Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Problemzz

7 Posts

1253

August 6th, 2005 17:00

HJT LOG - IE PROBLEMS

My internet explorer just does what ever it wants, i can barely use it :smileysad:
 
why is my log so long  :o
 
 
Logfile of HijackThis v1.99.1
Scan saved at 19:05:57, on 06/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\WINDOWS\system32\ntca.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\degos.dll/sp.html#87649
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\degos.dll/sp.html#87649
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\degos.dll/sp.html#87649
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\degos.dll/sp.html#87649
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\degos.dll/sp.html#87649
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\degos.dll/sp.html#87649
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\degos.dll/sp.html#87649
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {1F2866A1-B3DE-97B8-4F2D-4A3C69C0ADD2} - C:\WINDOWS\atluw32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {FD3EAF3D-9310-713E-1400-1F46040FA38A} - C:\WINDOWS\system32\msjo32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ntca.exe] C:\WINDOWS\system32\ntca.exe
O4 - HKLM\..\RunOnce: [iebr32.exe] C:\WINDOWS\iebr32.exe
O4 - HKLM\..\RunOnce: [sysvp32.exe] C:\WINDOWS\sysvp32.exe
O4 - HKLM\..\RunOnce: [sysxt32.exe] C:\WINDOWS\system32\sysxt32.exe
O4 - HKLM\..\RunOnce: [addtl.exe] C:\WINDOWS\system32\addtl.exe
O4 - HKLM\..\RunOnce: [d3we32.exe] C:\WINDOWS\d3we32.exe
O4 - HKLM\..\RunOnce: [ntvp.exe] C:\WINDOWS\system32\ntvp.exe
O4 - HKLM\..\RunOnce: [ntjg32.exe] C:\WINDOWS\system32\ntjg32.exe
O4 - HKLM\..\RunOnce: [netrv32.exe] C:\WINDOWS\netrv32.exe
O4 - HKLM\..\RunOnce: [crok.exe] C:\WINDOWS\system32\crok.exe
O4 - HKLM\..\RunOnce: [winzq.exe] C:\WINDOWS\system32\winzq.exe
O4 - HKLM\..\RunOnce: [appxk.exe] C:\WINDOWS\system32\appxk.exe
O4 - HKLM\..\RunOnce: [sysbb32.exe] C:\WINDOWS\sysbb32.exe
O4 - HKLM\..\RunOnce: [apppg.exe] C:\WINDOWS\system32\apppg.exe
O4 - HKLM\..\RunOnce: [javagx32.exe] C:\WINDOWS\javagx32.exe
O4 - HKLM\..\RunOnce: [winbj.exe] C:\WINDOWS\winbj.exe
O4 - HKLM\..\RunOnce: [msev.exe] C:\WINDOWS\system32\msev.exe
O4 - HKLM\..\RunOnce: [javapt.exe] C:\WINDOWS\system32\javapt.exe
O4 - HKLM\..\RunOnce: [sdkxt.exe] C:\WINDOWS\system32\sdkxt.exe
O4 - HKLM\..\RunOnce: [d3cy.exe] C:\WINDOWS\system32\d3cy.exe
O4 - HKLM\..\RunOnce: [ipnq32.exe] C:\WINDOWS\system32\ipnq32.exe
O4 - HKLM\..\RunOnce: [atllg32.exe] C:\WINDOWS\system32\atllg32.exe
O4 - HKLM\..\RunOnce: [sdkgs.exe] C:\WINDOWS\sdkgs.exe
O4 - HKLM\..\RunOnce: [netke32.exe] C:\WINDOWS\system32\netke32.exe
O4 - HKLM\..\RunOnce: [appit.exe] C:\WINDOWS\appit.exe
O4 - HKLM\..\RunOnce: [ntxq32.exe] C:\WINDOWS\system32\ntxq32.exe
O4 - HKLM\..\RunOnce: [sdkfg.exe] C:\WINDOWS\system32\sdkfg.exe
O4 - HKLM\..\RunOnce: [ntgg.exe] C:\WINDOWS\ntgg.exe
O4 - HKLM\..\RunOnce: [ntay32.exe] C:\WINDOWS\system32\ntay32.exe
O4 - HKLM\..\RunOnce: [sdkig32.exe] C:\WINDOWS\system32\sdkig32.exe
O4 - HKLM\..\RunOnce: [iesy32.exe] C:\WINDOWS\iesy32.exe
O4 - HKLM\..\RunOnce: [netsg.exe] C:\WINDOWS\system32\netsg.exe
O4 - HKLM\..\RunOnce: [atlws.exe] C:\WINDOWS\atlws.exe
O4 - HKLM\..\RunOnce: [ntli32.exe] C:\WINDOWS\system32\ntli32.exe
O4 - HKLM\..\RunOnce: [d3bp.exe] C:\WINDOWS\d3bp.exe
O4 - HKLM\..\RunOnce: [winft32.exe] C:\WINDOWS\winft32.exe
O4 - HKLM\..\RunOnce: [ieuq32.exe] C:\WINDOWS\ieuq32.exe
O4 - HKLM\..\RunOnce: [iejn32.exe] C:\WINDOWS\system32\iejn32.exe
O4 - HKLM\..\RunOnce: [iejv32.exe] C:\WINDOWS\iejv32.exe
O4 - HKLM\..\RunOnce: [addoz32.exe] C:\WINDOWS\addoz32.exe
O4 - HKLM\..\RunOnce: [appqr32.exe] C:\WINDOWS\appqr32.exe
O4 - HKLM\..\RunOnce: [apigy.exe] C:\WINDOWS\system32\apigy.exe
O4 - HKLM\..\RunOnce: [sdkkc32.exe] C:\WINDOWS\sdkkc32.exe
O4 - HKLM\..\RunOnce: [ipud.exe] C:\WINDOWS\system32\ipud.exe
O4 - HKLM\..\RunOnce: [ipow32.exe] C:\WINDOWS\system32\ipow32.exe
O4 - HKLM\..\RunOnce: [atlva.exe] C:\WINDOWS\atlva.exe
O4 - HKLM\..\RunOnce: [atlpt32.exe] C:\WINDOWS\atlpt32.exe
O4 - HKLM\..\RunOnce: [apijm.exe] C:\WINDOWS\system32\apijm.exe
O4 - HKLM\..\RunOnce: [sdkfi.exe] C:\WINDOWS\system32\sdkfi.exe
O4 - HKLM\..\RunOnce: [mfcrv32.exe] C:\WINDOWS\system32\mfcrv32.exe
O4 - HKLM\..\RunOnce: [addbv.exe] C:\WINDOWS\system32\addbv.exe
O4 - HKLM\..\RunOnce: [sdkqy.exe] C:\WINDOWS\system32\sdkqy.exe
O4 - HKLM\..\RunOnce: [atleu.exe] C:\WINDOWS\atleu.exe
O4 - HKLM\..\RunOnce: [mfcjz.exe] C:\WINDOWS\mfcjz.exe
O4 - HKLM\..\RunOnce: [apipw32.exe] C:\WINDOWS\system32\apipw32.exe
O4 - HKLM\..\RunOnce: [msnu.exe] C:\WINDOWS\system32\msnu.exe
O4 - HKLM\..\RunOnce: [appfr32.exe] C:\WINDOWS\system32\appfr32.exe
O4 - HKLM\..\RunOnce: [mfcdt32.exe] C:\WINDOWS\mfcdt32.exe
O4 - HKLM\..\RunOnce: [sysip32.exe] C:\WINDOWS\sysip32.exe
O4 - HKLM\..\RunOnce: [javadp.exe] C:\WINDOWS\javadp.exe
O4 - HKLM\..\RunOnce: [apiir32.exe] C:\WINDOWS\apiir32.exe
O4 - HKLM\..\RunOnce: [iefc.exe] C:\WINDOWS\iefc.exe
O4 - HKLM\..\RunOnce: [mfcuz32.exe] C:\WINDOWS\system32\mfcuz32.exe
O4 - HKLM\..\RunOnce: [apicp.exe] C:\WINDOWS\apicp.exe
O4 - HKLM\..\RunOnce: [mfcgh32.exe] C:\WINDOWS\system32\mfcgh32.exe
O4 - HKLM\..\RunOnce: [apifp32.exe] C:\WINDOWS\system32\apifp32.exe
O4 - HKLM\..\RunOnce: [ntkt.exe] C:\WINDOWS\ntkt.exe
O4 - HKLM\..\RunOnce: [nettt32.exe] C:\WINDOWS\system32\nettt32.exe
O4 - HKLM\..\RunOnce: [systj.exe] C:\WINDOWS\system32\systj.exe
O4 - HKLM\..\RunOnce: [ipnv.exe] C:\WINDOWS\ipnv.exe
O4 - HKLM\..\RunOnce: [ipqm32.exe] C:\WINDOWS\system32\ipqm32.exe
O4 - HKLM\..\RunOnce: [iely32.exe] C:\WINDOWS\system32\iely32.exe
O4 - HKLM\..\RunOnce: [addpc.exe] C:\WINDOWS\addpc.exe
O4 - HKLM\..\RunOnce: [sysyc32.exe] C:\WINDOWS\system32\sysyc32.exe
O4 - HKLM\..\RunOnce: [javagz32.exe] C:\WINDOWS\javagz32.exe
O4 - HKLM\..\RunOnce: [apiha32.exe] C:\WINDOWS\apiha32.exe
O4 - HKLM\..\RunOnce: [sdkyh.exe] C:\WINDOWS\sdkyh.exe
O4 - HKLM\..\RunOnce: [appgv32.exe] C:\WINDOWS\appgv32.exe
O4 - HKLM\..\RunOnce: [ntva32.exe] C:\WINDOWS\system32\ntva32.exe
O4 - HKLM\..\RunOnce: [apity.exe] C:\WINDOWS\apity.exe
O4 - HKLM\..\RunOnce: [mfccy.exe] C:\WINDOWS\system32\mfccy.exe
O4 - HKLM\..\RunOnce: [crdg.exe] C:\WINDOWS\system32\crdg.exe
O4 - HKLM\..\RunOnce: [netcw32.exe] C:\WINDOWS\system32\netcw32.exe
O4 - HKLM\..\RunOnce: [sysdn.exe] C:\WINDOWS\sysdn.exe
O4 - HKLM\..\RunOnce: [mfczr32.exe] C:\WINDOWS\system32\mfczr32.exe
O4 - HKLM\..\RunOnce: [addjs.exe] C:\WINDOWS\addjs.exe
O4 - HKLM\..\RunOnce: [sysed32.exe] C:\WINDOWS\system32\sysed32.exe
O4 - HKLM\..\RunOnce: [d3we.exe] C:\WINDOWS\d3we.exe
O4 - HKLM\..\RunOnce: [msbb32.exe] C:\WINDOWS\system32\msbb32.exe
O4 - HKLM\..\RunOnce: [mfclh.exe] C:\WINDOWS\mfclh.exe
O4 - HKLM\..\RunOnce: [javaaw32.exe] C:\WINDOWS\javaaw32.exe
O4 - HKLM\..\RunOnce: [msqd32.exe] C:\WINDOWS\msqd32.exe
