Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

need some help [resolved]


  • Please log in to reply

#1
quiktitanium

quiktitanium

    New Member

  • Member
  • Pip
  • 7 posts
Ok, i rather stupidly stumbled onto some spyware online, and i can't remove it. I have tryed ad-aware, spybot, and i've also tried spysweeper. they're all no gos.

so here's my log.

Logfile of HijackThis v1.99.1
Scan saved at 1:45:53 PM, on 8/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\atlht.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Patrick McDaniel\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aauef.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aauef.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\aauef.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aauef.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aauef.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aauef.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aauef.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {DD4FB04F-8E1A-6818-993B-3C489CB8A5FF} - C:\WINDOWS\system32\javakr32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=081405 serial=pe02cbx-0000003-nmd lang=EN
O4 - HKLM\..\Run: [ipkt32.exe] C:\WINDOWS\system32\ipkt32.exe
O4 - HKLM\..\Run: [atlht.exe] C:\WINDOWS\atlht.exe
O4 - HKLM\..\RunOnce: [addae.exe] C:\WINDOWS\addae.exe
O4 - HKLM\..\RunOnce: [nttr.exe] C:\WINDOWS\system32\nttr.exe
O4 - HKLM\..\RunOnce: [sdkur.exe] C:\WINDOWS\sdkur.exe
O4 - HKLM\..\RunOnce: [mfczl32.exe] C:\WINDOWS\mfczl32.exe
O4 - HKLM\..\RunOnce: [winpb32.exe] C:\WINDOWS\system32\winpb32.exe
O4 - HKLM\..\RunOnce: [javadd32.exe] C:\WINDOWS\javadd32.exe
O4 - HKLM\..\RunOnce: [cris.exe] C:\WINDOWS\cris.exe
O4 - HKLM\..\RunOnce: [apiou32.exe] C:\WINDOWS\system32\apiou32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O23 - Service: Network Security Service ( 11F#`I) - Unknown owner - C:\WINDOWS\addae.exe" /s (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

i greatly appreciate any help.

Edited by coachwife6, 14 August 2005 - 09:39 PM.

  • 0

Advertisements


#2
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Hi quiktitanium. Welcome to GTG. ;)

Please run hijack this again and post a new log in this thread and we'll see what the latest infections are up to. :tazz:
  • 0

#3
quiktitanium

quiktitanium

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
thank you. here's the new log:

Logfile of HijackThis v1.99.1
Scan saved at 9:32:04 PM, on 8/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\javatq32.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Patrick McDaniel\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xlehe.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xlehe.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\xlehe.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xlehe.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xlehe.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xlehe.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xlehe.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {6346C5AD-FF9C-DA8A-986F-964A6CD08962} - C:\WINDOWS\wintw32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {DD4FB04F-8E1A-6818-993B-3C489CB8A5FF} - C:\WINDOWS\system32\javakr32.dll
O2 - BHO: Class - {F52B4B29-EAA0-A4B2-3FF3-0A8EE5DB6566} - C:\WINDOWS\system32\msym.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=081405 serial=pe02cbx-0000003-nmd lang=EN
O4 - HKLM\..\Run: [ipkt32.exe] C:\WINDOWS\system32\ipkt32.exe
O4 - HKLM\..\Run: [atlht.exe] C:\WINDOWS\atlht.exe
O4 - HKLM\..\Run: [crly32.exe] C:\WINDOWS\crly32.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [javatq32.exe] C:\WINDOWS\javatq32.exe
O4 - HKLM\..\RunOnce: [addgo.exe] C:\WINDOWS\addgo.exe
O4 - HKLM\..\RunOnce: [addjg32.exe] C:\WINDOWS\addjg32.exe
O4 - HKLM\..\RunOnce: [crnc32.exe] C:\WINDOWS\crnc32.exe
O4 - HKLM\..\RunOnce: [appjo32.exe] C:\WINDOWS\appjo32.exe
O4 - HKLM\..\RunOnce: [apins.exe] C:\WINDOWS\system32\apins.exe
O4 - HKLM\..\RunOnce: [mshl.exe] C:\WINDOWS\system32\mshl.exe
O4 - HKLM\..\RunOnce: [javalx.exe] C:\WINDOWS\system32\javalx.exe
O4 - HKLM\..\RunOnce: [atlzu32.exe] C:\WINDOWS\system32\atlzu32.exe
O4 - HKLM\..\RunOnce: [addug.exe] C:\WINDOWS\addug.exe
O4 - HKLM\..\RunOnce: [sysyh32.exe] C:\WINDOWS\system32\sysyh32.exe
O4 - HKLM\..\RunOnce: [ipsb32.exe] C:\WINDOWS\system32\ipsb32.exe
O4 - HKLM\..\RunOnce: [atliq32.exe] C:\WINDOWS\atliq32.exe
O4 - HKLM\..\RunOnce: [mfcqg.exe] C:\WINDOWS\mfcqg.exe
O4 - HKLM\..\RunOnce: [atlqh.exe] C:\WINDOWS\system32\atlqh.exe
O4 - HKLM\..\RunOnce: [ntgw32.exe] C:\WINDOWS\ntgw32.exe
O4 - HKLM\..\RunOnce: [d3ed32.exe] C:\WINDOWS\system32\d3ed32.exe
O4 - HKLM\..\RunOnce: [javazp.exe] C:\WINDOWS\system32\javazp.exe
O4 - HKLM\..\RunOnce: [sysdz.exe] C:\WINDOWS\system32\sysdz.exe
O4 - HKLM\..\RunOnce: [ntrv32.exe] C:\WINDOWS\ntrv32.exe
O4 - HKLM\..\RunOnce: [javaco32.exe] C:\WINDOWS\system32\javaco32.exe
O4 - HKLM\..\RunOnce: [mfchl32.exe] C:\WINDOWS\system32\mfchl32.exe
O4 - HKLM\..\RunOnce: [javakw.exe] C:\WINDOWS\javakw.exe
O4 - HKLM\..\RunOnce: [ipgi32.exe] C:\WINDOWS\ipgi32.exe
O4 - HKLM\..\RunOnce: [atleq.exe] C:\WINDOWS\system32\atleq.exe
O4 - HKLM\..\RunOnce: [iedg32.exe] C:\WINDOWS\system32\iedg32.exe
O4 - HKLM\..\RunOnce: [sdkcv32.exe] C:\WINDOWS\sdkcv32.exe
O4 - HKLM\..\RunOnce: [javabd.exe] C:\WINDOWS\system32\javabd.exe
O4 - HKLM\..\RunOnce: [sdkcl.exe] C:\WINDOWS\sdkcl.exe
O4 - HKLM\..\RunOnce: [syszb32.exe] C:\WINDOWS\system32\syszb32.exe
O4 - HKLM\..\RunOnce: [appqi32.exe] C:\WINDOWS\appqi32.exe
O4 - HKLM\..\RunOnce: [crqo32.exe] C:\WINDOWS\crqo32.exe
O4 - HKLM\..\RunOnce: [ieov32.exe] C:\WINDOWS\system32\ieov32.exe
O4 - HKLM\..\RunOnce: [d3kz.exe] C:\WINDOWS\system32\d3kz.exe
O4 - HKLM\..\RunOnce: [ipjp32.exe] C:\WINDOWS\system32\ipjp32.exe
O4 - HKLM\..\RunOnce: [atlhm.exe] C:\WINDOWS\atlhm.exe
O4 - HKLM\..\RunOnce: [apphm.exe] C:\WINDOWS\system32\apphm.exe
O4 - HKLM\..\RunOnce: [ntfk32.exe] C:\WINDOWS\ntfk32.exe
O4 - HKLM\..\RunOnce: [crvr32.exe] C:\WINDOWS\crvr32.exe
O4 - HKLM\..\RunOnce: [sdkqv.exe] C:\WINDOWS\sdkqv.exe
O4 - HKLM\..\RunOnce: [mfcpk32.exe] C:\WINDOWS\mfcpk32.exe
O4 - HKLM\..\RunOnce: [winna32.exe] C:\WINDOWS\system32\winna32.exe
O4 - HKLM\..\RunOnce: [addni.exe] C:\WINDOWS\system32\addni.exe
O4 - HKLM\..\RunOnce: [syswi.exe] C:\WINDOWS\syswi.exe
O4 - HKLM\..\RunOnce: [apilf32.exe] C:\WINDOWS\system32\apilf32.exe
O4 - HKLM\..\RunOnce: [javavw32.exe] C:\WINDOWS\javavw32.exe
O4 - HKLM\..\RunOnce: [atldu.exe] C:\WINDOWS\atldu.exe
O4 - HKLM\..\RunOnce: [appeu32.exe] C:\WINDOWS\system32\appeu32.exe
O4 - HKLM\..\RunOnce: [addsr.exe] C:\WINDOWS\addsr.exe
O4 - HKLM\..\RunOnce: [ntbr.exe] C:\WINDOWS\ntbr.exe
O4 - HKLM\..\RunOnce: [winvd.exe] C:\WINDOWS\system32\winvd.exe
O4 - HKLM\..\RunOnce: [msls.exe] C:\WINDOWS\system32\msls.exe
O4 - HKLM\..\RunOnce: [ntvl32.exe] C:\WINDOWS\ntvl32.exe
O4 - HKLM\..\RunOnce: [javahw.exe] C:\WINDOWS\system32\javahw.exe
O4 - HKLM\..\RunOnce: [iela.exe] C:\WINDOWS\system32\iela.exe
O4 - HKLM\..\RunOnce: [appvb32.exe] C:\WINDOWS\appvb32.exe
O4 - HKLM\..\RunOnce: [apiti.exe] C:\WINDOWS\apiti.exe
O4 - HKLM\..\RunOnce: [addkv.exe] C:\WINDOWS\system32\addkv.exe
O4 - HKLM\..\RunOnce: [apioz32.exe] C:\WINDOWS\apioz32.exe
O4 - HKLM\..\RunOnce: [atlya.exe] C:\WINDOWS\atlya.exe
O4 - HKLM\..\RunOnce: [atldx32.exe] C:\WINDOWS\atldx32.exe
O4 - HKLM\..\RunOnce: [atlst32.exe] C:\WINDOWS\system32\atlst32.exe
O4 - HKLM\..\RunOnce: [msxq32.exe] C:\WINDOWS\system32\msxq32.exe
O4 - HKLM\..\RunOnce: [d3ul.exe] C:\WINDOWS\system32\d3ul.exe
O4 - HKLM\..\RunOnce: [apilt32.exe] C:\WINDOWS\system32\apilt32.exe
O4 - HKLM\..\RunOnce: [d3ah.exe] C:\WINDOWS\d3ah.exe
O4 - HKLM\..\RunOnce: [iezp32.exe] C:\WINDOWS\system32\iezp32.exe
O4 - HKLM\..\RunOnce: [ntsi32.exe] C:\WINDOWS\ntsi32.exe
O4 - HKLM\..\RunOnce: [sdksy32.exe] C:\WINDOWS\sdksy32.exe
O4 - HKLM\..\RunOnce: [iecr32.exe] C:\WINDOWS\system32\iecr32.exe
O4 - HKLM\..\RunOnce: [netcz32.exe] C:\WINDOWS\netcz32.exe
