Never-Ending Update

04-04-2007

I have the same trouble with the Windows Malicious Software Removal
Tool. I've checked the add/remove programs and shown all windows
updates but mine are all listed as successful. This malicious software
update is the only one that never seems to update properly. It just
comes up over and over and over again. I downloaded hijackthis 2.0
beta and below are the log results. I'm not sure how to stop this
never ending update nightmare. Any help would be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:43:31 PM, on 4/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Artisoft\TeleVantage\TvWksSvc.exe
C:\PROGRA~1\MI4F93~1\webtool.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\SiPix\SP1300\CamCheck.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier
\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console
\NSCSRVCE.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\TeleVantage\Client\TVClient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\darrin.000\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.techdata.com/security/loginPage.aspx
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyServer = cscns.com:81
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://
www.xupiter.com/toolbar2"); (C:\Program Files\Netscape\Users\darrin
\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-
B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX
\AcroIEHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:
\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-
B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:
\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SP1300CamCheck] C:\Program Files\SiPix
\SP1300\CamCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /
Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI
Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro
\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft
IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD
\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec
Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /
GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE
"REBOOT"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender
\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger
\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier
\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:
\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNe tworkPrinters (User
'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%
\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:
\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNe tworkPrinters (User
'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files
\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files
\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F}
- http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone -
{4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/
(file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
- (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-
B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger
\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-
B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger
\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file
missing)
O13 - WWW. Prefix: http://
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software
AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} -
http://activex.liveupdate.com/controls/cres.cab
O16 - DPF: {174793AA-EAE2-4188-AFA5-064BE26901B1} (CXRMS Control) -
http://www.digitalgsp.com/xvr/CXRMS_1,1,0,1.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
https://www-secure.symantec.com/tech...l/LSSupCtl.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced
Unicode Control) -
http://activex.camfrogweb.com/advanc...instmodule.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
- C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class)
- http://scpwha.ops.placeware.com/etc/...uicksilver.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) -
http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.real.com/0362cce5...p/RdxIE601.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image
Viewer) - http://70.107.225.104/home/SonySncRz30View.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
- http://update.microsoft.com/microsof...?1125338265656
O16 - DPF: {6F198B69-4D8D-467A-B276-526F00A925AE}
(VigilWeb.VigilWebClient) - http://support.el-usa.com/web/Vigil%20Web.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
- http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {81D26DFE-C2E3-43DB-8B7D-A1F4EAEDD029} (IeClientCtrl
Control) - http://60.248.210.179/Web.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) -
http://transfers.one.microsoft.com/F...ansferCtrl.cab
O16 - DPF: {8D83D301-E841-11D1-B155-00600823BCF9} (WebLine Browser
Integration Classes) - http://live.landsend.com/webline/applets/msie40x.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo
Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
- https://levelplatforms.webex.com/cli...ng/ieatgpc.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software
AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O16 - DPF: {FB79359A-325A-4886-B8F3-22B3B2E09B07} (GuiDemo Control) -
http://24.162.196.181:4250/GuiX.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
boulderpcs.com
O17 - HKLM\Software\..\Telephony: DomainName = boulderpcs.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BB3FA31-
FD6D-4F30-99F3-8300EA8D1627}: NameServer = 199.239.24.62,199.239.24.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA5B45F5-0B4D-4E99-
ABD1-7DF88A0FE3AE}: Domain = boulderpcs.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA5B45F5-0B4D-4E99-
ABD1-7DF88A0FE3AE}: NameServer = 199.239.24.62,199.239.24.12
O17 - HKLM\System\CCS\Services\Tcpip\..\
{DEE6DF48-1735-4C29-8A41-0921B163A4DD}: Domain = boulderpcs.com
O17 - HKLM\System\CCS\Services\Tcpip\..\
{DEE6DF48-1735-4C29-8A41-0921B163A4DD}: NameServer =
192.168.100.17,192.168.100.12
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
boulderpcs.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
boulderpcs.com
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-
B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -
{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS
\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS
\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS
\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared
\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared
\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec
\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP
\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) -
Symantec Corporation - C:\Program Files\Common Files\Symantec Shared
\Security Console\NSCSRVCE.EXE
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North
America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:
\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared
\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files
\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TeleVantage Workstation Service (TvWksSvc) - Artisoft
Inc. - C:\Program Files\Common Files\Artisoft\TeleVantage\TvWksSvc.exe

--
End of file - 13140 bytes

04-04-2007

Darr,

Are you aware that M/S releases a new "Malicious Software Removal Tool"
every month?

