I have more info for all trying to help see below...Thanks for the
help !!!!
Thanks for the try but the program/s that are setting of the MS
installer and apparently installing something unknown and to quickly
to read does not show up in MSCONFIG or Winpatrol or any other of
these types of programs. It does not show up under the registry
setting for "Run" and "Runonce". yet it does activate and run at
startup. This is why I need a way to put XP into single step mode. In
this mode I should be able to the NAV starting, the desktop icons get
loaded, the printer drivers loaded, the HP software loading, the
Nvidia stuff loading etc. And at the load of each program I should get
a prompt telling me what is loading/running where the .exe is for it
and the ability to tell it not to load it. Sort of like the old Win98
single step through the config and autoexecbat and part of the windows
loading that used to be available.
One additional piece of info. On this system every time it starts it
opens up an explorer window just as if I had gone and clicked on the
Windows Explorer icon under Start/Programs. I have spent over 10 hours
on the phone with MS support and they could not find where the call to
run this was coming from. However I was not able to get them to give
me the trick for a TRUE single step startup mode so that we can
actually see the command that is triggering this.
This is a challenge for the best and brightest of all the Microsoft
MVP's etc. I hope some one can come up with a solution. There are some
programs such as SpyBot that as needed can arrange to be the very
first program run at startup. I need a program that can do this and
the record every call and its location to start something that comes
in after it.
Again, thanks for the help,
Ralph Malph
I am including the results from a "Hijackthis" and "Startuplist" scan
for anyone who wants to accept the challenge of solving this problem.
Again thanks for all the help,
Ralph Malph
Hijackthis Scan:
Logfile of HijackThis v1.98.2
Scan saved at 3:19:29 PM, on 9/2/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Belkin Bulldog Plus\upsd.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Belkin Bulldog Plus\MUPS.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\WinFax\WFXCTL32.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Windows\Desktop\Tools\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://start.verizon.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://start.verizon.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://start.verizon.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini:
UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SpywareGuard Download Protection -
{4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program
Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no
file)
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog
Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\System32\hplampc.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program
Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program
Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE"
/Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [WinPatrol]
"C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [NewsletterReader] C:\Program Files\Newsletter
Reader\newstray.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search
& Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program
Files\SpywareGuard\sgmain.exe
O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Bulldog
Plus\MUPS.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Controller.LNK = C:\Program
Files\WinFax\WFXCTL32.EXE
O4 - Global Startup: SpywareGuard.lnk = C:\Program
Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://*.pandasoftware.com
O15 - Trusted Zone:
http://housecall.trendmicro.com
O16 - DPF: ppctlcab -
http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Win32 Classes -
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) -
http://www.sis.com/support/chipdetect/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) -
http://www.sis.com/support/chipdetect/SiSAutodetectNT.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
(PPSDKActiveXScanner.MainScreen) -
http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} -
http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology
Client) -
http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) -
http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield
International Setup Player) -
http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
-
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -
http://a19.g.akamai.net/7/19/7125/4018/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan
Installer Class) -
http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE
Class) -
http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI
Registry Information Class) -
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class)
-
http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo
Class) -
O16 - DPF: {D10B5C22-DC60-430D-B548-489CB49A2367} (FreeScan Class) -
http://alternatedownload.zeroads.com/zerospyware/landingpage/files/zsfreescan.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader
Object) -
http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class)
-
http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj
Class) -
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj
Class) -
http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?315
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} -
C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
Startuplist Scan:
StartupList report, 9/2/2004, 3:59:20 PM
StartupList version: 1.52
Started from : C:\Documents and
Settings\Windows\Desktop\Tools\StartupList.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Belkin Bulldog Plus\upsd.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Belkin Bulldog Plus\MUPS.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\WinFax\WFXCTL32.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Windows\Desktop\Tools\StartupList.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Windows\Start Menu\Programs\Startup]
SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.exe
hpoddt01.exe.lnk = ?