O4 - HKLM\..\RunOnce: [crtp.exe] C:\WINDOWS\crtp.exe
O4 - HKLM\..\RunOnce: [netsx32.exe] C:\WINDOWS\netsx32.exe
O4 - HKLM\..\RunOnce: [appim32.exe] C:\WINDOWS\system32\appim32.exe
O4 - HKLM\..\RunOnce: [atlzd.exe] C:\WINDOWS\atlzd.exe
O4 - HKLM\..\RunOnce: [crni32.exe] C:\WINDOWS\crni32.exe
O4 - HKLM\..\RunOnce: [adddv32.exe] C:\WINDOWS\system32\adddv32.exe
O4 - HKLM\..\RunOnce: [appwo.exe] C:\WINDOWS\appwo.exe
O4 - HKLM\..\RunOnce: [netsk.exe] C:\WINDOWS\system32\netsk.exe
O4 - HKLM\..\RunOnce: [javall32.exe] C:\WINDOWS\javall32.exe
O4 - HKLM\..\RunOnce: [msbs.exe] C:\WINDOWS\msbs.exe
O4 - HKLM\..\RunOnce: [appfw32.exe] C:\WINDOWS\system32\appfw32.exe
O4 - HKLM\..\RunOnce: [syspx.exe] C:\WINDOWS\syspx.exe
O4 - HKLM\..\RunOnce: [javaaw.exe] C:\WINDOWS\system32\javaaw.exe
O4 - HKLM\..\RunOnce: [ipda.exe] C:\WINDOWS\ipda.exe
O4 - HKLM\..\RunOnce: [atlwg32.exe] C:\WINDOWS\system32\atlwg32.exe
O4 - HKLM\..\RunOnce: [applv32.exe] C:\WINDOWS\applv32.exe
O4 - HKLM\..\RunOnce: [msqa32.exe] C:\WINDOWS\system32\msqa32.exe
O4 - HKLM\..\RunOnce: [atlll32.exe] C:\WINDOWS\atlll32.exe
O4 - HKLM\..\RunOnce: [netpq.exe] C:\WINDOWS\system32\netpq.exe
O4 - HKLM\..\RunOnce: [apiyq32.exe] C:\WINDOWS\apiyq32.exe
O4 - HKLM\..\RunOnce: [apinv32.exe] C:\WINDOWS\system32\apinv32.exe
O4 - HKLM\..\RunOnce: [javawv32.exe] C:\WINDOWS\javawv32.exe
O4 - HKLM\..\RunOnce: [d3ky.exe] C:\WINDOWS\d3ky.exe
O4 - HKLM\..\RunOnce: [appzd32.exe] C:\WINDOWS\system32\appzd32.exe
O4 - HKLM\..\RunOnce: [winde.exe] C:\WINDOWS\system32\winde.exe
O4 - HKLM\..\RunOnce: [mfcqx32.exe] C:\WINDOWS\mfcqx32.exe
O4 - HKLM\..\RunOnce: [ntge.exe] C:\WINDOWS\ntge.exe
O4 - HKLM\..\RunOnce: [d3ki32.exe] C:\WINDOWS\system32\d3ki32.exe
O4 - HKLM\..\RunOnce: [javaaf32.exe] C:\WINDOWS\javaaf32.exe
O4 - HKLM\..\RunOnce: [ipyb32.exe] C:\WINDOWS\ipyb32.exe
O4 - HKLM\..\RunOnce: [javawi.exe] C:\WINDOWS\javawi.exe
O4 - HKLM\..\RunOnce: [iesm32.exe] C:\WINDOWS\iesm32.exe
O4 - HKLM\..\RunOnce: [mfcfw32.exe] C:\WINDOWS\system32\mfcfw32.exe
O4 - HKLM\..\RunOnce: [sysvl.exe] C:\WINDOWS\sysvl.exe
O4 - HKLM\..\RunOnce: [ipsz.exe] C:\WINDOWS\ipsz.exe
O4 - HKLM\..\RunOnce: [msvi32.exe] C:\WINDOWS\msvi32.exe
O4 - HKLM\..\RunOnce: [ievy.exe] C:\WINDOWS\system32\ievy.exe
O4 - HKLM\..\RunOnce: [ipjt.exe] C:\WINDOWS\system32\ipjt.exe
O4 - HKLM\..\RunOnce: [mfcnf32.exe] C:\WINDOWS\mfcnf32.exe
O4 - HKLM\..\RunOnce: [windm.exe] C:\WINDOWS\system32\windm.exe
O4 - HKLM\..\RunOnce: [netbr32.exe] C:\WINDOWS\netbr32.exe
O4 - HKLM\..\RunOnce: [neter32.exe] C:\WINDOWS\neter32.exe
O4 - HKLM\..\RunOnce: [addjv32.exe] C:\WINDOWS\addjv32.exe
O4 - HKLM\..\RunOnce: [ipeh32.exe] C:\WINDOWS\ipeh32.exe
O4 - HKLM\..\RunOnce: [javaql.exe] C:\WINDOWS\system32\javaql.exe
O4 - HKLM\..\RunOnce: [ntrl32.exe] C:\WINDOWS\ntrl32.exe
O4 - HKLM\..\RunOnce: [applc.exe] C:\WINDOWS\applc.exe
O4 - HKLM\..\RunOnce: [ipvd.exe] C:\WINDOWS\ipvd.exe
O4 - HKLM\..\RunOnce: [atlfw32.exe] C:\WINDOWS\system32\atlfw32.exe
O4 - HKLM\..\RunOnce: [mfczh32.exe] C:\WINDOWS\mfczh32.exe
O4 - HKLM\..\RunOnce: [iedd32.exe] C:\WINDOWS\iedd32.exe
O4 - HKLM\..\RunOnce: [addcb.exe] C:\WINDOWS\system32\addcb.exe
O4 - HKLM\..\RunOnce: [sysmc32.exe] C:\WINDOWS\sysmc32.exe
O4 - HKLM\..\RunOnce: [d3vk.exe] C:\WINDOWS\d3vk.exe
O4 - HKLM\..\RunOnce: [msbz32.exe] C:\WINDOWS\msbz32.exe
O4 - HKLM\..\RunOnce: [javaic32.exe] C:\WINDOWS\system32\javaic32.exe
O4 - HKLM\..\RunOnce: [msyk.exe] C:\WINDOWS\system32\msyk.exe
O4 - HKLM\..\RunOnce: [syslo.exe] C:\WINDOWS\system32\syslo.exe
O4 - HKLM\..\RunOnce: [sysga32.exe] C:\WINDOWS\system32\sysga32.exe
O4 - HKLM\..\RunOnce: [winfq32.exe] C:\WINDOWS\system32\winfq32.exe
O4 - HKLM\..\RunOnce: [atlku32.exe] C:\WINDOWS\atlku32.exe
O4 - HKLM\..\RunOnce: [crku.exe] C:\WINDOWS\system32\crku.exe
O4 - HKLM\..\RunOnce: [ntog.exe] C:\WINDOWS\ntog.exe
O4 - HKLM\..\RunOnce: [sdkwm32.exe] C:\WINDOWS\sdkwm32.exe
O4 - HKLM\..\RunOnce: [appqn32.exe] C:\WINDOWS\appqn32.exe
O4 - HKLM\..\RunOnce: [nttz.exe] C:\WINDOWS\nttz.exe
O4 - HKLM\..\RunOnce: [msjo32.exe] C:\WINDOWS\system32\msjo32.exe
O4 - HKLM\..\RunOnce: [addzv.exe] C:\WINDOWS\system32\addzv.exe
O4 - HKLM\..\RunOnce: [apidz32.exe] C:\WINDOWS\system32\apidz32.exe
O4 - HKLM\..\RunOnce: [appna.exe] C:\WINDOWS\system32\appna.exe
O4 - HKLM\..\RunOnce: [atlsx32.exe] C:\WINDOWS\system32\atlsx32.exe
O4 - HKLM\..\RunOnce: [apphu32.exe] C:\WINDOWS\system32\apphu32.exe
O4 - HKLM\..\RunOnce: [msmq32.exe] C:\WINDOWS\system32\msmq32.exe
O4 - HKLM\..\RunOnce: [ieue32.exe] C:\WINDOWS\system32\ieue32.exe
O4 - HKLM\..\RunOnce: [sysof.exe] C:\WINDOWS\sysof.exe
O4 - HKLM\..\RunOnce: [netir.exe] C:\WINDOWS\system32\netir.exe
O4 - HKLM\..\RunOnce: [sysir32.exe] C:\WINDOWS\sysir32.exe
O4 - HKLM\..\RunOnce: [ntqh32.exe] C:\WINDOWS\ntqh32.exe
O4 - HKLM\..\RunOnce: [d3go.exe] C:\WINDOWS\d3go.exe
O4 - HKLM\..\RunOnce: [iezp32.exe] C:\WINDOWS\system32\iezp32.exe
O4 - HKLM\..\RunOnce: [msom32.exe] C:\WINDOWS\msom32.exe
O4 - HKLM\..\RunOnce: [sysns.exe] C:\WINDOWS\system32\sysns.exe
O4 - HKLM\..\RunOnce: [ntna32.exe] C:\WINDOWS\ntna32.exe
O4 - HKLM\..\RunOnce: [sdkht.exe] C:\WINDOWS\sdkht.exe
O4 - HKLM\..\RunOnce: [iedp.exe] C:\WINDOWS\system32\iedp.exe
O4 - HKLM\..\RunOnce: [addvq32.exe] C:\WINDOWS\addvq32.exe
O4 - HKLM\..\RunOnce: [apilx.exe] C:\WINDOWS\system32\apilx.exe
O4 - HKLM\..\RunOnce: [sdkpb32.exe] C:\WINDOWS\system32\sdkpb32.exe
O4 - HKLM\..\RunOnce: [netzc.exe] C:\WINDOWS\system32\netzc.exe
O4 - HKLM\..\RunOnce: [nettv32.exe] C:\WINDOWS\nettv32.exe
O4 - HKLM\..\RunOnce: [addyr32.exe] C:\WINDOWS\system32\addyr32.exe
O4 - HKLM\..\RunOnce: [appar32.exe] C:\WINDOWS\appar32.exe
O4 - HKLM\..\RunOnce: [d3ms32.exe] C:\WINDOWS\system32\d3ms32.exe
O4 - HKLM\..\RunOnce: [crua.exe] C:\WINDOWS\crua.exe
O4 - HKLM\..\RunOnce: [mfcix32.exe] C:\WINDOWS\system32\mfcix32.exe
O4 - HKLM\..\RunOnce: [mscy32.exe] C:\WINDOWS\mscy32.exe
O4 - HKLM\..\RunOnce: [sdkso32.exe] C:\WINDOWS\system32\sdkso32.exe
O4 - HKLM\..\RunOnce: [ntbw.exe] C:\WINDOWS\system32\ntbw.exe
O4 - HKLM\..\RunOnce: [ieyl32.exe] C:\WINDOWS\ieyl32.exe
O4 - HKLM\..\RunOnce: [sdkyz.exe] C:\WINDOWS\sdkyz.exe
O4 - HKLM\..\RunOnce: [ipms32.exe] C:\WINDOWS\system32\ipms32.exe
O4 - HKLM\..\RunOnce: [apprp.exe] C:\WINDOWS\system32\apprp.exe
O4 - HKLM\..\RunOnce: [javafs32.exe] C:\WINDOWS\system32\javafs32.exe
O4 - HKLM\..\RunOnce: [addug32.exe] C:\WINDOWS\addug32.exe
O4 - HKLM\..\RunOnce: [sdkuo32.exe] C:\WINDOWS\system32\sdkuo32.exe
O4 - HKLM\..\RunOnce: [winpa32.exe] C:\WINDOWS\winpa32.exe
O4 - HKLM\..\RunOnce: [appce.exe] C:\WINDOWS\system32\appce.exe
O4 - HKLM\..\RunOnce: [adddf32.exe] C:\WINDOWS\adddf32.exe
O4 - HKLM\..\RunOnce: [addxy.exe] C:\WINDOWS\addxy.exe
O4 - HKLM\..\RunOnce: [javakv.exe] C:\WINDOWS\system32\javakv.exe
O4 - HKLM\..\RunOnce: [mfcbc32.exe] C:\WINDOWS\system32\mfcbc32.exe
O4 - HKLM\..\RunOnce: [crqr.exe] C:\WINDOWS\system32\crqr.exe

