Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

HELP ME GET RID OF StartPage-DU.dll PROBLEM.


  • This topic is locked This topic is locked
9 replies to this topic

#1 MXH73

MXH73

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 11 July 2005 - 01:33 AM

ok i have i think the programs i am going to need in order to get rid of this bug. cwshredder xphidden.zip about buster and hijack this. now let me know what you need to see exactly from hijack so we can kill this dam bug. In short it has taken over my internet explorer and just really burning me off. already downloaded fox and am working through that now. thanks in advance. M

    Advertisements

Register to Remove


#2 MXH73

MXH73

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 11 July 2005 - 04:55 PM

here is a copy of my most recent hijackthis file log
please help before this gets larger than it has to.
thanks again.

Logfile of HijackThis v1.99.1
Scan saved at 6:36:18 PM, on 7/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\trojan killer\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ndujm.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ndujm.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ndujm.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ndujm.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ndujm.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ndujm.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ndujm.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink, Inc.
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ONE\Application Data\Mozilla\Profiles\default\7aa4qhcn.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {1C5CF169-7102-1F3D-5594-86EE2D6D9EE0} - C:\WINDOWS\system32\sysil.dll (file missing)
O2 - BHO: Class - {21DD6C43-4909-73BD-AC73-F4B1A19AC112} - C:\WINDOWS\system32\d3xt32.dll
O2 - BHO: Class - {881BB225-84CF-BE39-E313-C5E95E934915} - C:\WINDOWS\crcy.dll (file missing)
O2 - BHO: Class - {A72C0FFC-C2D7-47B8-44CD-DA44AC623334} - C:\WINDOWS\apiuj32.dll (file missing)
O2 - BHO: Class - {AC6D7A8A-E7A9-F8C4-588B-902AB6FE2E0D} - C:\WINDOWS\crzi.dll
O2 - BHO: Class - {B3734911-ADA5-D9E5-FF78-B2E4D353C5CF} - C:\WINDOWS\sdkoh.dll
O2 - BHO: Class - {E2EE63AA-6042-4A78-50B3-4072F042785E} - C:\WINDOWS\msmu32.dll
O2 - BHO: Class - {F4FFB405-D2D9-F737-1B6D-FF0CD9DC8744} - C:\WINDOWS\system32\msto.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [tgcmd] "c:\program files\support.com\client\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101257953\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [addve.exe] C:\WINDOWS\system32\addve.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ConMgr.exe] C:\Program Files\EarthLink 5.0\ConMgr.exe
O4 - HKLM\..\Run: [UpdateMgr.exe] C:\Program Files\EarthLink 5.0\updatemgr.exe /NOCM
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [ipst32.exe] C:\WINDOWS\system32\ipst32.exe
O4 - HKLM\..\RunOnce: [atljp32.exe] C:\WINDOWS\system32\atljp32.exe
O4 - HKLM\..\RunOnce: [winqe.exe] C:\WINDOWS\winqe.exe
O4 - HKLM\..\RunOnce: [ntsk.exe] C:\WINDOWS\system32\ntsk.exe
O4 - HKLM\..\RunOnce: [mfcpd.exe] C:\WINDOWS\system32\mfcpd.exe
O4 - HKLM\..\RunOnce: [ipug32.exe] C:\WINDOWS\ipug32.exe
O4 - HKLM\..\RunOnce: [winuo.exe] C:\WINDOWS\system32\winuo.exe
O4 - HKLM\..\RunOnce: [netqf.exe] C:\WINDOWS\system32\netqf.exe
O4 - HKLM\..\RunOnce: [syski32.exe] C:\WINDOWS\syski32.exe
O4 - HKLM\..\RunOnce: [crjc.exe] C:\WINDOWS\system32\crjc.exe
O4 - HKLM\..\RunOnce: [appsa32.exe] C:\WINDOWS\system32\appsa32.exe
O4 - HKLM\..\RunOnce: [iern32.exe] C:\WINDOWS\iern32.exe
O4 - HKLM\..\RunOnce: [ipxq32.exe] C:\WINDOWS\system32\ipxq32.exe
O4 - HKLM\..\RunOnce: [appyj32.exe] C:\WINDOWS\appyj32.exe
O4 - HKLM\..\RunOnce: [winbv.exe] C:\WINDOWS\system32\winbv.exe
O4 - HKLM\..\RunOnce: [wineu32.exe] C:\WINDOWS\system32\wineu32.exe
O4 - HKLM\..\RunOnce: [addec.exe] C:\WINDOWS\addec.exe
O4 - HKLM\..\RunOnce: [sdkge.exe] C:\WINDOWS\system32\sdkge.exe
O4 - HKLM\..\RunOnce: [winvb32.exe] C:\WINDOWS\winvb32.exe
O4 - HKLM\..\RunOnce: [iezk.exe] C:\WINDOWS\iezk.exe
O4 - HKLM\..\RunOnce: [crfg.exe] C:\WINDOWS\crfg.exe
O4 - HKLM\..\RunOnce: [appbd.exe] C:\WINDOWS\appbd.exe
O4 - HKLM\..\RunOnce: [msuw32.exe] C:\WINDOWS\system32\msuw32.exe
O4 - HKLM\..\RunOnce: [netuc32.exe] C:\WINDOWS\netuc32.exe
O4 - HKLM\..\RunOnce: [sdkkj32.exe] C:\WINDOWS\sdkkj32.exe
O4 - HKLM\..\RunOnce: [ipnn.exe] C:\WINDOWS\system32\ipnn.exe
O4 - HKLM\..\RunOnce: [appmd32.exe] C:\WINDOWS\appmd32.exe
O4 - HKLM\..\RunOnce: [winip.exe] C:\WINDOWS\system32\winip.exe
O4 - HKLM\..\RunOnce: [javahw32.exe] C:\WINDOWS\system32\javahw32.exe
O4 - HKLM\..\RunOnce: [netxm.exe] C:\WINDOWS\netxm.exe
O4 - HKLM\..\RunOnce: [addeb32.exe] C:\WINDOWS\addeb32.exe
O4 - HKLM\..\RunOnce: [msur32.exe] C:\WINDOWS\system32\msur32.exe
O4 - HKLM\..\RunOnce: [msuz.exe] C:\WINDOWS\msuz.exe
O4 - HKLM\..\RunOnce: [d3dz.exe] C:\WINDOWS\system32\d3dz.exe
O4 - HKLM\..\RunOnce: [javang.exe] C:\WINDOWS\system32\javang.exe
O4 - HKLM\..\RunOnce: [ntvg32.exe] C:\WINDOWS\ntvg32.exe
O4 - HKLM\..\RunOnce: [ieuz32.exe] C:\WINDOWS\system32\ieuz32.exe
O4 - HKLM\..\RunOnce: [ntkd32.exe] C:\WINDOWS\system32\ntkd32.exe
O4 - HKLM\..\RunOnce: [apppz32.exe] C:\WINDOWS\system32\apppz32.exe
O4 - HKLM\..\RunOnce: [ntkl32.exe] C:\WINDOWS\system32\ntkl32.exe
O4 - HKLM\..\RunOnce: [apibe.exe] C:\WINDOWS\apibe.exe
O4 - HKLM\..\RunOnce: [ntdg32.exe] C:\WINDOWS\ntdg32.exe
O4 - HKLM\..\RunOnce: [atljb.exe] C:\WINDOWS\system32\atljb.exe
O4 - HKLM\..\RunOnce: [syskv32.exe] C:\WINDOWS\syskv32.exe
O4 - HKLM\..\RunOnce: [javaxp32.exe] C:\WINDOWS\system32\javaxp32.exe
O4 - HKLM\..\RunOnce: [apigh.exe] C:\WINDOWS\system32\apigh.exe
O4 - HKLM\..\RunOnce: [iptb32.exe] C:\WINDOWS\iptb32.exe
O4 - HKLM\..\RunOnce: [addgw.exe] C:\WINDOWS\system32\addgw.exe
O4 - HKLM\..\RunOnce: [ipwt32.exe] C:\WINDOWS\ipwt32.exe
O4 - HKLM\..\RunOnce: [addbn.exe] C:\WINDOWS\addbn.exe
O4 - HKLM\..\RunOnce: [sdkun32.exe] C:\WINDOWS\sdkun32.exe
O4 - HKLM\..\RunOnce: [apphk32.exe] C:\WINDOWS\apphk32.exe
O4 - HKLM\..\RunOnce: [msue32.exe] C:\WINDOWS\system32\msue32.exe
O4 - HKLM\..\RunOnce: [atlpp32.exe] C:\WINDOWS\atlpp32.exe
O4 - HKLM\..\RunOnce: [ieus.exe] C:\WINDOWS\system32\ieus.exe
O4 - HKLM\..\RunOnce: [netuu.exe] C:\WINDOWS\system32\netuu.exe
O4 - HKLM\..\RunOnce: [crmq32.exe] C:\WINDOWS\crmq32.exe
O4 - HKLM\..\RunOnce: [netwl32.exe] C:\WINDOWS\system32\netwl32.exe
O4 - HKLM\..\RunOnce: [addcf.exe] C:\WINDOWS\system32\addcf.exe
O4 - HKLM\..\RunOnce: [apphc32.exe] C:\WINDOWS\apphc32.exe
O4 - HKLM\..\RunOnce: [d3ve32.exe] C:\WINDOWS\d3ve32.exe
O4 - HKLM\..\RunOnce: [sysbh32.exe] C:\WINDOWS\sysbh32.exe
O4 - HKLM\..\RunOnce: [crcy.exe] C:\WINDOWS\crcy.exe
O4 - HKLM\..\RunOnce: [apiuj32.exe] C:\WINDOWS\apiuj32.exe
O4 - HKLM\..\RunOnce: [sysok32.exe] C:\WINDOWS\sysok32.exe
O4 - HKLM\..\RunOnce: [mfcgg32.exe] C:\WINDOWS\system32\mfcgg32.exe