Milt

"" wrote:

> I have the same trouble with the Windows Malicious Software Removal
> Tool. I've checked the add/remove programs and shown all windows
> updates but mine are all listed as successful. This malicious software
> update is the only one that never seems to update properly. It just
> comes up over and over and over again. I downloaded hijackthis 2.0
> beta and below are the log results. I'm not sure how to stop this
> never ending update nightmare. Any help would be greatly appreciated.
>
> Logfile of Trend Micro HijackThis v2.0.0 (BETA)
> Scan saved at 6:43:31 PM, on 4/3/2007
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> Boot mode: Normal
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\Program Files\Windows Defender\MsMpEng.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
> C:\Program Files\Norton AntiVirus\navapsvc.exe
> C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
> C:\WINDOWS\system32\RioMSC.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Common Files\Artisoft\TeleVantage\TvWksSvc.exe
> C:\PROGRA~1\MI4F93~1\webtool.exe
> C:\WINDOWS\Explorer.EXE
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\NWTRAY.EXE
> C:\Program Files\SiPix\SP1300\CamCheck.exe
> C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
> C:\Program Files\Microsoft IntelliType Pro\type32.exe
> C:\Program Files\Microsoft IntelliPoint\point32.exe
> C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
> C:\WINDOWS\CTHELPER.EXE
> C:\WINDOWS\system32\RunDll32.exe
> C:\Program Files\Windows Defender\MSASCui.exe
> C:\WINDOWS\system32\ctfmon.exe
> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
> C:\Program Files\Google\GoogleToolbarNotifier
> \1.2.1128.5462\GoogleToolbarNotifier.exe
> C:\Program Files\BOINC\boincmgr.exe
> C:\Program Files\BOINC\boinc.exe
> C:\Program Files\Common Files\Symantec Shared\Security Console
> \NSCSRVCE.EXE
> C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
> C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
> C:\Program Files\TeleVantage\Client\TVClient.exe
> C:\WINDOWS\system32\wuauclt.exe
> C:\WINDOWS\system32\wuauclt.exe
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\Documents and Settings\darrin.000\Desktop\HiJackThis_v2.exe
>
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> https://www.techdata.com/security/loginPage.aspx
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
> =
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
> Settings,ProxyServer = cscns.com:81
> R3 - Default URLSearchHook is missing
> F3 - REG:win.ini: run=
> N1 - Netscape 4: user_pref("browser.startup.homepage", "http://
> www.xupiter.com/toolbar2"); (C:\Program Files\Netscape\Users\darrin
> \prefs.js)
> O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-
> B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX
> \AcroIEHelper.dll
> O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:
> \Program Files\Norton AntiVirus\NavShExt.dll
> O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-
> CF10577473F7} - c:\program files\google\googletoolbar5.dll
> O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-
> B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:
> \program files\google\googletoolbar5.dll
> O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
> \qttask.exe" -atboottime
> O4 - HKLM\..\Run: [SP1300CamCheck] C:\Program Files\SiPix
> \SP1300\CamCheck.exe
> O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /
> Spoil /RemAdvDef /Migration32
> O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
> O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD
> Creator 5\DirectCD\DirectCD.exe"
> O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI
> Control Panel\atiptaxx.exe
> O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro
> \type32.exe"
> O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft
> IntelliPoint\point32.exe"
> O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD
> \PDVDServ.exe"
> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
> Shared\ccApp.exe"
> O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec
> Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /
> GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE
> "REBOOT"
> O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
> O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
> O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
> O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender
> \MSASCui.exe" -hide
> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
> O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger
> \YahooMessenger.exe" -quiet
> O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier
> \1.2.1128.5462\GoogleToolbarNotifier.exe
> O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:
> \WINDOWS\System32\spool\migrate.dll,ProcessWin9xNe tworkPrinters (User
> 'SYSTEM')
> O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%
> \system32\tscupgrd.exe (User 'SYSTEM')
> O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:
> \WINDOWS\System32\spool\migrate.dll,ProcessWin9xNe tworkPrinters (User
> 'Default user')
> O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
> O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files
> \Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
> O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files
> \Adobe\Acrobat 7.0\Reader\reader_sl.exe
> O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
> O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F}
> - http://www.net2phone.com/ (file missing)
> O9 - Extra 'Tools' menuitem: Net2Phone -
> {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/
> (file missing)
> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
> O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
> - (no file)
> O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-
> B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger
> \YahooMessenger.exe
> O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-
> B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger
> \YahooMessenger.exe
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
> - C:\Program Files\Messenger\msmsgs.exe (file missing)
> O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
> BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file
> missing)
> O13 - WWW. Prefix: http://
> O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software
> AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
> O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} -
> http://activex.liveupdate.com/controls/cres.cab
> O16 - DPF: {174793AA-EAE2-4188-AFA5-064BE26901B1} (CXRMS Control) -
> http://www.digitalgsp.com/xvr/CXRMS_1,1,0,1.cab
> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
> Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
> O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
> https://www-secure.symantec.com/tech...l/LSSupCtl.cab
> O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced
> Unicode Control) -
> http://activex.camfrogweb.com/advanc...instmodule.exe
> O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
> - C:\Program Files\Yahoo!\Common\yinsthelper.dll
> O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class)
> - http://scpwha.ops.placeware.com/etc/...uicksilver.cab
> O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
> http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
> O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) -
> http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
> O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
> http://software-dl.real.com/0362cce5...p/RdxIE601.cab
> O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image
> Viewer) - http://70.107.225.104/home/SonySncRz30View.cab
> O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
> - http://update.microsoft.com/microsof...?1125338265656
> O16 - DPF: {6F198B69-4D8D-467A-B276-526F00A925AE}
> (VigilWeb.VigilWebClient) - http://support.el-usa.com/web/Vigil%20Web.cab
> O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
> - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
> O16 - DPF: {81D26DFE-C2E3-43DB-8B7D-A1F4EAEDD029} (IeClientCtrl
> Control) - http://60.248.210.179/Web.cab
> O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) -
> http://transfers.one.microsoft.com/F...ansferCtrl.cab
> O16 - DPF: {8D83D301-E841-11D1-B155-00600823BCF9} (WebLine Browser
> Integration Classes) - http://live.landsend.com/webline/applets/msie40x.cab
> O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo
> Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
> O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
> - https://levelplatforms.webex.com/cli...ng/ieatgpc.cab
> O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software
> AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
> O16 - DPF: {FB79359A-325A-4886-B8F3-22B3B2E09B07} (GuiDemo Control) -
> http://24.162.196.181:4250/GuiX.cab
> O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
> boulderpcs.com
> O17 - HKLM\Software\..\Telephony: DomainName = boulderpcs.com
> O17 - HKLM\System\CCS\Services\Tcpip\..\{2BB3FA31-
> FD6D-4F30-99F3-8300EA8D1627}: NameServer = 199.239.24.62,199.239.24.12
> O17 - HKLM\System\CCS\Services\Tcpip\..\{AA5B45F5-0B4D-4E99-
> ABD1-7DF88A0FE3AE}: Domain = boulderpcs.com
> O17 - HKLM\System\CCS\Services\Tcpip\..\{AA5B45F5-0B4D-4E99-
> ABD1-7DF88A0FE3AE}: NameServer = 199.239.24.62,199.239.24.12
> O17 - HKLM\System\CCS\Services\Tcpip\..\
> {DEE6DF48-1735-4C29-8A41-0921B163A4DD}: Domain = boulderpcs.com
> O17 - HKLM\System\CCS\Services\Tcpip\..\
> {DEE6DF48-1735-4C29-8A41-0921B163A4DD}: NameServer =
> 192.168.100.17,192.168.100.12
> O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
> boulderpcs.com
> O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
> boulderpcs.com
> O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-
> B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
> O22 - SharedTaskScheduler: Component Categories cache daemon -
> {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS
> \System32\browseui.dll
> O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS
> \system32\Ati2evxx.exe
> O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS
> \SYSTEM32\ati2sgag.exe
> O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
> O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec Shared
> \ccEvtMgr.exe
> O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec Shared
> \ccSetMgr.exe
> O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
> Files\Google\Common\Google Updater\GoogleUpdaterService.exe
> O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec
> \LIVEUP~1\LUCOMS~1.EXE
> O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
> Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
> O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
> Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP
> \NPFMntor.exe
> O23 - Service: Norton Protection Center Service (NSCService) -
> Symantec Corporation - C:\Program Files\Common Files\Symantec Shared
> \Security Console\NSCSRVCE.EXE
> O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North
> America, Inc. - C:\WINDOWS\system32\RioMSC.exe
> O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:
> \Program Files\Norton AntiVirus\SAVScan.exe
> O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec Shared
> \SNDSrvc.exe
> O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files
> \Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
> O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
> Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> O23 - Service: TeleVantage Workstation Service (TvWksSvc) - Artisoft
> Inc. - C:\Program Files\Common Files\Artisoft\TeleVantage\TvWksSvc.exe
>
> --
> End of file - 13140 bytes
>
>