Message Edited by Problemzz on 08-06-2005 01:18 PM

Problemzz

7 Posts

August 6th, 2005 17:00

O4 - HKLM\..\RunOnce: [ipiv32.exe] C:\WINDOWS\ipiv32.exe
O4 - HKLM\..\RunOnce: [appns32.exe] C:\WINDOWS\appns32.exe
O4 - HKLM\..\RunOnce: [atlvq.exe] C:\WINDOWS\atlvq.exe
O4 - HKLM\..\RunOnce: [sdkey.exe] C:\WINDOWS\sdkey.exe
O4 - HKLM\..\RunOnce: [msic32.exe] C:\WINDOWS\system32\msic32.exe
O4 - HKLM\..\RunOnce: [crsd.exe] C:\WINDOWS\crsd.exe
O4 - HKLM\..\RunOnce: [crxz32.exe] C:\WINDOWS\system32\crxz32.exe
O4 - HKLM\..\RunOnce: [atlhg.exe] C:\WINDOWS\atlhg.exe
O4 - HKLM\..\RunOnce: [ntwv32.exe] C:\WINDOWS\system32\ntwv32.exe
O4 - HKLM\..\RunOnce: [d3uc.exe] C:\WINDOWS\d3uc.exe
O4 - HKLM\..\RunOnce: [winqg32.exe] C:\WINDOWS\winqg32.exe
O4 - HKLM\..\RunOnce: [msah.exe] C:\WINDOWS\msah.exe
O4 - HKLM\..\RunOnce: [iend32.exe] C:\WINDOWS\iend32.exe
O4 - HKLM\..\RunOnce: [ntzw32.exe] C:\WINDOWS\ntzw32.exe
O4 - HKLM\..\RunOnce: [ieci.exe] C:\WINDOWS\system32\ieci.exe
O4 - HKLM\..\RunOnce: [crgu32.exe] C:\WINDOWS\system32\crgu32.exe
O4 - HKLM\..\RunOnce: [ipwk.exe] C:\WINDOWS\system32\ipwk.exe
O4 - HKLM\..\RunOnce: [javapt32.exe] C:\WINDOWS\javapt32.exe
O4 - HKLM\..\RunOnce: [netni.exe] C:\WINDOWS\system32\netni.exe
O4 - HKLM\..\RunOnce: [winmq32.exe] C:\WINDOWS\winmq32.exe
O4 - HKLM\..\RunOnce: [d3kf32.exe] C:\WINDOWS\system32\d3kf32.exe
O4 - HKLM\..\RunOnce: [mskv32.exe] C:\WINDOWS\system32\mskv32.exe
O4 - HKLM\..\RunOnce: [appuo32.exe] C:\WINDOWS\appuo32.exe
O4 - HKLM\..\RunOnce: [iehg32.exe] C:\WINDOWS\iehg32.exe
O4 - HKLM\..\RunOnce: [javaxw.exe] C:\WINDOWS\system32\javaxw.exe
O4 - HKLM\..\RunOnce: [apiwl32.exe] C:\WINDOWS\system32\apiwl32.exe
O4 - HKLM\..\RunOnce: [addub32.exe] C:\WINDOWS\addub32.exe
O4 - HKLM\..\RunOnce: [adduj.exe] C:\WINDOWS\adduj.exe
O4 - HKLM\..\RunOnce: [windj.exe] C:\WINDOWS\windj.exe
O4 - HKLM\..\RunOnce: [netsg32.exe] C:\WINDOWS\netsg32.exe
O4 - HKLM\..\RunOnce: [sdkio32.exe] C:\WINDOWS\sdkio32.exe
O4 - HKLM\..\RunOnce: [ipdr.exe] C:\WINDOWS\ipdr.exe
O4 - HKLM\..\RunOnce: [iebx32.exe] C:\WINDOWS\system32\iebx32.exe
O4 - HKLM\..\RunOnce: [sysaf.exe] C:\WINDOWS\system32\sysaf.exe
O4 - HKLM\..\RunOnce: [msjf.exe] C:\WINDOWS\msjf.exe
O4 - HKLM\..\RunOnce: [atlzc32.exe] C:\WINDOWS\system32\atlzc32.exe
O4 - HKLM\..\RunOnce: [netpj32.exe] C:\WINDOWS\system32\netpj32.exe
O4 - HKLM\..\RunOnce: [mfcsn.exe] C:\WINDOWS\system32\mfcsn.exe
O4 - HKLM\..\RunOnce: [sysrd32.exe] C:\WINDOWS\system32\sysrd32.exe
O4 - HKLM\..\RunOnce: [apimm32.exe] C:\WINDOWS\system32\apimm32.exe
O4 - HKLM\..\RunOnce: [addfd32.exe] C:\WINDOWS\system32\addfd32.exe
O4 - HKLM\..\RunOnce: [winua32.exe] C:\WINDOWS\system32\winua32.exe
O4 - HKLM\..\RunOnce: [crzw32.exe] C:\WINDOWS\system32\crzw32.exe
O4 - HKLM\..\RunOnce: [mfczu32.exe] C:\WINDOWS\mfczu32.exe
O4 - HKLM\..\RunOnce: [d3gu.exe] C:\WINDOWS\system32\d3gu.exe
O4 - HKLM\..\RunOnce: [iesw32.exe] C:\WINDOWS\system32\iesw32.exe
O4 - HKLM\..\RunOnce: [d3ne32.exe] C:\WINDOWS\system32\d3ne32.exe
O4 - HKLM\..\RunOnce: [crbt32.exe] C:\WINDOWS\crbt32.exe
O4 - HKLM\..\RunOnce: [apigx32.exe] C:\WINDOWS\apigx32.exe
O4 - HKLM\..\RunOnce: [d3bj32.exe] C:\WINDOWS\d3bj32.exe
O4 - HKLM\..\RunOnce: [ipig32.exe] C:\WINDOWS\system32\ipig32.exe
O4 - HKLM\..\RunOnce: [winhw.exe] C:\WINDOWS\winhw.exe
O4 - HKLM\..\RunOnce: [iplg.exe] C:\WINDOWS\system32\iplg.exe
O4 - HKLM\..\RunOnce: [appkw32.exe] C:\WINDOWS\system32\appkw32.exe
O4 - HKLM\..\RunOnce: [msal32.exe] C:\WINDOWS\msal32.exe
O4 - HKLM\..\RunOnce: [ieit.exe] C:\WINDOWS\ieit.exe
O4 - HKLM\..\RunOnce: [msjt.exe] C:\WINDOWS\system32\msjt.exe
O4 - HKLM\..\RunOnce: [atlyr32.exe] C:\WINDOWS\atlyr32.exe
O4 - HKLM\..\RunOnce: [netwy32.exe] C:\WINDOWS\netwy32.exe
O4 - HKLM\..\RunOnce: [sysqr32.exe] C:\WINDOWS\sysqr32.exe
O4 - HKLM\..\RunOnce: [crph32.exe] C:\WINDOWS\system32\crph32.exe
O4 - HKLM\..\RunOnce: [nettt.exe] C:\WINDOWS\nettt.exe
O4 - HKLM\..\RunOnce: [appxx.exe] C:\WINDOWS\system32\appxx.exe
O4 - HKLM\..\RunOnce: [d3du.exe] C:\WINDOWS\d3du.exe
O4 - HKLM\..\RunOnce: [ntch.exe] C:\WINDOWS\system32\ntch.exe
O4 - HKLM\..\RunOnce: [d3fl.exe] C:\WINDOWS\d3fl.exe
O4 - HKLM\..\RunOnce: [sysqm32.exe] C:\WINDOWS\system32\sysqm32.exe
O4 - HKLM\..\RunOnce: [ipkx32.exe] C:\WINDOWS\ipkx32.exe
O4 - HKLM\..\RunOnce: [mfcuy.exe] C:\WINDOWS\mfcuy.exe
O4 - HKLM\..\RunOnce: [apizv32.exe] C:\WINDOWS\apizv32.exe
O4 - HKLM\..\RunOnce: [apioz32.exe] C:\WINDOWS\system32\apioz32.exe
O4 - HKLM\..\RunOnce: [ntae.exe] C:\WINDOWS\ntae.exe
O4 - HKLM\..\RunOnce: [ipqj32.exe] C:\WINDOWS\ipqj32.exe
O4 - HKLM\..\RunOnce: [javaun.exe] C:\WINDOWS\system32\javaun.exe
O4 - HKLM\..\RunOnce: [addyf.exe] C:\WINDOWS\system32\addyf.exe
O4 - HKLM\..\RunOnce: [ipvc32.exe] C:\WINDOWS\system32\ipvc32.exe
O4 - HKLM\..\RunOnce: [ipes.exe] C:\WINDOWS\ipes.exe
O4 - HKLM\..\RunOnce: [winjp32.exe] C:\WINDOWS\system32\winjp32.exe
O4 - HKLM\..\RunOnce: [ieeb.exe] C:\WINDOWS\ieeb.exe
O4 - HKLM\..\RunOnce: [ntdi32.exe] C:\WINDOWS\ntdi32.exe
O4 - HKLM\..\RunOnce: [crrd32.exe] C:\WINDOWS\crrd32.exe
O4 - HKLM\..\RunOnce: [d3zl32.exe] C:\WINDOWS\system32\d3zl32.exe
O4 - HKLM\..\RunOnce: [winil32.exe] C:\WINDOWS\winil32.exe
O4 - HKLM\..\RunOnce: [winrs32.exe] C:\WINDOWS\system32\winrs32.exe
O4 - HKLM\..\RunOnce: [crwe.exe] C:\WINDOWS\system32\crwe.exe
O4 - HKLM\..\RunOnce: [ntaq.exe] C:\WINDOWS\ntaq.exe
O4 - HKLM\..\RunOnce: [iepf32.exe] C:\WINDOWS\system32\iepf32.exe
O4 - HKLM\..\RunOnce: [addnm.exe] C:\WINDOWS\system32\addnm.exe
O4 - HKLM\..\RunOnce: [apijq32.exe] C:\WINDOWS\apijq32.exe
O4 - HKLM\..\RunOnce: [appya32.exe] C:\WINDOWS\appya32.exe
O4 - HKLM\..\RunOnce: [atltr.exe] C:\WINDOWS\atltr.exe
O4 - HKLM\..\RunOnce: [atlzo32.exe] C:\WINDOWS\atlzo32.exe
O4 - HKLM\..\RunOnce: [mfcvt32.exe] C:\WINDOWS\system32\mfcvt32.exe
O4 - HKLM\..\RunOnce: [ipax.exe] C:\WINDOWS\ipax.exe
O4 - HKLM\..\RunOnce: [msdg.exe] C:\WINDOWS\msdg.exe
O4 - HKLM\..\RunOnce: [ntcw32.exe] C:\WINDOWS\system32\ntcw32.exe
O4 - HKLM\..\RunOnce: [atlsm32.exe] C:\WINDOWS\atlsm32.exe
O4 - HKLM\..\RunOnce: [sdkqr.exe] C:\WINDOWS\sdkqr.exe
O4 - HKLM\..\RunOnce: [netgy32.exe] C:\WINDOWS\netgy32.exe
O4 - HKLM\..\RunOnce: [ipzr.exe] C:\WINDOWS\system32\ipzr.exe
O4 - HKLM\..\RunOnce: [d3vv32.exe] C:\WINDOWS\system32\d3vv32.exe
O4 - HKLM\..\RunOnce: [sdkfw.exe] C:\WINDOWS\system32\sdkfw.exe
O4 - HKLM\..\RunOnce: [addnc.exe] C:\WINDOWS\addnc.exe
O4 - HKLM\..\RunOnce: [d3mr32.exe] C:\WINDOWS\d3mr32.exe
O4 - HKLM\..\RunOnce: [appbp32.exe] C:\WINDOWS\system32\appbp32.exe
O4 - HKLM\..\RunOnce: [winea.exe] C:\WINDOWS\system32\winea.exe
O4 - HKLM\..\RunOnce: [crdq32.exe] C:\WINDOWS\system32\crdq32.exe
O4 - HKLM\..\RunOnce: [ipuy32.exe] C:\WINDOWS\ipuy32.exe
O4 - HKLM\..\RunOnce: [ntbo.exe] C:\WINDOWS\ntbo.exe
O4 - HKLM\..\RunOnce: [netco.exe] C:\WINDOWS\system32\netco.exe
O4 - HKLM\..\RunOnce: [d3sd.exe] C:\WINDOWS\d3sd.exe
O4 - HKLM\..\RunOnce: [sdkhs32.exe] C:\WINDOWS\sdkhs32.exe
O4 - HKLM\..\RunOnce: [crad.exe] C:\WINDOWS\system32\crad.exe
O4 - HKLM\..\RunOnce: [syswh32.exe] C:\WINDOWS\system32\syswh32.exe
O4 - HKLM\..\RunOnce: [d3oi.exe] C:\WINDOWS\system32\d3oi.exe
O4 - HKLM\..\RunOnce: [apioo.exe] C:\WINDOWS\apioo.exe
O4 - HKLM\..\RunOnce: [sysnd32.exe] C:\WINDOWS\system32\sysnd32.exe
O4 - HKLM\..\RunOnce: [appby32.exe] C:\WINDOWS\system32\appby32.exe
O4 - HKLM\..\RunOnce: [atljg.exe] C:\WINDOWS\system32\atljg.exe
O4 - HKLM\..\RunOnce: [addjg.exe] C:\WINDOWS\addjg.exe
O4 - HKLM\..\RunOnce: [ipzw32.exe] C:\WINDOWS\system32\ipzw32.exe
O4 - HKLM\..\RunOnce: [javaxl32.exe] C:\WINDOWS\system32\javaxl32.exe
O4 - HKLM\..\RunOnce: [ntsp.exe] C:\WINDOWS\ntsp.exe
O4 - HKLM\..\RunOnce: [atlre32.exe] C:\WINDOWS\atlre32.exe
O4 - HKLM\..\RunOnce: [syshu32.exe] C:\WINDOWS\system32\syshu32.exe
O4 - HKLM\..\RunOnce: [winpc.exe] C:\WINDOWS\winpc.exe
O4 - HKLM\..\RunOnce: [netll32.exe] C:\WINDOWS\netll32.exe
O4 - HKLM\..\RunOnce: [ipsb.exe] C:\WINDOWS\ipsb.exe