O4 - HKLM\..\RunOnce: [msfl32.exe] C:\WINDOWS\system32\msfl32.exe
O4 - HKLM\..\RunOnce: [javapj32.exe] C:\WINDOWS\system32\javapj32.exe
O4 - HKLM\..\RunOnce: [netny.exe] C:\WINDOWS\netny.exe
O4 - HKLM\..\RunOnce: [addmo32.exe] C:\WINDOWS\addmo32.exe
O4 - HKLM\..\RunOnce: [msce32.exe] C:\WINDOWS\system32\msce32.exe
O4 - HKLM\..\RunOnce: [mscm.exe] C:\WINDOWS\mscm.exe
O4 - HKLM\..\RunOnce: [d3lm.exe] C:\WINDOWS\system32\d3lm.exe
O4 - HKLM\..\RunOnce: [appaj32.exe] C:\WINDOWS\appaj32.exe
O4 - HKLM\..\RunOnce: [apiqq32.exe] C:\WINDOWS\apiqq32.exe
O4 - HKLM\..\RunOnce: [msax.exe] C:\WINDOWS\msax.exe
O4 - HKLM\..\RunOnce: [addeb.exe] C:\WINDOWS\system32\addeb.exe
O4 - HKLM\..\RunOnce: [mfcou32.exe] C:\WINDOWS\mfcou32.exe
O4 - HKLM\..\RunOnce: [ntmb.exe] C:\WINDOWS\ntmb.exe
O4 - HKLM\..\RunOnce: [d3if32.exe] C:\WINDOWS\system32\d3if32.exe
O4 - HKLM\..\RunOnce: [sdksg.exe] C:\WINDOWS\sdksg.exe
O4 - HKLM\..\RunOnce: [javagc32.exe] C:\WINDOWS\system32\javagc32.exe
O4 - HKLM\..\RunOnce: [sdkuz32.exe] C:\WINDOWS\sdkuz32.exe
O4 - HKLM\..\RunOnce: [mfczv32.exe] C:\WINDOWS\mfczv32.exe
O4 - HKLM\..\RunOnce: [javauh32.exe] C:\WINDOWS\javauh32.exe
O4 - HKLM\..\RunOnce: [nten32.exe] C:\WINDOWS\system32\nten32.exe
O4 - HKLM\..\RunOnce: [mfccd.exe] C:\WINDOWS\mfccd.exe
O4 - HKLM\..\RunOnce: [iebl32.exe] C:\WINDOWS\iebl32.exe
O4 - HKLM\..\RunOnce: [javara32.exe] C:\WINDOWS\system32\javara32.exe
O4 - HKLM\..\RunOnce: [crzq.exe] C:\WINDOWS\system32\crzq.exe
O4 - HKLM\..\RunOnce: [javaaq.exe] C:\WINDOWS\javaaq.exe
O4 - HKLM\..\RunOnce: [syspg.exe] C:\WINDOWS\system32\syspg.exe
O4 - HKLM\..\RunOnce: [msfv32.exe] C:\WINDOWS\system32\msfv32.exe
O4 - HKLM\..\RunOnce: [ieyg.exe] C:\WINDOWS\ieyg.exe
O4 - HKLM\..\RunOnce: [appck32.exe] C:\WINDOWS\appck32.exe
O4 - HKLM\..\RunOnce: [javarn32.exe] C:\WINDOWS\javarn32.exe
O4 - HKLM\..\RunOnce: [ntmq.exe] C:\WINDOWS\system32\ntmq.exe
O4 - HKLM\..\RunOnce: [atllg32.exe] C:\WINDOWS\system32\atllg32.exe
O4 - HKLM\..\RunOnce: [sysjv.exe] C:\WINDOWS\sysjv.exe
O4 - HKLM\..\RunOnce: [sdkil32.exe] C:\WINDOWS\sdkil32.exe
O4 - HKLM\..\RunOnce: [apiyt32.exe] C:\WINDOWS\system32\apiyt32.exe
O4 - HKLM\..\RunOnce: [netgj.exe] C:\WINDOWS\netgj.exe
O4 - HKLM\..\RunOnce: [atlum32.exe] C:\WINDOWS\atlum32.exe
O4 - HKLM\..\RunOnce: [appij.exe] C:\WINDOWS\system32\appij.exe
O4 - HKLM\..\RunOnce: [d3dy32.exe] C:\WINDOWS\system32\d3dy32.exe
O4 - HKLM\..\RunOnce: [apidg.exe] C:\WINDOWS\system32\apidg.exe
O4 - HKLM\..\RunOnce: [addhs.exe] C:\WINDOWS\system32\addhs.exe
O4 - HKLM\..\RunOnce: [ipwh32.exe] C:\WINDOWS\ipwh32.exe
O4 - HKLM\..\RunOnce: [crmp.exe] C:\WINDOWS\crmp.exe
O4 - HKLM\..\RunOnce: [sdkvn.exe] C:\WINDOWS\system32\sdkvn.exe
O4 - HKLM\..\RunOnce: [mfcuc32.exe] C:\WINDOWS\system32\mfcuc32.exe
O4 - HKLM\..\RunOnce: [appyo.exe] C:\WINDOWS\system32\appyo.exe
O4 - HKLM\..\RunOnce: [msxw32.exe] C:\WINDOWS\system32\msxw32.exe
O4 - HKLM\..\RunOnce: [ntnl.exe] C:\WINDOWS\ntnl.exe
O4 - HKLM\..\RunOnce: [atlmb32.exe] C:\WINDOWS\atlmb32.exe
O4 - HKLM\..\RunOnce: [syskq32.exe] C:\WINDOWS\system32\syskq32.exe
O4 - HKLM\..\RunOnce: [winky.exe] C:\WINDOWS\system32\winky.exe
O4 - HKLM\..\RunOnce: [ietz.exe] C:\WINDOWS\ietz.exe
O4 - HKLM\..\RunOnce: [mfciw32.exe] C:\WINDOWS\system32\mfciw32.exe
O4 - HKLM\..\RunOnce: [ntyd32.exe] C:\WINDOWS\system32\ntyd32.exe
O4 - HKLM\..\RunOnce: [netth.exe] C:\WINDOWS\system32\netth.exe
O4 - HKLM\..\RunOnce: [winsx32.exe] C:\WINDOWS\system32\winsx32.exe
O4 - HKLM\..\RunOnce: [mfclw32.exe] C:\WINDOWS\system32\mfclw32.exe
O4 - HKLM\..\RunOnce: [apifh32.exe] C:\WINDOWS\system32\apifh32.exe
O4 - HKLM\..\RunOnce: [winjl32.exe] C:\WINDOWS\winjl32.exe
O4 - HKLM\..\RunOnce: [netex.exe] C:\WINDOWS\system32\netex.exe
O4 - HKLM\..\RunOnce: [atlib32.exe] C:\WINDOWS\system32\atlib32.exe
O4 - HKLM\..\RunOnce: [sysyq.exe] C:\WINDOWS\sysyq.exe
O4 - HKLM\..\RunOnce: [sdkxg32.exe] C:\WINDOWS\system32\sdkxg32.exe
O4 - HKLM\..\RunOnce: [apiwv32.exe] C:\WINDOWS\apiwv32.exe
O4 - HKLM\..\RunOnce: [netvd.exe] C:\WINDOWS\netvd.exe
O4 - HKLM\..\RunOnce: [apiee.exe] C:\WINDOWS\system32\apiee.exe
O4 - HKLM\..\RunOnce: [javaub.exe] C:\WINDOWS\javaub.exe
O4 - HKLM\..\RunOnce: [ntji32.exe] C:\WINDOWS\ntji32.exe
O4 - HKLM\..\RunOnce: [mfciv32.exe] C:\WINDOWS\system32\mfciv32.exe
O4 - HKLM\..\RunOnce: [apito.exe] C:\WINDOWS\apito.exe
O4 - HKLM\..\RunOnce: [sdkxk.exe] C:\WINDOWS\sdkxk.exe
O4 - HKLM\..\RunOnce: [mshl32.exe] C:\WINDOWS\mshl32.exe
O4 - HKLM\..\RunOnce: [wingt.exe] C:\WINDOWS\wingt.exe
O4 - HKLM\..\RunOnce: [mfccx32.exe] C:\WINDOWS\system32\mfccx32.exe
O4 - HKLM\..\RunOnce: [applx.exe] C:\WINDOWS\applx.exe
O4 - HKLM\..\RunOnce: [appfr32.exe] C:\WINDOWS\appfr32.exe
O4 - HKLM\..\RunOnce: [d3kn32.exe] C:\WINDOWS\d3kn32.exe
O4 - HKLM\..\RunOnce: [atlnz32.exe] C:\WINDOWS\atlnz32.exe
O4 - HKLM\..\RunOnce: [netsd.exe] C:\WINDOWS\system32\netsd.exe
O4 - HKLM\..\RunOnce: [netnu32.exe] C:\WINDOWS\netnu32.exe
O4 - HKLM\..\RunOnce: [iehg32.exe] C:\WINDOWS\system32\iehg32.exe
O4 - HKLM\..\RunOnce: [crqg.exe] C:\WINDOWS\system32\crqg.exe
O4 - HKLM\..\RunOnce: [crla32.exe] C:\WINDOWS\crla32.exe
O4 - HKLM\..\RunOnce: [netpw32.exe] C:\WINDOWS\netpw32.exe
O4 - HKLM\..\RunOnce: [d3si32.exe] C:\WINDOWS\d3si32.exe
O4 - HKLM\..\RunOnce: [sysxm.exe] C:\WINDOWS\system32\sysxm.exe
O4 - HKLM\..\RunOnce: [msym32.exe] C:\WINDOWS\msym32.exe
O4 - HKLM\..\RunOnce: [msmj32.exe] C:\WINDOWS\system32\msmj32.exe
O4 - HKLM\..\RunOnce: [iprf32.exe] C:\WINDOWS\system32\iprf32.exe
O4 - HKLM\..\RunOnce: [ieur32.exe] C:\WINDOWS\system32\ieur32.exe
O4 - HKLM\..\RunOnce: [addzv.exe] C:\WINDOWS\addzv.exe
O4 - HKLM\..\RunOnce: [javany.exe] C:\WINDOWS\system32\javany.exe