04-04-2007

The first thing to do is to rid the system of malwares that just may be
causing this continual reoffering issue.

> R3 - Default URLSearchHook is missing
> F3 - REG:win.ini: run=
> N1 - Netscape 4: user_pref("browser.startup.homepage", "http://
> www.xupiter.com/toolbar2")

***Strongly*** suggest that you go to a reputable anti-malware forum.
Here's a short list for you to choose from.
*PLEASE read the guidelines/requirements* of the forum of your choice
prior to posting there :

http://www.bleepingcomputer.com/foru...lysis-f22.html
http://spywarewarrior.com/viewforum.php?f=2
http://forums.spywareinfo.com/index.php?showforum=44
http://castlecops.com/f67-Hijackthis...ans_Oh_My.html
http://aumha.net/viewforum.php?f=30

MowGreen [MVP 2003-2007]
===============
*-343-* FDNY
Never Forgotten
===============

wrote:

> I have the same trouble with the Windows Malicious Software Removal
> Tool. I've checked the add/remove programs and shown all windows
> updates but mine are all listed as successful. This malicious software
> update is the only one that never seems to update properly. It just
> comes up over and over and over again. I downloaded hijackthis 2.0
> beta and below are the log results. I'm not sure how to stop this
> never ending update nightmare. Any help would be greatly appreciated.
>
> Logfile of Trend Micro HijackThis v2.0.0 (BETA)
> Scan saved at 6:43:31 PM, on 4/3/2007
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> Boot mode: Normal
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\Program Files\Windows Defender\MsMpEng.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
> C:\Program Files\Norton AntiVirus\navapsvc.exe
> C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
> C:\WINDOWS\system32\RioMSC.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Common Files\Artisoft\TeleVantage\TvWksSvc.exe
> C:\PROGRA~1\MI4F93~1\webtool.exe
> C:\WINDOWS\Explorer.EXE
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\NWTRAY.EXE
> C:\Program Files\SiPix\SP1300\CamCheck.exe
> C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
> C:\Program Files\Microsoft IntelliType Pro\type32.exe
> C:\Program Files\Microsoft IntelliPoint\point32.exe
> C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
> C:\WINDOWS\CTHELPER.EXE
> C:\WINDOWS\system32\RunDll32.exe
> C:\Program Files\Windows Defender\MSASCui.exe
> C:\WINDOWS\system32\ctfmon.exe
> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
> C:\Program Files\Google\GoogleToolbarNotifier
> \1.2.1128.5462\GoogleToolbarNotifier.exe
> C:\Program Files\BOINC\boincmgr.exe
> C:\Program Files\BOINC\boinc.exe
> C:\Program Files\Common Files\Symantec Shared\Security Console
> \NSCSRVCE.EXE
> C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
> C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
> C:\Program Files\TeleVantage\Client\TVClient.exe
> C:\WINDOWS\system32\wuauclt.exe
> C:\WINDOWS\system32\wuauclt.exe
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\Documents and Settings\darrin.000\Desktop\HiJackThis_v2.exe
>
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> https://www.techdata.com/security/loginPage.aspx
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
> =
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
> Settings,ProxyServer = cscns.com:81
> R3 - Default URLSearchHook is missing
> F3 - REG:win.ini: run=
> N1 - Netscape 4: user_pref("browser.startup.homepage", "http://
> www.xupiter.com/toolbar2"); (C:\Program Files\Netscape\Users\darrin
> \prefs.js)
> O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-
> B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX
> \AcroIEHelper.dll
> O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:
> \Program Files\Norton AntiVirus\NavShExt.dll
> O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-
> CF10577473F7} - c:\program files\google\googletoolbar5.dll
> O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-
> B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:
> \program files\google\googletoolbar5.dll
> O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
> \qttask.exe" -atboottime
> O4 - HKLM\..\Run: [SP1300CamCheck] C:\Program Files\SiPix
> \SP1300\CamCheck.exe
> O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /
> Spoil /RemAdvDef /Migration32
> O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