O4 - HKLM\..\RunOnce: [appbk32.exe] C:\WINDOWS\system32\appbk32.exe
O4 - HKLM\..\RunOnce: [d3he.exe] C:\WINDOWS\d3he.exe
O4 - HKLM\..\RunOnce: [sysll.exe] C:\WINDOWS\system32\sysll.exe
O4 - HKLM\..\RunOnce: [javaqn32.exe] C:\WINDOWS\system32\javaqn32.exe
O4 - HKLM\..\RunOnce: [ntlr.exe] C:\WINDOWS\ntlr.exe
O4 - HKLM\..\RunOnce: [appzl32.exe] C:\WINDOWS\appzl32.exe
O4 - HKLM\..\RunOnce: [appkg32.exe] C:\WINDOWS\appkg32.exe
O4 - HKLM\..\RunOnce: [ipdd.exe] C:\WINDOWS\system32\ipdd.exe
O4 - HKLM\..\RunOnce: [netdf32.exe] C:\WINDOWS\system32\netdf32.exe
O4 - HKLM\..\RunOnce: [netbw32.exe] C:\WINDOWS\system32\netbw32.exe
O4 - HKLM\..\RunOnce: [atllc32.exe] C:\WINDOWS\atllc32.exe
O4 - HKLM\..\RunOnce: [ntga.exe] C:\WINDOWS\ntga.exe
O4 - HKLM\..\RunOnce: [msjg32.exe] C:\WINDOWS\system32\msjg32.exe
O4 - HKLM\..\RunOnce: [ntyk32.exe] C:\WINDOWS\system32\ntyk32.exe
O4 - HKLM\..\RunOnce: [apphw32.exe] C:\WINDOWS\system32\apphw32.exe
O4 - HKLM\..\RunOnce: [ipzs32.exe] C:\WINDOWS\ipzs32.exe
O4 - HKLM\..\RunOnce: [nttt32.exe] C:\WINDOWS\system32\nttt32.exe
O4 - HKLM\..\RunOnce: [d3an32.exe] C:\WINDOWS\system32\d3an32.exe
O4 - HKLM\..\RunOnce: [applj.exe] C:\WINDOWS\applj.exe
O4 - HKLM\..\RunOnce: [crzl.exe] C:\WINDOWS\system32\crzl.exe
O4 - HKLM\..\RunOnce: [winuj.exe] C:\WINDOWS\system32\winuj.exe
O4 - HKLM\..\RunOnce: [appis32.exe] C:\WINDOWS\system32\appis32.exe
O4 - HKLM\..\RunOnce: [ipdp32.exe] C:\WINDOWS\system32\ipdp32.exe
O4 - HKLM\..\RunOnce: [apinw.exe] C:\WINDOWS\apinw.exe
O4 - HKLM\..\RunOnce: [mfcww.exe] C:\WINDOWS\system32\mfcww.exe
O4 - HKLM\..\RunOnce: [sdkll32.exe] C:\WINDOWS\sdkll32.exe
O4 - HKLM\..\RunOnce: [ievk32.exe] C:\WINDOWS\system32\ievk32.exe
O4 - HKLM\..\RunOnce: [apiqv32.exe] C:\WINDOWS\apiqv32.exe
O4 - HKLM\..\RunOnce: [ntda.exe] C:\WINDOWS\ntda.exe
O4 - HKLM\..\RunOnce: [netea32.exe] C:\WINDOWS\system32\netea32.exe
O4 - HKLM\..\RunOnce: [netsx.exe] C:\WINDOWS\netsx.exe
O4 - HKLM\..\RunOnce: [crxh32.exe] C:\WINDOWS\crxh32.exe
O4 - HKLM\..\RunOnce: [addum.exe] C:\WINDOWS\system32\addum.exe
O4 - HKLM\..\RunOnce: [ipjb32.exe] C:\WINDOWS\ipjb32.exe
O4 - HKLM\..\RunOnce: [javaaj32.exe] C:\WINDOWS\javaaj32.exe
O4 - HKLM\..\RunOnce: [ntvu.exe] C:\WINDOWS\system32\ntvu.exe
O4 - HKLM\..\RunOnce: [atluc32.exe] C:\WINDOWS\atluc32.exe
O4 - HKLM\..\RunOnce: [syssr32.exe] C:\WINDOWS\system32\syssr32.exe
O4 - HKLM\..\RunOnce: [winsh.exe] C:\WINDOWS\system32\winsh.exe
O4 - HKLM\..\RunOnce: [ieai.exe] C:\WINDOWS\ieai.exe
O4 - HKLM\..\RunOnce: [netko32.exe] C:\WINDOWS\netko32.exe
O4 - HKLM\..\RunOnce: [addav.exe] C:\WINDOWS\system32\addav.exe
O4 - HKLM\..\RunOnce: [d3zl32.exe] C:\WINDOWS\system32\d3zl32.exe
O4 - HKLM\..\RunOnce: [ntxa32.exe] C:\WINDOWS\ntxa32.exe
O4 - HKLM\..\RunOnce: [sdkxi.exe] C:\WINDOWS\sdkxi.exe
O4 - HKLM\..\RunOnce: [msvg32.exe] C:\WINDOWS\system32\msvg32.exe
O4 - HKLM\..\RunOnce: [addln32.exe] C:\WINDOWS\addln32.exe
O4 - HKLM\..\RunOnce: [sysor.exe] C:\WINDOWS\sysor.exe
O4 - HKLM\..\RunOnce: [mfctj.exe] C:\WINDOWS\mfctj.exe
O4 - HKLM\..\RunOnce: [msyg32.exe] C:\WINDOWS\msyg32.exe
O4 - HKLM\..\RunOnce: [iesz32.exe] C:\WINDOWS\iesz32.exe
O4 - HKLM\..\RunOnce: [sdkwv32.exe] C:\WINDOWS\system32\sdkwv32.exe
O4 - HKLM\..\RunOnce: [syssh.exe] C:\WINDOWS\syssh.exe
O4 - HKLM\..\RunOnce: [d3vt32.exe] C:\WINDOWS\system32\d3vt32.exe
O4 - HKLM\..\RunOnce: [ntua.exe] C:\WINDOWS\ntua.exe
O4 - HKLM\..\RunOnce: [apptq32.exe] C:\WINDOWS\apptq32.exe
O4 - HKLM\..\RunOnce: [iejf32.exe] C:\WINDOWS\iejf32.exe
O4 - HKLM\..\RunOnce: [sysrn.exe] C:\WINDOWS\system32\sysrn.exe
O4 - HKLM\..\RunOnce: [ntxq.exe] C:\WINDOWS\ntxq.exe
O4 - HKLM\..\RunOnce: [apibu32.exe] C:\WINDOWS\apibu32.exe
O4 - HKLM\..\RunOnce: [addzj.exe] C:\WINDOWS\system32\addzj.exe
O4 - HKLM\..\RunOnce: [cryz32.exe] C:\WINDOWS\cryz32.exe
O4 - HKLM\..\RunOnce: [ipoo32.exe] C:\WINDOWS\system32\ipoo32.exe
O4 - HKLM\..\RunOnce: [ntww.exe] C:\WINDOWS\system32\ntww.exe
O4 - HKLM\..\RunOnce: [ipxx.exe] C:\WINDOWS\ipxx.exe
O4 - HKLM\..\RunOnce: [d3mu32.exe] C:\WINDOWS\system32\d3mu32.exe
O4 - HKLM\..\RunOnce: [winkb32.exe] C:\WINDOWS\system32\winkb32.exe
O4 - HKLM\..\RunOnce: [ieff.exe] C:\WINDOWS\ieff.exe
O4 - HKLM\..\RunOnce: [atlkx.exe] C:\WINDOWS\atlkx.exe
O4 - HKLM\..\RunOnce: [d3xt32.exe] C:\WINDOWS\system32\d3xt32.exe
O4 - HKLM\..\RunOnce: [ntnj32.exe] C:\WINDOWS\ntnj32.exe
O4 - HKLM\..\RunOnce: [ieqv.exe] C:\WINDOWS\ieqv.exe
O4 - HKLM\..\RunOnce: [crmz32.exe] C:\WINDOWS\system32\crmz32.exe
O4 - HKLM\..\RunOnce: [iplo.exe] C:\WINDOWS\iplo.exe
O4 - HKLM\..\RunOnce: [appke32.exe] C:\WINDOWS\appke32.exe
O4 - HKLM\..\RunOnce: [msat32.exe] C:\WINDOWS\system32\msat32.exe
O4 - HKLM\..\RunOnce: [ieib.exe] C:\WINDOWS\system32\ieib.exe
O4 - HKLM\..\RunOnce: [apill.exe] C:\WINDOWS\apill.exe
O4 - HKLM\..\RunOnce: [syskb32.exe] C:\WINDOWS\syskb32.exe
O4 - HKLM\..\RunOnce: [craq32.exe] C:\WINDOWS\system32\craq32.exe
O4 - HKLM\..\RunOnce: [d3ay32.exe] C:\WINDOWS\system32\d3ay32.exe
O4 - HKLM\..\RunOnce: [addkz32.exe] C:\WINDOWS\addkz32.exe
O4 - HKLM\..\RunOnce: [sdksh.exe] C:\WINDOWS\sdksh.exe
O4 - HKLM\..\RunOnce: [netol.exe] C:\WINDOWS\netol.exe
O4 - HKLM\..\RunOnce: [ieiw.exe] C:\WINDOWS\ieiw.exe
O4 - HKLM\..\RunOnce: [crxl.exe] C:\WINDOWS\system32\crxl.exe
O4 - HKLM\..\RunOnce: [addvy32.exe] C:\WINDOWS\addvy32.exe
O4 - HKLM\..\RunOnce: [sdkvg.exe] C:\WINDOWS\system32\sdkvg.exe
O4 - HKLM\..\RunOnce: [netzk32.exe] C:\WINDOWS\netzk32.exe
O4 - HKLM\..\RunOnce: [apppa.exe] C:\WINDOWS\system32\apppa.exe
O4 - HKLM\..\RunOnce: [d3op32.exe] C:\WINDOWS\system32\d3op32.exe
O4 - HKLM\..\RunOnce: [ntmf.exe] C:\WINDOWS\ntmf.exe
O4 - HKLM\..\RunOnce: [atllu32.exe] C:\WINDOWS\atllu32.exe
O4 - HKLM\..\RunOnce: [sysbc32.exe] C:\WINDOWS\system32\sysbc32.exe
O4 - HKLM\..\RunOnce: [netfc32.exe] C:\WINDOWS\netfc32.exe
O4 - HKLM\..\RunOnce: [ipnk32.exe] C:\WINDOWS\ipnk32.exe
O4 - HKLM\..\RunOnce: [d3wk32.exe] C:\WINDOWS\d3wk32.exe
O4 - HKLM\..\RunOnce: [mfcws32.exe] C:\WINDOWS\system32\mfcws32.exe
O4 - HKLM\..\RunOnce: [crre32.exe] C:\WINDOWS\system32\crre32.exe
O4 - HKLM\..\RunOnce: [mswi.exe] C:\WINDOWS\mswi.exe
O4 - HKLM\..\RunOnce: [d3fi32.exe] C:\WINDOWS\system32\d3fi32.exe
O4 - HKLM\..\RunOnce: [crtf.exe] C:\WINDOWS\crtf.exe
O4 - HKLM\..\RunOnce: [ipew32.exe] C:\WINDOWS\system32\ipew32.exe
O4 - HKLM\..\RunOnce: [mshi32.exe] C:\WINDOWS\mshi32.exe
O4 - HKLM\..\RunOnce: [winmm32.exe] C:\WINDOWS\system32\winmm32.exe
O4 - HKLM\..\RunOnce: [ntmu.exe] C:\WINDOWS\ntmu.exe
O4 - HKLM\..\RunOnce: [addgo.exe] C:\WINDOWS\system32\addgo.exe
O4 - HKLM\..\RunOnce: [d3fd32.exe] C:\WINDOWS\system32\d3fd32.exe
O4 - HKLM\..\RunOnce: [ipdt32.exe] C:\WINDOWS\ipdt32.exe
O4 - HKLM\..\RunOnce: [ntdb.exe] C:\WINDOWS\system32\ntdb.exe
O4 - HKLM\..\RunOnce: [syshk.exe] C:\WINDOWS\system32\syshk.exe
O4 - HKLM\..\RunOnce: [apiep32.exe] C:\WINDOWS\apiep32.exe
O4 - HKLM\..\RunOnce: [netex32.exe] C:\WINDOWS\system32\netex32.exe
