saved at 10:48:54 AM, on 12/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE
C:\Program Files\NVTray\NVTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\I8kfanGUI\i9kfangui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTPerformanceUtility] C:\Program Files\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [NVTray] "C:\Program Files\NVTray\NVTray.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [i9kfangui] C:\Program Files\I8kfanGUI\i9kfangui.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6148448000
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
j.evitts
Active Member
 
Posts: 5
Joined: December 18th, 2006, 12:03 pm
Top
Advertisement
Register to Remove

Unread postby j.evitts » December 18th, 2006, 12:18 pm

Sorry, almost forgot this. The following is a list of the currently installed prog's as gathered by CCleaner.

Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Photoshop CS
Adobe Reader 7.0.7
AIM 6.0
ALPS Touch Pad Driver
AppCore
AutoUpdate
AV
BitTorrent 4.0.4
Bluetooth Stack for Windows by Toshiba
Broadcom Gigabit Integrated Controller
C-Major Audio
ccCommon
CCleaner (remove only)
Conexant D110 MDC V.92 Modem
Creative Audio Console
Creative Jukebox Driver
Creative System Information
DH Driver Cleaner Professional Edition
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Shrink 3.2
eTomi Pro(remove only)
FEAR
HijackThis 1.99.1
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB914642)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
I8kfanGUI V2.2.0
Intel(R) PROSet/Wireless Software
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 4
LiveUpdate 3.1 (Symantec Corporation)
Macromedia Shockwave Player
mCore
mDriver
mDrWiFi
MediaDirect
mHlpDell
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft FrontPage Client - English
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIWA
mLogView
mMHouse
Mozilla Firefox (2.0)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
mToolkit
mWlsSafe
mWMI
mXML
mZConfig
Nero 6 Ultra Edition
Nero Digital
NeroMIX
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton AntiVirus
Norton Protection Center
NVIDIA Drivers
NVIDIA Tray Tools v1.0.3.4
PowerDVD
Quicken 2005
QuickSet
QuickTime
RealPlayer
RivaTuner v2.0 RC 15.6
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB926255)
Sound Blaster Audigy 2
SPBBC 32bit
Spybot - Search & Destroy 1.4
Symantec Real Time Storage Protection Component
Symantec
SymNet
Tom Clancy's Splinter Cell Chaos Theory
Uninstall Startup Inspector
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Vampire - The Masquerade Bloodlines
Ventrilo Client
Visual Studio.NET Baseline - English
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 9 Series SDK
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Windows XP Hotfix - KB893086
WinRAR archiver
World of Warcraft
XTreme-G MobileForce 93.81 G3 SETUP FILES ONLY
Yahoo! Messenger

Thanks in advance for any help you can give me.
j.evitts
Active Member
 
Posts: 5
Joined: December 18th, 2006, 12:03 pm
Top

Unread postby Linkmaster » December 20th, 2006, 10:00 am

Hi j.evitts, Welcome to MalWare Removal !!
Sorry for the delay in reviewing your post

The file name is C:\b19ee7b986c9ba44393d followed by a text file titled msxml4-KB927978-enu. I'm not going to post the entire text as it's rather long, but I've found multiple folders with similar names to the above in the same area

Those files have to do with Security updates. They are OK.

I don't see anything in your log! it seems to be clean !

But we can run a scan just to be sure :

Download ComboFix to your Desktop

Reboot to Safe mode
Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter

Make sure you have Disconnected from the Internet !

Double click on combofix.exe
Follow the prompts

Note: Do not mouseclick combofix's window while it is running. That may cause it to stall

When finished, it will produce a log for you

Reboot to Normal Mode

Post a fresh HijackThis log along with the ComboFix log here
(You may need to use several replies as the logs may be cut off)

Thank you !
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA
Top

Unread postby j.evitts » December 20th, 2006, 10:28 am

HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 9:27:02 AM, on 12/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE
C:\Program Files\NVTray\NVTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\I8kfanGUI\i9kfangui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTPerformanceUtility] C:\Program Files\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [NVTray] "C:\Program Files\NVTray\NVTray.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [i9kfangui] C:\Program Files\I8kfanGUI\i9kfangui.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6148448000
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
j.evitts
Active Member
 
Posts: 5
Joined: December 18th, 2006, 12:03 pm
Top

Unread postby j.evitts » December 20th, 2006, 10:28 am

ComboFix log

Jon - 06-12-20 9:06:56.98 Service Pack 2
ComboFix 06.12.01W - Running from: "C:\Documents and Settings\Jon\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\outlook