Controller.LNK = C:\Program Files\WinFax\WFXCTL32.EXE
SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit =
C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Smapp = C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
hplampc = C:\WINDOWS\System32\hplampc.exe
HPDJ Taskbar Utility =
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
Logitech Utility = Logi_MwX.Exe
DeviceDiscovery = C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpotdd01.exe
WFXSwtch = C:\PROGRA~1\WinFax\WFXSWTCH.exe
WinFaxAppPortStarter = wfxsnt40.exe
Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
zBrowser Launcher = C:\Program Files\Logitech\iTouch\iTouch.exe
nwiz = nwiz.exe /install
IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef
/Migration32
IMEKRMIG6.1 = C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
C-Media Mixer = Mixer.exe /startup
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
QD FastAndSafe =
WinPatrol = "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
NewsletterReader = C:\Program Files\Newsletter Reader\newstray.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
NvMediaCenter = RUNDLL32.EXE
C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
SpybotSD TeaTimer = C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT
6.0\READER\ACTIVEX\ACROIEHELPER.DLL -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
SpywareGuard Download Protection - C:\Program
Files\SpywareGuard\dlprotect.dll -
{4A368E80-174F-4872-96B5-0B27DDD11DB2}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll -
{53707962-6F74-2D53-2644-206D7942484F}
NAV Helper - C:\Program Files\Norton SystemWorks\Norton
AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
--------------------------------------------------
Enumerating Task Scheduler jobs:
PCHealth Scheduler for Data Collection.job
HP DArC Task #Hewlett-Packard#deskjet5600#MY38R3J1FS79.job
Symantec NetDetect.job
Norton SystemWorks One Button Checkup.job
Norton AntiVirus - Scan my computer.job
--------------------------------------------------
Enumerating Download Program Files:
[ppctlcab]
CODEBASE =
http://www.pestscan.com/scanner/ppctlcab.cab
OSD = C:\WINDOWS\Downloaded Program Files\OSD406.OSD
[Win32 Classes]
[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE =
http://www.apple.com/qtactivex/qtplugin.cab
[OSInfo Control]
InProcServer32 = C:\WINDOWS\OSInfo.ocx
CODEBASE =
http://www.sis.com/support/chipdetect/OSInfo.cab
[SiS_OCX Control]
InProcServer32 = C:\WINDOWS\SIS_OCX.ocx
CODEBASE =
http://www.sis.com/support/chipdetect/SiSAutodetectNT.cab
[MSSecurityAdvisor Class]
InProcServer32 = C:\WINDOWS\System32\mssecadv.dll
CODEBASE =
http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1072724825125
[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\avsniff.dll
CODEBASE =
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
[PPSDKActiveXScanner.MainScreen]
InProcServer32 = C:\WINDOWS\Downloaded Program
Files\PPSDKActiveXScanner.ocx
CODEBASE =
http://www.pestscan.com/scanner/axscanner.cab
[YInstStarter Class]
CODEBASE =
http://download.yahoo.com/dl/installs/yinstc.cab
[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE =
http://office.microsoft.com/officeupdate/content/opuc.cab
[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE =
http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
[{469C7080-8EC8-43A6-AD97-45848113743C}]
InProcServer32 = C:\WINDOWS\System32\nethv32.dll
CODEBASE =
http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
[WebIQ Technology Client]
InProcServer32 = C:\Program Files\WebIQ\WebIQClientLib.dll
CODEBASE =
http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE =
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
[GSDACtl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\gsda.dll
CODEBASE =
http://launch.gamespyarcade.com/software/launch/alaunch.cab
[InstallShield International Setup Player]
InProcServer32 = c:\windows\DOWNLO~1\isetupml.dll
CODEBASE =
http://ftp.hp.com/pub/automatic/player/isetupML.cab
[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE =
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
[cpbrkpie Control]
CODEBASE =
http://a19.g.akamai.net/7/19/7125/4018/ftp.coupons.com/v3123/cpbrkpie.cab
[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE =
http://www.pandasoftware.com/activescan/as5/asinst.cab
[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE =
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38138.4754861111
[RealArcadeRdxIE Class]
InProcServer32 = C:\WINDOWS\Downloaded Program
Files\RealArcadeRdxIE.dll
CODEBASE =
http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
[PreQualifier Class]
InProcServer32 = C:\WINDOWS\System32\MotivePreQual.dll
CODEBASE =
http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
[ActiveDataInfo Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SymAData.dll
[FreeScan Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\zsfreescan.dll
CODEBASE =
http://alternatedownload.zeroads.com/zerospyware/landingpage/files/zsfreescan.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\flash.ocx
CODEBASE =
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
[PopCapLoader Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\popcaploader.dll
CODEBASE =
http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
[HeartbeatCtl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONFLICT.1\hrtbeat.ocx
CODEBASE =
http://fdl.msn.com/zone/datafiles/heartbeat.cab
[ActiveDataObj Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ActiveData.dll
[QDiagHUpdateObj Class]
InProcServer32 = C:\WINDOWS\System32\qdiagh.ocx
CODEBASE =
http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?315
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
End of report, 11,486 bytes
Report generated in 0.062 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of
platform
/history - to list version history only