O4 - HKLM\..\RunOnce: [netjk.exe] C:\WINDOWS\system32\netjk.exe
O4 - HKLM\..\RunOnce: [d3yz32.exe] C:\WINDOWS\d3yz32.exe
O4 - HKLM\..\RunOnce: [winxh.exe] C:\WINDOWS\winxh.exe
O4 - HKLM\..\RunOnce: [mfctl32.exe] C:\WINDOWS\mfctl32.exe
O4 - HKLM\..\RunOnce: [addcl.exe] C:\WINDOWS\addcl.exe
O4 - HKLM\..\RunOnce: [addef32.exe] C:\WINDOWS\addef32.exe
O4 - HKLM\..\RunOnce: [d3bb32.exe] C:\WINDOWS\d3bb32.exe
O4 - HKLM\..\RunOnce: [appen32.exe] C:\WINDOWS\system32\appen32.exe
O4 - HKLM\..\RunOnce: [apijr.exe] C:\WINDOWS\system32\apijr.exe
O4 - HKLM\..\RunOnce: [mfcsr32.exe] C:\WINDOWS\system32\mfcsr32.exe
O4 - HKLM\..\RunOnce: [iemi.exe] C:\WINDOWS\system32\iemi.exe
O4 - HKLM\..\RunOnce: [apigu.exe] C:\WINDOWS\apigu.exe
O4 - HKLM\..\RunOnce: [atlvj.exe] C:\WINDOWS\atlvj.exe
O4 - HKLM\..\RunOnce: [iegc32.exe] C:\WINDOWS\iegc32.exe
O4 - HKLM\..\RunOnce: [sysrv.exe] C:\WINDOWS\system32\sysrv.exe
O4 - HKLM\..\RunOnce: [atlvr.exe] C:\WINDOWS\atlvr.exe
O4 - HKLM\..\RunOnce: [sdkko32.exe] C:\WINDOWS\system32\sdkko32.exe
O4 - HKLM\..\RunOnce: [msbv32.exe] C:\WINDOWS\system32\msbv32.exe
O4 - HKLM\..\RunOnce: [javaez.exe] C:\WINDOWS\system32\javaez.exe
O4 - HKLM\..\RunOnce: [apidp32.exe] C:\WINDOWS\system32\apidp32.exe
O4 - HKLM\..\RunOnce: [addte32.exe] C:\WINDOWS\addte32.exe
O4 - HKLM\..\RunOnce: [appbm.exe] C:\WINDOWS\appbm.exe
O4 - HKLM\..\RunOnce: [wincm.exe] C:\WINDOWS\system32\wincm.exe
O4 - HKLM\..\RunOnce: [netrk32.exe] C:\WINDOWS\netrk32.exe
O4 - HKLM\..\RunOnce: [javapr32.exe] C:\WINDOWS\javapr32.exe
O4 - HKLM\..\RunOnce: [appqx32.exe] C:\WINDOWS\system32\appqx32.exe
O4 - HKLM\..\RunOnce: [mfcji.exe] C:\WINDOWS\mfcji.exe
O4 - HKLM\..\RunOnce: [ieiy32.exe] C:\WINDOWS\system32\ieiy32.exe
O4 - HKLM\..\RunOnce: [javayn32.exe] C:\WINDOWS\javayn32.exe
O4 - HKLM\..\RunOnce: [crgv.exe] C:\WINDOWS\crgv.exe
O4 - HKLM\..\RunOnce: [syswt32.exe] C:\WINDOWS\syswt32.exe
O4 - HKLM\..\RunOnce: [atlua32.exe] C:\WINDOWS\atlua32.exe
O4 - HKLM\..\RunOnce: [addpe.exe] C:\WINDOWS\system32\addpe.exe
O4 - HKLM\..\RunOnce: [crou32.exe] C:\WINDOWS\system32\crou32.exe
O4 - HKLM\..\RunOnce: [ipfj32.exe] C:\WINDOWS\ipfj32.exe
O4 - HKLM\..\RunOnce: [ntnr.exe] C:\WINDOWS\system32\ntnr.exe
O4 - HKLM\..\RunOnce: [ipnr.exe] C:\WINDOWS\ipnr.exe
O4 - HKLM\..\RunOnce: [ipqj32.exe] C:\WINDOWS\ipqj32.exe
O4 - HKLM\..\RunOnce: [addvf32.exe] C:\WINDOWS\addvf32.exe
O4 - HKLM\..\RunOnce: [ntqr32.exe] C:\WINDOWS\ntqr32.exe
O4 - HKLM\..\RunOnce: [crvv.exe] C:\WINDOWS\system32\crvv.exe
O4 - HKLM\..\RunOnce: [sdkdv32.exe] C:\WINDOWS\sdkdv32.exe
O4 - HKLM\..\RunOnce: [sdkss32.exe] C:\WINDOWS\system32\sdkss32.exe
O4 - HKLM\..\RunOnce: [atlxw.exe] C:\WINDOWS\system32\atlxw.exe
O4 - HKLM\..\RunOnce: [winsa.exe] C:\WINDOWS\winsa.exe
O4 - HKLM\..\RunOnce: [sdkgx32.exe] C:\WINDOWS\sdkgx32.exe
O4 - HKLM\..\RunOnce: [ipbj.exe] C:\WINDOWS\ipbj.exe
O4 - HKLM\..\RunOnce: [d3gt.exe] C:\WINDOWS\d3gt.exe
O4 - HKLM\..\RunOnce: [apitx32.exe] C:\WINDOWS\apitx32.exe
O4 - HKLM\..\RunOnce: [ipei32.exe] C:\WINDOWS\ipei32.exe
O4 - HKLM\..\RunOnce: [addjf32.exe] C:\WINDOWS\system32\addjf32.exe
O4 - HKLM\..\RunOnce: [ipmq.exe] C:\WINDOWS\ipmq.exe
O4 - HKLM\..\RunOnce: [wings.exe] C:\WINDOWS\wings.exe
O4 - HKLM\..\RunOnce: [crfh32.exe] C:\WINDOWS\crfh32.exe
O4 - HKLM\..\RunOnce: [netep32.exe] C:\WINDOWS\netep32.exe
O4 - HKLM\..\RunOnce: [ipdf.exe] C:\WINDOWS\system32\ipdf.exe
O4 - HKLM\..\RunOnce: [netmf.exe] C:\WINDOWS\netmf.exe
O4 - HKLM\..\RunOnce: [msvl32.exe] C:\WINDOWS\msvl32.exe
O4 - HKLM\..\RunOnce: [sdkmb.exe] C:\WINDOWS\system32\sdkmb.exe
O4 - HKLM\..\RunOnce: [mfclr32.exe] C:\WINDOWS\system32\mfclr32.exe
O4 - HKLM\..\RunOnce: [winjy32.exe] C:\WINDOWS\winjy32.exe
O4 - HKLM\..\RunOnce: [winjo.exe] C:\WINDOWS\system32\winjo.exe
O4 - HKLM\..\RunOnce: [sysro.exe] C:\WINDOWS\sysro.exe
O4 - HKLM\..\RunOnce: [apihd32.exe] C:\WINDOWS\system32\apihd32.exe
O4 - HKLM\..\RunOnce: [ntxl32.exe] C:\WINDOWS\system32\ntxl32.exe
O4 - HKLM\..\RunOnce: [netsx.exe] C:\WINDOWS\netsx.exe
O4 - HKLM\..\RunOnce: [addrm32.exe] C:\WINDOWS\addrm32.exe
O4 - HKLM\..\RunOnce: [mspu32.exe] C:\WINDOWS\system32\mspu32.exe
O4 - HKLM\..\RunOnce: [crld.exe] C:\WINDOWS\system32\crld.exe
O4 - HKLM\..\RunOnce: [sysph32.exe] C:\WINDOWS\sysph32.exe
O4 - HKLM\..\RunOnce: [d3yi.exe] C:\WINDOWS\system32\d3yi.exe
O4 - HKLM\..\RunOnce: [msee32.exe] C:\WINDOWS\msee32.exe
O4 - HKLM\..\RunOnce: [d3tb32.exe] C:\WINDOWS\system32\d3tb32.exe
O4 - HKLM\..\RunOnce: [ipxy32.exe] C:\WINDOWS\system32\ipxy32.exe
O4 - HKLM\..\RunOnce: [mssj32.exe] C:\WINDOWS\system32\mssj32.exe
O4 - HKLM\..\RunOnce: [winfo.exe] C:\WINDOWS\winfo.exe
O4 - HKLM\..\RunOnce: [winzz32.exe] C:\WINDOWS\system32\winzz32.exe
O4 - HKLM\..\RunOnce: [apijy.exe] C:\WINDOWS\apijy.exe
O4 - HKLM\..\RunOnce: [iemx.exe] C:\WINDOWS\system32\iemx.exe
O4 - HKLM\..\RunOnce: [winxq32.exe] C:\WINDOWS\system32\winxq32.exe
O4 - HKLM\..\RunOnce: [mfcwf.exe] C:\WINDOWS\system32\mfcwf.exe
O4 - HKLM\..\RunOnce: [ntsb32.exe] C:\WINDOWS\ntsb32.exe
O4 - HKLM\..\RunOnce: [apibk.exe] C:\WINDOWS\system32\apibk.exe
O4 - HKLM\..\RunOnce: [winia32.exe] C:\WINDOWS\system32\winia32.exe
O4 - HKLM\..\RunOnce: [ntdb32.exe] C:\WINDOWS\system32\ntdb32.exe
O4 - HKLM\..\RunOnce: [mfctn.exe] C:\WINDOWS\mfctn.exe
O4 - HKLM\..\RunOnce: [adddo32.exe] C:\WINDOWS\system32\adddo32.exe
O4 - HKLM\..\RunOnce: [ntwq32.exe] C:\WINDOWS\ntwq32.exe
O4 - HKLM\..\RunOnce: [appuk.exe] C:\WINDOWS\appuk.exe
O4 - HKLM\..\RunOnce: [mscw32.exe] C:\WINDOWS\mscw32.exe
O4 - HKLM\..\RunOnce: [mfchc.exe] C:\WINDOWS\mfchc.exe
O4 - HKLM\..\RunOnce: [winla.exe] C:\WINDOWS\system32\winla.exe