((((((((((((((((((((((((((((((( Files Created from 2006-11-20 to 2006-12-20 ))))))))))))))))))))))))))))))))))


2006-12-20 08:50 <DIR> d-------- C:\ee3262cdb9ec96de299549c6e2b93e
2006-12-19 12:44 <DIR> dr-h----- C:\Documents and Settings\Jon\Recent
2006-12-19 12:36 <DIR> d-------- C:\Program Files\PCPitstop
2006-12-18 12:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2006-12-18 12:18 806,912 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-12-18 12:18 466,944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-12-18 12:18 45,056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-12-18 12:18 442,368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-12-18 12:18 425,984 --a------ C:\WINDOWS\system32\keystone.exe
2006-12-18 12:18 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-12-18 12:18 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-12-18 12:18 335,872 --a------ C:\WINDOWS\system32\nvwrses.dll
2006-12-18 12:18 335,872 --a------ C:\WINDOWS\system32\nvwrsel.dll
2006-12-18 12:18 327,680 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2006-12-18 12:18 327,680 --a------ C:\WINDOWS\system32\nvwrsesm.dll
2006-12-18 12:18 327,680 --a------ C:\WINDOWS\system32\nvrsar.dll
2006-12-18 12:18 323,584 --a------ C:\WINDOWS\system32\nvwrspt.dll
2006-12-18 12:18 323,584 --a------ C:\WINDOWS\system32\nvwrsit.dll
2006-12-18 12:18 323,584 --a------ C:\WINDOWS\system32\nvrshe.dll
2006-12-18 12:18 319,488 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2006-12-18 12:18 319,488 --a------ C:\WINDOWS\system32\nvwrsnl.dll
2006-12-18 12:18 315,392 --a------ C:\WINDOWS\system32\nvwrsru.dll
2006-12-18 12:18 315,392 --a------ C:\WINDOWS\system32\nvwrshu.dll
2006-12-18 12:18 311,296 --a------ C:\WINDOWS\system32\nvwrsde.dll
2006-12-18 12:18 307,200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-12-18 12:18 303,104 --a------ C:\WINDOWS\system32\nvwrstr.dll
2006-12-18 12:18 303,104 --a------ C:\WINDOWS\system32\nvwrssl.dll
2006-12-18 12:18 303,104 --a------ C:\WINDOWS\system32\nvwrsfi.dll
2006-12-18 12:18 299,008 --a------ C:\WINDOWS\system32\nvwrssk.dll
2006-12-18 12:18 299,008 --a------ C:\WINDOWS\system32\nvwrsno.dll
2006-12-18 12:18 294,912 --a------ C:\WINDOWS\system32\nvwrssv.dll
2006-12-18 12:18 294,912 --a------ C:\WINDOWS\system32\nvwrspl.dll
2006-12-18 12:18 294,912 --a------ C:\WINDOWS\system32\nvwrsda.dll
2006-12-18 12:18 286,720 --a------ C:\WINDOWS\system32\nvwrseng.dll
2006-12-18 12:18 286,720 --a------ C:\WINDOWS\system32\nvwrscs.dll
2006-12-18 12:18 282,624 --a------ C:\WINDOWS\system32\nvwrsar.dll
2006-12-18 12:18 282,624 --a------ C:\WINDOWS\system32\nvrsfr.dll
2006-12-18 12:18 278,528 --a------ C:\WINDOWS\system32\nvwrshe.dll
2006-12-18 12:18 278,528 --a------ C:\WINDOWS\system32\nvrsit.dll
2006-12-18 12:18 278,528 --a------ C:\WINDOWS\system32\nvrses.dll
2006-12-18 12:18 278,528 --a------ C:\WINDOWS\system32\nvrsel.dll
2006-12-18 12:18 274,432 --a------ C:\WINDOWS\system32\nvrsde.dll
2006-12-18 12:18 270,336 --a------ C:\WINDOWS\system32\nvrspt.dll
2006-12-18 12:18 270,336 --a------ C:\WINDOWS\system32\nvrsnl.dll
2006-12-18 12:18 270,336 --a------ C:\WINDOWS\system32\nvrsesm.dll
2006-12-18 12:18 266,240 --a------ C:\WINDOWS\system32\nvrsru.dll
2006-12-18 12:18 266,240 --a------ C:\WINDOWS\system32\nvrsja.dll
2006-12-18 12:18 262,144 --a------ C:\WINDOWS\system32\nvrsptb.dll
2006-12-18 12:18 258,048 --a------ C:\WINDOWS\system32\nvrsko.dll
2006-12-18 12:18 253,952 --a------ C:\WINDOWS\system32\nvrstr.dll
2006-12-18 12:18 253,952 --a------ C:\WINDOWS\system32\nvrssl.dll
2006-12-18 12:18 253,952 --a------ C:\WINDOWS\system32\nvrssk.dll
2006-12-18 12:18 253,952 --a------ C:\WINDOWS\system32\nvrspl.dll
2006-12-18 12:18 253,952 --a------ C:\WINDOWS\system32\nvrshu.dll
2006-12-18 12:18 249,856 --a------ C:\WINDOWS\system32\nvrssv.dll
2006-12-18 12:18 249,856 --a------ C:\WINDOWS\system32\nvrsno.dll
2006-12-18 12:18 249,856 --a------ C:\WINDOWS\system32\nvrsda.dll
2006-12-18 12:18 245,760 --a------ C:\WINDOWS\system32\nvrsfi.dll
2006-12-18 12:18 245,760 --a------ C:\WINDOWS\system32\nvrseng.dll
2006-12-18 12:18 245,760 --a------ C:\WINDOWS\system32\nvrscs.dll
2006-12-18 12:18 221,184 --a------ C:\WINDOWS\system32\nvrszhc.dll
2006-12-18 12:18 212,992 --a------ C:\WINDOWS\system32\nvwrsja.dll
2006-12-18 12:18 196,608 --a------ C:\WINDOWS\system32\nvwrsko.dll
2006-12-18 12:18 167,936 --a------ C:\WINDOWS\system32\nvwrszht.dll
2006-12-18 12:18 163,840 --a------ C:\WINDOWS\system32\nvwrszhc.dll
2006-12-18 12:18 147,456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-12-18 12:18 122,880 --a------ C:\WINDOWS\system32\nvrszht.dll
2006-12-18 12:18 1,662,976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-12-18 12:18 1,622,016 --a------ C:\WINDOWS\system32\nwiz.exe
2006-12-18 12:18 1,470,464 --a------ C:\WINDOWS\system32\nview.dll
2006-12-18 12:18 1,339,392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-12-18 12:18 1,081,344 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-12-18 12:18 1,019,904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-12-18 12:18 <DIR> d-------- C:\WINDOWS\nview