O4 - HKLM\..\RunOnce: [crny32.exe] C:\WINDOWS\crny32.exe
O4 - HKLM\..\RunOnce: [javaik32.exe] C:\WINDOWS\system32\javaik32.exe
O4 - HKLM\..\RunOnce: [msvo.exe] C:\WINDOWS\msvo.exe
O4 - HKLM\..\RunOnce: [crww32.exe] C:\WINDOWS\system32\crww32.exe
O4 - HKLM\..\RunOnce: [atlfd.exe] C:\WINDOWS\atlfd.exe
O4 - HKLM\..\RunOnce: [ntus32.exe] C:\WINDOWS\system32\ntus32.exe
O4 - HKLM\..\RunOnce: [winod32.exe] C:\WINDOWS\winod32.exe
O4 - HKLM\..\RunOnce: [msye.exe] C:\WINDOWS\msye.exe
O4 - HKLM\..\RunOnce: [iema32.exe] C:\WINDOWS\iema32.exe
O4 - HKLM\..\RunOnce: [mssx32.exe] C:\WINDOWS\system32\mssx32.exe
O4 - HKLM\..\RunOnce: [ntxt32.exe] C:\WINDOWS\ntxt32.exe
O4 - HKLM\..\RunOnce: [ieaf32.exe] C:\WINDOWS\system32\ieaf32.exe
O4 - HKLM\..\RunOnce: [addzb32.exe] C:\WINDOWS\addzb32.exe
O4 - HKLM\..\RunOnce: [apiyi.exe] C:\WINDOWS\apiyi.exe
O4 - HKLM\..\RunOnce: [sdkum32.exe] C:\WINDOWS\sdkum32.exe
O4 - HKLM\..\RunOnce: [netdn.exe] C:\WINDOWS\netdn.exe
O4 - HKLM\..\RunOnce: [iprj32.exe] C:\WINDOWS\iprj32.exe
O4 - HKLM\..\RunOnce: [ipxg32.exe] C:\WINDOWS\system32\ipxg32.exe
O4 - HKLM\..\RunOnce: [ipfo32.exe] C:\WINDOWS\system32\ipfo32.exe
O4 - HKLM\..\RunOnce: [javaks.exe] C:\WINDOWS\javaks.exe
O4 - HKLM\..\RunOnce: [addnc.exe] C:\WINDOWS\addnc.exe
O4 - HKLM\..\RunOnce: [crms32.exe] C:\WINDOWS\crms32.exe
O4 - HKLM\..\RunOnce: [ipdh32.exe] C:\WINDOWS\system32\ipdh32.exe
O4 - HKLM\..\RunOnce: [javahm32.exe] C:\WINDOWS\javahm32.exe
O4 - HKLM\..\RunOnce: [atlpm.exe] C:\WINDOWS\system32\atlpm.exe
O4 - HKLM\..\RunOnce: [sysly.exe] C:\WINDOWS\sysly.exe
O4 - HKLM\..\RunOnce: [apijn32.exe] C:\WINDOWS\system32\apijn32.exe
O4 - HKLM\..\RunOnce: [d3vy32.exe] C:\WINDOWS\d3vy32.exe
O4 - HKLM\..\RunOnce: [mfcsb32.exe] C:\WINDOWS\mfcsb32.exe
O4 - HKLM\..\RunOnce: [appnf.exe] C:\WINDOWS\system32\appnf.exe
O4 - HKLM\..\RunOnce: [msmu32.exe] C:\WINDOWS\msmu32.exe
O4 - HKLM\..\RunOnce: [sdkkk.exe] C:\WINDOWS\system32\sdkkk.exe
O4 - HKLM\..\RunOnce: [atljz32.exe] C:\WINDOWS\system32\atljz32.exe
O4 - HKLM\..\RunOnce: [winzx.exe] C:\WINDOWS\winzx.exe
O4 - HKLM\..\RunOnce: [sysix.exe] C:\WINDOWS\system32\sysix.exe
O4 - HKLM\..\RunOnce: [syscp.exe] C:\WINDOWS\syscp.exe
O4 - HKLM\..\RunOnce: [addku.exe] C:\WINDOWS\system32\addku.exe
O4 - HKLM\..\RunOnce: [addpv32.exe] C:\WINDOWS\addpv32.exe
O4 - HKLM\..\RunOnce: [d3gl32.exe] C:\WINDOWS\d3gl32.exe
O4 - HKLM\..\RunOnce: [msnt.exe] C:\WINDOWS\system32\msnt.exe
O4 - HKLM\..\RunOnce: [d3ot.exe] C:\WINDOWS\d3ot.exe
O4 - HKLM\..\RunOnce: [appei32.exe] C:\WINDOWS\system32\appei32.exe
O4 - HKLM\..\RunOnce: [apicq32.exe] C:\WINDOWS\system32\apicq32.exe
O4 - HKLM\..\RunOnce: [atlxb.exe] C:\WINDOWS\atlxb.exe
O4 - HKLM\..\RunOnce: [iewr32.exe] C:\WINDOWS\iewr32.exe
O4 - HKLM\..\RunOnce: [javamg32.exe] C:\WINDOWS\system32\javamg32.exe
O4 - HKLM\..\RunOnce: [javauo.exe] C:\WINDOWS\system32\javauo.exe
O4 - HKLM\..\RunOnce: [sysse32.exe] C:\WINDOWS\sysse32.exe
O4 - HKLM\..\RunOnce: [mfccc32.exe] C:\WINDOWS\system32\mfccc32.exe
O4 - HKLM\..\RunOnce: [javaxo32.exe] C:\WINDOWS\system32\javaxo32.exe
O4 - HKLM\..\RunOnce: [mscs.exe] C:\WINDOWS\mscs.exe
O4 - HKLM\..\RunOnce: [d3lt32.exe] C:\WINDOWS\system32\d3lt32.exe
O4 - HKLM\..\RunOnce: [crzp.exe] C:\WINDOWS\crzp.exe
O4 - HKLM\..\RunOnce: [d3fm.exe] C:\WINDOWS\d3fm.exe
O4 - HKLM\..\RunOnce: [apilj.exe] C:\WINDOWS\system32\apilj.exe
O4 - HKLM\..\RunOnce: [msfu.exe] C:\WINDOWS\msfu.exe
O4 - HKLM\..\RunOnce: [javauj.exe] C:\WINDOWS\javauj.exe
O4 - HKLM\..\RunOnce: [apinc32.exe] C:\WINDOWS\system32\apinc32.exe
O4 - HKLM\..\RunOnce: [netyn.exe] C:\WINDOWS\netyn.exe
O4 - HKLM\..\RunOnce: [crcr.exe] C:\WINDOWS\crcr.exe
O4 - HKLM\..\RunOnce: [sdksm.exe] C:\WINDOWS\sdksm.exe
O4 - HKLM\..\RunOnce: [javagj32.exe] C:\WINDOWS\javagj32.exe
O4 - HKLM\..\RunOnce: [sdkmg32.exe] C:\WINDOWS\system32\sdkmg32.exe
O4 - HKLM\..\RunOnce: [atlrc32.exe] C:\WINDOWS\atlrc32.exe
O4 - HKLM\..\RunOnce: [netya32.exe] C:\WINDOWS\system32\netya32.exe
O4 - HKLM\..\RunOnce: [appop.exe] C:\WINDOWS\appop.exe
O4 - HKLM\..\RunOnce: [msnf32.exe] C:\WINDOWS\system32\msnf32.exe
O4 - HKLM\..\RunOnce: [sdklm32.exe] C:\WINDOWS\sdklm32.exe
O4 - HKLM\..\RunOnce: [javalc.exe] C:\WINDOWS\javalc.exe
O4 - HKLM\..\RunOnce: [ntud.exe] C:\WINDOWS\system32\ntud.exe
O4 - HKLM\..\RunOnce: [iejs32.exe] C:\WINDOWS\iejs32.exe
O4 - HKLM\..\RunOnce: [atltq32.exe] C:\WINDOWS\system32\atltq32.exe
O4 - HKLM\..\RunOnce: [sdkoc32.exe] C:\WINDOWS\sdkoc32.exe
O4 - HKLM\..\RunOnce: [d3bg.exe] C:\WINDOWS\d3bg.exe
O4 - HKLM\..\RunOnce: [crch32.exe] C:\WINDOWS\crch32.exe
O4 - HKLM\..\RunOnce: [javaqd.exe] C:\WINDOWS\javaqd.exe
O4 - HKLM\..\RunOnce: [crwa.exe] C:\WINDOWS\crwa.exe
O4 - HKLM\..\RunOnce: [d3ei.exe] C:\WINDOWS\d3ei.exe
O4 - HKLM\..\RunOnce: [wincd32.exe] C:\WINDOWS\wincd32.exe
O4 - HKLM\..\RunOnce: [appoo.exe] C:\WINDOWS\appoo.exe
O4 - HKLM\..\RunOnce: [netss.exe] C:\WINDOWS\system32\netss.exe
O4 - HKLM\..\RunOnce: [d3hi32.exe] C:\WINDOWS\d3hi32.exe
O4 - HKLM\..\RunOnce: [sysxp32.exe] C:\WINDOWS\sysxp32.exe
O4 - HKLM\..\RunOnce: [mssb.exe] C:\WINDOWS\mssb.exe
O4 - HKLM\..\RunOnce: [ntrq32.exe] C:\WINDOWS\ntrq32.exe
O4 - HKLM\..\RunOnce: [mfcqy32.exe] C:\WINDOWS\system32\mfcqy32.exe
O4 - HKLM\..\RunOnce: [mfcpo.exe] C:\WINDOWS\system32\mfcpo.exe
O4 - HKLM\..\RunOnce: [atlyo.exe] C:\WINDOWS\atlyo.exe
O4 - HKLM\..\RunOnce: [sdkod.exe] C:\WINDOWS\system32\sdkod.exe
O4 - HKLM\..\RunOnce: [netds32.exe] C:\WINDOWS\system32\netds32.exe
O4 - HKLM\..\RunOnce: [sdkiv.exe] C:\WINDOWS\system32\sdkiv.exe
O4 - HKLM\..\RunOnce: [netmz.exe] C:\WINDOWS\netmz.exe
O4 - HKLM\..\RunOnce: [crbw32.exe] C:\WINDOWS\system32\crbw32.exe
O4 - HKLM\..\RunOnce: [sysad.exe] C:\WINDOWS\system32\sysad.exe
O4 - HKLM\..\RunOnce: [atlwh32.exe] C:\WINDOWS\atlwh32.exe
O4 - HKLM\..\RunOnce: [winfi.exe] C:\WINDOWS\system32\winfi.exe
O4 - HKLM\..\RunOnce: [addte32.exe] C:\WINDOWS\addte32.exe
O4 - HKLM\..\RunOnce: [winzb32.exe] C:\WINDOWS\system32\winzb32.exe
O4 - HKLM\..\RunOnce: [addhj32.exe] C:\WINDOWS\addhj32.exe
O4 - HKLM\..\RunOnce: [d3hx.exe] C:\WINDOWS\d3hx.exe
O4 - HKLM\..\RunOnce: [winzy.exe] C:\WINDOWS\winzy.exe
O4 - HKLM\..\RunOnce: [sdkqx32.exe] C:\WINDOWS\sdkqx32.exe
O4 - HKLM\..\RunOnce: [winfm32.exe] C:\WINDOWS\winfm32.exe
O4 - HKLM\..\RunOnce: [sdkfu.exe] C:\WINDOWS\system32\sdkfu.exe
O4 - HKLM\..\RunOnce: [apijg.exe] C:\WINDOWS\system32\apijg.exe
O4 - HKLM\..\RunOnce: [cryv32.exe] C:\WINDOWS\cryv32.exe
O4 - HKLM\..\RunOnce: [ieod32.exe] C:\WINDOWS\ieod32.exe
O4 - HKLM\..\RunOnce: [d3rh.exe] C:\WINDOWS\d3rh.exe
O4 - HKLM\..\RunOnce: [ipqw32.exe] C:\WINDOWS\ipqw32.exe
O4 - HKLM\..\RunOnce: [crbv32.exe] C:\WINDOWS\crbv32.exe
O4 - HKLM\..\RunOnce: [d3vo32.exe] C:\WINDOWS\d3vo32.exe
O4 - HKLM\..\RunOnce: [ipzl32.exe] C:\WINDOWS\system32\ipzl32.exe
O4 - HKLM\..\RunOnce: [msuw.exe] C:\WINDOWS\msuw.exe
O4 - HKLM\..\RunOnce: [javayi32.exe] C:\WINDOWS\system32\javayi32.exe
