Tech Support Guy banner
Cancel

generic host

Jump to Latest Follow
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 17 of 17 Posts
cancon

· Registered
Joined
·
1,165 Posts
Discussion Starter · #1 ·
Ok - why do I get this message about 15-30 times when I log on?
 
Save Share
bonk

· Banned
Joined
·
11,098 Posts
#4 ·
Do you have all your Windows updates......and have you ran some Scans for infections

You could also post a HijackThis log for a Log Expert to look at

Download Hijack This to your desktop open it and click on the Hijack.exe it will open and use the default path, check do you wish an Icon.......click on Icon and choose scan system and save a logfile usually in notepad.....copy and paste the logfile in your next post, using Ctrl+A to copy All and Ctrl+C to copy and Ctrl+V to paste.
 
cancon

· Registered
Joined
·
1,165 Posts
Discussion Starter · #6 ·
Logfile of HijackThis v1.99.1
Scan saved at 13:01:43, on 30/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NetSupport Manager\Gateway32.exe
C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe
C:\Program Files\Laplink Everywhere\ServerProxyService.exe
C:\Program Files\Laplink\winShadow\shwSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Laplink Everywhere\LaplinkEverywhere.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Laplink Everywhere\LLServerMain2.exe
C:\Program Files\Laplink Everywhere\ILLSecurity.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Documents and Settings\Danny\Start Menu\Programs\Startup\iexplore.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Laplink Everywhere\LLEventLog.exe
C:\Program Files\Laplink Everywhere\ServerProxy.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Danny\Desktop\hhahahahahaa.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Ahead\Nero\nero.exe
C:\Documents and Settings\Danny\My Documents\SETUPS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1033
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Laplink Web Server] "C:\Program Files\Laplink Everywhere\LaplinkEverywhere.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ServUTrayIcon] C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe
O4 - Startup: iexplore.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E010A7A-1B7B-40AF-8F10-A528662BB8F2}: NameServer = 192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Gateway32 (PCIGateway) - NetSupport Ltd - C:\Program Files\NetSupport Manager\Gateway32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Rhino Software, Inc. +1(262) 560-9627 - C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe
O23 - Service: ServerProxyService - Unknown owner - C:\Program Files\Laplink Everywhere\ServerProxyService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: winShadow - OmniCom Technologies - C:\Program Files\Laplink\winShadow\shwSrvc.exe

Anyone?
 
Save Share
cancon

· Registered
Joined
·
1,165 Posts
Discussion Starter · #7 ·
so no-one feels like helping?

Security guys??

Should this thread be moved to security - i'm not sure what the problem is - help!!!
 
Save Share
cancon

· Registered
Joined
·
1,165 Posts
Discussion Starter · #8 ·
let me give you a bit more info - The above attachment appears, then I click "close message" and it gived error message - send/don't send - u know the one ;) then I click send or don't send - doesn't make a difference - and it repeats again...Ahhhhhhhhhh

(bump):D
 
Save Share
dvk01

· Retired Moderator Retired Malware Specialist
Joined
·
56,593 Posts
First Name -
Derek
#9 ·
Download pocket killbox from http://www.thespykiller.co.uk/files/killbox.exe & put it on the desktop where you can find it easily

Run hijackthis, put a tick in the box beside these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked

O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll
O4 - Startup: iexplore.exe

now Start killbox, paste the first file listed below into the full pathname and file to delete box

The file name will appear in the window, select delete on reboot , press the red X button, say yes to the prompt and NOto reboot now then repeat for each file in turn

[Note: Killbox makes backups of all deleted files & folders in a folder called C:\!killbox ] If Killbox tells you any files are missing don't worry but make a note and let us know in your next reply

C:\WINDOWS\VirtualDNS.dll
C:\WINDOWS\iexplore.exe
C:\WINDOWS\system32\iexplore.exe