Problemzz

7 Posts

August 6th, 2005 17:00

O4 - HKLM\..\RunOnce: [mspz32.exe] C:\WINDOWS\mspz32.exe
O4 - HKLM\..\RunOnce: [sdkuj32.exe] C:\WINDOWS\sdkuj32.exe
O4 - HKLM\..\RunOnce: [ieec32.exe] C:\WINDOWS\system32\ieec32.exe
O4 - HKLM\..\RunOnce: [netek.exe] C:\WINDOWS\netek.exe
O4 - HKLM\..\RunOnce: [atliw.exe] C:\WINDOWS\system32\atliw.exe
O4 - HKLM\..\RunOnce: [d3vs.exe] C:\WINDOWS\d3vs.exe
O4 - HKLM\..\RunOnce: [winrw32.exe] C:\WINDOWS\system32\winrw32.exe
O4 - HKLM\..\RunOnce: [apieg32.exe] C:\WINDOWS\system32\apieg32.exe
O4 - HKLM\..\RunOnce: [adduw.exe] C:\WINDOWS\adduw.exe
O4 - HKLM\..\RunOnce: [d3tl32.exe] C:\WINDOWS\d3tl32.exe
O4 - HKLM\..\RunOnce: [ntrj32.exe] C:\WINDOWS\system32\ntrj32.exe
O4 - HKLM\..\RunOnce: [msaj32.exe] C:\WINDOWS\msaj32.exe
O4 - HKLM\..\RunOnce: [d3dv32.exe] C:\WINDOWS\d3dv32.exe
O4 - HKLM\..\RunOnce: [sysiz.exe] C:\WINDOWS\system32\sysiz.exe
O4 - HKLM\..\RunOnce: [msxx.exe] C:\WINDOWS\system32\msxx.exe
O4 - HKLM\..\RunOnce: [sysxk.exe] C:\WINDOWS\sysxk.exe
O4 - HKLM\..\RunOnce: [msmr.exe] C:\WINDOWS\msmr.exe
O4 - HKLM\..\RunOnce: [sdkqd32.exe] C:\WINDOWS\sdkqd32.exe
O4 - HKLM\..\RunOnce: [mfcva32.exe] C:\WINDOWS\mfcva32.exe
O4 - HKLM\..\RunOnce: [atlsn.exe] C:\WINDOWS\atlsn.exe
O4 - HKLM\..\RunOnce: [msrv32.exe] C:\WINDOWS\msrv32.exe
O4 - HKLM\..\RunOnce: [javapa.exe] C:\WINDOWS\javapa.exe
O4 - HKLM\..\RunOnce: [sdkqa.exe] C:\WINDOWS\system32\sdkqa.exe
O4 - HKLM\..\RunOnce: [iefp32.exe] C:\WINDOWS\iefp32.exe
O4 - HKLM\..\RunOnce: [ipts32.exe] C:\WINDOWS\ipts32.exe
O4 - HKLM\..\RunOnce: [javahu.exe] C:\WINDOWS\system32\javahu.exe
O4 - HKLM\..\RunOnce: [ipcy.exe] C:\WINDOWS\ipcy.exe
O4 - HKLM\..\RunOnce: [mssv32.exe] C:\WINDOWS\system32\mssv32.exe
O4 - HKLM\..\RunOnce: [winqd.exe] C:\WINDOWS\winqd.exe
O4 - HKLM\..\RunOnce: [mfcmz32.exe] C:\WINDOWS\mfcmz32.exe
O4 - HKLM\..\RunOnce: [atljw32.exe] C:\WINDOWS\atljw32.exe
O4 - HKLM\..\RunOnce: [mfcxg.exe] C:\WINDOWS\mfcxg.exe
O4 - HKLM\..\RunOnce: [addnn.exe] C:\WINDOWS\addnn.exe
O4 - HKLM\..\RunOnce: [msxg32.exe] C:\WINDOWS\system32\msxg32.exe
O4 - HKLM\..\RunOnce: [iejz.exe] C:\WINDOWS\iejz.exe
O4 - HKLM\..\RunOnce: [appnd.exe] C:\WINDOWS\appnd.exe
O4 - HKLM\..\RunOnce: [addqv32.exe] C:\WINDOWS\addqv32.exe
O4 - HKLM\..\RunOnce: [crjo32.exe] C:\WINDOWS\crjo32.exe
O4 - HKLM\..\RunOnce: [addea32.exe] C:\WINDOWS\system32\addea32.exe
O4 - HKLM\..\RunOnce: [mfcje.exe] C:\WINDOWS\system32\mfcje.exe
O4 - HKLM\..\RunOnce: [mfcmv32.exe] C:\WINDOWS\mfcmv32.exe
O4 - HKLM\..\RunOnce: [ntcd.exe] C:\WINDOWS\ntcd.exe
O4 - HKLM\..\RunOnce: [d3gh32.exe] C:\WINDOWS\system32\d3gh32.exe
O4 - HKLM\..\RunOnce: [javaqh.exe] C:\WINDOWS\javaqh.exe
O4 - HKLM\..\RunOnce: [javave32.exe] C:\WINDOWS\system32\javave32.exe
O4 - HKLM\..\RunOnce: [javakt32.exe] C:\WINDOWS\javakt32.exe
O4 - HKLM\..\RunOnce: [mfcpx32.exe] C:\WINDOWS\mfcpx32.exe
O4 - HKLM\..\RunOnce: [javakj32.exe] C:\WINDOWS\javakj32.exe
O4 - HKLM\..\RunOnce: [appdc32.exe] C:\WINDOWS\system32\appdc32.exe
O4 - HKLM\..\RunOnce: [addyh.exe] C:\WINDOWS\addyh.exe
O4 - HKLM\..\RunOnce: [wintb.exe] C:\WINDOWS\wintb.exe
O4 - HKLM\..\RunOnce: [msii.exe] C:\WINDOWS\msii.exe
O4 - HKLM\..\RunOnce: [ntbb32.exe] C:\WINDOWS\system32\ntbb32.exe
O4 - HKLM\..\RunOnce: [javamu.exe] C:\WINDOWS\system32\javamu.exe
O4 - HKLM\..\RunOnce: [ieqy.exe] C:\WINDOWS\ieqy.exe
O4 - HKLM\..\RunOnce: [atlvi32.exe] C:\WINDOWS\atlvi32.exe
O4 - HKLM\..\RunOnce: [sysly32.exe] C:\WINDOWS\system32\sysly32.exe
O4 - HKLM\..\RunOnce: [wintg.exe] C:\WINDOWS\system32\wintg.exe
O4 - HKLM\..\RunOnce: [mfcrd32.exe] C:\WINDOWS\system32\mfcrd32.exe
O4 - HKLM\..\RunOnce: [nthl32.exe] C:\WINDOWS\system32\nthl32.exe
O4 - HKLM\..\RunOnce: [winbe32.exe] C:\WINDOWS\system32\winbe32.exe
O4 - HKLM\..\RunOnce: [mszb.exe] C:\WINDOWS\mszb.exe
O4 - HKLM\..\RunOnce: [sdksi32.exe] C:\WINDOWS\system32\sdksi32.exe
O4 - HKLM\..\RunOnce: [addsi.exe] C:\WINDOWS\addsi.exe
O4 - HKLM\..\RunOnce: [iewu.exe] C:\WINDOWS\system32\iewu.exe
O4 - HKLM\..\RunOnce: [mfclj32.exe] C:\WINDOWS\mfclj32.exe
O4 - HKLM\..\RunOnce: [ipbr.exe] C:\WINDOWS\ipbr.exe
O4 - HKLM\..\RunOnce: [sdkpv.exe] C:\WINDOWS\sdkpv.exe
O4 - HKLM\..\RunOnce: [addbj32.exe] C:\WINDOWS\system32\addbj32.exe
O4 - HKLM\..\RunOnce: [appar.exe] C:\WINDOWS\system32\appar.exe
O4 - HKLM\..\RunOnce: [ieev.exe] C:\WINDOWS\ieev.exe
O4 - HKLM\..\RunOnce: [ntsz.exe] C:\WINDOWS\ntsz.exe
O4 - HKLM\..\RunOnce: [d3od32.exe] C:\WINDOWS\d3od32.exe
O4 - HKLM\..\RunOnce: [appgk.exe] C:\WINDOWS\system32\appgk.exe
O4 - HKLM\..\RunOnce: [d3fa32.exe] C:\WINDOWS\d3fa32.exe
O4 - HKLM\..\RunOnce: [atlux32.exe] C:\WINDOWS\system32\atlux32.exe
O4 - HKLM\..\RunOnce: [d3fk32.exe] C:\WINDOWS\system32\d3fk32.exe
O4 - HKLM\..\RunOnce: [iebd.exe] C:\WINDOWS\system32\iebd.exe
O4 - HKLM\..\RunOnce: [mfcqs32.exe] C:\WINDOWS\mfcqs32.exe
O4 - HKLM\..\RunOnce: [ipgz32.exe] C:\WINDOWS\ipgz32.exe
O4 - HKLM\..\RunOnce: [apicd.exe] C:\WINDOWS\system32\apicd.exe
O4 - HKLM\..\RunOnce: [atlfm.exe] C:\WINDOWS\atlfm.exe
O4 - HKLM\..\RunOnce: [ntjq32.exe] C:\WINDOWS\ntjq32.exe
O4 - HKLM\..\RunOnce: [apitr.exe] C:\WINDOWS\system32\apitr.exe
O4 - HKLM\..\RunOnce: [d3tz.exe] C:\WINDOWS\system32\d3tz.exe
O4 - HKLM\..\RunOnce: [mfcol.exe] C:\WINDOWS\mfcol.exe
O4 - HKLM\..\RunOnce: [addds.exe] C:\WINDOWS\addds.exe
O4 - HKLM\..\RunOnce: [d3wl32.exe] C:\WINDOWS\system32\d3wl32.exe
O4 - HKLM\..\RunOnce: [iehe32.exe] C:\WINDOWS\system32\iehe32.exe
O4 - HKLM\..\RunOnce: [ntma32.exe] C:\WINDOWS\ntma32.exe
O4 - HKLM\..\RunOnce: [winvw32.exe] C:\WINDOWS\system32\winvw32.exe
O4 - HKLM\..\RunOnce: [javaat32.exe] C:\WINDOWS\javaat32.exe
O4 - HKLM\..\RunOnce: [addde32.exe] C:\WINDOWS\system32\addde32.exe
O4 - HKLM\..\RunOnce: [mfchj.exe] C:\WINDOWS\mfchj.exe
O4 - HKLM\..\RunOnce: [appqj32.exe] C:\WINDOWS\system32\appqj32.exe
O4 - HKLM\..\RunOnce: [javazp.exe] C:\WINDOWS\system32\javazp.exe
O4 - HKLM\..\RunOnce: [syspe32.exe] C:\WINDOWS\syspe32.exe
O4 - HKLM\..\RunOnce: [ipjq32.exe] C:\WINDOWS\ipjq32.exe
O4 - HKLM\..\RunOnce: [mfctq.exe] C:\WINDOWS\mfctq.exe
O4 - HKLM\..\RunOnce: [mfcnk32.exe] C:\WINDOWS\mfcnk32.exe
O4 - HKLM\..\RunOnce: [apins32.exe] C:\WINDOWS\system32\apins32.exe
O4 - HKLM\..\RunOnce: [ntrw.exe] C:\WINDOWS\system32\ntrw.exe
O4 - HKLM\..\RunOnce: [ipae32.exe] C:\WINDOWS\system32\ipae32.exe
O4 - HKLM\..\RunOnce: [netpt32.exe] C:\WINDOWS\system32\netpt32.exe
O4 - HKLM\..\RunOnce: [ntoh.exe] C:\WINDOWS\ntoh.exe
O4 - HKLM\..\RunOnce: [netdo.exe] C:\WINDOWS\netdo.exe
O4 - HKLM\..\RunOnce: [addoh32.exe] C:\WINDOWS\addoh32.exe
O4 - HKLM\..\RunOnce: [ipde.exe] C:\WINDOWS\ipde.exe
O4 - HKLM\..\RunOnce: [javawx32.exe] C:\WINDOWS\system32\javawx32.exe
O4 - HKLM\..\RunOnce: [iemm.exe] C:\WINDOWS\system32\iemm.exe
O4 - HKLM\..\RunOnce: [appqi32.exe] C:\WINDOWS\appqi32.exe
O4 - HKLM\..\RunOnce: [ipua32.exe] C:\WINDOWS\ipua32.exe
O4 - HKLM\..\RunOnce: [atllq32.exe] C:\WINDOWS\system32\atllq32.exe
O4 - HKLM\..\RunOnce: [ntin32.exe] C:\WINDOWS\system32\ntin32.exe
O4 - HKLM\..\RunOnce: [d3hu32.exe] C:\WINDOWS\system32\d3hu32.exe
O4 - HKLM\..\RunOnce: [javacg.exe] C:\WINDOWS\system32\javacg.exe
O4 - HKLM\..\RunOnce: [mfcbw32.exe] C:\WINDOWS\system32\mfcbw32.exe
O4 - HKLM\..\RunOnce: [winrl32.exe] C:\WINDOWS\winrl32.exe
O4 - HKLM\..\RunOnce: [addzt.exe] C:\WINDOWS\addzt.exe
O4 - HKLM\..\RunOnce: [ipcd.exe] C:\WINDOWS\system32\ipcd.exe
O4 - HKLM\..\RunOnce: [iesi32.exe] C:\WINDOWS\iesi32.exe
O4 - HKLM\..\RunOnce: [syszq32.exe] C:\WINDOWS\syszq32.exe
O4 - HKLM\..\RunOnce: [mfcbr32.exe] C:\WINDOWS\system32\mfcbr32.exe
O4 - HKLM\..\RunOnce: [d3jr.exe] C:\WINDOWS\d3jr.exe
O4 - HKLM\..\RunOnce: [sdkfd.exe] C:\WINDOWS\system32\sdkfd.exe
O4 - HKLM\..\RunOnce: [appsz32.exe] C:\WINDOWS\appsz32.exe
O4 - HKLM\..\RunOnce: [winol.exe] C:\WINDOWS\system32\winol.exe
O4 - HKLM\..\RunOnce: [appnr32.exe] C:\WINDOWS\appnr32.exe
O4 - HKLM\..\RunOnce: [sysxr.exe] C:\WINDOWS\system32\sysxr.exe
O4 - HKLM\..\RunOnce: [winko32.exe] C:\WINDOWS\winko32.exe
O4 - HKLM\..\RunOnce: [sysrl32.exe] C:\WINDOWS\system32\sysrl32.exe
O4 - HKLM\..\RunOnce: [javawh32.exe] C:\WINDOWS\system32\javawh32.exe
O4 - HKLM\..\RunOnce: [msdf32.exe] C:\WINDOWS\msdf32.exe