> O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD
> Creator 5\DirectCD\DirectCD.exe"
> O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI
> Control Panel\atiptaxx.exe
> O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro
> \type32.exe"
> O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft
> IntelliPoint\point32.exe"
> O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD
> \PDVDServ.exe"
> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
> Shared\ccApp.exe"
> O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec
> Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /
> GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE
> "REBOOT"
> O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
> O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
> O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
> O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender
> \MSASCui.exe" -hide
> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
> O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger
> \YahooMessenger.exe" -quiet
> O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier
> \1.2.1128.5462\GoogleToolbarNotifier.exe
> O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:
> \WINDOWS\System32\spool\migrate.dll,ProcessWin9xNe tworkPrinters (User
> 'SYSTEM')
> O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%
> \system32\tscupgrd.exe (User 'SYSTEM')
> O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:
> \WINDOWS\System32\spool\migrate.dll,ProcessWin9xNe tworkPrinters (User
> 'Default user')
> O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
> O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files
> \Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
> O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files
> \Adobe\Acrobat 7.0\Reader\reader_sl.exe
> O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
> O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F}
> - http://www.net2phone.com/ (file missing)
> O9 - Extra 'Tools' menuitem: Net2Phone -
> {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/
> (file missing)
> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
> O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
> - (no file)
> O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-
> B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger
> \YahooMessenger.exe
> O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-
> B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger
> \YahooMessenger.exe
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
> - C:\Program Files\Messenger\msmsgs.exe (file missing)
> O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
> BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file
> missing)
> O13 - WWW. Prefix: http://
> O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software
> AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
> O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} -
> http://activex.liveupdate.com/controls/cres.cab
> O16 - DPF: {174793AA-EAE2-4188-AFA5-064BE26901B1} (CXRMS Control) -
> http://www.digitalgsp.com/xvr/CXRMS_1,1,0,1.cab
> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
> Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
> O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
> https://www-secure.symantec.com/tech...l/LSSupCtl.cab
> O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced
> Unicode Control) -
> http://activex.camfrogweb.com/advanc...instmodule.exe
> O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
> - C:\Program Files\Yahoo!\Common\yinsthelper.dll
> O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class)
> - http://scpwha.ops.placeware.com/etc/...uicksilver.cab
> O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
> http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
> O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) -
> http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
> O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
> http://software-dl.real.com/0362cce5...p/RdxIE601.cab
> O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image
> Viewer) - http://70.107.225.104/home/SonySncRz30View.cab
> O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
> - http://update.microsoft.com/microsof...?1125338265656
> O16 - DPF: {6F198B69-4D8D-467A-B276-526F00A925AE}