Then on killbox top bar press tools/delete temp files, in the pop up box towards the middle is a drop down box containing a list of all user accounts on this drop down user account box, select your account, select ALL options it will allow you to, then then press delete selected temp files , then repeat for every user account listed in that drop down box

then reboot & can you tell me what this is

C:\Documents and Settings\Danny\Desktop\hhahahahahaa.exe
 
cancon

· Registered
Joined
·
1,165 Posts
Discussion Starter · #10 ·
oh lol - don;t mind that - it's just an executable i built from a video
 
Save Share
dvk01

· Retired Moderator Retired Malware Specialist
Joined
·
56,593 Posts
First Name -
Derek
#12 ·
what didn't work

we have so far removed some malware & lets look a bit deeper

post afresh HJT log and

http://download.bleepingcomputer.com/sUBs/zh/BetaB/combofix.exe

Download Combofix to your desktop:

* Double-click combofix.exe & follow the prompts.
* When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
 
cancon

· Registered
Joined
·
1,165 Posts
Discussion Starter · #13 ·
Logfile of HijackThis v1.99.1
Scan saved at 10:13:19, on 03/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NetSupport Manager\Gateway32.exe
C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe
C:\Program Files\Laplink Everywhere\ServerProxyService.exe
C:\Program Files\Laplink\winShadow\shwSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Laplink Everywhere\LaplinkEverywhere.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Laplink Everywhere\LLServerMain2.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe
C:\Program Files\Laplink Everywhere\ILLSecurity.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\Program Files\Laplink Everywhere\LLEventLog.exe
c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Laplink Everywhere\ServerProxy.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Danny\My Documents\SETUPS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1033
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\Speed Video Splitter\msdxm.ocx
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Laplink Web Server] "C:\Program Files\Laplink Everywhere\LaplinkEverywhere.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ServUTrayIcon] C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E010A7A-1B7B-40AF-8F10-A528662BB8F2}: NameServer = 192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Gateway32 (PCIGateway) - NetSupport Ltd - C:\Program Files\NetSupport Manager\Gateway32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Rhino Software, Inc. +1(262) 560-9627 - C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe
O23 - Service: ServerProxyService - Unknown owner - C:\Program Files\Laplink Everywhere\ServerProxyService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: winShadow - OmniCom Technologies - C:\Program Files\Laplink\winShadow\shwSrvc.exe
 
Save Share
cancon

· Registered
Joined
·
1,165 Posts
Discussion Starter · #14 ·
"Danny" - 07-01-03 10:27:42.98 Service Pack 2
ComboFix 06-12-29W-BetaE2 - Running from: "C:\Documents and Settings\Danny"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

h:\autorun.inf" . . . . failed to delete
j:\autorun.inf" . . . . failed to delete
k:\autorun.inf" . . . . failed to delete

((((((((((((((((((((((((((((((( Files Created from 2006-12-03 to 2007-01-03 ))))))))))))))))))))))))))))))))))