O4 - HKLM\..\RunOnce: [netxq.exe] C:\WINDOWS\netxq.exe
O4 - HKLM\..\RunOnce: [winwf32.exe] C:\WINDOWS\winwf32.exe
O4 - HKLM\..\RunOnce: [d3mv32.exe] C:\WINDOWS\system32\d3mv32.exe
O4 - HKLM\..\RunOnce: [msud.exe] C:\WINDOWS\system32\msud.exe
O4 - HKLM\..\RunOnce: [d3ud.exe] C:\WINDOWS\d3ud.exe
O4 - HKLM\..\RunOnce: [atlej32.exe] C:\WINDOWS\atlej32.exe
O4 - HKLM\..\RunOnce: [syscz.exe] C:\WINDOWS\system32\syscz.exe
O4 - HKLM\..\RunOnce: [sdkbo32.exe] C:\WINDOWS\system32\sdkbo32.exe
O4 - HKLM\..\RunOnce: [apire32.exe] C:\WINDOWS\apire32.exe
O4 - HKLM\..\RunOnce: [netzm.exe] C:\WINDOWS\system32\netzm.exe
O4 - HKLM\..\RunOnce: [apiam.exe] C:\WINDOWS\apiam.exe
O4 - HKLM\..\RunOnce: [javapj32.exe] C:\WINDOWS\system32\javapj32.exe
O4 - HKLM\..\RunOnce: [ienr32.exe] C:\WINDOWS\system32\ienr32.exe
O4 - HKLM\..\RunOnce: [d3iv.exe] C:\WINDOWS\d3iv.exe
O4 - HKLM\..\RunOnce: [nethk32.exe] C:\WINDOWS\nethk32.exe
O4 - HKLM\..\RunOnce: [appxa32.exe] C:\WINDOWS\system32\appxa32.exe
O4 - HKLM\..\RunOnce: [atlfi.exe] C:\WINDOWS\system32\atlfi.exe
O4 - HKLM\..\RunOnce: [javajr.exe] C:\WINDOWS\javajr.exe
O4 - HKLM\..\RunOnce: [mfcih32.exe] C:\WINDOWS\mfcih32.exe
O4 - HKLM\..\RunOnce: [winyw32.exe] C:\WINDOWS\system32\winyw32.exe
O4 - HKLM\..\RunOnce: [addye32.exe] C:\WINDOWS\system32\addye32.exe
O4 - HKLM\..\RunOnce: [netif32.exe] C:\WINDOWS\system32\netif32.exe
O4 - HKLM\..\RunOnce: [iepn.exe] C:\WINDOWS\iepn.exe
O4 - HKLM\..\RunOnce: [crlr.exe] C:\WINDOWS\crlr.exe
O4 - HKLM\..\RunOnce: [winbo32.exe] C:\WINDOWS\system32\winbo32.exe
O4 - HKLM\..\RunOnce: [mfczw32.exe] C:\WINDOWS\system32\mfczw32.exe
O4 - HKLM\..\RunOnce: [appuz.exe] C:\WINDOWS\system32\appuz.exe
O4 - HKLM\..\RunOnce: [mfccv.exe] C:\WINDOWS\system32\mfccv.exe
O4 - HKLM\..\RunOnce: [ntgz32.exe] C:\WINDOWS\ntgz32.exe
O4 - HKLM\..\RunOnce: [apiqa.exe] C:\WINDOWS\system32\apiqa.exe
O4 - HKLM\..\RunOnce: [netvw32.exe] C:\WINDOWS\system32\netvw32.exe
O4 - HKLM\..\RunOnce: [apikt32.exe] C:\WINDOWS\system32\apikt32.exe
O4 - HKLM\..\RunOnce: [winpq32.exe] C:\WINDOWS\system32\winpq32.exe
O4 - HKLM\..\RunOnce: [netkb32.exe] C:\WINDOWS\netkb32.exe
O4 - HKLM\..\RunOnce: [sdkpg.exe] C:\WINDOWS\sdkpg.exe
O4 - HKLM\..\RunOnce: [ntxg32.exe] C:\WINDOWS\system32\ntxg32.exe
O4 - HKLM\..\RunOnce: [apprx.exe] C:\WINDOWS\apprx.exe
O4 - HKLM\..\RunOnce: [sdkli.exe] C:\WINDOWS\system32\sdkli.exe
O4 - HKLM\..\RunOnce: [ipbx.exe] C:\WINDOWS\system32\ipbx.exe
O4 - HKLM\..\RunOnce: [applq32.exe] C:\WINDOWS\applq32.exe
O4 - HKLM\..\RunOnce: [atlfb32.exe] C:\WINDOWS\atlfb32.exe
O4 - HKLM\..\RunOnce: [iejg32.exe] C:\WINDOWS\system32\iejg32.exe
O4 - HKLM\..\RunOnce: [mfcer.exe] C:\WINDOWS\mfcer.exe
O4 - HKLM\..\RunOnce: [addiw.exe] C:\WINDOWS\system32\addiw.exe
O4 - HKLM\..\RunOnce: [netyt32.exe] C:\WINDOWS\netyt32.exe
O4 - HKLM\..\RunOnce: [mfcbu32.exe] C:\WINDOWS\system32\mfcbu32.exe
O4 - HKLM\..\RunOnce: [netnn.exe] C:\WINDOWS\netnn.exe
O4 - HKLM\..\RunOnce: [javarr.exe] C:\WINDOWS\javarr.exe
O4 - HKLM\..\RunOnce: [iebk32.exe] C:\WINDOWS\iebk32.exe
O4 - HKLM\..\RunOnce: [apivw32.exe] C:\WINDOWS\apivw32.exe
O4 - HKLM\..\RunOnce: [atlfw.exe] C:\WINDOWS\atlfw.exe
O4 - HKLM\..\RunOnce: [atllt32.exe] C:\WINDOWS\atllt32.exe
O4 - HKLM\..\RunOnce: [atlzq32.exe] C:\WINDOWS\system32\atlzq32.exe
O4 - HKLM\..\RunOnce: [msem32.exe] C:\WINDOWS\msem32.exe
O4 - HKLM\..\RunOnce: [ipmc.exe] C:\WINDOWS\ipmc.exe
O4 - HKLM\..\RunOnce: [apimc32.exe] C:\WINDOWS\system32\apimc32.exe
O4 - HKLM\..\RunOnce: [d3wi.exe] C:\WINDOWS\system32\d3wi.exe
O4 - HKLM\..\RunOnce: [applg32.exe] C:\WINDOWS\applg32.exe
O4 - HKLM\..\RunOnce: [netjn.exe] C:\WINDOWS\netjn.exe
O4 - HKLM\..\RunOnce: [javafr32.exe] C:\WINDOWS\system32\javafr32.exe
O4 - HKLM\..\RunOnce: [ipps.exe] C:\WINDOWS\ipps.exe
O4 - HKLM\..\RunOnce: [ntco32.exe] C:\WINDOWS\system32\ntco32.exe
O4 - HKLM\..\RunOnce: [iprl32.exe] C:\WINDOWS\iprl32.exe
O4 - HKLM\..\RunOnce: [appoh32.exe] C:\WINDOWS\appoh32.exe
O4 - HKLM\..\RunOnce: [ntrt32.exe] C:\WINDOWS\ntrt32.exe
O4 - HKLM\..\RunOnce: [crvx32.exe] C:\WINDOWS\system32\crvx32.exe
O4 - HKLM\..\RunOnce: [atlvf.exe] C:\WINDOWS\atlvf.exe
O4 - HKLM\..\RunOnce: [crfm32.exe] C:\WINDOWS\system32\crfm32.exe
O4 - HKLM\..\RunOnce: [ieji.exe] C:\WINDOWS\system32\ieji.exe
O4 - HKLM\..\RunOnce: [d3sq.exe] C:\WINDOWS\d3sq.exe
O4 - HKLM\..\RunOnce: [apphf.exe] C:\WINDOWS\system32\apphf.exe
O4 - HKLM\..\RunOnce: [sysxu.exe] C:\WINDOWS\system32\sysxu.exe
O4 - HKLM\..\RunOnce: [javahn32.exe] C:\WINDOWS\javahn32.exe
O4 - HKLM\..\RunOnce: [d3by32.exe] C:\WINDOWS\d3by32.exe
O4 - HKLM\..\RunOnce: [winuv.exe] C:\WINDOWS\winuv.exe
O4 - HKLM\..\RunOnce: [sysyl32.exe] C:\WINDOWS\sysyl32.exe
O4 - HKLM\..\RunOnce: [crxw.exe] C:\WINDOWS\system32\crxw.exe
O4 - HKLM\..\RunOnce: [mswl.exe] C:\WINDOWS\mswl.exe
O4 - HKLM\..\RunOnce: [atlpq32.exe] C:\WINDOWS\system32\atlpq32.exe
O4 - HKLM\..\RunOnce: [ipip.exe] C:\WINDOWS\ipip.exe
O4 - HKLM\..\RunOnce: [netxj32.exe] C:\WINDOWS\netxj32.exe
O4 - HKLM\..\RunOnce: [javatv.exe] C:\WINDOWS\system32\javatv.exe
O4 - HKLM\..\RunOnce: [d3ne.exe] C:\WINDOWS\system32\d3ne.exe
O4 - HKLM\..\RunOnce: [iemu.exe] C:\WINDOWS\iemu.exe
O4 - HKLM\..\RunOnce: [msqe32.exe] C:\WINDOWS\system32\msqe32.exe
O4 - HKLM\..\RunOnce: [d3wa32.exe] C:\WINDOWS\d3wa32.exe
O4 - HKLM\..\RunOnce: [ipbf32.exe] C:\WINDOWS\ipbf32.exe
O4 - HKLM\..\RunOnce: [mseq32.exe] C:\WINDOWS\mseq32.exe
O4 - HKLM\..\RunOnce: [winjv.exe] C:\WINDOWS\system32\winjv.exe
O4 - HKLM\..\RunOnce: [sysjv32.exe] C:\WINDOWS\sysjv32.exe
O4 - HKLM\..\RunOnce: [ieys.exe] C:\WINDOWS\system32\ieys.exe
O4 - HKLM\..\RunOnce: [syseg.exe] C:\WINDOWS\system32\syseg.exe
O4 - HKLM\..\RunOnce: [ntrl.exe] C:\WINDOWS\ntrl.exe
O4 - HKLM\..\RunOnce: [iejr.exe] C:\WINDOWS\system32\iejr.exe
O4 - HKLM\..\RunOnce: [iedl32.exe] C:\WINDOWS\iedl32.exe
O4 - HKLM\..\RunOnce: [ntih32.exe] C:\WINDOWS\system32\ntih32.exe
O4 - HKLM\..\RunOnce: [sysdt32.exe] C:\WINDOWS\sysdt32.exe
O4 - HKLM\..\RunOnce: [appix.exe] C:\WINDOWS\appix.exe
O4 - HKLM\..\RunOnce: [winry32.exe] C:\WINDOWS\winry32.exe
O4 - HKLM\..\RunOnce: [winfu32.exe] C:\WINDOWS\winfu32.exe
O4 - HKLM\..\RunOnce: [javacr32.exe] C:\WINDOWS\javacr32.exe
O4 - HKLM\..\RunOnce: [winfc32.exe] C:\WINDOWS\system32\winfc32.exe
O4 - HKLM\..\RunOnce: [atlkh.exe] C:\WINDOWS\system32\atlkh.exe
O4 - HKLM\..\RunOnce: [javanq.exe] C:\WINDOWS\javanq.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: Remocon Driver.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://start.earthlink.net
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game4.pogo.co...m-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-18.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yim...ctl_0_0_0_1.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipst32.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#3 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 16 July 2005 - 03:49 PM