O4 - HKLM\..\RunOnce: [ieep.exe] C:\WINDOWS\system32\ieep.exe
O4 - HKLM\..\RunOnce: [iesl.exe] C:\WINDOWS\iesl.exe
O4 - HKLM\..\RunOnce: [winwb32.exe] C:\WINDOWS\system32\winwb32.exe
O4 - HKLM\..\RunOnce: [addwj32.exe] C:\WINDOWS\addwj32.exe
O4 - HKLM\..\RunOnce: [netgj32.exe] C:\WINDOWS\system32\netgj32.exe
O4 - HKLM\..\RunOnce: [iefj.exe] C:\WINDOWS\iefj.exe
O4 - HKLM\..\RunOnce: [crjv.exe] C:\WINDOWS\system32\crjv.exe
O4 - HKLM\..\RunOnce: [addzk32.exe] C:\WINDOWS\addzk32.exe
O4 - HKLM\..\RunOnce: [netrj32.exe] C:\WINDOWS\system32\netrj32.exe
O4 - HKLM\..\RunOnce: [d3mv32.exe] C:\WINDOWS\system32\d3mv32.exe
O4 - HKLM\..\RunOnce: [sysrz.exe] C:\WINDOWS\sysrz.exe
O4 - HKLM\..\RunOnce: [iezz32.exe] C:\WINDOWS\system32\iezz32.exe
O4 - HKLM\..\RunOnce: [msgw.exe] C:\WINDOWS\msgw.exe
O4 - HKLM\..\RunOnce: [ieut.exe] C:\WINDOWS\ieut.exe
O4 - HKLM\..\RunOnce: [ipzp.exe] C:\WINDOWS\system32\ipzp.exe
O4 - HKLM\..\RunOnce: [sdkzm32.exe] C:\WINDOWS\system32\sdkzm32.exe
O4 - HKLM\..\RunOnce: [d3eq.exe] C:\WINDOWS\d3eq.exe
O4 - HKLM\..\RunOnce: [crer32.exe] C:\WINDOWS\system32\crer32.exe
O4 - HKLM\..\RunOnce: [javatn32.exe] C:\WINDOWS\javatn32.exe
O4 - HKLM\..\RunOnce: [atltd32.exe] C:\WINDOWS\system32\atltd32.exe
O4 - HKLM\..\RunOnce: [addae.exe] C:\WINDOWS\system32\addae.exe
O4 - HKLM\..\RunOnce: [winzy32.exe] C:\WINDOWS\system32\winzy32.exe
O4 - HKLM\..\RunOnce: [mfckp32.exe] C:\WINDOWS\mfckp32.exe
O4 - HKLM\..\RunOnce: [ieyr.exe] C:\WINDOWS\system32\ieyr.exe
O4 - HKLM\..\RunOnce: [atlev.exe] C:\WINDOWS\atlev.exe
O4 - HKLM\..\RunOnce: [iejx32.exe] C:\WINDOWS\iejx32.exe
O4 - HKLM\..\RunOnce: [apiei32.exe] C:\WINDOWS\system32\apiei32.exe
O4 - HKLM\..\RunOnce: [winjc32.exe] C:\WINDOWS\system32\winjc32.exe
O4 - HKLM\..\RunOnce: [mfcld.exe] C:\WINDOWS\system32\mfcld.exe
O4 - HKLM\..\RunOnce: [ierx32.exe] C:\WINDOWS\system32\ierx32.exe
O4 - HKLM\..\RunOnce: [netlg32.exe] C:\WINDOWS\netlg32.exe
O4 - HKLM\..\RunOnce: [cred32.exe] C:\WINDOWS\system32\cred32.exe
O4 - HKLM\..\RunOnce: [syssk32.exe] C:\WINDOWS\syssk32.exe
O4 - HKLM\..\RunOnce: [netnu.exe] C:\WINDOWS\system32\netnu.exe
O4 - HKLM\..\RunOnce: [msig32.exe] C:\WINDOWS\msig32.exe
O4 - HKLM\..\RunOnce: [netbz.exe] C:\WINDOWS\netbz.exe
O4 - HKLM\..\RunOnce: [iekh.exe] C:\WINDOWS\system32\iekh.exe
O4 - HKLM\..\RunOnce: [winjn32.exe] C:\WINDOWS\winjn32.exe
O4 - HKLM\..\RunOnce: [apitl32.exe] C:\WINDOWS\system32\apitl32.exe
O4 - HKLM\..\RunOnce: [crwx32.exe] C:\WINDOWS\system32\crwx32.exe
O4 - HKLM\..\RunOnce: [msnh32.exe] C:\WINDOWS\msnh32.exe
O4 - HKLM\..\RunOnce: [appaf32.exe] C:\WINDOWS\system32\appaf32.exe
O4 - HKLM\..\RunOnce: [crff.exe] C:\WINDOWS\system32\crff.exe
O4 - HKLM\..\RunOnce: [apikh32.exe] C:\WINDOWS\apikh32.exe
O4 - HKLM\..\RunOnce: [mfcli.exe] C:\WINDOWS\system32\mfcli.exe
O4 - HKLM\..\RunOnce: [javaix32.exe] C:\WINDOWS\javaix32.exe
O4 - HKLM\..\RunOnce: [mfcft32.exe] C:\WINDOWS\mfcft32.exe
O4 - HKLM\..\RunOnce: [apinh.exe] C:\WINDOWS\apinh.exe
O4 - HKLM\..\RunOnce: [msis.exe] C:\WINDOWS\msis.exe
O4 - HKLM\..\RunOnce: [ntdt32.exe] C:\WINDOWS\ntdt32.exe
O4 - HKLM\..\RunOnce: [ntra32.exe] C:\WINDOWS\ntra32.exe
O4 - HKLM\..\RunOnce: [appsr32.exe] C:\WINDOWS\system32\appsr32.exe
O4 - HKLM\..\RunOnce: [d3ta.exe] C:\WINDOWS\d3ta.exe
O4 - HKLM\..\RunOnce: [mfcyt.exe] C:\WINDOWS\system32\mfcyt.exe
O4 - HKLM\..\RunOnce: [addpj.exe] C:\WINDOWS\addpj.exe
O4 - HKLM\..\RunOnce: [apieh32.exe] C:\WINDOWS\apieh32.exe
O4 - HKLM\..\RunOnce: [sdkgi32.exe] C:\WINDOWS\system32\sdkgi32.exe
O4 - HKLM\..\RunOnce: [apptx32.exe] C:\WINDOWS\apptx32.exe
O4 - HKLM\..\RunOnce: [crgl32.exe] C:\WINDOWS\crgl32.exe
O4 - HKLM\..\RunOnce: [sdkxk32.exe] C:\WINDOWS\system32\sdkxk32.exe
O4 - HKLM\..\RunOnce: [iphg32.exe] C:\WINDOWS\iphg32.exe
O4 - HKLM\..\RunOnce: [addcv32.exe] C:\WINDOWS\system32\addcv32.exe
O4 - HKLM\..\RunOnce: [winoa.exe] C:\WINDOWS\winoa.exe
O4 - HKLM\..\RunOnce: [javani32.exe] C:\WINDOWS\javani32.exe
O4 - HKLM\..\RunOnce: [nttt.exe] C:\WINDOWS\nttt.exe
O4 - HKLM\..\RunOnce: [ipdx32.exe] C:\WINDOWS\system32\ipdx32.exe
O4 - HKLM\..\RunOnce: [crxq32.exe] C:\WINDOWS\crxq32.exe
O4 - HKLM\..\RunOnce: [apikk.exe] C:\WINDOWS\system32\apikk.exe
O4 - HKLM\..\RunOnce: [winoc32.exe] C:\WINDOWS\winoc32.exe
O4 - HKLM\..\RunOnce: [neted32.exe] C:\WINDOWS\neted32.exe
O4 - HKLM\..\RunOnce: [winjz32.exe] C:\WINDOWS\system32\winjz32.exe
O4 - HKLM\..\RunOnce: [netel32.exe] C:\WINDOWS\netel32.exe
O4 - HKLM\..\RunOnce: [addkn32.exe] C:\WINDOWS\addkn32.exe
O4 - HKLM\..\RunOnce: [appmp.exe] C:\WINDOWS\appmp.exe
O4 - HKLM\..\RunOnce: [mfclu32.exe] C:\WINDOWS\system32\mfclu32.exe
O4 - HKLM\..\RunOnce: [ipvh.exe] C:\WINDOWS\ipvh.exe
O4 - HKLM\..\RunOnce: [mslc.exe] C:\WINDOWS\mslc.exe
O4 - HKLM\..\RunOnce: [crud32.exe] C:\WINDOWS\crud32.exe
O4 - HKLM\..\RunOnce: [netzx.exe] C:\WINDOWS\system32\netzx.exe
O4 - HKLM\..\RunOnce: [appdj.exe] C:\WINDOWS\appdj.exe
O4 - HKLM\..\RunOnce: [msid32.exe] C:\WINDOWS\system32\msid32.exe
O4 - HKLM\..\RunOnce: [ntsy32.exe] C:\WINDOWS\system32\ntsy32.exe
O4 - HKLM\..\RunOnce: [ieiu.exe] C:\WINDOWS\ieiu.exe
O4 - HKLM\..\RunOnce: [atllp.exe] C:\WINDOWS\atllp.exe
O4 - HKLM\..\RunOnce: [ierr32.exe] C:\WINDOWS\ierr32.exe
O4 - HKLM\..\RunOnce: [msrt.exe] C:\WINDOWS\system32\msrt.exe
O4 - HKLM\..\RunOnce: [ipwn32.exe] C:\WINDOWS\ipwn32.exe
O4 - HKLM\..\RunOnce: [mfclf.exe] C:\WINDOWS\mfclf.exe
O4 - HKLM\..\RunOnce: [sdkvd32.exe] C:\WINDOWS\system32\sdkvd32.exe
O4 - HKLM\..\RunOnce: [winyp.exe] C:\WINDOWS\winyp.exe
O4 - HKLM\..\RunOnce: [javaej32.exe] C:\WINDOWS\javaej32.exe
O4 - HKLM\..\RunOnce: [mfcxc32.exe] C:\WINDOWS\mfcxc32.exe