2007-01-03 00:24 d-------- C:\!KillBox
2007-01-03 00:13 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-01-03 00:04 d-------- C:\Program Files\Valve
2007-01-02 18:10 d-------- C:\DOCUME~1\Danny\APPLIC~1\FTW
2007-01-02 18:09 d-------- C:\Program Files\Family Tree Maker 2005
2007-01-02 14:19 d-------- C:\WINDOWS\Hewlett-Packard
2007-01-01 12:01 d-------- C:\Program Files\iPod Access for Windows
2006-12-31 21:17 d-------- C:\Program Files\Yahoo!
2006-12-31 13:02 d-------- C:\Program Files\iTunes
2006-12-31 12:53 d-------- C:\Program Files\Apple Software Update
2006-12-30 23:05 d-------- C:\nhhuidd
2006-12-30 20:48 d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2006-12-30 20:48 d-------- C:\DOCUME~1\Danny\APPLIC~1\Audacity
2006-12-30 13:42 d-------- C:\Program Files\bobyte
2006-12-30 13:27 d-------- C:\Program Files\Speed Video Splitter
2006-12-30 13:21 d-------- C:\Program Files\Codec Pack - All In 1
2006-12-30 13:09 d-------- C:\Program Files\Rocket Division Software
2006-12-28 22:16 d-------- C:\DOCUME~1\Rami\APPLIC~1\CoreFTP
2006-12-27 22:02 20,576 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-12-27 22:02 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-12-27 22:02 104,960 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-12-27 22:02 d-------- C:\Program Files\Musicmatch
2006-12-27 22:02 d-------- C:\DOCUME~1\Danny\APPLIC~1\Musicmatch
2006-12-27 20:39 d-------- C:\DOCUME~1\Danny\APPLIC~1\Google
2006-12-27 20:38 d-------- C:\Program Files\Google
2006-12-26 17:34 d-------- C:\WINDOWS\system32\en-US
2006-12-26 17:34 d-------- C:\Program Files\RhinoSoft.com
2006-12-26 17:28 117,760 --------- C:\WINDOWS\system32\xmllite.dll
2006-12-26 17:10 d-------- C:\Program Files\CoreFTP
2006-12-26 17:10 d-------- C:\DOCUME~1\Danny\APPLIC~1\CoreFTP
2006-12-23 23:34 d-------- C:\Program Files\Sigma Player
2006-12-23 23:27 d-------- C:\WINDOWS\system32\custom matrices
2006-12-23 23:26 d-------- C:\WINDOWS\system32\C2MP
2006-12-23 21:39 d-------- C:\DOCUME~1\Rami\APPLIC~1\Symantec
2006-12-23 11:52 d-------- C:\DOCUME~1\Danny\APPLIC~1\Symantec
2006-12-23 11:47 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-12-23 11:47 d-------- C:\Program Files\Norton Internet Security
2006-12-23 10:59 87,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-12-23 10:59 108,168 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-12-22 13:36 d-------- C:\DOCUME~1\Rami\APPLIC~1\Adobe
2006-12-16 22:32 d-------- C:\WINDOWS\system32\quicktime
2006-12-16 22:32 d-------- C:\Program Files\AVI Codec Pack
2006-12-16 22:11 d-------- C:\Program Files\InterActual
2006-12-14 22:47 64,048 --a------ C:\WINDOWS\system32\drivers\ftserial.sys
2006-12-14 22:47 6,828 --a------ C:\WINDOWS\system32\drivers\ftlund.sys
2006-12-14 22:47 50,396 --a------ C:\WINDOWS\system32\drivers\FTSER2K.SYS
2006-12-14 22:47 25,316 --a------ C:\WINDOWS\system32\drivers\FTSENUM.sys
2006-12-14 22:47 19,153 --a------ C:\WINDOWS\system32\drivers\Ftdibus.sys
2006-12-12 15:36 d-------- C:\DOCUME~1\Rami\APPLIC~1\Apple Computer
2006-12-10 19:08 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-12-10 10:28 d-------- C:\Program Files\Windows Media Connect 2
2006-12-10 10:26 d-------- C:\WINDOWS\system32\LogFiles
2006-12-10 10:26 d-------- C:\WINDOWS\system32\drivers\UMDF
2006-12-09 21:08 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2006-12-09 21:02 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-12-09 21:02 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-12-09 21:02 d-------- C:\WINDOWS\nview