Welcome to the forum.


Please read through the instructions before you start (you may want to print this out).

Please download and install these programs - don't run them yet!!

Please download and unzip
AboutBuster to a folder.
AboutBuster MUST be updated before you use it.
Check the AboutBuster Tutorial for instructions.
Don't run it yet.

Download and unzip cwsserviceremove to your desktop. use link below:
DownloadItHere

The above Registry file was written specifically for this infection and is not to be used on any other infection as it could damage a person's PC



Download CW-Shredder at the link below:
http://cwshredder.ne.../CWShredder.exe

Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Reboot into SafeMode. <---MAKE SURE YOU KNOW HOW TO DO THIS!!

+++++++++++++++++++++++++++++++++++++++++++++++++

Here's the fix:

Important Step
1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:
Workstation NetLogon Service

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next steps.

2. Reboot into Safe Mode

3. Skip This Step

4. CLOSE ALL WINDOWS AND BROWSERS Scan with Hijack This and put checks next to all the following, then click "Fix Checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ndujm.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ndujm.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ndujm.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ndujm.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ndujm.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ndujm.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ndujm.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {21DD6C43-4909-73BD-AC73-F4B1A19AC112} - C:\WINDOWS\system32\d3xt32.dll
O2 - BHO: Class - {881BB225-84CF-BE39-E313-C5E95E934915} - C:\WINDOWS\crcy.dll (file missing)
O2 - BHO: Class - {A72C0FFC-C2D7-47B8-44CD-DA44AC623334} - C:\WINDOWS\apiuj32.dll (file missing)
O2 - BHO: Class - {AC6D7A8A-E7A9-F8C4-588B-902AB6FE2E0D} - C:\WINDOWS\crzi.dll
O2 - BHO: Class - {B3734911-ADA5-D9E5-FF78-B2E4D353C5CF} - C:\WINDOWS\sdkoh.dll
O2 - BHO: Class - {E2EE63AA-6042-4A78-50B3-4072F042785E} - C:\WINDOWS\msmu32.dll
O2 - BHO: Class - {F4FFB405-D2D9-F737-1B6D-FF0CD9DC8744} - C:\WINDOWS\system32\msto.dll (file missing)
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\RunOnce: [ipst32.exe] C:\WINDOWS\system32\ipst32.exe
O4 - HKLM\..\RunOnce: [atljp32.exe] C:\WINDOWS\system32\atljp32.exe
O4 - HKLM\..\RunOnce: [winqe.exe] C:\WINDOWS\winqe.exe
O4 - HKLM\..\RunOnce: [ntsk.exe] C:\WINDOWS\system32\ntsk.exe
O4 - HKLM\..\RunOnce: [mfcpd.exe] C:\WINDOWS\system32\mfcpd.exe
O4 - HKLM\..\RunOnce: [ipug32.exe] C:\WINDOWS\ipug32.exe
O4 - HKLM\..\RunOnce: [winuo.exe] C:\WINDOWS\system32\winuo.exe
O4 - HKLM\..\RunOnce: [netqf.exe] C:\WINDOWS\system32\netqf.exe
O4 - HKLM\..\RunOnce: [syski32.exe] C:\WINDOWS\syski32.exe
O4 - HKLM\..\RunOnce: [crjc.exe] C:\WINDOWS\system32\crjc.exe
O4 - HKLM\..\RunOnce: [appsa32.exe] C:\WINDOWS\system32\appsa32.exe
O4 - HKLM\..\RunOnce: [iern32.exe] C:\WINDOWS\iern32.exe
O4 - HKLM\..\RunOnce: [ipxq32.exe] C:\WINDOWS\system32\ipxq32.exe
O4 - HKLM\..\RunOnce: [appyj32.exe] C:\WINDOWS\appyj32.exe
O4 - HKLM\..\RunOnce: [winbv.exe] C:\WINDOWS\system32\winbv.exe
O4 - HKLM\..\RunOnce: [wineu32.exe] C:\WINDOWS\system32\wineu32.exe
O4 - HKLM\..\RunOnce: [addec.exe] C:\WINDOWS\addec.exe
O4 - HKLM\..\RunOnce: [sdkge.exe] C:\WINDOWS\system32\sdkge.exe
O4 - HKLM\..\RunOnce: [winvb32.exe] C:\WINDOWS\winvb32.exe
O4 - HKLM\..\RunOnce: [iezk.exe] C:\WINDOWS\iezk.exe
O4 - HKLM\..\RunOnce: [crfg.exe] C:\WINDOWS\crfg.exe
O4 - HKLM\..\RunOnce: [appbd.exe] C:\WINDOWS\appbd.exe
O4 - HKLM\..\RunOnce: [msuw32.exe] C:\WINDOWS\system32\msuw32.exe
O4 - HKLM\..\RunOnce: [netuc32.exe] C:\WINDOWS\netuc32.exe
O4 - HKLM\..\RunOnce: [sdkkj32.exe] C:\WINDOWS\sdkkj32.exe
O4 - HKLM\..\RunOnce: [ipnn.exe] C:\WINDOWS\system32\ipnn.exe
O4 - HKLM\..\RunOnce: [appmd32.exe] C:\WINDOWS\appmd32.exe
O4 - HKLM\..\RunOnce: [winip.exe] C:\WINDOWS\system32\winip.exe
O4 - HKLM\..\RunOnce: [javahw32.exe] C:\WINDOWS\system32\javahw32.exe
O4 - HKLM\..\RunOnce: [netxm.exe] C:\WINDOWS\netxm.exe
O4 - HKLM\..\RunOnce: [addeb32.exe] C:\WINDOWS\addeb32.exe
O4 - HKLM\..\RunOnce: [msur32.exe] C:\WINDOWS\system32\msur32.exe
O4 - HKLM\..\RunOnce: [msuz.exe] C:\WINDOWS\msuz.exe
O4 - HKLM\..\RunOnce: [d3dz.exe] C:\WINDOWS\system32\d3dz.exe
O4 - HKLM\..\RunOnce: [javang.exe] C:\WINDOWS\system32\javang.exe
O4 - HKLM\..\RunOnce: [ntvg32.exe] C:\WINDOWS\ntvg32.exe
O4 - HKLM\..\RunOnce: [ieuz32.exe] C:\WINDOWS\system32\ieuz32.exe
O4 - HKLM\..\RunOnce: [ntkd32.exe] C:\WINDOWS\system32\ntkd32.exe
O4 - HKLM\..\RunOnce: [apppz32.exe] C:\WINDOWS\system32\apppz32.exe
O4 - HKLM\..\RunOnce: [ntkl32.exe] C:\WINDOWS\system32\ntkl32.exe
O4 - HKLM\..\RunOnce: [apibe.exe] C:\WINDOWS\apibe.exe
O4 - HKLM\..\RunOnce: [ntdg32.exe] C:\WINDOWS\ntdg32.exe
O4 - HKLM\..\RunOnce: [atljb.exe] C:\WINDOWS\system32\atljb.exe
O4 - HKLM\..\RunOnce: [syskv32.exe] C:\WINDOWS\syskv32.exe
O4 - HKLM\..\RunOnce: [javaxp32.exe] C:\WINDOWS\system32\javaxp32.exe
O4 - HKLM\..\RunOnce: [apigh.exe] C:\WINDOWS\system32\apigh.exe
O4 - HKLM\..\RunOnce: [iptb32.exe] C:\WINDOWS\iptb32.exe
O4 - HKLM\..\RunOnce: [addgw.exe] C:\WINDOWS\system32\addgw.exe
O4 - HKLM\..\RunOnce: [ipwt32.exe] C:\WINDOWS\ipwt32.exe
O4 - HKLM\..\RunOnce: [addbn.exe] C:\WINDOWS\addbn.exe
O4 - HKLM\..\RunOnce: [sdkun32.exe] C:\WINDOWS\sdkun32.exe
O4 - HKLM\..\RunOnce: [apphk32.exe] C:\WINDOWS\apphk32.exe
O4 - HKLM\..\RunOnce: [msue32.exe] C:\WINDOWS\system32\msue32.exe
O4 - HKLM\..\RunOnce: [atlpp32.exe] C:\WINDOWS\atlpp32.exe
O4 - HKLM\..\RunOnce: [ieus.exe] C:\WINDOWS\system32\ieus.exe
O4 - HKLM\..\RunOnce: [netuu.exe] C:\WINDOWS\system32\netuu.exe
O4 - HKLM\..\RunOnce: [crmq32.exe] C:\WINDOWS\crmq32.exe
O4 - HKLM\..\RunOnce: [netwl32.exe] C:\WINDOWS\system32\netwl32.exe
O4 - HKLM\..\RunOnce: [addcf.exe] C:\WINDOWS\system32\addcf.exe
O4 - HKLM\..\RunOnce: [apphc32.exe] C:\WINDOWS\apphc32.exe
O4 - HKLM\..\RunOnce: [d3ve32.exe] C:\WINDOWS\d3ve32.exe
O4 - HKLM\..\RunOnce: [sysbh32.exe] C:\WINDOWS\sysbh32.exe
O4 - HKLM\..\RunOnce: [crcy.exe] C:\WINDOWS\crcy.exe
O4 - HKLM\..\RunOnce: [apiuj32.exe] C:\WINDOWS\apiuj32.exe
O4 - HKLM\..\RunOnce: [sysok32.exe] C:\WINDOWS\sysok32.exe
O4 - HKLM\..\RunOnce: [mfcgg32.exe] C:\WINDOWS\system32\mfcgg32.exe
O4 - HKLM\..\RunOnce: [appbk32.exe] C:\WINDOWS\system32\appbk32.exe
O4 - HKLM\..\RunOnce: [d3he.exe] C:\WINDOWS\d3he.exe
O4 - HKLM\..\RunOnce: [sysll.exe] C:\WINDOWS\system32\sysll.exe
O4 - HKLM\..\RunOnce: [javaqn32.exe] C:\WINDOWS\system32\javaqn32.exe
O4 - HKLM\..\RunOnce: [ntlr.exe] C:\WINDOWS\ntlr.exe
O4 - HKLM\..\RunOnce: [appzl32.exe] C:\WINDOWS\appzl32.exe
O4 - HKLM\..\RunOnce: [appkg32.exe] C:\WINDOWS\appkg32.exe
O4 - HKLM\..\RunOnce: [ipdd.exe] C:\WINDOWS\system32\ipdd.exe
O4 - HKLM\..\RunOnce: [netdf32.exe] C:\WINDOWS\system32\netdf32.exe
O4 - HKLM\..\RunOnce: [netbw32.exe] C:\WINDOWS\system32\netbw32.exe
O4 - HKLM\..\RunOnce: [atllc32.exe] C:\WINDOWS\atllc32.exe
O4 - HKLM\..\RunOnce: [ntga.exe] C:\WINDOWS\ntga.exe
O4 - HKLM\..\RunOnce: [msjg32.exe] C:\WINDOWS\system32\msjg32.exe
O4 - HKLM\..\RunOnce: [ntyk32.exe] C:\WINDOWS\system32\ntyk32.exe
O4 - HKLM\..\RunOnce: [apphw32.exe] C:\WINDOWS\system32\apphw32.exe
O4 - HKLM\..\RunOnce: [ipzs32.exe] C:\WINDOWS\ipzs32.exe
O4 - HKLM\..\RunOnce: [nttt32.exe] C:\WINDOWS\system32\nttt32.exe
O4 - HKLM\..\RunOnce: [d3an32.exe] C:\WINDOWS\system32\d3an32.exe
O4 - HKLM\..\RunOnce: [applj.exe] C:\WINDOWS\applj.exe
O4 - HKLM\..\RunOnce: [crzl.exe] C:\WINDOWS\system32\crzl.exe
O4 - HKLM\..\RunOnce: [winuj.exe] C:\WINDOWS\system32\winuj.exe
O4 - HKLM\..\RunOnce: [appis32.exe] C:\WINDOWS\system32\appis32.exe
O4 - HKLM\..\RunOnce: [ipdp32.exe] C:\WINDOWS\system32\ipdp32.exe
O4 - HKLM\..\RunOnce: [apinw.exe] C:\WINDOWS\apinw.exe
O4 - HKLM\..\RunOnce: [mfcww.exe] C:\WINDOWS\system32\mfcww.exe
O4 - HKLM\..\RunOnce: [sdkll32.exe] C:\WINDOWS\sdkll32.exe
O4 - HKLM\..\RunOnce: [ievk32.exe] C:\WINDOWS\system32\ievk32.exe
O4 - HKLM\..\RunOnce: [apiqv32.exe] C:\WINDOWS\apiqv32.exe
O4 - HKLM\..\RunOnce: [ntda.exe] C:\WINDOWS\ntda.exe
O4 - HKLM\..\RunOnce: [netea32.exe] C:\WINDOWS\system32\netea32.exe
O4 - HKLM\..\RunOnce: [netsx.exe] C:\WINDOWS\netsx.exe
O4 - HKLM\..\RunOnce: [crxh32.exe] C:\WINDOWS\crxh32.exe
O4 - HKLM\..\RunOnce: [addum.exe] C:\WINDOWS\system32\addum.exe
O4 - HKLM\..\RunOnce: [ipjb32.exe] C:\WINDOWS\ipjb32.exe
O4 - HKLM\..\RunOnce: [javaaj32.exe] C:\WINDOWS\javaaj32.exe
O4 - HKLM\..\RunOnce: [ntvu.exe] C:\WINDOWS\system32\ntvu.exe
O4 - HKLM\..\RunOnce: [atluc32.exe] C:\WINDOWS\atluc32.exe
O4 - HKLM\..\RunOnce: [syssr32.exe] C:\WINDOWS\system32\syssr32.exe
O4 - HKLM\..\RunOnce: [winsh.exe] C:\WINDOWS\system32\winsh.exe
O4 - HKLM\..\RunOnce: [ieai.exe] C:\WINDOWS\ieai.exe
O4 - HKLM\..\RunOnce: [netko32.exe] C:\WINDOWS\netko32.exe