2006-12-18 12:17 888,832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-12-18 12:17 81,920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-12-18 12:17 81,920 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-12-18 12:17 7,770,112 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-12-18 12:17 6,500,352 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-12-18 12:17 581,632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-12-18 12:17 5,623,808 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-12-18 12:17 5,246,976 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-12-18 12:17 458,752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-12-18 12:17 35,840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-12-18 12:17 35,840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-12-18 12:17 3,211,264 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-12-18 12:17 3,072,000 --a------ C:\WINDOWS\system32\nvgames.dll
2006-12-18 12:17 3,006,464 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-12-18 12:17 286,720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-12-18 12:17 274,432 --a------ C:\WINDOWS\system32\nvapi.dll
2006-12-18 12:17 229,376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-12-18 12:17 2,932,736 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-12-18 12:17 2,854,912 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-12-18 12:17 2,465,792 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-12-18 12:17 2,043,904 --a------ C:\WINDOWS\system32\nvwss.dll
2006-12-18 12:17 188,416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-12-18 12:17 168,004 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-12-18 11:42 <DIR> d-------- C:\Documents and Settings\Jon\Application Data\OfficeUpdate12
2006-12-18 11:37 <DIR> d-------- C:\Documents and Settings\Jon\Application Data\TrojanHunter
2006-12-18 11:12 <DIR> d-------- C:\Program Files\TrojanHunter 4.6
2006-12-18 10:52 <DIR> d-------- C:\Program Files\CCleaner
2006-12-18 07:44 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-12-15 18:10 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-12-14 21:00 <DIR> d-------- C:\WINDOWS\system32\DRM
2006-12-14 20:59 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2006-12-14 20:57 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2006-12-14 20:52 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2006-12-14 20:52 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2006-12-14 20:52 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2006-12-14 20:14 <DIR> d-------- C:\WINDOWS\WBEM
2006-12-14 20:14 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-12-14 20:13 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-12-14 20:12 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-12-14 20:11 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-12-13 17:48 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2006-12-13 17:48 <DIR> d-------- C:\Program Files\Common Files\Designer
2006-12-13 17:47 <DIR> d-------- C:\WINDOWS\ShellNew
2006-12-13 11:59 <DIR> d-------- C:\Documents and Settings\Jon\Application Data\DivX
2006-12-13 11:49 <DIR> d-------- C:\Program Files\DivX
2006-12-11 06:59 48,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-12-11 06:59 110,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-12-11 06:59 <DIR> d-------- C:\Program Files\Symantec
2006-12-11 06:59 <DIR> d-------- C:\Program Files\Norton AntiVirus
2006-12-10 11:45 <DIR> d-------- C:\Documents and Settings\Jon\.housecall6.6
2006-12-10 11:34 <DIR> dr-h----- C:\Documents and Settings\Jon\Application Data\yahoo!
2006-12-10 11:28 <DIR> d-------- C:\Program Files\Hijackthis
2006-12-07 20:24 <DIR> d-------- C:\Documents and Settings\Jon\Contacts
2006-12-07 20:23 <DIR> d-------- C:\Program Files\MSN Messenger
2006-12-07 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
2006-12-07 19:32 <DIR> d-------- C:\Program Files\Yahoo!
2006-12-07 13:09 <DIR> d-------- C:\Documents and Settings\Jon\Application Data\acccore
2006-12-07 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2006-12-07 13:08 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2006-12-07 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2006-12-07 13:07 <DIR> d-------- C:\Program Files\Common Files\AOL
2006-12-07 13:07 <DIR> d-------- C:\Program Files\AIM6
2006-12-07 13:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2006-12-07 09:33 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-12-07 09:27 <DIR> d-------- C:\Program Files\XTreme-G MobileForce G3 Drivers
2006-12-07 09:23 61,440 --a------ C:\WINDOWS\system32\KPower.dll
2006-12-07 09:21 666 --a------ C:\WINDOWS\speed.reg
2006-11-27 03:45 60,416 --------- C:\WINDOWS\system32\tzchange.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-20 09:04 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-20 08:52 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-12-19 12:50 -------- d-------- C:\Program Files\Online Services
2006-12-18 03:01 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-12-16 11:22 -------- d-------- C:\Documents and Settings\Jon\Application Data\Adobe
2006-12-14 20:59 -------- d-------- C:\Program Files\Windows Media Player
2006-12-14 20:20 -------- d-------- C:\Program Files\Internet Explorer
2006-12-14 20:15 -------- d-------- C:\Program Files\Outlook Express
2006-12-14 20:15 -------- d-------- C:\Program Files\Common Files\System