O4 - HKLM\..\RunOnce: [atlsc32.exe] C:\WINDOWS\system32\atlsc32.exe
O4 - HKLM\..\RunOnce: [javavt32.exe] C:\WINDOWS\javavt32.exe
O4 - HKLM\..\RunOnce: [apiok32.exe] C:\WINDOWS\system32\apiok32.exe
O4 - HKLM\..\RunOnce: [sysad32.exe] C:\WINDOWS\system32\sysad32.exe
O4 - HKLM\..\RunOnce: [addog.exe] C:\WINDOWS\system32\addog.exe
O4 - HKLM\..\RunOnce: [crnv32.exe] C:\WINDOWS\system32\crnv32.exe
O4 - HKLM\..\RunOnce: [ipll32.exe] C:\WINDOWS\ipll32.exe
O4 - HKLM\..\RunOnce: [ntlt.exe] C:\WINDOWS\system32\ntlt.exe
O4 - HKLM\..\RunOnce: [iedz32.exe] C:\WINDOWS\iedz32.exe
O4 - HKLM\..\RunOnce: [javatp.exe] C:\WINDOWS\system32\javatp.exe
O4 - HKLM\..\RunOnce: [mfcsf32.exe] C:\WINDOWS\system32\mfcsf32.exe
O4 - HKLM\..\RunOnce: [winzc.exe] C:\WINDOWS\system32\winzc.exe
O4 - HKLM\..\RunOnce: [msdk32.exe] C:\WINDOWS\system32\msdk32.exe
O4 - HKLM\..\RunOnce: [ipjm.exe] C:\WINDOWS\ipjm.exe
O4 - HKLM\..\RunOnce: [ipxj.exe] C:\WINDOWS\system32\ipxj.exe
O4 - HKLM\..\RunOnce: [atlcl32.exe] C:\WINDOWS\system32\atlcl32.exe
O4 - HKLM\..\RunOnce: [javafx32.exe] C:\WINDOWS\javafx32.exe
O4 - HKLM\..\RunOnce: [msjb.exe] C:\WINDOWS\msjb.exe
O4 - HKLM\..\RunOnce: [crkb32.exe] C:\WINDOWS\crkb32.exe
O4 - HKLM\..\RunOnce: [apidc32.exe] C:\WINDOWS\apidc32.exe
O4 - HKLM\..\RunOnce: [atlbx.exe] C:\WINDOWS\atlbx.exe
O4 - HKLM\..\RunOnce: [msax32.exe] C:\WINDOWS\msax32.exe
O4 - HKLM\..\RunOnce: [mfchm.exe] C:\WINDOWS\mfchm.exe
O4 - HKLM\..\RunOnce: [crfp.exe] C:\WINDOWS\system32\crfp.exe
O4 - HKLM\..\RunOnce: [netyg32.exe] C:\WINDOWS\netyg32.exe
O4 - HKLM\..\RunOnce: [apied32.exe] C:\WINDOWS\system32\apied32.exe
O4 - HKLM\..\RunOnce: [winjh32.exe] C:\WINDOWS\system32\winjh32.exe
O4 - HKLM\..\RunOnce: [sdkrx.exe] C:\WINDOWS\sdkrx.exe
O4 - HKLM\..\RunOnce: [ntrx32.exe] C:\WINDOWS\system32\ntrx32.exe
O4 - HKLM\..\RunOnce: [ipgu32.exe] C:\WINDOWS\ipgu32.exe
O4 - HKLM\..\RunOnce: [applq.exe] C:\WINDOWS\applq.exe
O4 - HKLM\..\RunOnce: [apiyb32.exe] C:\WINDOWS\apiyb32.exe
O4 - HKLM\..\RunOnce: [d3vg32.exe] C:\WINDOWS\d3vg32.exe
O4 - HKLM\..\RunOnce: [sysxt.exe] C:\WINDOWS\sysxt.exe
O4 - HKLM\..\RunOnce: [netmi.exe] C:\WINDOWS\netmi.exe
O4 - HKLM\..\RunOnce: [ntlv32.exe] C:\WINDOWS\system32\ntlv32.exe
O4 - HKLM\..\RunOnce: [netpx.exe] C:\WINDOWS\netpx.exe
O4 - HKLM\..\RunOnce: [javalb.exe] C:\WINDOWS\javalb.exe
O4 - HKLM\..\RunOnce: [atlnk32.exe] C:\WINDOWS\system32\atlnk32.exe
O4 - HKLM\..\RunOnce: [atlbh32.exe] C:\WINDOWS\atlbh32.exe
O4 - HKLM\..\RunOnce: [iegr32.exe] C:\WINDOWS\iegr32.exe
O4 - HKLM\..\RunOnce: [ntak.exe] C:\WINDOWS\system32\ntak.exe
O4 - HKLM\..\RunOnce: [ipdw.exe] C:\WINDOWS\ipdw.exe
O4 - HKLM\..\RunOnce: [mfcsl.exe] C:\WINDOWS\mfcsl.exe
O4 - HKLM\..\RunOnce: [addwx.exe] C:\WINDOWS\system32\addwx.exe
O4 - HKLM\..\RunOnce: [apist.exe] C:\WINDOWS\apist.exe
O4 - HKLM\..\RunOnce: [atleb.exe] C:\WINDOWS\system32\atleb.exe
O4 - HKLM\..\RunOnce: [ntif32.exe] C:\WINDOWS\system32\ntif32.exe
O4 - HKLM\..\RunOnce: [apirg.exe] C:\WINDOWS\system32\apirg.exe
O4 - HKLM\..\RunOnce: [winqw32.exe] C:\WINDOWS\system32\winqw32.exe
O4 - HKLM\..\RunOnce: [sdkqm.exe] C:\WINDOWS\system32\sdkqm.exe
O4 - HKLM\..\RunOnce: [addno32.exe] C:\WINDOWS\system32\addno32.exe
O4 - HKLM\..\RunOnce: [apphq.exe] C:\WINDOWS\system32\apphq.exe
O4 - HKLM\..\RunOnce: [syswx.exe] C:\WINDOWS\system32\syswx.exe
O4 - HKLM\..\RunOnce: [sysam.exe] C:\WINDOWS\sysam.exe
O4 - HKLM\..\RunOnce: [addyo.exe] C:\WINDOWS\system32\addyo.exe
O4 - HKLM\..\RunOnce: [mfclq.exe] C:\WINDOWS\mfclq.exe
O4 - HKLM\..\RunOnce: [netqx32.exe] C:\WINDOWS\netqx32.exe
O4 - HKLM\..\RunOnce: [sdkge.exe] C:\WINDOWS\sdkge.exe
O4 - HKLM\..\RunOnce: [mski32.exe] C:\WINDOWS\mski32.exe
O4 - HKLM\..\RunOnce: [cruj.exe] C:\WINDOWS\cruj.exe
O4 - HKLM\..\RunOnce: [msni.exe] C:\WINDOWS\system32\msni.exe
O4 - HKLM\..\RunOnce: [javadx.exe] C:\WINDOWS\system32\javadx.exe
O4 - HKLM\..\RunOnce: [netnq32.exe] C:\WINDOWS\system32\netnq32.exe
O4 - HKLM\..\RunOnce: [iphb.exe] C:\WINDOWS\iphb.exe
O4 - HKLM\..\RunOnce: [crlf.exe] C:\WINDOWS\system32\crlf.exe
O4 - HKLM\..\RunOnce: [javawn.exe] C:\WINDOWS\javawn.exe
O4 - HKLM\..\RunOnce: [syscy.exe] C:\WINDOWS\system32\syscy.exe
O4 - HKLM\..\RunOnce: [sysvg32.exe] C:\WINDOWS\sysvg32.exe
O4 - HKLM\..\RunOnce: [applo.exe] C:\WINDOWS\applo.exe
O4 - HKLM\..\RunOnce: [mfcig.exe] C:\WINDOWS\system32\mfcig.exe
O4 - HKLM\..\RunOnce: [systz32.exe] C:\WINDOWS\systz32.exe
O4 - HKLM\..\RunOnce: [winmk.exe] C:\WINDOWS\winmk.exe
O4 - HKLM\..\RunOnce: [mfcqo.exe] C:\WINDOWS\system32\mfcqo.exe
O4 - HKLM\..\RunOnce: [msfz32.exe] C:\WINDOWS\system32\msfz32.exe
O4 - HKLM\..\RunOnce: [winzm32.exe] C:\WINDOWS\winzm32.exe
O4 - HKLM\..\RunOnce: [atlgu32.exe] C:\WINDOWS\atlgu32.exe
O4 - HKLM\..\RunOnce: [appxy.exe] C:\WINDOWS\appxy.exe
O4 - HKLM\..\RunOnce: [apppi32.exe] C:\WINDOWS\system32\apppi32.exe
O4 - HKLM\..\RunOnce: [winsm.exe] C:\WINDOWS\system32\winsm.exe
O4 - HKLM\..\RunOnce: [crrb32.exe] C:\WINDOWS\system32\crrb32.exe
O4 - HKLM\..\RunOnce: [nettw32.exe] C:\WINDOWS\nettw32.exe
O4 - HKLM\..\RunOnce: [msne.exe] C:\WINDOWS\system32\msne.exe
O4 - HKLM\..\RunOnce: [appct32.exe] C:\WINDOWS\system32\appct32.exe
O4 - HKLM\..\RunOnce: [nettb32.exe] C:\WINDOWS\system32\nettb32.exe
O4 - HKLM\..\RunOnce: [mfcon.exe] C:\WINDOWS\system32\mfcon.exe
O4 - HKLM\..\RunOnce: [ienc32.exe] C:\WINDOWS\system32\ienc32.exe
O4 - HKLM\..\RunOnce: [javalk32.exe] C:\WINDOWS\javalk32.exe
O4 - HKLM\..\RunOnce: [crla.exe] C:\WINDOWS\crla.exe
O4 - HKLM\..\RunOnce: [appoj32.exe] C:\WINDOWS\system32\appoj32.exe
O4 - HKLM\..\RunOnce: [appor.exe] C:\WINDOWS\system32\appor.exe
O4 - HKLM\..\RunOnce: [addxs.exe] C:\WINDOWS\addxs.exe
O4 - HKLM\..\RunOnce: [ipmp32.exe] C:\WINDOWS\system32\ipmp32.exe
O4 - HKLM\..\RunOnce: [javacw32.exe] C:\WINDOWS\system32\javacw32.exe
O4 - HKLM\..\RunOnce: [ntga.exe] C:\WINDOWS\ntga.exe
O4 - HKLM\..\RunOnce: [atleq32.exe] C:\WINDOWS\system32\atleq32.exe
O4 - HKLM\..\RunOnce: [windn.exe] C:\WINDOWS\windn.exe
O4 - HKLM\..\RunOnce: [ippj32.exe] C:\WINDOWS\ippj32.exe
O4 - HKLM\..\RunOnce: [apiyj.exe] C:\WINDOWS\apiyj.exe
O4 - HKLM\..\RunOnce: [apimg32.exe] C:\WINDOWS\apimg32.exe
O4 - HKLM\..\RunOnce: [ipai.exe] C:\WINDOWS\ipai.exe
O4 - HKLM\..\RunOnce: [mfcqy.exe] C:\WINDOWS\mfcqy.exe
O4 - HKLM\..\RunOnce: [sysaq32.exe] C:\WINDOWS\system32\sysaq32.exe
O4 - HKLM\..\RunOnce: [addlc.exe] C:\WINDOWS\addlc.exe
O4 - HKLM\..\RunOnce: [apipg.exe] C:\WINDOWS\apipg.exe
O4 - HKLM\..\RunOnce: [sdkah32.exe] C:\WINDOWS\sdkah32.exe
O4 - HKLM\..\RunOnce: [mfctx32.exe] C:\WINDOWS\mfctx32.exe
O4 - HKLM\..\RunOnce: [atlhu32.exe] C:\WINDOWS\system32\atlhu32.exe
O4 - HKLM\..\RunOnce: [iemq32.exe] C:\WINDOWS\iemq32.exe
O4 - HKLM\..\RunOnce: [mfchc32.exe] C:\WINDOWS\system32\mfchc32.exe
O4 - HKLM\..\RunOnce: [ipmg.exe] C:\WINDOWS\system32\ipmg.exe
O4 - HKLM\..\RunOnce: [netvh32.exe] C:\WINDOWS\system32\netvh32.exe
O4 - HKLM\..\RunOnce: [apije32.exe] C:\WINDOWS\system32\apije32.exe
O4 - HKLM\..\RunOnce: [winoa32.exe] C:\WINDOWS\system32\winoa32.exe
O4 - HKLM\..\RunOnce: [addih32.exe] C:\WINDOWS\addih32.exe
O4 - HKLM\..\RunOnce: [crci.exe] C:\WINDOWS\crci.exe
O4 - HKLM\..\RunOnce: [javakj.exe] C:\WINDOWS\javakj.exe
O4 - HKLM\..\RunOnce: [winag32.exe] C:\WINDOWS\system32\winag32.exe
O4 - HKLM\..\RunOnce: [atlyn32.exe] C:\WINDOWS\atlyn32.exe
O4 - HKLM\..\RunOnce: [addtr.exe] C:\WINDOWS\addtr.exe
O4 - HKLM\..\RunOnce: [sdkqe.exe] C:\WINDOWS\system32\sdkqe.exe
O4 - HKLM\..\RunOnce: [ipre.exe] C:\WINDOWS\ipre.exe
O4 - HKLM\..\RunOnce: [msgu32.exe] C:\WINDOWS\system32\msgu32.exe
O4 - HKLM\..\RunOnce: [sdkfh32.exe] C:\WINDOWS\sdkfh32.exe
O4 - HKLM\..\RunOnce: [addzs32.exe] C:\WINDOWS\addzs32.exe
O4 - HKLM\..\RunOnce: [iejb.exe] C:\WINDOWS\iejb.exe
O4 - HKLM\..\RunOnce: [sysop32.exe] C:\WINDOWS\sysop32.exe
O4 - HKLM\..\RunOnce: [iedm32.exe] C:\WINDOWS\system32\iedm32.exe
O4 - HKLM\..\RunOnce: [sdkij32.exe] C:\WINDOWS\sdkij32.exe
O4 - HKLM\..\RunOnce: [syslc.exe] C:\WINDOWS\system32\syslc.exe
O4 - HKLM\..\RunOnce: [d3hg32.exe] C:\WINDOWS\system32\d3hg32.exe
O4 - HKLM\..\RunOnce: [ipfw.exe] C:\WINDOWS\ipfw.exe
O4 - HKLM\..\RunOnce: [appel32.exe] C:\WINDOWS\system32\appel32.exe