O4 - HKLM\..\RunOnce: [addav.exe] C:\WINDOWS\system32\addav.exe
O4 - HKLM\..\RunOnce: [d3zl32.exe] C:\WINDOWS\system32\d3zl32.exe
O4 - HKLM\..\RunOnce: [ntxa32.exe] C:\WINDOWS\ntxa32.exe
O4 - HKLM\..\RunOnce: [sdkxi.exe] C:\WINDOWS\sdkxi.exe
O4 - HKLM\..\RunOnce: [msvg32.exe] C:\WINDOWS\system32\msvg32.exe
O4 - HKLM\..\RunOnce: [addln32.exe] C:\WINDOWS\addln32.exe
O4 - HKLM\..\RunOnce: [sysor.exe] C:\WINDOWS\sysor.exe
O4 - HKLM\..\RunOnce: [mfctj.exe] C:\WINDOWS\mfctj.exe
O4 - HKLM\..\RunOnce: [msyg32.exe] C:\WINDOWS\msyg32.exe
O4 - HKLM\..\RunOnce: [iesz32.exe] C:\WINDOWS\iesz32.exe
O4 - HKLM\..\RunOnce: [sdkwv32.exe] C:\WINDOWS\system32\sdkwv32.exe
O4 - HKLM\..\RunOnce: [syssh.exe] C:\WINDOWS\syssh.exe
O4 - HKLM\..\RunOnce: [d3vt32.exe] C:\WINDOWS\system32\d3vt32.exe
O4 - HKLM\..\RunOnce: [ntua.exe] C:\WINDOWS\ntua.exe
O4 - HKLM\..\RunOnce: [apptq32.exe] C:\WINDOWS\apptq32.exe
O4 - HKLM\..\RunOnce: [iejf32.exe] C:\WINDOWS\iejf32.exe
O4 - HKLM\..\RunOnce: [sysrn.exe] C:\WINDOWS\system32\sysrn.exe
O4 - HKLM\..\RunOnce: [ntxq.exe] C:\WINDOWS\ntxq.exe
O4 - HKLM\..\RunOnce: [apibu32.exe] C:\WINDOWS\apibu32.exe
O4 - HKLM\..\RunOnce: [addzj.exe] C:\WINDOWS\system32\addzj.exe
O4 - HKLM\..\RunOnce: [cryz32.exe] C:\WINDOWS\cryz32.exe
O4 - HKLM\..\RunOnce: [ipoo32.exe] C:\WINDOWS\system32\ipoo32.exe
O4 - HKLM\..\RunOnce: [ntww.exe] C:\WINDOWS\system32\ntww.exe
O4 - HKLM\..\RunOnce: [ipxx.exe] C:\WINDOWS\ipxx.exe
O4 - HKLM\..\RunOnce: [d3mu32.exe] C:\WINDOWS\system32\d3mu32.exe
O4 - HKLM\..\RunOnce: [winkb32.exe] C:\WINDOWS\system32\winkb32.exe
O4 - HKLM\..\RunOnce: [ieff.exe] C:\WINDOWS\ieff.exe
O4 - HKLM\..\RunOnce: [atlkx.exe] C:\WINDOWS\atlkx.exe
O4 - HKLM\..\RunOnce: [d3xt32.exe] C:\WINDOWS\system32\d3xt32.exe
O4 - HKLM\..\RunOnce: [ntnj32.exe] C:\WINDOWS\ntnj32.exe
O4 - HKLM\..\RunOnce: [ieqv.exe] C:\WINDOWS\ieqv.exe
O4 - HKLM\..\RunOnce: [crmz32.exe] C:\WINDOWS\system32\crmz32.exe
O4 - HKLM\..\RunOnce: [iplo.exe] C:\WINDOWS\iplo.exe
O4 - HKLM\..\RunOnce: [appke32.exe] C:\WINDOWS\appke32.exe
O4 - HKLM\..\RunOnce: [msat32.exe] C:\WINDOWS\system32\msat32.exe
O4 - HKLM\..\RunOnce: [ieib.exe] C:\WINDOWS\system32\ieib.exe
O4 - HKLM\..\RunOnce: [apill.exe] C:\WINDOWS\apill.exe
O4 - HKLM\..\RunOnce: [syskb32.exe] C:\WINDOWS\syskb32.exe
O4 - HKLM\..\RunOnce: [craq32.exe] C:\WINDOWS\system32\craq32.exe
O4 - HKLM\..\RunOnce: [d3ay32.exe] C:\WINDOWS\system32\d3ay32.exe
O4 - HKLM\..\RunOnce: [addkz32.exe] C:\WINDOWS\addkz32.exe
O4 - HKLM\..\RunOnce: [sdksh.exe] C:\WINDOWS\sdksh.exe
O4 - HKLM\..\RunOnce: [netol.exe] C:\WINDOWS\netol.exe
O4 - HKLM\..\RunOnce: [ieiw.exe] C:\WINDOWS\ieiw.exe
O4 - HKLM\..\RunOnce: [crxl.exe] C:\WINDOWS\system32\crxl.exe
O4 - HKLM\..\RunOnce: [addvy32.exe] C:\WINDOWS\addvy32.exe
O4 - HKLM\..\RunOnce: [sdkvg.exe] C:\WINDOWS\system32\sdkvg.exe
O4 - HKLM\..\RunOnce: [netzk32.exe] C:\WINDOWS\netzk32.exe
O4 - HKLM\..\RunOnce: [apppa.exe] C:\WINDOWS\system32\apppa.exe
O4 - HKLM\..\RunOnce: [d3op32.exe] C:\WINDOWS\system32\d3op32.exe
O4 - HKLM\..\RunOnce: [ntmf.exe] C:\WINDOWS\ntmf.exe
O4 - HKLM\..\RunOnce: [atllu32.exe] C:\WINDOWS\atllu32.exe
O4 - HKLM\..\RunOnce: [sysbc32.exe] C:\WINDOWS\system32\sysbc32.exe
O4 - HKLM\..\RunOnce: [netfc32.exe] C:\WINDOWS\netfc32.exe
O4 - HKLM\..\RunOnce: [ipnk32.exe] C:\WINDOWS\ipnk32.exe
O4 - HKLM\..\RunOnce: [d3wk32.exe] C:\WINDOWS\d3wk32.exe
O4 - HKLM\..\RunOnce: [mfcws32.exe] C:\WINDOWS\system32\mfcws32.exe
O4 - HKLM\..\RunOnce: [crre32.exe] C:\WINDOWS\system32\crre32.exe
O4 - HKLM\..\RunOnce: [mswi.exe] C:\WINDOWS\mswi.exe
O4 - HKLM\..\RunOnce: [d3fi32.exe] C:\WINDOWS\system32\d3fi32.exe
O4 - HKLM\..\RunOnce: [crtf.exe] C:\WINDOWS\crtf.exe
O4 - HKLM\..\RunOnce: [ipew32.exe] C:\WINDOWS\system32\ipew32.exe
O4 - HKLM\..\RunOnce: [mshi32.exe] C:\WINDOWS\mshi32.exe
O4 - HKLM\..\RunOnce: [winmm32.exe] C:\WINDOWS\system32\winmm32.exe
O4 - HKLM\..\RunOnce: [ntmu.exe] C:\WINDOWS\ntmu.exe
O4 - HKLM\..\RunOnce: [addgo.exe] C:\WINDOWS\system32\addgo.exe
O4 - HKLM\..\RunOnce: [d3fd32.exe] C:\WINDOWS\system32\d3fd32.exe
O4 - HKLM\..\RunOnce: [ipdt32.exe] C:\WINDOWS\ipdt32.exe
O4 - HKLM\..\RunOnce: [ntdb.exe] C:\WINDOWS\system32\ntdb.exe
O4 - HKLM\..\RunOnce: [syshk.exe] C:\WINDOWS\system32\syshk.exe
O4 - HKLM\..\RunOnce: [apiep32.exe] C:\WINDOWS\apiep32.exe
O4 - HKLM\..\RunOnce: [netex32.exe] C:\WINDOWS\system32\netex32.exe
O4 - HKLM\..\RunOnce: [crny32.exe] C:\WINDOWS\crny32.exe
O4 - HKLM\..\RunOnce: [javaik32.exe] C:\WINDOWS\system32\javaik32.exe
O4 - HKLM\..\RunOnce: [msvo.exe] C:\WINDOWS\msvo.exe
O4 - HKLM\..\RunOnce: [crww32.exe] C:\WINDOWS\system32\crww32.exe
O4 - HKLM\..\RunOnce: [atlfd.exe] C:\WINDOWS\atlfd.exe
O4 - HKLM\..\RunOnce: [ntus32.exe] C:\WINDOWS\system32\ntus32.exe
O4 - HKLM\..\RunOnce: [winod32.exe] C:\WINDOWS\winod32.exe
O4 - HKLM\..\RunOnce: [msye.exe] C:\WINDOWS\msye.exe
O4 - HKLM\..\RunOnce: [iema32.exe] C:\WINDOWS\iema32.exe
O4 - HKLM\..\RunOnce: [mssx32.exe] C:\WINDOWS\system32\mssx32.exe
O4 - HKLM\..\RunOnce: [ntxt32.exe] C:\WINDOWS\ntxt32.exe
O4 - HKLM\..\RunOnce: [ieaf32.exe] C:\WINDOWS\system32\ieaf32.exe
O4 - HKLM\..\RunOnce: [addzb32.exe] C:\WINDOWS\addzb32.exe
O4 - HKLM\..\RunOnce: [apiyi.exe] C:\WINDOWS\apiyi.exe
O4 - HKLM\..\RunOnce: [sdkum32.exe] C:\WINDOWS\sdkum32.exe
O4 - HKLM\..\RunOnce: [netdn.exe] C:\WINDOWS\netdn.exe
O4 - HKLM\..\RunOnce: [iprj32.exe] C:\WINDOWS\iprj32.exe
O4 - HKLM\..\RunOnce: [ipxg32.exe] C:\WINDOWS\system32\ipxg32.exe
O4 - HKLM\..\RunOnce: [ipfo32.exe] C:\WINDOWS\system32\ipfo32.exe
O4 - HKLM\..\RunOnce: [javaks.exe] C:\WINDOWS\javaks.exe
O4 - HKLM\..\RunOnce: [addnc.exe] C:\WINDOWS\addnc.exe
O4 - HKLM\..\RunOnce: [crms32.exe] C:\WINDOWS\crms32.exe
O4 - HKLM\..\RunOnce: [ipdh32.exe] C:\WINDOWS\system32\ipdh32.exe
O4 - HKLM\..\RunOnce: [javahm32.exe] C:\WINDOWS\javahm32.exe
O4 - HKLM\..\RunOnce: [atlpm.exe] C:\WINDOWS\system32\atlpm.exe
O4 - HKLM\..\RunOnce: [sysly.exe] C:\WINDOWS\sysly.exe
O4 - HKLM\..\RunOnce: [apijn32.exe] C:\WINDOWS\system32\apijn32.exe
O4 - HKLM\..\RunOnce: [d3vy32.exe] C:\WINDOWS\d3vy32.exe
O4 - HKLM\..\RunOnce: [mfcsb32.exe] C:\WINDOWS\mfcsb32.exe
O4 - HKLM\..\RunOnce: [appnf.exe] C:\WINDOWS\system32\appnf.exe
O4 - HKLM\..\RunOnce: [msmu32.exe] C:\WINDOWS\msmu32.exe
O4 - HKLM\..\RunOnce: [sdkkk.exe] C:\WINDOWS\system32\sdkkk.exe
O4 - HKLM\..\RunOnce: [atljz32.exe] C:\WINDOWS\system32\atljz32.exe
O4 - HKLM\..\RunOnce: [winzx.exe] C:\WINDOWS\winzx.exe
O4 - HKLM\..\RunOnce: [sysix.exe] C:\WINDOWS\system32\sysix.exe
O4 - HKLM\..\RunOnce: [syscp.exe] C:\WINDOWS\syscp.exe
O4 - HKLM\..\RunOnce: [addku.exe] C:\WINDOWS\system32\addku.exe
O4 - HKLM\..\RunOnce: [addpv32.exe] C:\WINDOWS\addpv32.exe
O4 - HKLM\..\RunOnce: [d3gl32.exe] C:\WINDOWS\d3gl32.exe
O4 - HKLM\..\RunOnce: [msnt.exe] C:\WINDOWS\system32\msnt.exe
O4 - HKLM\..\RunOnce: [d3ot.exe] C:\WINDOWS\d3ot.exe
O4 - HKLM\..\RunOnce: [appei32.exe] C:\WINDOWS\system32\appei32.exe
O4 - HKLM\..\RunOnce: [apicq32.exe] C:\WINDOWS\system32\apicq32.exe
O4 - HKLM\..\RunOnce: [atlxb.exe] C:\WINDOWS\atlxb.exe
O4 - HKLM\..\RunOnce: [iewr32.exe] C:\WINDOWS\iewr32.exe
O4 - HKLM\..\RunOnce: [javamg32.exe] C:\WINDOWS\system32\javamg32.exe
O4 - HKLM\..\RunOnce: [javauo.exe] C:\WINDOWS\system32\javauo.exe
O4 - HKLM\..\RunOnce: [sysse32.exe] C:\WINDOWS\sysse32.exe
O4 - HKLM\..\RunOnce: [mfccc32.exe] C:\WINDOWS\system32\mfccc32.exe
O4 - HKLM\..\RunOnce: [javaxo32.exe] C:\WINDOWS\system32\javaxo32.exe
O4 - HKLM\..\RunOnce: [mscs.exe] C:\WINDOWS\mscs.exe
O4 - HKLM\..\RunOnce: [d3lt32.exe] C:\WINDOWS\system32\d3lt32.exe
O4 - HKLM\..\RunOnce: [crzp.exe] C:\WINDOWS\crzp.exe
O4 - HKLM\..\RunOnce: [d3fm.exe] C:\WINDOWS\d3fm.exe
O4 - HKLM\..\RunOnce: [apilj.exe] C:\WINDOWS\system32\apilj.exe
O4 - HKLM\..\RunOnce: [msfu.exe] C:\WINDOWS\msfu.exe
O4 - HKLM\..\RunOnce: [javauj.exe] C:\WINDOWS\javauj.exe
O4 - HKLM\..\RunOnce: [apinc32.exe] C:\WINDOWS\system32\apinc32.exe
O4 - HKLM\..\RunOnce: [netyn.exe] C:\WINDOWS\netyn.exe
O4 - HKLM\..\RunOnce: [crcr.exe] C:\WINDOWS\crcr.exe
O4 - HKLM\..\RunOnce: [sdksm.exe] C:\WINDOWS\sdksm.exe
O4 - HKLM\..\RunOnce: [javagj32.exe] C:\WINDOWS\javagj32.exe
O4 - HKLM\..\RunOnce: [sdkmg32.exe] C:\WINDOWS\system32\sdkmg32.exe
O4 - HKLM\..\RunOnce: [atlrc32.exe] C:\WINDOWS\atlrc32.exe
O4 - HKLM\..\RunOnce: [netya32.exe] C:\WINDOWS\system32\netya32.exe
O4 - HKLM\..\RunOnce: [appop.exe] C:\WINDOWS\appop.exe
O4 - HKLM\..\RunOnce: [msnf32.exe] C:\WINDOWS\system32\msnf32.exe
O4 - HKLM\..\RunOnce: [sdklm32.exe] C:\WINDOWS\sdklm32.exe
O4 - HKLM\..\RunOnce: [javalc.exe] C:\WINDOWS\javalc.exe
O4 - HKLM\..\RunOnce: [ntud.exe] C:\WINDOWS\system32\ntud.exe
O4 - HKLM\..\RunOnce: [iejs32.exe] C:\WINDOWS\iejs32.exe
O4 - HKLM\..\RunOnce: [atltq32.exe] C:\WINDOWS\system32\atltq32.exe
O4 - HKLM\..\RunOnce: [sdkoc32.exe] C:\WINDOWS\sdkoc32.exe
O4 - HKLM\..\RunOnce: [d3bg.exe] C:\WINDOWS\d3bg.exe