O4 - HKLM\..\RunOnce: [sysce.exe] C:\WINDOWS\sysce.exe
O4 - HKLM\..\RunOnce: [ntbe32.exe] C:\WINDOWS\ntbe32.exe
O4 - HKLM\..\RunOnce: [msdg.exe] C:\WINDOWS\system32\msdg.exe
O4 - HKLM\..\RunOnce: [addhi.exe] C:\WINDOWS\addhi.exe
O4 - HKLM\..\RunOnce: [ierc.exe] C:\WINDOWS\ierc.exe
O4 - HKLM\..\RunOnce: [ntww32.exe] C:\WINDOWS\ntww32.exe
O4 - HKLM\..\RunOnce: [ntkt32.exe] C:\WINDOWS\system32\ntkt32.exe
O4 - HKLM\..\RunOnce: [javakh.exe] C:\WINDOWS\javakh.exe
O4 - HKLM\..\RunOnce: [mfcpb32.exe] C:\WINDOWS\system32\mfcpb32.exe
O4 - HKLM\..\RunOnce: [sysux32.exe] C:\WINDOWS\system32\sysux32.exe
O4 - HKLM\..\RunOnce: [javaza.exe] C:\WINDOWS\system32\javaza.exe
O4 - HKLM\..\RunOnce: [ntro32.exe] C:\WINDOWS\system32\ntro32.exe
O4 - HKLM\..\RunOnce: [javaru.exe] C:\WINDOWS\javaru.exe
O4 - HKLM\..\RunOnce: [apieo.exe] C:\WINDOWS\apieo.exe
O4 - HKLM\..\RunOnce: [sdkas.exe] C:\WINDOWS\system32\sdkas.exe
O4 - HKLM\..\RunOnce: [d3tt32.exe] C:\WINDOWS\d3tt32.exe
O4 - HKLM\..\RunOnce: [ntej32.exe] C:\WINDOWS\system32\ntej32.exe
O4 - HKLM\..\RunOnce: [appxa.exe] C:\WINDOWS\system32\appxa.exe
O4 - HKLM\..\RunOnce: [winvy.exe] C:\WINDOWS\system32\winvy.exe
O4 - HKLM\..\RunOnce: [javaaa.exe] C:\WINDOWS\system32\javaaa.exe
O4 - HKLM\..\RunOnce: [javamf32.exe] C:\WINDOWS\system32\javamf32.exe
O4 - HKLM\..\RunOnce: [mfcra.exe] C:\WINDOWS\system32\mfcra.exe
O4 - HKLM\..\RunOnce: [ntve32.exe] C:\WINDOWS\system32\ntve32.exe
O4 - HKLM\..\RunOnce: [atlag.exe] C:\WINDOWS\atlag.exe
O4 - HKLM\..\RunOnce: [iezv32.exe] C:\WINDOWS\iezv32.exe
O4 - HKLM\..\RunOnce: [ntnq32.exe] C:\WINDOWS\ntnq32.exe
O4 - HKLM\..\RunOnce: [crru.exe] C:\WINDOWS\system32\crru.exe
O4 - HKLM\..\RunOnce: [sysij32.exe] C:\WINDOWS\system32\sysij32.exe
O4 - HKLM\..\RunOnce: [javavm32.exe] C:\WINDOWS\javavm32.exe
O4 - HKLM\..\RunOnce: [crvu32.exe] C:\WINDOWS\crvu32.exe
O4 - HKLM\..\RunOnce: [apiaw.exe] C:\WINDOWS\apiaw.exe
O4 - HKLM\..\RunOnce: [apiuh32.exe] C:\WINDOWS\system32\apiuh32.exe
O4 - HKLM\..\RunOnce: [javabc.exe] C:\WINDOWS\system32\javabc.exe
O4 - HKLM\..\RunOnce: [apihq32.exe] C:\WINDOWS\apihq32.exe
O4 - HKLM\..\RunOnce: [ntlr32.exe] C:\WINDOWS\system32\ntlr32.exe
O4 - HKLM\..\RunOnce: [atlyl.exe] C:\WINDOWS\system32\atlyl.exe
O4 - HKLM\..\RunOnce: [apipt.exe] C:\WINDOWS\apipt.exe
O4 - HKLM\..\RunOnce: [wincd.exe] C:\WINDOWS\wincd.exe
O4 - HKLM\..\RunOnce: [crif32.exe] C:\WINDOWS\system32\crif32.exe
O4 - HKLM\..\RunOnce: [ipgn.exe] C:\WINDOWS\ipgn.exe
O4 - HKLM\..\RunOnce: [addlp32.exe] C:\WINDOWS\addlp32.exe
O4 - HKLM\..\RunOnce: [d3ke.exe] C:\WINDOWS\d3ke.exe
O4 - HKLM\..\RunOnce: [apiyb.exe] C:\WINDOWS\system32\apiyb.exe
O4 - HKLM\..\RunOnce: [windd.exe] C:\WINDOWS\windd.exe
O4 - HKLM\..\RunOnce: [ieee.exe] C:\WINDOWS\ieee.exe
O4 - HKLM\..\RunOnce: [sdkry32.exe] C:\WINDOWS\system32\sdkry32.exe
O4 - HKLM\..\RunOnce: [javaxc32.exe] C:\WINDOWS\system32\javaxc32.exe
O4 - HKLM\..\RunOnce: [javalz32.exe] C:\WINDOWS\javalz32.exe
O4 - HKLM\..\RunOnce: [d3ln.exe] C:\WINDOWS\system32\d3ln.exe
O4 - HKLM\..\RunOnce: [sdkau.exe] C:\WINDOWS\system32\sdkau.exe
O4 - HKLM\..\RunOnce: [sdkzo.exe] C:\WINDOWS\sdkzo.exe
O4 - HKLM\..\RunOnce: [javadz.exe] C:\WINDOWS\system32\javadz.exe
O4 - HKLM\..\RunOnce: [apiqt32.exe] C:\WINDOWS\system32\apiqt32.exe
O4 - HKLM\..\RunOnce: [d3xi.exe] C:\WINDOWS\system32\d3xi.exe
O4 - HKLM\..\RunOnce: [ipkk32.exe] C:\WINDOWS\ipkk32.exe
O4 - HKLM\..\RunOnce: [mseh.exe] C:\WINDOWS\system32\mseh.exe
O4 - HKLM\..\RunOnce: [ntyn.exe] C:\WINDOWS\ntyn.exe
O4 - HKLM\..\RunOnce: [netoc.exe] C:\WINDOWS\netoc.exe
O4 - HKLM\..\RunOnce: [wintw32.exe] C:\WINDOWS\wintw32.exe
O4 - HKLM\..\RunOnce: [sdkte32.exe] C:\WINDOWS\system32\sdkte32.exe
O4 - HKLM\..\RunOnce: [atlyy.exe] C:\WINDOWS\atlyy.exe
O4 - HKLM\..\RunOnce: [addwt.exe] C:\WINDOWS\addwt.exe
O4 - HKLM\..\RunOnce: [crvb.exe] C:\WINDOWS\crvb.exe
O4 - HKLM\..\RunOnce: [sysrf32.exe] C:\WINDOWS\sysrf32.exe
O4 - HKLM\..\RunOnce: [mfcvp32.exe] C:\WINDOWS\system32\mfcvp32.exe
O4 - HKLM\..\RunOnce: [sysjr.exe] C:\WINDOWS\system32\sysjr.exe
O4 - HKLM\..\RunOnce: [winte.exe] C:\WINDOWS\winte.exe
O4 - HKLM\..\RunOnce: [atlxz32.exe] C:\WINDOWS\atlxz32.exe
O4 - HKLM\..\RunOnce: [iexg.exe] C:\WINDOWS\iexg.exe
O4 - HKLM\..\RunOnce: [atltk32.exe] C:\WINDOWS\system32\atltk32.exe
O4 - HKLM\..\RunOnce: [msbo.exe] C:\WINDOWS\system32\msbo.exe
O4 - HKLM\..\RunOnce: [sdkfs.exe] C:\WINDOWS\sdkfs.exe
O4 - HKLM\..\RunOnce: [ntoy.exe] C:\WINDOWS\system32\ntoy.exe
O4 - HKLM\..\RunOnce: [atlng32.exe] C:\WINDOWS\system32\atlng32.exe
O4 - HKLM\..\RunOnce: [syslv32.exe] C:\WINDOWS\syslv32.exe
O4 - HKLM\..\RunOnce: [sysll32.exe] C:\WINDOWS\sysll32.exe
O4 - HKLM\..\RunOnce: [apikp32.exe] C:\WINDOWS\apikp32.exe
O4 - HKLM\..\RunOnce: [crbp32.exe] C:\WINDOWS\crbp32.exe
O4 - HKLM\..\RunOnce: [msgt.exe] C:\WINDOWS\system32\msgt.exe
O4 - HKLM\..\RunOnce: [d3hc32.exe] C:\WINDOWS\d3hc32.exe
O4 - HKLM\..\RunOnce: [crvr.exe] C:\WINDOWS\system32\crvr.exe
O4 - HKLM\..\RunOnce: [winum32.exe] C:\WINDOWS\system32\winum32.exe
O4 - HKLM\..\RunOnce: [apiem32.exe] C:\WINDOWS\apiem32.exe
O4 - HKLM\..\RunOnce: [msdm32.exe] C:\WINDOWS\system32\msdm32.exe
O4 - HKLM\..\RunOnce: [mfcgy32.exe] C:\WINDOWS\mfcgy32.exe
O4 - HKLM\..\RunOnce: [iplc.exe] C:\WINDOWS\iplc.exe
O4 - HKLM\..\RunOnce: [winty32.exe] C:\WINDOWS\winty32.exe
O4 - HKLM\..\RunOnce: [netpk32.exe] C:\WINDOWS\netpk32.exe
O4 - HKLM\..\RunOnce: [ntcp32.exe] C:\WINDOWS\ntcp32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O23 - Service: Network Security Service (NSS) ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\addae.exe" /s (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