Problemzz

7 Posts

August 6th, 2005 17:00

O4 - HKLM\..\RunOnce: [crrr32.exe] C:\WINDOWS\crrr32.exe
O4 - HKLM\..\RunOnce: [syshy32.exe] C:\WINDOWS\syshy32.exe
O4 - HKLM\..\RunOnce: [msck.exe] C:\WINDOWS\msck.exe
O4 - HKLM\..\RunOnce: [ipbs32.exe] C:\WINDOWS\ipbs32.exe
O4 - HKLM\..\RunOnce: [atlzh.exe] C:\WINDOWS\system32\atlzh.exe
O4 - HKLM\..\RunOnce: [ieyx32.exe] C:\WINDOWS\system32\ieyx32.exe
O4 - HKLM\..\RunOnce: [javaom32.exe] C:\WINDOWS\javaom32.exe
O4 - HKLM\..\RunOnce: [winyv32.exe] C:\WINDOWS\winyv32.exe
O4 - HKLM\..\RunOnce: [adduv.exe] C:\WINDOWS\system32\adduv.exe
O4 - HKLM\..\RunOnce: [ipks32.exe] C:\WINDOWS\ipks32.exe
O4 - HKLM\..\RunOnce: [appvj32.exe] C:\WINDOWS\appvj32.exe
O4 - HKLM\..\RunOnce: [appjg32.exe] C:\WINDOWS\appjg32.exe
O4 - HKLM\..\RunOnce: [d3oc32.exe] C:\WINDOWS\d3oc32.exe
O4 - HKLM\..\RunOnce: [atlro32.exe] C:\WINDOWS\system32\atlro32.exe
O4 - HKLM\..\RunOnce: [apiws32.exe] C:\WINDOWS\system32\apiws32.exe
O4 - HKLM\..\RunOnce: [iewa.exe] C:\WINDOWS\iewa.exe
O4 - HKLM\..\RunOnce: [mfcfj.exe] C:\WINDOWS\mfcfj.exe
O4 - HKLM\..\RunOnce: [apitn.exe] C:\WINDOWS\apitn.exe
O4 - HKLM\..\RunOnce: [winee.exe] C:\WINDOWS\system32\winee.exe
O4 - HKLM\..\RunOnce: [mshi.exe] C:\WINDOWS\mshi.exe
O4 - HKLM\..\RunOnce: [atlxf32.exe] C:\WINDOWS\system32\atlxf32.exe
O4 - HKLM\..\RunOnce: [netvn.exe] C:\WINDOWS\system32\netvn.exe
O4 - HKLM\..\RunOnce: [javarr32.exe] C:\WINDOWS\javarr32.exe
O4 - HKLM\..\RunOnce: [ntoo32.exe] C:\WINDOWS\ntoo32.exe
O4 - HKLM\..\RunOnce: [appah32.exe] C:\WINDOWS\system32\appah32.exe
O4 - HKLM\..\RunOnce: [sdkdt32.exe] C:\WINDOWS\system32\sdkdt32.exe
O4 - HKLM\..\RunOnce: [d3hx32.exe] C:\WINDOWS\d3hx32.exe
O4 - HKLM\..\RunOnce: [mfchx.exe] C:\WINDOWS\system32\mfchx.exe
O4 - HKLM\..\RunOnce: [addlj.exe] C:\WINDOWS\addlj.exe
O4 - HKLM\..\RunOnce: [winae32.exe] C:\WINDOWS\winae32.exe
O4 - HKLM\..\RunOnce: [apieq.exe] C:\WINDOWS\apieq.exe
O4 - HKLM\..\RunOnce: [crtf32.exe] C:\WINDOWS\system32\crtf32.exe
O4 - HKLM\..\RunOnce: [atlor32.exe] C:\WINDOWS\system32\atlor32.exe
O4 - HKLM\..\RunOnce: [winxz.exe] C:\WINDOWS\system32\winxz.exe
O4 - HKLM\..\RunOnce: [ntgf.exe] C:\WINDOWS\ntgf.exe
O4 - HKLM\..\RunOnce: [sysvc.exe] C:\WINDOWS\system32\sysvc.exe
O4 - HKLM\..\RunOnce: [sdkus32.exe] C:\WINDOWS\system32\sdkus32.exe
O4 - HKLM\..\RunOnce: [mfcaa.exe] C:\WINDOWS\mfcaa.exe
O4 - HKLM\..\RunOnce: [apish32.exe] C:\WINDOWS\apish32.exe
O4 - HKLM\..\RunOnce: [netsp.exe] C:\WINDOWS\netsp.exe
O4 - HKLM\..\RunOnce: [apibq.exe] C:\WINDOWS\apibq.exe
O4 - HKLM\..\RunOnce: [netdp32.exe] C:\WINDOWS\netdp32.exe
O4 - HKLM\..\RunOnce: [addqs.exe] C:\WINDOWS\addqs.exe
O4 - HKLM\..\RunOnce: [ntld.exe] C:\WINDOWS\system32\ntld.exe
O4 - HKLM\..\RunOnce: [netak.exe] C:\WINDOWS\system32\netak.exe
O4 - HKLM\..\RunOnce: [sdkfm.exe] C:\WINDOWS\sdkfm.exe
O4 - HKLM\..\RunOnce: [apijy.exe] C:\WINDOWS\apijy.exe
O4 - HKLM\..\RunOnce: [iepv32.exe] C:\WINDOWS\system32\iepv32.exe
O4 - HKLM\..\RunOnce: [d3sh.exe] C:\WINDOWS\d3sh.exe
O4 - HKLM\..\RunOnce: [iprw32.exe] C:\WINDOWS\system32\iprw32.exe
O4 - HKLM\..\RunOnce: [mfcpu.exe] C:\WINDOWS\mfcpu.exe
O4 - HKLM\..\RunOnce: [appqu.exe] C:\WINDOWS\system32\appqu.exe
O4 - HKLM\..\RunOnce: [ntfj32.exe] C:\WINDOWS\ntfj32.exe
O4 - HKLM\..\RunOnce: [d3dr32.exe] C:\WINDOWS\d3dr32.exe
O4 - HKLM\..\RunOnce: [javayc.exe] C:\WINDOWS\system32\javayc.exe
O4 - HKLM\..\RunOnce: [netxq.exe] C:\WINDOWS\netxq.exe
O4 - HKLM\..\RunOnce: [winwx32.exe] C:\WINDOWS\winwx32.exe
O4 - HKLM\..\RunOnce: [d3vd.exe] C:\WINDOWS\system32\d3vd.exe
O4 - HKLM\..\RunOnce: [addks32.exe] C:\WINDOWS\addks32.exe
O4 - HKLM\..\RunOnce: [ipzh32.exe] C:\WINDOWS\system32\ipzh32.exe
O4 - HKLM\..\RunOnce: [msxc32.exe] C:\WINDOWS\system32\msxc32.exe
O4 - HKLM\..\RunOnce: [ipxq32.exe] C:\WINDOWS\ipxq32.exe
O4 - HKLM\..\RunOnce: [addqj32.exe] C:\WINDOWS\addqj32.exe
O4 - HKLM\..\RunOnce: [nttj32.exe] C:\WINDOWS\system32\nttj32.exe
O4 - HKLM\..\RunOnce: [sdkbr.exe] C:\WINDOWS\system32\sdkbr.exe
O4 - HKLM\..\RunOnce: [ntcr.exe] C:\WINDOWS\ntcr.exe
O4 - HKLM\..\RunOnce: [ierg32.exe] C:\WINDOWS\system32\ierg32.exe
O4 - HKLM\..\RunOnce: [addqw32.exe] C:\WINDOWS\system32\addqw32.exe
O4 - HKLM\..\RunOnce: [syslz.exe] C:\WINDOWS\syslz.exe
O4 - HKLM\..\RunOnce: [javakp32.exe] C:\WINDOWS\system32\javakp32.exe
O4 - HKLM\..\RunOnce: [netaf32.exe] C:\WINDOWS\netaf32.exe
O4 - HKLM\..\RunOnce: [mfceg.exe] C:\WINDOWS\system32\mfceg.exe
O4 - HKLM\..\RunOnce: [ntik32.exe] C:\WINDOWS\system32\ntik32.exe
O4 - HKLM\..\RunOnce: [crzq32.exe] C:\WINDOWS\system32\crzq32.exe
O4 - HKLM\..\RunOnce: [mfcgs32.exe] C:\WINDOWS\system32\mfcgs32.exe
O4 - HKLM\..\RunOnce: [mskt32.exe] C:\WINDOWS\mskt32.exe
O4 - HKLM\..\RunOnce: [cret32.exe] C:\WINDOWS\cret32.exe
O4 - HKLM\..\RunOnce: [msqc.exe] C:\WINDOWS\system32\msqc.exe
O4 - HKLM\..\RunOnce: [addbj.exe] C:\WINDOWS\system32\addbj.exe
O4 - HKLM\..\RunOnce: [msfv.exe] C:\WINDOWS\system32\msfv.exe
O4 - HKLM\..\RunOnce: [crsk32.exe] C:\WINDOWS\crsk32.exe
O4 - HKLM\..\RunOnce: [netdb32.exe] C:\WINDOWS\netdb32.exe
O4 - HKLM\..\RunOnce: [ipdz.exe] C:\WINDOWS\system32\ipdz.exe
O4 - HKLM\..\RunOnce: [appkh32.exe] C:\WINDOWS\appkh32.exe
O4 - HKLM\..\RunOnce: [sysxm.exe] C:\WINDOWS\sysxm.exe
O4 - HKLM\..\RunOnce: [mfcnz32.exe] C:\WINDOWS\system32\mfcnz32.exe
O4 - HKLM\..\RunOnce: [iebc32.exe] C:\WINDOWS\iebc32.exe
O4 - HKLM\..\RunOnce: [winlb.exe] C:\WINDOWS\winlb.exe
O4 - HKLM\..\RunOnce: [iedq.exe] C:\WINDOWS\iedq.exe
O4 - HKLM\..\RunOnce: [apimw32.exe] C:\WINDOWS\system32\apimw32.exe
O4 - HKLM\..\RunOnce: [ipzj32.exe] C:\WINDOWS\system32\ipzj32.exe
O4 - HKLM\..\RunOnce: [ntzr.exe] C:\WINDOWS\system32\ntzr.exe
O4 - HKLM\..\RunOnce: [ipiz.exe] C:\WINDOWS\ipiz.exe
O4 - HKLM\..\RunOnce: [ierf32.exe] C:\WINDOWS\ierf32.exe
O4 - HKLM\..\RunOnce: [apigc32.exe] C:\WINDOWS\system32\apigc32.exe
O4 - HKLM\..\RunOnce: [addes32.exe] C:\WINDOWS\addes32.exe
O4 - HKLM\..\RunOnce: [addea.exe] C:\WINDOWS\system32\addea.exe