O4 - HKLM\..\RunOnce: [crch32.exe] C:\WINDOWS\crch32.exe
O4 - HKLM\..\RunOnce: [javaqd.exe] C:\WINDOWS\javaqd.exe
O4 - HKLM\..\RunOnce: [crwa.exe] C:\WINDOWS\crwa.exe
O4 - HKLM\..\RunOnce: [d3ei.exe] C:\WINDOWS\d3ei.exe
O4 - HKLM\..\RunOnce: [wincd32.exe] C:\WINDOWS\wincd32.exe
O4 - HKLM\..\RunOnce: [appoo.exe] C:\WINDOWS\appoo.exe
O4 - HKLM\..\RunOnce: [netss.exe] C:\WINDOWS\system32\netss.exe
O4 - HKLM\..\RunOnce: [d3hi32.exe] C:\WINDOWS\d3hi32.exe
O4 - HKLM\..\RunOnce: [sysxp32.exe] C:\WINDOWS\sysxp32.exe
O4 - HKLM\..\RunOnce: [mssb.exe] C:\WINDOWS\mssb.exe
O4 - HKLM\..\RunOnce: [ntrq32.exe] C:\WINDOWS\ntrq32.exe
O4 - HKLM\..\RunOnce: [mfcqy32.exe] C:\WINDOWS\system32\mfcqy32.exe
O4 - HKLM\..\RunOnce: [mfcpo.exe] C:\WINDOWS\system32\mfcpo.exe
O4 - HKLM\..\RunOnce: [atlyo.exe] C:\WINDOWS\atlyo.exe
O4 - HKLM\..\RunOnce: [sdkod.exe] C:\WINDOWS\system32\sdkod.exe
O4 - HKLM\..\RunOnce: [netds32.exe] C:\WINDOWS\system32\netds32.exe
O4 - HKLM\..\RunOnce: [sdkiv.exe] C:\WINDOWS\system32\sdkiv.exe
O4 - HKLM\..\RunOnce: [netmz.exe] C:\WINDOWS\netmz.exe
O4 - HKLM\..\RunOnce: [crbw32.exe] C:\WINDOWS\system32\crbw32.exe
O4 - HKLM\..\RunOnce: [sysad.exe] C:\WINDOWS\system32\sysad.exe
O4 - HKLM\..\RunOnce: [atlwh32.exe] C:\WINDOWS\atlwh32.exe
O4 - HKLM\..\RunOnce: [winfi.exe] C:\WINDOWS\system32\winfi.exe
O4 - HKLM\..\RunOnce: [addte32.exe] C:\WINDOWS\addte32.exe
O4 - HKLM\..\RunOnce: [winzb32.exe] C:\WINDOWS\system32\winzb32.exe
O4 - HKLM\..\RunOnce: [addhj32.exe] C:\WINDOWS\addhj32.exe
O4 - HKLM\..\RunOnce: [d3hx.exe] C:\WINDOWS\d3hx.exe
O4 - HKLM\..\RunOnce: [winzy.exe] C:\WINDOWS\winzy.exe
O4 - HKLM\..\RunOnce: [sdkqx32.exe] C:\WINDOWS\sdkqx32.exe
O4 - HKLM\..\RunOnce: [winfm32.exe] C:\WINDOWS\winfm32.exe
O4 - HKLM\..\RunOnce: [sdkfu.exe] C:\WINDOWS\system32\sdkfu.exe
O4 - HKLM\..\RunOnce: [apijg.exe] C:\WINDOWS\system32\apijg.exe
O4 - HKLM\..\RunOnce: [cryv32.exe] C:\WINDOWS\cryv32.exe
O4 - HKLM\..\RunOnce: [ieod32.exe] C:\WINDOWS\ieod32.exe
O4 - HKLM\..\RunOnce: [d3rh.exe] C:\WINDOWS\d3rh.exe
O4 - HKLM\..\RunOnce: [ipqw32.exe] C:\WINDOWS\ipqw32.exe
O4 - HKLM\..\RunOnce: [crbv32.exe] C:\WINDOWS\crbv32.exe
O4 - HKLM\..\RunOnce: [d3vo32.exe] C:\WINDOWS\d3vo32.exe
O4 - HKLM\..\RunOnce: [ipzl32.exe] C:\WINDOWS\system32\ipzl32.exe
O4 - HKLM\..\RunOnce: [msuw.exe] C:\WINDOWS\msuw.exe
O4 - HKLM\..\RunOnce: [javayi32.exe] C:\WINDOWS\system32\javayi32.exe
O4 - HKLM\..\RunOnce: [netxq.exe] C:\WINDOWS\netxq.exe
O4 - HKLM\..\RunOnce: [winwf32.exe] C:\WINDOWS\winwf32.exe
O4 - HKLM\..\RunOnce: [d3mv32.exe] C:\WINDOWS\system32\d3mv32.exe
O4 - HKLM\..\RunOnce: [msud.exe] C:\WINDOWS\system32\msud.exe
O4 - HKLM\..\RunOnce: [d3ud.exe] C:\WINDOWS\d3ud.exe
O4 - HKLM\..\RunOnce: [atlej32.exe] C:\WINDOWS\atlej32.exe
O4 - HKLM\..\RunOnce: [syscz.exe] C:\WINDOWS\system32\syscz.exe
O4 - HKLM\..\RunOnce: [sdkbo32.exe] C:\WINDOWS\system32\sdkbo32.exe
O4 - HKLM\..\RunOnce: [apire32.exe] C:\WINDOWS\apire32.exe
O4 - HKLM\..\RunOnce: [netzm.exe] C:\WINDOWS\system32\netzm.exe
O4 - HKLM\..\RunOnce: [apiam.exe] C:\WINDOWS\apiam.exe
O4 - HKLM\..\RunOnce: [javapj32.exe] C:\WINDOWS\system32\javapj32.exe
O4 - HKLM\..\RunOnce: [ienr32.exe] C:\WINDOWS\system32\ienr32.exe
O4 - HKLM\..\RunOnce: [d3iv.exe] C:\WINDOWS\d3iv.exe
O4 - HKLM\..\RunOnce: [nethk32.exe] C:\WINDOWS\nethk32.exe
O4 - HKLM\..\RunOnce: [appxa32.exe] C:\WINDOWS\system32\appxa32.exe
O4 - HKLM\..\RunOnce: [atlfi.exe] C:\WINDOWS\system32\atlfi.exe
O4 - HKLM\..\RunOnce: [javajr.exe] C:\WINDOWS\javajr.exe
O4 - HKLM\..\RunOnce: [mfcih32.exe] C:\WINDOWS\mfcih32.exe
O4 - HKLM\..\RunOnce: [winyw32.exe] C:\WINDOWS\system32\winyw32.exe
O4 - HKLM\..\RunOnce: [addye32.exe] C:\WINDOWS\system32\addye32.exe
O4 - HKLM\..\RunOnce: [netif32.exe] C:\WINDOWS\system32\netif32.exe
O4 - HKLM\..\RunOnce: [iepn.exe] C:\WINDOWS\iepn.exe
O4 - HKLM\..\RunOnce: [crlr.exe] C:\WINDOWS\crlr.exe
O4 - HKLM\..\RunOnce: [winbo32.exe] C:\WINDOWS\system32\winbo32.exe
O4 - HKLM\..\RunOnce: [mfczw32.exe] C:\WINDOWS\system32\mfczw32.exe
O4 - HKLM\..\RunOnce: [appuz.exe] C:\WINDOWS\system32\appuz.exe
O4 - HKLM\..\RunOnce: [mfccv.exe] C:\WINDOWS\system32\mfccv.exe
O4 - HKLM\..\RunOnce: [ntgz32.exe] C:\WINDOWS\ntgz32.exe
O4 - HKLM\..\RunOnce: [apiqa.exe] C:\WINDOWS\system32\apiqa.exe
O4 - HKLM\..\RunOnce: [netvw32.exe] C:\WINDOWS\system32\netvw32.exe
O4 - HKLM\..\RunOnce: [apikt32.exe] C:\WINDOWS\system32\apikt32.exe
O4 - HKLM\..\RunOnce: [winpq32.exe] C:\WINDOWS\system32\winpq32.exe
O4 - HKLM\..\RunOnce: [netkb32.exe] C:\WINDOWS\netkb32.exe
O4 - HKLM\..\RunOnce: [sdkpg.exe] C:\WINDOWS\sdkpg.exe
O4 - HKLM\..\RunOnce: [ntxg32.exe] C:\WINDOWS\system32\ntxg32.exe
O4 - HKLM\..\RunOnce: [apprx.exe] C:\WINDOWS\apprx.exe
O4 - HKLM\..\RunOnce: [sdkli.exe] C:\WINDOWS\system32\sdkli.exe
O4 - HKLM\..\RunOnce: [ipbx.exe] C:\WINDOWS\system32\ipbx.exe
O4 - HKLM\..\RunOnce: [applq32.exe] C:\WINDOWS\applq32.exe
O4 - HKLM\..\RunOnce: [atlfb32.exe] C:\WINDOWS\atlfb32.exe
O4 - HKLM\..\RunOnce: [iejg32.exe] C:\WINDOWS\system32\iejg32.exe
O4 - HKLM\..\RunOnce: [mfcer.exe] C:\WINDOWS\mfcer.exe
O4 - HKLM\..\RunOnce: [addiw.exe] C:\WINDOWS\system32\addiw.exe
O4 - HKLM\..\RunOnce: [netyt32.exe] C:\WINDOWS\netyt32.exe
O4 - HKLM\..\RunOnce: [mfcbu32.exe] C:\WINDOWS\system32\mfcbu32.exe
O4 - HKLM\..\RunOnce: [netnn.exe] C:\WINDOWS\netnn.exe
O4 - HKLM\..\RunOnce: [javarr.exe] C:\WINDOWS\javarr.exe
O4 - HKLM\..\RunOnce: [iebk32.exe] C:\WINDOWS\iebk32.exe
O4 - HKLM\..\RunOnce: [apivw32.exe] C:\WINDOWS\apivw32.exe
O4 - HKLM\..\RunOnce: [atlfw.exe] C:\WINDOWS\atlfw.exe
O4 - HKLM\..\RunOnce: [atllt32.exe] C:\WINDOWS\atllt32.exe
O4 - HKLM\..\RunOnce: [atlzq32.exe] C:\WINDOWS\system32\atlzq32.exe
O4 - HKLM\..\RunOnce: [msem32.exe] C:\WINDOWS\msem32.exe
O4 - HKLM\..\RunOnce: [ipmc.exe] C:\WINDOWS\ipmc.exe
O4 - HKLM\..\RunOnce: [apimc32.exe] C:\WINDOWS\system32\apimc32.exe
O4 - HKLM\..\RunOnce: [d3wi.exe] C:\WINDOWS\system32\d3wi.exe
O4 - HKLM\..\RunOnce: [applg32.exe] C:\WINDOWS\applg32.exe
O4 - HKLM\..\RunOnce: [netjn.exe] C:\WINDOWS\netjn.exe
O4 - HKLM\..\RunOnce: [javafr32.exe] C:\WINDOWS\system32\javafr32.exe
O4 - HKLM\..\RunOnce: [ipps.exe] C:\WINDOWS\ipps.exe
O4 - HKLM\..\RunOnce: [ntco32.exe] C:\WINDOWS\system32\ntco32.exe
O4 - HKLM\..\RunOnce: [iprl32.exe] C:\WINDOWS\iprl32.exe
O4 - HKLM\..\RunOnce: [appoh32.exe] C:\WINDOWS\appoh32.exe
O4 - HKLM\..\RunOnce: [ntrt32.exe] C:\WINDOWS\ntrt32.exe
O4 - HKLM\..\RunOnce: [crvx32.exe] C:\WINDOWS\system32\crvx32.exe
O4 - HKLM\..\RunOnce: [atlvf.exe] C:\WINDOWS\atlvf.exe
O4 - HKLM\..\RunOnce: [crfm32.exe] C:\WINDOWS\system32\crfm32.exe
O4 - HKLM\..\RunOnce: [ieji.exe] C:\WINDOWS\system32\ieji.exe
O4 - HKLM\..\RunOnce: [d3sq.exe] C:\WINDOWS\d3sq.exe
O4 - HKLM\..\RunOnce: [apphf.exe] C:\WINDOWS\system32\apphf.exe
O4 - HKLM\..\RunOnce: [sysxu.exe] C:\WINDOWS\system32\sysxu.exe
O4 - HKLM\..\RunOnce: [javahn32.exe] C:\WINDOWS\javahn32.exe
O4 - HKLM\..\RunOnce: [d3by32.exe] C:\WINDOWS\d3by32.exe
O4 - HKLM\..\RunOnce: [winuv.exe] C:\WINDOWS\winuv.exe
O4 - HKLM\..\RunOnce: [sysyl32.exe] C:\WINDOWS\sysyl32.exe
O4 - HKLM\..\RunOnce: [crxw.exe] C:\WINDOWS\system32\crxw.exe
O4 - HKLM\..\RunOnce: [mswl.exe] C:\WINDOWS\mswl.exe
O4 - HKLM\..\RunOnce: [atlpq32.exe] C:\WINDOWS\system32\atlpq32.exe
O4 - HKLM\..\RunOnce: [ipip.exe] C:\WINDOWS\ipip.exe
O4 - HKLM\..\RunOnce: [netxj32.exe] C:\WINDOWS\netxj32.exe
O4 - HKLM\..\RunOnce: [javatv.exe] C:\WINDOWS\system32\javatv.exe
O4 - HKLM\..\RunOnce: [d3ne.exe] C:\WINDOWS\system32\d3ne.exe
O4 - HKLM\..\RunOnce: [iemu.exe] C:\WINDOWS\iemu.exe
O4 - HKLM\..\RunOnce: [msqe32.exe] C:\WINDOWS\system32\msqe32.exe
O4 - HKLM\..\RunOnce: [d3wa32.exe] C:\WINDOWS\d3wa32.exe
O4 - HKLM\..\RunOnce: [ipbf32.exe] C:\WINDOWS\ipbf32.exe
O4 - HKLM\..\RunOnce: [mseq32.exe] C:\WINDOWS\mseq32.exe
O4 - HKLM\..\RunOnce: [winjv.exe] C:\WINDOWS\system32\winjv.exe
O4 - HKLM\..\RunOnce: [sysjv32.exe] C:\WINDOWS\sysjv32.exe
O4 - HKLM\..\RunOnce: [ieys.exe] C:\WINDOWS\system32\ieys.exe
O4 - HKLM\..\RunOnce: [syseg.exe] C:\WINDOWS\system32\syseg.exe
O4 - HKLM\..\RunOnce: [ntrl.exe] C:\WINDOWS\ntrl.exe
O4 - HKLM\..\RunOnce: [iejr.exe] C:\WINDOWS\system32\iejr.exe
O4 - HKLM\..\RunOnce: [iedl32.exe] C:\WINDOWS\iedl32.exe
O4 - HKLM\..\RunOnce: [ntih32.exe] C:\WINDOWS\system32\ntih32.exe
O4 - HKLM\..\RunOnce: [sysdt32.exe] C:\WINDOWS\sysdt32.exe
O4 - HKLM\..\RunOnce: [appix.exe] C:\WINDOWS\appix.exe
O4 - HKLM\..\RunOnce: [winry32.exe] C:\WINDOWS\winry32.exe
O4 - HKLM\..\RunOnce: [winfu32.exe] C:\WINDOWS\winfu32.exe
O4 - HKLM\..\RunOnce: [javacr32.exe] C:\WINDOWS\javacr32.exe
O4 - HKLM\..\RunOnce: [winfc32.exe] C:\WINDOWS\system32\winfc32.exe
O4 - HKLM\..\RunOnce: [atlkh.exe] C:\WINDOWS\system32\atlkh.exe
O4 - HKLM\..\RunOnce: [javanq.exe] C:\WINDOWS\javanq.exe
O4 - HKLM\..\Run: [addve.exe] C:\WINDOWS\system32\addve.exe
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipst32.exe