some symptoms are loss of homepage and search page, and popups. i belive the browser hijack is quick web search.
  • 0

#4
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Here's a fix I borrowed from Miekiemoes: :tazz:

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

Download AboutBuster.
Unzip AboutBuster in an own folder such as C:\AboutBuster.
Start AboutBuster.exe. Click OK, Update, Check For Update and download the updates if present.
Close aboutbuster now, because you may not run it yet, that's for later.
If You are getting an error when updating, please let me know first before you proceed with the next steps.

* Download and install Download - HomePage
Do not use it yet.

* Download CWShredder. Don't let it run yet!

* Download this regfix: HSfix
Unzip it and place it on your desktop, don't use it yet!

* Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

First, we will make your hidden files and folders visible.
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide file extensions for known file types.
* Click Yes to confirm.
* Click OK.

We also need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes.

Open Microsoft AntiSpyware.
Click on Tools, Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck: Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck: Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

open notepad and copy and paste next bold in it:
(do not forget to copy and paste REGEDIT4 in it!)

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


Save this as fix.reg , choose to save as *all files and place it on your desktop.

*Please reboot your system into SAFE MODE.
To get into the Windows XP Safe mode as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu". Use your arrow keys to move to "Safe Mode" and press your Enter key.

Doubleclick on fix.reg you made before and when it asks you if you want to add the contents to the registry, click yes/ok

*Start hijackthis and click scan and put a checkmark next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xlehe.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xlehe.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\xlehe.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xlehe.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xlehe.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xlehe.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xlehe.dll/sp.html#37049

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {6346C5AD-FF9C-DA8A-986F-964A6CD08962} - C:\WINDOWS\wintw32.dll

O2 - BHO: Class - {DD4FB04F-8E1A-6818-993B-3C489CB8A5FF} - C:\WINDOWS\system32\javakr32.dll
O2 - BHO: Class - {F52B4B29-EAA0-A4B2-3FF3-0A8EE5DB6566} - C:\WINDOWS\system32\msym.dll