2006-12-09 11:38 d-------- C:\DOCUME~1\Danny\APPLIC~1\Snapfish
2006-12-06 18:07 99,200 --------- C:\WINDOWS\system32\drivers\InCDfs.sys
2006-12-06 18:07 8,704 --------- C:\WINDOWS\system32\drivers\InCDrec.sys
2006-12-06 18:07 28,928 --------- C:\WINDOWS\system32\drivers\InCDpass.sys
2006-12-06 18:07 27,776 --------- C:\WINDOWS\system32\drivers\InCDrm.sys
2006-12-06 18:07 2,658,304 --------- C:\WINDOWS\NuNinst.exe
2006-12-06 18:07 d-------- C:\WINDOWS\InCD
2006-12-06 18:05 421,888 --a------ C:\WINDOWS\Nero PhotoShow.scr
2006-12-06 18:05 d-------- C:\DOCUME~1\Danny\APPLIC~1\Simple Star
2006-12-06 18:05 d-------- C:\Demo Album
2006-12-06 18:02 2,670,592 --------- C:\WINDOWS\UNNMP.exe
2006-12-06 18:00 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-12-06 17:59 d-------- C:\Program Files\Common Files\Nero
2006-12-06 17:57 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2006-12-06 17:57 2,916,352 --------- C:\WINDOWS\UNNeroVision.exe
2006-12-06 17:56 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2006-12-06 17:56 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2006-12-06 17:56 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2006-12-06 17:56 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2006-12-06 17:56 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2006-12-06 17:56 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-12-06 17:56 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2006-12-06 17:56 d-------- C:\Program Files\Ahead
2006-12-06 17:56 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2006-12-06 17:48 8,565,952 --a------ C:\Skype.exe
2006-12-06 17:47 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2006-12-06 17:47 d-------- C:\DOCUME~1\Danny\APPLIC~1\Skype
2006-12-06 16:51 d-------- C:\DOCUME~1\Danny\APPLIC~1\Sony Ericsson
2006-12-06 16:13 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2006-12-06 16:12 44,304 --a------ C:\WINDOWS\system32\msrpfs35.dll
2006-12-06 16:12 415,504 --a------ C:\WINDOWS\system32\msrepl35.dll
2006-12-06 16:12 39,424 --a------ C:\WINDOWS\system32\JETCOMP.exe
2006-12-06 16:12 368,912 --a------ C:\WINDOWS\system32\VBAR332.DLL
2006-12-06 16:12 344,064 --a------ C:\WINDOWS\system32\msexch35.dll
2006-12-06 16:12 294,912 --a------ C:\WINDOWS\system32\msxbse35.dll
2006-12-06 16:12 262,144 --a------ C:\WINDOWS\system32\msrd2x35.dll
2006-12-06 16:12 252,688 --a------ C:\WINDOWS\system32\msexcl35.dll
2006-12-06 16:12 250,128 --a------ C:\WINDOWS\system32\mspdox35.dll
2006-12-06 16:12 24,848 --a------ C:\WINDOWS\system32\msjter35.dll
2006-12-06 16:12 232,448 --a------ C:\WINDOWS\system32\HDK3CT32.DLL
2006-12-06 16:12 215,040 --a------ C:\WINDOWS\system32\HDK3CTNT.DLL
2006-12-06 16:12 168,720 --a------ C:\WINDOWS\system32\msltus35.dll
2006-12-06 16:12 166,672 --a------ C:\WINDOWS\system32\mstext35.dll
2006-12-06 16:12 123,664 --a------ C:\WINDOWS\system32\msjint35.dll
2006-12-06 16:12 1,238,288 --a------ C:\WINDOWS\system32\msjt4jlt.dll
2006-12-06 16:12 1,050,896 --a------ C:\WINDOWS\system32\msjet35.dll
2006-12-06 16:12 d-------- C:\Program Files\Sony Ericsson
2006-12-06 16:12 d-------- C:\Program Files\Intuwave Ltd
2006-12-05 20:00 d-------- C:\DOCUME~1\ADMINI~1.ABU\APPLIC~1\Hamachi
2006-12-05 19:52 d-------- C:\DOCUME~1\Rami\APPLIC~1\Hamachi
2006-12-05 18:02 d-------- C:\j2sdk1.4.2_07
2006-12-05 17:26 d-------- C:\DOCUME~1\Danny\APPLIC~1\Help
2006-12-04 20:28 d--hs---- C:\DOCUME~1\Danny\UserData
2006-12-03 22:16 d-------- C:\DOCUME~1\Danny\APPLIC~1\AdobeUM