2006-12-13 17:48 -------- d-------- C:\Program Files\Microsoft Office
2006-12-13 17:48 -------- d-------- C:\Program Files\Common Files
2006-12-12 14:53 -------- d-------- C:\Program Files\World of Warcraft
2006-12-07 20:23 -------- d---s---- C:\Documents and Settings\Jon\Application Data\Microsoft
2006-12-07 20:22 -------- d-------- C:\Program Files\Winamp
2006-12-07 12:00 -------- d-------- C:\Program Files\Quicken
2006-12-07 09:24 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-07 09:23 -------- d-------- C:\Program Files\Dell
2006-12-07 09:21 -------- d-------- C:\Program Files\Apoint
2006-12-07 09:14 21419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2006-12-04 13:10 5758432 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-12-04 13:10 5745664 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-11-23 11:17 -------- d-------- C:\Program Files\Activision
2006-11-16 19:47 524288 --a------ C:\WINDOWS\opuc.dll
2006-11-15 16:01 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-11-15 16:01 36592 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-11-15 16:01 3596288 --a--c--- C:\WINDOWS\system32\qt-dx331.dll
2006-11-15 16:01 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-11-15 16:01 116984 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-11-15 16:01 115960 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-11-15 16:01 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-11-15 15:56 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-11-15 15:56 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-11-15 15:56 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-11-15 15:56 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-11-15 15:56 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-11-15 15:56 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-11-15 15:56 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-11-15 15:56 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-11-15 15:56 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-11-15 15:56 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-11-15 15:56 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-11-15 15:56 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-11-15 15:36 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-11-15 15:36 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-11-13 01:02 1866240 --a------ C:\WINDOWS\system32\mstscax.dll
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-07 03:06 600576 --a------ C:\WINDOWS\system32\mstsc.exe
2006-11-06 16:03 275576 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2006-11-06 16:03 245880 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2006-11-06 16:03 24184 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2006-11-06 11:35 531568 --a------ C:\WINDOWS\system32\RmActivate_isv.exe
2006-11-06 11:35 523376 --a------ C:\WINDOWS\system32\RmActivate.exe
2006-11-06 11:35 519280 --a------ C:\WINDOWS\system32\SecProc_isv.dll
2006-11-06 11:35 518768 --a------ C:\WINDOWS\system32\SecProc.dll
2006-11-06 11:35 358000 --a------ C:\WINDOWS\system32\RmActivate_ssp.exe
2006-11-06 11:35 354416 --a------ C:\WINDOWS\system32\RmActivate_ssp_isv.exe
2006-11-06 11:35 323696 --a------ C:\WINDOWS\system32\msdrm.dll
2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\SecProc_ssp_isv.dll
2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\SecProc_ssp.dll
2006-10-21 17:16 -------- d-------- C:\Program Files\XTreme-G MobileForce Drivers
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\WMASF.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-11 11:24 58880 --a------ C:\WINDOWS\system32\pnrpnsp.dll
2006-10-11 11:24 553984 --a------ C:\WINDOWS\system32\p2psvc.dll
2006-10-11 11:24 313344 --a------ C:\WINDOWS\system32\p2pgraph.dll
2006-10-11 11:24 153088 --a------ C:\WINDOWS\system32\p2p.dll
2006-10-11 11:24 116224 --a------ C:\WINDOWS\system32\p2pnetsh.dll
2006-10-11 11:24 104960 --a------ C:\WINDOWS\system32\p2pgasvc.dll
2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll
2006-09-28 20:13 95344 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-09-28 18:56 55808 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-09-28 18:56 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-09-28 18:56 165376 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-09-28 18:56 146432 --------- C:\WINDOWS\system32\WudfHost.exe
2006-09-25 17:58 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"i9kfangui"="C:\\Program Files\\I8kfanGUI\\i9kfangui.exe /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTHelper"="CTHELPER.EXE"
"CTPerformanceUtility"="C:\\Program Files\\Creative\\Sound Blaster Audigy 2\\SB Performance Utility\\CTPowUti.exe"
"CTSysVol"="C:\\Program Files\\Creative\\Sound Blaster Audigy 2\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="\"C:\\Program Files\\Creative\\Sound Blaster Audigy 2\\DVDAudio\\CTDVDDET.EXE\""
"NVTray"="\"C:\\Program Files\\NVTray\\NVTray.exe\""
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\i8kfangui]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="I8kfanGUI"
"hkey"="HKCU"
"command"="C:\\Program Files\\I8kfanGUI\\I8kfanGUI.exe /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBJ"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=dword:00000003