Click on Fix Checked and exit HijackThis.


5. Skip This Step


6. Run AboutBuster . This will scan your computer for the bad files and delete them. It will ask to scan the system again, let it. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

7. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

8. Double click on the cwsserviceremove and when asked to merge say yes.

9. Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.

10. Reboot into normal mode.

11. Download and run this online virus scan if you can:<---Important
http://housecall.tre.../start_corp.asp
Make sure you check "AutoClean"

12. Reboot and post a fresh HJT log back here by using the add reply button below, and lets see how we did, MrC


#4 MXH73

MXH73

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 16 July 2005 - 05:48 PM

this is my most recent log of about five min ago.
thanks for your time here.

Logfile of HijackThis v1.99.1
Scan saved at 7:41:05 PM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\ONE\Desktop\trojan killer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ONE\Application Data\Mozilla\Profiles\default\7aa4qhcn.slt\prefs.js)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [tgcmd] "c:\program files\support.com\client\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101257953\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ConMgr.exe] C:\Program Files\EarthLink 5.0\ConMgr.exe
O4 - HKLM\..\Run: [UpdateMgr.exe] C:\Program Files\EarthLink 5.0\updatemgr.exe /NOCM
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: Remocon Driver.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://start.earthlink.net
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game4.pogo.co...m-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-18.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yim...ctl_0_0_0_1.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#5 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 16 July 2005 - 06:03 PM

Well Done :thumbup: Looks Better!

To clean up a bit............

Close ALL programs down, leaving ONLY HijackThis running.
Place a check against the following items:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: Remocon Driver.lnk = ?
Fix the next two only if you no longer have the AOL Toolbar
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

Click on Fix Checked and exit HijackThis.


Open up Internet Explorer , Tools, General Tab, reset your home page to what you want, now the Programs Tab, click Reset Web Settings
That will change everything back to the default settings.

I see you have msconfig running,

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

it shouldn't be, do you know why it is?

It shouldn't be used as a startup manager - let me know.


Reboot and post a fresh HijackThis log and we'll take another look. MrC


#6 MXH73

MXH73

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 16 July 2005 - 06:28 PM

here is the new log
still running aol tool bar
also that pc health was something that i downloaded and have deleted before i rebooted and scanned again.

Logfile of HijackThis v1.99.1
Scan saved at 8:23:55 PM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\sony\giga pocket\shwserv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\COMMON~1\AOL\110125~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110125~1\EE\AOLServiceHost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\ONE\Desktop\trojan killer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ONE\Application Data\Mozilla\Profiles\default\7aa4qhcn.slt\prefs.js)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [tgcmd] "c:\program files\support.com\client\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101257953\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ConMgr.exe] C:\Program Files\EarthLink 5.0\ConMgr.exe
O4 - HKLM\..\Run: [UpdateMgr.exe] C:\Program Files\EarthLink 5.0\updatemgr.exe /NOCM
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://start.earthlink.net
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game4.pogo.co...m-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-18.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yim...ctl_0_0_0_1.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#7 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 16 July 2005 - 06:42 PM

Looks OK, How's it running?

MrC


#8 MXH73

MXH73

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 16 July 2005 - 06:50 PM

other than the slowness from running mcafee while trying to open internet explorer everything seems to be working ok now. thanks again for your help hopefully i dont have to do this again ha ha. many thanks.

#9 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 16 July 2005 - 06:59 PM

OK, if you have more questions or problems please post back here.

I'll leave you with........

Some preventive maintenance:

------------------Must have or do:-----------------

Now that you're clean: <----Important Step!!!!
Delete your system restore files and create a new restore point:
(ME and XP users only)

XP system restore

ME system restore


Visit Windows Update and install all the lastest critical updates.

Install these two free programs, they sit in the backround and protect your system from spy and adware being installed on your system, also from your browser being hijacked. Check for updates weekly.

SpywareBlaster

SpywareGuard


IE-SPYAD
Puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
IE-SPYAD

SpyBot has some protection benefits - use them.

Need a free anti virus?
AVG*free
(check for updates - daily)

How about a firewall? The front door to your computer.
ZoneAlarm*free



----------Free malware removal programs:----------

SpyBot
AD-Aware
CW-Shredder

Free Online Trojan Scan

A SQUARED FREE TROJAN SCANNER

Trojan Hunter
TrojanHunter - free trial

Please consider using FireFox instead of Internet Explorer

Replace Java with SunJava

Pop-up stoppers:
GoogleToolBar
Pop-upStopperFree

Disable Windows MessengerXP - 2K (stops pop-up ads -etc):
Disabling Messenger Service in Windows XP
How to Remove Windows Messenger on Windows XP
How to Remove Windows Messenger on Windows XP
Shoot The Messenger


Don't open e-mail attachments without first scanning them with an up-to-date
anti virus program, even after doing that I would be very careful. Don't click on any executables in e-mails or any other links that you're not sure of.
Watch your surfing habits, don't click on or download anything you're not sure of. Don't install a program that hasn't been recommended by a reputable organization.

Good luck and thanks for using the forum - MrC
:wavey:

#10 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 28 July 2005 - 06:43 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users