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-03 09:53 -------- d-------- C:\Program Files\mozilla firefox
2007-01-03 00:04 -------- d--h----- C:\Program Files\installshield installation information
2007-01-03 00:04 -------- d-------- C:\Program Files\Common Files\installshield
2007-01-02 20:40 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-02 18:10 -------- d-------- C:\Documents and Settings\Danny\Application Data\ftw
2007-01-02 17:20 -------- d-------- C:\Documents and Settings\Danny\Application Data\audacity
2007-01-02 14:43 -------- d-------- C:\Program Files\hp
2007-01-02 11:08 -------- d-------- C:\Program Files\laplink everywhere
2007-01-01 20:11 -------- d-------- C:\Program Files\netsupport manager
2007-01-01 17:06 177 --a------ C:\Documents and Settings\Danny\Application Data\ipod access v2 prefs
2007-01-01 14:07 -------- d-------- C:\Documents and Settings\Danny\Application Data\adobe
2007-01-01 12:01 9 --ah----- C:\Documents and Settings\Danny\Application Data\ipodaccess_time
2006-12-31 13:02 -------- d-------- C:\Program Files\ipod
2006-12-31 12:58 -------- d-------- C:\Program Files\quicktime
2006-12-31 11:51 -------- d---s---- C:\Documents and Settings\Danny\Application Data\microsoft
2006-12-30 13:20 737280 --a------ C:\WINDOWS\iun6002.exe
2006-12-29 12:41 -------- d-------- C:\Documents and Settings\Danny\Application Data\hamachi
2006-12-27 22:02 -------- d-------- C:\Documents and Settings\Danny\Application Data\musicmatch
2006-12-27 20:39 -------- d-------- C:\Documents and Settings\Danny\Application Data\google
2006-12-26 17:20 -------- d-------- C:\Documents and Settings\Danny\Application Data\coreftp
2006-12-23 11:52 -------- d-------- C:\Documents and Settings\Danny\Application Data\symantec
2006-12-23 11:48 -------- d-------- C:\Program Files\symantec
2006-12-23 10:56 -------- d-------- C:\Program Files\online services
2006-12-20 16:32 -------- d-------- C:\Documents and Settings\Danny\Application Data\macromedia
2006-12-20 16:29 -------- d-------- C:\Program Files\macromedia
2006-12-20 16:29 -------- d-------- C:\Program Files\Common Files\macromedia
2006-12-12 17:01 -------- d-------- C:\Program Files\windows live toolbar
2006-12-12 17:01 -------- d-------- C:\Program Files\netsend
2006-12-12 17:01 -------- d-------- C:\Program Files\messenger
2006-12-09 11:38 -------- d-------- C:\Documents and Settings\Danny\Application Data\snapfish
2006-12-06 18:08 -------- d-------- C:\Documents and Settings\Danny\Application Data\ahead
2006-12-06 18:05 -------- d-------- C:\Program Files\nero
2006-12-06 18:05 -------- d-------- C:\Documents and Settings\Danny\Application Data\simple star
2006-12-06 17:56 -------- d-------- C:\Program Files\Common Files\ahead
2006-12-06 17:52 -------- d-------- C:\Documents and Settings\Danny\Application Data\skype
2006-12-06 16:51 -------- d-------- C:\Documents and Settings\Danny\Application Data\sony ericsson
2006-12-05 17:26 -------- d-------- C:\Documents and Settings\Danny\Application Data\help
2006-12-04 19:34 16224 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2006-12-03 22:16 -------- d-------- C:\Documents and Settings\Danny\Application Data\adobeum
2006-12-03 07:45 -------- d-------- C:\Program Files\hamachi
2006-12-02 19:07 -------- d-------- C:\Program Files\sierra on-line
2006-12-02 14:28 -------- d-------- C:\Program Files\directx
2006-12-02 10:05 -------- d-------- C:\Documents and Settings\Danny\Application Data\apple computer
2006-12-01 23:43 -------- d-------- C:\Program Files\Common Files\hp
2006-12-01 23:42 -------- d-------- C:\Program Files\hewlett-packard
2006-12-01 23:41 -------- d-------- C:\Program Files\Common Files\hewlett-packard
2006-12-01 21:50 12400 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-12-01 13:56 -------- d-------- C:\Program Files\ea games
2006-12-01 13:02 -------- d-------- C:\Program Files\quark
2006-12-01 07:16 -------- d-------- C:\Program Files\Common Files\adobe
2006-12-01 00:18 -------- d-------- C:\Documents and Settings\Danny\Application Data\lavasoft
2006-11-30 23:50 -------- d-------- C:\Program Files\ashampoo
2006-11-30 23:43 -------- d-------- C:\Program Files\lavasoft
2006-11-30 18:40 -------- d-------- C:\Program Files\eidos interactive