O4 - HKLM\..\RunOnce: [netcx32.exe] C:\WINDOWS\system32\netcx32.exe
O4 - HKLM\..\RunOnce: [sdktf32.exe] C:\WINDOWS\system32\sdktf32.exe
O4 - HKLM\..\RunOnce: [wincl.exe] C:\WINDOWS\system32\wincl.exe
O4 - HKLM\..\RunOnce: [ntqi32.exe] C:\WINDOWS\system32\ntqi32.exe
O4 - HKLM\..\RunOnce: [d3ox.exe] C:\WINDOWS\system32\d3ox.exe
O4 - HKLM\..\RunOnce: [winkt32.exe] C:\WINDOWS\winkt32.exe
O4 - HKLM\..\RunOnce: [msuc.exe] C:\WINDOWS\system32\msuc.exe
O4 - HKLM\..\RunOnce: [ieaq32.exe] C:\WINDOWS\ieaq32.exe
O4 - HKLM\..\RunOnce: [apirw.exe] C:\WINDOWS\apirw.exe
O4 - HKLM\..\RunOnce: [iewb.exe] C:\WINDOWS\system32\iewb.exe
O4 - HKLM\..\RunOnce: [appaf32.exe] C:\WINDOWS\system32\appaf32.exe
O4 - HKLM\..\RunOnce: [iela32.exe] C:\WINDOWS\system32\iela32.exe
O4 - HKLM\..\RunOnce: [iplq32.exe] C:\WINDOWS\iplq32.exe
O4 - HKLM\..\RunOnce: [appez32.exe] C:\WINDOWS\system32\appez32.exe
O4 - HKLM\..\RunOnce: [apich.exe] C:\WINDOWS\system32\apich.exe
O4 - HKLM\..\RunOnce: [addbu.exe] C:\WINDOWS\addbu.exe
O4 - HKLM\..\RunOnce: [sdkpr32.exe] C:\WINDOWS\sdkpr32.exe
O4 - HKLM\..\RunOnce: [atlbs32.exe] C:\WINDOWS\atlbs32.exe
O4 - HKLM\..\RunOnce: [mfcxd.exe] C:\WINDOWS\mfcxd.exe
O4 - HKLM\..\RunOnce: [iewl32.exe] C:\WINDOWS\system32\iewl32.exe
O4 - HKLM\..\RunOnce: [ipch.exe] C:\WINDOWS\ipch.exe
O4 - HKLM\..\RunOnce: [crui.exe] C:\WINDOWS\system32\crui.exe
O4 - HKLM\..\RunOnce: [mfcmq32.exe] C:\WINDOWS\system32\mfcmq32.exe
O4 - HKLM\..\RunOnce: [mfcaf.exe] C:\WINDOWS\system32\mfcaf.exe
O4 - HKLM\..\RunOnce: [sysqr.exe] C:\WINDOWS\system32\sysqr.exe
O4 - HKLM\..\RunOnce: [msma32.exe] C:\WINDOWS\system32\msma32.exe
O4 - HKLM\..\RunOnce: [apiou32.exe] C:\WINDOWS\apiou32.exe
O4 - HKLM\..\RunOnce: [addej32.exe] C:\WINDOWS\system32\addej32.exe
O4 - HKLM\..\RunOnce: [sdkhb32.exe] C:\WINDOWS\sdkhb32.exe
O4 - HKLM\..\RunOnce: [sdkpr.exe] C:\WINDOWS\sdkpr.exe
O4 - HKLM\..\RunOnce: [ntqr.exe] C:\WINDOWS\system32\ntqr.exe
O4 - HKLM\..\RunOnce: [syszz.exe] C:\WINDOWS\syszz.exe
O4 - HKLM\..\RunOnce: [msqo32.exe] C:\WINDOWS\msqo32.exe
O4 - HKLM\..\RunOnce: [ipyw.exe] C:\WINDOWS\system32\ipyw.exe
O4 - HKLM\..\RunOnce: [winln32.exe] C:\WINDOWS\system32\winln32.exe
O4 - HKLM\..\RunOnce: [sdkur32.exe] C:\WINDOWS\sdkur32.exe
O4 - HKLM\..\RunOnce: [atlck32.exe] C:\WINDOWS\atlck32.exe
O4 - HKLM\..\RunOnce: [atlpr.exe] C:\WINDOWS\system32\atlpr.exe
O4 - HKLM\..\RunOnce: [ieiq32.exe] C:\WINDOWS\system32\ieiq32.exe
O4 - HKLM\..\RunOnce: [mfchb32.exe] C:\WINDOWS\mfchb32.exe
O4 - HKLM\..\RunOnce: [mfcyf.exe] C:\WINDOWS\mfcyf.exe
O4 - HKLM\..\RunOnce: [winza32.exe] C:\WINDOWS\winza32.exe
O4 - HKLM\..\RunOnce: [atliv.exe] C:\WINDOWS\atliv.exe
O4 - HKLM\..\RunOnce: [appuv.exe] C:\WINDOWS\appuv.exe
O4 - HKLM\..\RunOnce: [crdi32.exe] C:\WINDOWS\crdi32.exe
O4 - HKLM\..\RunOnce: [iehn.exe] C:\WINDOWS\iehn.exe
O4 - HKLM\..\RunOnce: [msqn32.exe] C:\WINDOWS\system32\msqn32.exe
O4 - HKLM\..\RunOnce: [mfczt.exe] C:\WINDOWS\mfczt.exe
O4 - HKLM\..\RunOnce: [javapi32.exe] C:\WINDOWS\system32\javapi32.exe
O4 - HKLM\..\RunOnce: [msfq.exe] C:\WINDOWS\system32\msfq.exe
O4 - HKLM\..\RunOnce: [addju32.exe] C:\WINDOWS\addju32.exe
O4 - HKLM\..\RunOnce: [systu.exe] C:\WINDOWS\systu.exe
O4 - HKLM\..\RunOnce: [apixk32.exe] C:\WINDOWS\system32\apixk32.exe
O4 - HKLM\..\RunOnce: [atlso.exe] C:\WINDOWS\atlso.exe
O4 - HKLM\..\RunOnce: [nteg.exe] C:\WINDOWS\nteg.exe
O4 - HKLM\..\RunOnce: [atlbk.exe] C:\WINDOWS\system32\atlbk.exe
O4 - HKLM\..\RunOnce: [sdkfr.exe] C:\WINDOWS\sdkfr.exe
O4 - HKLM\..\RunOnce: [iejv.exe] C:\WINDOWS\system32\iejv.exe
O4 - HKLM\..\RunOnce: [adduw32.exe] C:\WINDOWS\adduw32.exe
O4 - HKLM\..\RunOnce: [syspy32.exe] C:\WINDOWS\system32\syspy32.exe
O4 - HKLM\..\RunOnce: [addjr.exe] C:\WINDOWS\addjr.exe
O4 - HKLM\..\RunOnce: [apinv.exe] C:\WINDOWS\apinv.exe
O4 - HKLM\..\RunOnce: [atlyf.exe] C:\WINDOWS\atlyf.exe
O4 - HKLM\..\RunOnce: [ntpa.exe] C:\WINDOWS\ntpa.exe
O4 - HKLM\..\RunOnce: [apigj.exe] C:\WINDOWS\apigj.exe
O4 - HKLM\..\RunOnce: [atlyh.exe] C:\WINDOWS\atlyh.exe
O4 - HKLM\..\RunOnce: [javagk.exe] C:\WINDOWS\system32\javagk.exe
O4 - HKLM\..\RunOnce: [atltz32.exe] C:\WINDOWS\system32\atltz32.exe
O4 - HKLM\..\RunOnce: [netrg.exe] C:\WINDOWS\system32\netrg.exe
O4 - HKLM\..\RunOnce: [crnk32.exe] C:\WINDOWS\crnk32.exe
O4 - HKLM\..\RunOnce: [netbs.exe] C:\WINDOWS\netbs.exe
O4 - HKLM\..\RunOnce: [ntxl.exe] C:\WINDOWS\system32\ntxl.exe
O4 - HKLM\..\RunOnce: [appio.exe] C:\WINDOWS\system32\appio.exe
O4 - HKLM\..\RunOnce: [d3hd32.exe] C:\WINDOWS\system32\d3hd32.exe
O4 - HKLM\..\RunOnce: [msht.exe] C:\WINDOWS\system32\msht.exe
O4 - HKLM\..\RunOnce: [ipve.exe] C:\WINDOWS\ipve.exe
O4 - HKLM\..\RunOnce: [netee.exe] C:\WINDOWS\system32\netee.exe
O4 - HKLM\..\RunOnce: [d3tt.exe] C:\WINDOWS\d3tt.exe
O4 - HKLM\..\RunOnce: [sdkji32.exe] C:\WINDOWS\sdkji32.exe
O4 - HKLM\..\RunOnce: [javacu.exe] C:\WINDOWS\system32\javacu.exe
O4 - HKLM\..\RunOnce: [d3iy.exe] C:\WINDOWS\system32\d3iy.exe
O4 - HKLM\..\RunOnce: [mfcqe.exe] C:\WINDOWS\mfcqe.exe
O4 - HKLM\..\RunOnce: [sdkuw.exe] C:\WINDOWS\sdkuw.exe
O4 - HKLM\..\RunOnce: [atlit32.exe] C:\WINDOWS\system32\atlit32.exe
O4 - HKLM\..\RunOnce: [mfcte.exe] C:\WINDOWS\mfcte.exe
O4 - HKLM\..\RunOnce: [mfccs.exe] C:\WINDOWS\system32\mfccs.exe
O4 - HKLM\..\RunOnce: [appkm32.exe] C:\WINDOWS\system32\appkm32.exe
O4 - HKLM\..\RunOnce: [msxh.exe] C:\WINDOWS\system32\msxh.exe
O4 - HKLM\..\RunOnce: [appbl32.exe] C:\WINDOWS\system32\appbl32.exe
O4 - HKLM\..\RunOnce: [systr32.exe] C:\WINDOWS\systr32.exe
O4 - HKLM\..\RunOnce: [javaxo32.exe] C:\WINDOWS\system32\javaxo32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\iebr32.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

RKinner

2 Intern

 • 

5.9K Posts

August 8th, 2005 00:00


Download the Hoster from:


http://www.funkytoad.com/

Unpack to your desktop and run it.  If you see green text then press the Restore Original Hosts button and OK.
If you see red text then press the Make Hosts Writable button then the Restore Original Hosts button and OK.