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Jon.job

Completion time: 06-12-20 9:19:18.68
C:\ComboFix.txt ... 06-12-20 09:19
j.evitts
Active Member
 
Posts: 5
Joined: December 18th, 2006, 12:03 pm
Top

Unread postby j.evitts » December 20th, 2006, 10:32 am

While I do now agree that the file I brought up is a Windows update (I figured that out yesterday actually) the update has been done, but Windows updater seems to want to continue updating to MSXML 4.0 SP2 Security Update (KB927978) no matter how I actually update it. It says it's installed but as soon as I use either Automatic Updates or go to Microsoft's website it wants to patch anyway. I should probably contact them about it, but I did want to clarify that a little bit.

And thanks for the help, or at the very least, the confirmation that the initial issue I had seems to be gone. Hopefully the logs will confirm that, and while I can read and understand HijackThis I've never seen ComboFix before, so I'll leave that to the pro's for the time being!

Thanks again!
j.evitts
Active Member
 
Posts: 5
Joined: December 18th, 2006, 12:03 pm
Top

Unread postby Linkmaster » December 20th, 2006, 1:23 pm

You are very Welcome !!

Your logs seem to be OK !

here is a MS article on that update :

MS06-071: Security update for Microsoft XML Core Services 4.0
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA
Top

Unread postby NonSuch » December 23rd, 2006, 7:02 pm

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 150 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index