2006-11-30 07:41 -------- d-------- C:\Documents and Settings\Danny\Application Data\my battle for middle-earth(tm) ii files
2006-11-30 07:32 -------- d-------- C:\Program Files\electronic arts
2006-11-29 23:25 -------- d-------- C:\Program Files\rockstar games
2006-11-29 23:03 -------- d-------- C:\Program Files\d-tools
2006-11-29 22:16 -------- d-------- C:\Program Files\ea sports
2006-11-29 21:50 -------- d-------- C:\Program Files\eacom
2006-11-29 21:19 -------- d-------- C:\Documents and Settings\Danny\Application Data\sproqit technologies
2006-11-29 20:57 -------- d-------- C:\Program Files\alcohol soft
2006-11-28 22:17 25368 --a------ C:\Documents and Settings\Danny\Application Data\comma separated values (windows).adr
2006-11-28 22:02 -------- d-------- C:\Program Files\scc-tds
2006-11-28 22:02 -------- d-------- C:\Documents and Settings\Danny\Application Data\installshield
2006-11-28 21:48 -------- d-------- C:\Documents and Settings\Danny\Application Data\smartftp
2006-11-28 21:24 -------- d-------- C:\Program Files\laplink
2006-11-28 21:17 -------- d-------- C:\Documents and Settings\Danny\Application Data\mozilla
2006-11-28 21:13 -------- d-------- C:\Documents and Settings\Danny\Application Data\identities
2006-11-27 16:26 -------- d-------- C:\Program Files\msn messenger
2006-11-27 14:49 -------- d-------- C:\Program Files\Common Files\adobe systems shared
2006-11-27 11:30 -------- d-------- C:\Program Files\Common Files\speechengines
2006-11-27 11:30 -------- d-------- C:\Program Files\Common Files\odbc
2006-11-27 11:29 62 --ahs---- C:\Documents and Settings\Danny\Application Data\desktop.ini
2006-11-27 10:22 -------- d-------- C:\Program Files\msbuild
2006-11-27 10:22 -------- d-------- C:\Program Files\microsoft works
2006-11-27 09:54 -------- d-------- C:\Program Files\realtek
2006-11-27 09:50 -------- d-------- C:\Program Files\msxml 4.0
2006-11-27 09:41 0 -rahs---- C:\MSDOS.SYS
2006-11-27 09:41 0 -rahs---- C:\IO.SYS
2006-11-27 09:41 0 --a------ C:\CONFIG.SYS
2006-11-27 09:41 0 --a------ C:\AUTOEXEC.BAT
2006-11-27 09:41 -------- d-------- C:\Program Files\microsoft frontpage
2006-11-27 09:40 -------- d--h----- C:\Program Files\windowsupdate
2006-11-27 09:39 -------- d-------- C:\Program Files\Common Files\mssoap
2006-11-27 09:38 -------- d-------- C:\Program Files\movie maker
2006-11-27 09:37 -------- d-------- C:\Program Files\windows nt
2006-11-27 09:37 -------- d-------- C:\Program Files\msn gaming zone
2006-11-08 07:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-26 19:58 30512 --a------ C:\WINDOWS\system32\mdimon.dll
2006-10-26 19:56 32592 --a------ C:\WINDOWS\system32\msonpmon.dll
2006-10-26 14:10 33088 --a------ C:\WINDOWS\system32\fm20enu.dll
2006-10-26 14:10 1190688 --a------ C:\WINDOWS\system32\fm20.dll
2006-10-26 13:45 293376 --a------ C:\WINDOWS\system32\wisptis.exe
2006-10-26 13:45 207360 --a------ C:\WINDOWS\system32\inked.dll
2006-10-22 12:22 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-10-22 12:22 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-10-22 12:22 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-10-22 12:22 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-10-22 12:22 7700480 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-10-22 12:22 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-10-22 12:22 5644288 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-10-22 12:22 5619712 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-10-22 12:22 5255168 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-10-22 12:22 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-10-22 12:22 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-10-22 12:22 4527488 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-10-22 12:22 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-10-22 12:22 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-10-22 12:22 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-10-22 12:22 3203072 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-10-22 12:22 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-10-22 12:22 3047424 --a------ C:\WINDOWS\system32\nvgames.dll