> (VigilWeb.VigilWebClient) - http://support.el-usa.com/web/Vigil%20Web.cab
> O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
> - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
> O16 - DPF: {81D26DFE-C2E3-43DB-8B7D-A1F4EAEDD029} (IeClientCtrl
> Control) - http://60.248.210.179/Web.cab
> O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) -
> http://transfers.one.microsoft.com/F...ansferCtrl.cab
> O16 - DPF: {8D83D301-E841-11D1-B155-00600823BCF9} (WebLine Browser
> Integration Classes) - http://live.landsend.com/webline/applets/msie40x.cab
> O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo
> Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
> O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
> - https://levelplatforms.webex.com/cli...ng/ieatgpc.cab
> O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software
> AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
> O16 - DPF: {FB79359A-325A-4886-B8F3-22B3B2E09B07} (GuiDemo Control) -
> http://24.162.196.181:4250/GuiX.cab
> O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
> boulderpcs.com
> O17 - HKLM\Software\..\Telephony: DomainName = boulderpcs.com
> O17 - HKLM\System\CCS\Services\Tcpip\..\{2BB3FA31-
> FD6D-4F30-99F3-8300EA8D1627}: NameServer = 199.239.24.62,199.239.24.12
> O17 - HKLM\System\CCS\Services\Tcpip\..\{AA5B45F5-0B4D-4E99-
> ABD1-7DF88A0FE3AE}: Domain = boulderpcs.com
> O17 - HKLM\System\CCS\Services\Tcpip\..\{AA5B45F5-0B4D-4E99-
> ABD1-7DF88A0FE3AE}: NameServer = 199.239.24.62,199.239.24.12
> O17 - HKLM\System\CCS\Services\Tcpip\..\
> {DEE6DF48-1735-4C29-8A41-0921B163A4DD}: Domain = boulderpcs.com
> O17 - HKLM\System\CCS\Services\Tcpip\..\
> {DEE6DF48-1735-4C29-8A41-0921B163A4DD}: NameServer =
> 192.168.100.17,192.168.100.12
> O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
> boulderpcs.com
> O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
> boulderpcs.com
> O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-
> B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
> O22 - SharedTaskScheduler: Component Categories cache daemon -
> {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS
> \System32\browseui.dll
> O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS
> \system32\Ati2evxx.exe
> O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS
> \SYSTEM32\ati2sgag.exe
> O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
> O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec Shared
> \ccEvtMgr.exe
> O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec Shared
> \ccSetMgr.exe
> O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
> Files\Google\Common\Google Updater\GoogleUpdaterService.exe
> O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec
> \LIVEUP~1\LUCOMS~1.EXE
> O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
> Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
> O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
> Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP
> \NPFMntor.exe
> O23 - Service: Norton Protection Center Service (NSCService) -
> Symantec Corporation - C:\Program Files\Common Files\Symantec Shared
> \Security Console\NSCSRVCE.EXE
> O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North
> America, Inc. - C:\WINDOWS\system32\RioMSC.exe
> O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:
> \Program Files\Norton AntiVirus\SAVScan.exe
> O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec Shared
> \SNDSrvc.exe
> O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files
> \Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
> O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
> Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> O23 - Service: TeleVantage Workstation Service (TvWksSvc) - Artisoft
> Inc. - C:\Program Files\Common Files\Artisoft\TeleVantage\TvWksSvc.exe
>
> --
> End of file - 13140 bytes
>

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
(Yet anotther) Microsoft/Windows Update problem: never ending upd	Dissidente	Windows Update	1	07-22-2005 11:18 PM
The never-ending update...	Captain Star	Windows Update	1	03-23-2005 01:22 AM
"Windows XP RTM support on Windows Update is ending" message	Will Pittenger	Windows Update	0	12-31-2004 06:11 PM
The Never-Ending Update	Dean Merrill	Windows Update	1	11-06-2003 11:16 AM
never ending update	Max	Windows Update	2	07-23-2003 12:23 AM