Get a copy of AboutBuster as per:
http://www.besttechie.net/forums/index.php?showtopic=1488

Download it and unpack it and make sure it is uptodate but don't let it clean anything yet.


Download to your desktop: UnhookExec.inf from:

http://securityresponse.symantec.com/avcenter/venc/data/tool.to.reset.shellopencommand.registry.keys.html

and then right click on it and Install.

Also Download to your desktop: DelDomain.inf from:
 
http://www.mvps.org/winhelp2002/restricted.htm  and then right click on it and Install.


Also download and install ccleaner.exe from http://www.ccleaner.com. Don't let
it clean anything yet.

Run HijackThis and check each of the following and then hit ADD TO IGNORE LIST.  These are the GOOD guys.


R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe 
 

Then press Config then check the Mark Everything Found for Fixing After Scan then Back and SCAN.  When it finishes it should come up
with a list of everything that you did not tell it to ignore and they will already be checked.  Hit Fix Checked and close the program.

Shutdown and Restart and Boot into Safe Mode by tapping the F8 key when you see the PC
maker's logo.
Keep tapping until it tells you it is going to Safe Mode or you see the Safe
Mode menu. Select the top option.

Run AboutBuster twice (BEGIN REMOVAL).

Run HijackThis and just do a Scan only. Check then Fix Checked anything that shows up.

 


Wait 60 seconds and repeat the scan. Did any of the above come back? IF so
leave HijackThis up and right click on the clock and select Task Manager. Then
Processes. Find Explorer.exe, right click on it and select End Process. The
desktop will disappear but HijackThis should still be there. IF you don't see
it switch to Applications in Task Manager and highlight it there then press
Switch To or just double click on it. Check and Fix Checked the above again.
Restart Explorer by Task Manager, File, New Task(Run), explorer.exe, OK.

Run AboutBuster twice more.


Run ccleaner.exe, uncheck everything on the first page except the two entries
with Temporary and then Run Cleaner.


Reboot into regular mode, run AboutBuster one more time and then run another HijackThis log and post it as a reply. Let's
see how we did.

Ron

 

Problemzz

7 Posts

August 8th, 2005 11:00

hmm i still get problems with homepage and a few pop ups :O

 

Logfile of HijackThis v1.99.1
Scan saved at 13:01:03, on 08/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\ntca.exe
C:\mydata\COMPUCAB AD.exe
C:\Program Files\ROUTE66\ROUTE 66 Route 2005\r2005.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\nkvbb.dll/sp.html#87649
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nkvbb.dll/sp.html#87649
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\nkvbb.dll/sp.html#87649
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\nkvbb.dll/sp.html#87649
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nkvbb.dll/sp.html#87649
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\nkvbb.dll/sp.html#87649
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\nkvbb.dll/sp.html#87649
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {4AC743F0-80FE-D7F2-61A1-7CCE5B56827D} - C:\WINDOWS\system32\ntpl.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ntca.exe] C:\WINDOWS\system32\ntca.exe
O4 - HKLM\..\RunOnce: [iebr32.exe] C:\WINDOWS\iebr32.exe
O4 - HKLM\..\RunOnce: [crpm32.exe] C:\WINDOWS\crpm32.exe
O4 - HKLM\..\RunOnce: [ntzv.exe] C:\WINDOWS\ntzv.exe
O4 - HKLM\..\RunOnce: [ipwy.exe] C:\WINDOWS\ipwy.exe
O4 - HKLM\..\RunOnce: [netai.exe] C:\WINDOWS\netai.exe
O4 - HKLM\..\RunOnce: [javaem32.exe] C:\WINDOWS\system32\javaem32.exe
O4 - HKLM\..\RunOnce: [sysiw32.exe] C:\WINDOWS\system32\sysiw32.exe
O4 - HKLM\..\RunOnce: [cryl.exe] C:\WINDOWS\cryl.exe
O4 - HKLM\..\RunOnce: [apixb32.exe] C:\WINDOWS\apixb32.exe
O4 - HKLM\..\RunOnce: [sdkqs32.exe] C:\WINDOWS\sdkqs32.exe
O4 - HKLM\..\RunOnce: [atltk.exe] C:\WINDOWS\system32\atltk.exe
O4 - HKLM\..\RunOnce: [atlrj32.exe] C:\WINDOWS\atlrj32.exe
O4 - HKLM\..\RunOnce: [crkl32.exe] C:\WINDOWS\crkl32.exe
O4 - HKLM\..\RunOnce: [apioh32.exe] C:\WINDOWS\system32\apioh32.exe
O4 - HKLM\..\RunOnce: [ieox32.exe] C:\WINDOWS\system32\ieox32.exe
O4 - HKLM\..\RunOnce: [ipof.exe] C:\WINDOWS\ipof.exe
O4 - HKLM\..\RunOnce: [crns32.exe] C:\WINDOWS\crns32.exe
O4 - HKLM\..\RunOnce: [d3vi32.exe] C:\WINDOWS\d3vi32.exe
O4 - HKLM\..\RunOnce: [addeb32.exe] C:\WINDOWS\system32\addeb32.exe
O4 - HKLM\..\RunOnce: [sdkej.exe] C:\WINDOWS\sdkej.exe
O4 - HKLM\..\RunOnce: [netiv.exe] C:\WINDOWS\system32\netiv.exe
O4 - HKLM\..\RunOnce: [d3xk32.exe] C:\WINDOWS\d3xk32.exe
O4 - HKLM\..\RunOnce: [sysor.exe] C:\WINDOWS\sysor.exe
O4 - HKLM\..\RunOnce: [atlsv32.exe] C:\WINDOWS\system32\atlsv32.exe
O4 - HKLM\..\RunOnce: [addbw.exe] C:\WINDOWS\addbw.exe
O4 - HKLM\..\RunOnce: [addht32.exe] C:\WINDOWS\system32\addht32.exe
O4 - HKLM\..\RunOnce: [javajc32.exe] C:\WINDOWS\javajc32.exe
O4 - HKLM\..\RunOnce: [sysby32.exe] C:\WINDOWS\system32\sysby32.exe
O4 - HKLM\..\RunOnce: [crbk.exe] C:\WINDOWS\crbk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\iebr32.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

RKinner

2 Intern

 • 

5.9K Posts

August 8th, 2005 15:00

Is there some reason that the items I asked you to put in the Add to Ignore list are back in the scan?
 
Did you have problems downloading and running any of the programs I recommended?
 
Ron

Problemzz

7 Posts

August 9th, 2005 14:00

everything you asked me to do I did, when i was doing hte scans in safemode in HJT, what you told me to put in the ignore list was in there, when i restarted and did a final scan, thats what i got :O

RKinner

2 Intern

 • 

5.9K Posts

August 9th, 2005 15:00

I expect you may have run accidentally HijackThis from a temp folder.and when we ran ccleaner it erased the list.
 
Make sure you run HijackThis by doing:  Start, Run, C:\hjt\hijackthis.exe, OK
 
That way it will store the Ignore List in the C:\hjt folder and it will not get erased.
 
Start then Right click on My Computer and select Manage then Services and Applications then Services. 
In the right pane scroll down until you see Task Scheduler.
Double click on it and then change the Startup type to disabled and STOP it. I am seeing a lot of spyware
installing jobs in the task scheduler that reinstall them if they are removed so I want to be sure that doesn't happen.  While there see if you can do the same thing to: Network Security Service
 
Then Start, Run, cmd, OK to bring up the cmd screen.
 
Type:
 
cd \
dir /a C:\WINDOWS\Tasks\
 
 
(This should give you a list of tasks which may be set to run at certain times.  I have seen several malware install .job files here so as to reinstall themselves at boot or shutdown or just at a particular time each day.   )
 
(If you do find something that is not something you recognize then let's rename it.  Say you find
 
RUTASK.job 
     
 
then you can rename it:  )
 
cd  C:\WINDOWS\Tasks
ren RUTASK.job RUTASK.txt

 
(or delete it if you are sure it's nothing you might need.)
 
exit
 
(to close the window)
 
Run HijackThis and do a SCAN and then ADD TO IGNORE LIST these entries:
 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 
Then Run a second scan and fix checked everything you find.
Run aboutbuster once.
 
Then get l2mfix from:
 


Save the file to your desktop and double click l2mfix.exe. Click the Install button
and follow the prompts, then open the l2mfix folder on your
desktop. Double click l2mfix.bat and select option #2
 
It will reboot your PC and when done present a log file.  Save it somewhere handy then reboot into safe mode and run aboutbuster twice.
 
Follow with another HijackThis scan and Fix Checked everything.
 
Reboot, run AboutBuster one more time and then put the results of a new HijackThis scan along with the log of the l2mfix program.
 
If it still shows a lot of garbage then If you have a fast link you can get mwav.exe from:
http://www.spywareinfo.dk/download/mwav.exe
and install it and check for updates then
 Download the Killbox.
http://www.downloads.subratam.org/KillBox.exe
Save it to the desktop

 reboot into Safe Mode (F8) and run the escan(mwav) program.  Select all options and let it run for a few hours.  It will eventually create a log file.  It will remove anything it finds that it considers a virus or try to.  Adware it just flags in the log.  You have to go through the log for entries like:
Fri Jul 29 10:25:26 2005 => File C:\WINDOWS\System32\06wu29rd.exe tagged as not-a-virus:AdWare.F1Organizer.g. No Action Taken.

(hint use Notepad's  Edit, Find to  search for: not-a-virus)
then use killbox to clean the adware manually. Double-click Killbox.exe to run it.
Select "Delete on Reboot".
Place the full path  in the "Full Path of File to Delete" box in Killbox:
example:  C:\WINDOWS\System32\06wu29rd.exe
Press the red button, agree you want to delete the file but do not let it reboot yet.  Repeat for every not-a-virus entry then let it reboot after the last one.  Then run HiajckThis and post the log.
 
Ron

 
 
 
 
 
 

 

RKinner

2 Intern

 • 

5.9K Posts

August 9th, 2005 17:00

Looks good.  Did you have to run mwav?
 
Ron
 
Make sure you have System Restore running (toggle it off and On today to get rid of any bad stuff it may have retained) and then you can just go back to an earlier time if you hit a bad site.  One way to make this more obvious is to check everything in your current HijackThis and Add to Ignore List then set up Hijackthis to run at boot and to show you if it finds anything new.
 
To avoid going to a bad site you might want to install IE-SpyAd and SpywareBlaster and make the other changes recommended at:.
http://www.mvps.org/winhelp2002/restricted.htm
I used to recommend Spybot's Immunize system but have recently learned it is not as good as the one at:
http://www.mvps.org/winhelp2002/hosts.htm
 
Never hurts to do one of the free on line scans from Panda or Trend.  They take a while but are pretty good.
www.pandasoftware.com/activescan/activescan.asp?
http://housecall.trendmicro.com/
In addition to Microsoft AntiSpy
http://www.microsoft.com/athome/security/downloads/default.mspx
I like to run Spybot S&D. 
http://www.safer-networking.org/en/download/index.html
Also like to run AdAware once in a while. 
http://www.lavasoftusa.com/software/adaware/

Problemzz

7 Posts

August 9th, 2005 17:00

Logfile of HijackThis v1.99.1
Scan saved at 19:02:42, on 09/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

 

i just changed the homepage on my IE so i guess thats why it shows there, and also the other items are not there because they are on ignore list i presume, everything is running normal :) ive also restarted a couple of times used the pc as i normally do and nothing came back.

thanks so much for all your time and help~

RKinner

2 Intern

 • 

5.9K Posts

August 9th, 2005 17:00

If you did the bit about:
 
dir /a C:\WINDOWS\Tasks\
and dind't find anything then you can turn Task Scheduler service back on by changing its start Type to Automatic. Apply.  Start. OK.
 
IF you found anything let me see what you found before you turn it back on.
 
Ron

Message Edited by RKinner on 08-09-2005 01:19 PM

Was this post helpful?

View All

No Events found!

Top