2006-10-22 12:22 2973696 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-10-22 12:22 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-10-22 12:22 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-10-22 12:22 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-10-22 12:22 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-10-22 12:22 212992 --a------ C:\WINDOWS\system32\nvapi.dll
2006-10-22 12:22 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-10-22 12:22 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-10-22 12:22 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-10-22 12:22 1622016 --a------ C:\WINDOWS\system32\nwiz.exe
2006-10-22 12:22 159810 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-10-22 12:22 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-10-22 12:22 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-10-22 12:22 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-10-22 12:22 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-10-22 12:22 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-10-22 12:22 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-10-19 15:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --------- C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --------- C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\wmvxencd.dll
2006-10-18 21:47 63488 --------- C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --------- C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --------- C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mp43dmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wmvadve.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wmvadvd.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --------- C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --------- C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --------- C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\mp4sdecd.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --------- C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\wpdshext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mpg4decd.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mp43decd.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --------- C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --------- C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\wmvencod.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --------- C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\laprxy.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-13 14:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 14:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 14:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"Laplink Web Server"="\"C:\\Program Files\\Laplink Everywhere\\LaplinkEverywhere.exe\""
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Nero\\data\\Xtras\\mssysmgr.exe"
"ServUTrayIcon"="C:\\Program Files\\RhinoSoft.com\\Serv-U\\ServUTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"Ashampoo FireWall"="\"C:\\Program Files\\Ashampoo\\Ashampoo FireWall\\FireWall.exe\" -TRAY"
"Synchronization Manager"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,\
73,74,65,6d,33,32,5c,6d,6f,62,73,79,6e,63,2e,65,78,65,20,2f,6c,6f,67,6f,6e,\
00
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"URLLSTCK.exe"="C:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Danny.job

Completion time: 07-01-03 10:46:11.45
 
Save Share
dvk01

· Retired Moderator Retired Malware Specialist
Joined
·
56,593 Posts
First Name -
Derek
#15 ·
nothing showing there

when did the problem start

what new software or updates did you do just before it started
 
cancon

· Registered
Joined
·
1,165 Posts
Discussion Starter · #16 ·
I'm not sure - it's been going on for a while - i'm not sure if its a security issue, cos im well-protected...

Anyway, everytime i log in it displays the message then i click close message and it gives the "send - dont send" message, i push don't send or send - either and the first mesage pops up again - a viscious circle, so in the end it stops. just a minor annoyance.
 
Save Share
1 - 17 of 17 Posts
Status
Not open for further replies.
About this Discussion
16 Replies
3 Participants
Last post:
dvk01
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Windows XP Off Topic Lounge Thread Games & Discussion
Top