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [ipkt32.exe] C:\WINDOWS\system32\ipkt32.exe
O4 - HKLM\..\Run: [atlht.exe] C:\WINDOWS\atlht.exe
O4 - HKLM\..\Run: [crly32.exe] C:\WINDOWS\crly32.exe
O4 - HKLM\..\Run: [javatq32.exe] C:\WINDOWS\javatq32.exe
O4 - HKLM\..\RunOnce: [addgo.exe] C:\WINDOWS\addgo.exe
O4 - HKLM\..\RunOnce: [addjg32.exe] C:\WINDOWS\addjg32.exe
O4 - HKLM\..\RunOnce: [crnc32.exe] C:\WINDOWS\crnc32.exe
O4 - HKLM\..\RunOnce: [appjo32.exe] C:\WINDOWS\appjo32.exe
O4 - HKLM\..\RunOnce: [apins.exe] C:\WINDOWS\system32\apins.exe
O4 - HKLM\..\RunOnce: [mshl.exe] C:\WINDOWS\system32\mshl.exe
O4 - HKLM\..\RunOnce: [javalx.exe] C:\WINDOWS\system32\javalx.exe
O4 - HKLM\..\RunOnce: [atlzu32.exe] C:\WINDOWS\system32\atlzu32.exe
O4 - HKLM\..\RunOnce: [addug.exe] C:\WINDOWS\addug.exe
O4 - HKLM\..\RunOnce: [sysyh32.exe] C:\WINDOWS\system32\sysyh32.exe
O4 - HKLM\..\RunOnce: [ipsb32.exe] C:\WINDOWS\system32\ipsb32.exe
O4 - HKLM\..\RunOnce: [atliq32.exe] C:\WINDOWS\atliq32.exe
O4 - HKLM\..\RunOnce: [mfcqg.exe] C:\WINDOWS\mfcqg.exe
O4 - HKLM\..\RunOnce: [atlqh.exe] C:\WINDOWS\system32\atlqh.exe
O4 - HKLM\..\RunOnce: [ntgw32.exe] C:\WINDOWS\ntgw32.exe
O4 - HKLM\..\RunOnce: [d3ed32.exe] C:\WINDOWS\system32\d3ed32.exe
O4 - HKLM\..\RunOnce: [javazp.exe] C:\WINDOWS\system32\javazp.exe
O4 - HKLM\..\RunOnce: [sysdz.exe] C:\WINDOWS\system32\sysdz.exe
O4 - HKLM\..\RunOnce: [ntrv32.exe] C:\WINDOWS\ntrv32.exe
O4 - HKLM\..\RunOnce: [javaco32.exe] C:\WINDOWS\system32\javaco32.exe
O4 - HKLM\..\RunOnce: [mfchl32.exe] C:\WINDOWS\system32\mfchl32.exe
O4 - HKLM\..\RunOnce: [javakw.exe] C:\WINDOWS\javakw.exe
O4 - HKLM\..\RunOnce: [ipgi32.exe] C:\WINDOWS\ipgi32.exe
O4 - HKLM\..\RunOnce: [atleq.exe] C:\WINDOWS\system32\atleq.exe
O4 - HKLM\..\RunOnce: [iedg32.exe] C:\WINDOWS\system32\iedg32.exe
O4 - HKLM\..\RunOnce: [sdkcv32.exe] C:\WINDOWS\sdkcv32.exe
O4 - HKLM\..\RunOnce: [javabd.exe] C:\WINDOWS\system32\javabd.exe
O4 - HKLM\..\RunOnce: [sdkcl.exe] C:\WINDOWS\sdkcl.exe
O4 - HKLM\..\RunOnce: [syszb32.exe] C:\WINDOWS\system32\syszb32.exe
O4 - HKLM\..\RunOnce: [appqi32.exe] C:\WINDOWS\appqi32.exe
O4 - HKLM\..\RunOnce: [crqo32.exe] C:\WINDOWS\crqo32.exe
O4 - HKLM\..\RunOnce: [ieov32.exe] C:\WINDOWS\system32\ieov32.exe
O4 - HKLM\..\RunOnce: [d3kz.exe] C:\WINDOWS\system32\d3kz.exe
O4 - HKLM\..\RunOnce: [ipjp32.exe] C:\WINDOWS\system32\ipjp32.exe
O4 - HKLM\..\RunOnce: [atlhm.exe] C:\WINDOWS\atlhm.exe
O4 - HKLM\..\RunOnce: [apphm.exe] C:\WINDOWS\system32\apphm.exe
O4 - HKLM\..\RunOnce: [ntfk32.exe] C:\WINDOWS\ntfk32.exe
O4 - HKLM\..\RunOnce: [crvr32.exe] C:\WINDOWS\crvr32.exe
O4 - HKLM\..\RunOnce: [sdkqv.exe] C:\WINDOWS\sdkqv.exe
O4 - HKLM\..\RunOnce: [mfcpk32.exe] C:\WINDOWS\mfcpk32.exe
O4 - HKLM\..\RunOnce: [winna32.exe] C:\WINDOWS\system32\winna32.exe
O4 - HKLM\..\RunOnce: [addni.exe] C:\WINDOWS\system32\addni.exe
O4 - HKLM\..\RunOnce: [syswi.exe] C:\WINDOWS\syswi.exe
O4 - HKLM\..\RunOnce: [apilf32.exe] C:\WINDOWS\system32\apilf32.exe
O4 - HKLM\..\RunOnce: [javavw32.exe] C:\WINDOWS\javavw32.exe
O4 - HKLM\..\RunOnce: [atldu.exe] C:\WINDOWS\atldu.exe
O4 - HKLM\..\RunOnce: [appeu32.exe] C:\WINDOWS\system32\appeu32.exe
O4 - HKLM\..\RunOnce: [addsr.exe] C:\WINDOWS\addsr.exe
O4 - HKLM\..\RunOnce: [ntbr.exe] C:\WINDOWS\ntbr.exe
O4 - HKLM\..\RunOnce: [winvd.exe] C:\WINDOWS\system32\winvd.exe
O4 - HKLM\..\RunOnce: [msls.exe] C:\WINDOWS\system32\msls.exe
O4 - HKLM\..\RunOnce: [ntvl32.exe] C:\WINDOWS\ntvl32.exe
O4 - HKLM\..\RunOnce: [javahw.exe] C:\WINDOWS\system32\javahw.exe
O4 - HKLM\..\RunOnce: [iela.exe] C:\WINDOWS\system32\iela.exe
O4 - HKLM\..\RunOnce: [appvb32.exe] C:\WINDOWS\appvb32.exe
O4 - HKLM\..\RunOnce: [apiti.exe] C:\WINDOWS\apiti.exe
O4 - HKLM\..\RunOnce: [addkv.exe] C:\WINDOWS\system32\addkv.exe
O4 - HKLM\..\RunOnce: [apioz32.exe] C:\WINDOWS\apioz32.exe
O4 - HKLM\..\RunOnce: [atlya.exe] C:\WINDOWS\atlya.exe
O4 - HKLM\..\RunOnce: [atldx32.exe] C:\WINDOWS\atldx32.exe
O4 - HKLM\..\RunOnce: [atlst32.exe] C:\WINDOWS\system32\atlst32.exe
O4 - HKLM\..\RunOnce: [msxq32.exe] C:\WINDOWS\system32\msxq32.exe
O4 - HKLM\..\RunOnce: [d3ul.exe] C:\WINDOWS\system32\d3ul.exe
O4 - HKLM\..\RunOnce: [apilt32.exe] C:\WINDOWS\system32\apilt32.exe
O4 - HKLM\..\RunOnce: [d3ah.exe] C:\WINDOWS\d3ah.exe
O4 - HKLM\..\RunOnce: [iezp32.exe] C:\WINDOWS\system32\iezp32.exe
O4 - HKLM\..\RunOnce: [ntsi32.exe] C:\WINDOWS\ntsi32.exe
O4 - HKLM\..\RunOnce: [sdksy32.exe] C:\WINDOWS\sdksy32.exe
O4 - HKLM\..\RunOnce: [iecr32.exe] C:\WINDOWS\system32\iecr32.exe
O4 - HKLM\..\RunOnce: [netcz32.exe] C:\WINDOWS\netcz32.exe
O4 - HKLM\..\RunOnce: [msfl32.exe] C:\WINDOWS\system32\msfl32.exe
O4 - HKLM\..\RunOnce: [javapj32.exe] C:\WINDOWS\system32\javapj32.exe
O4 - HKLM\..\RunOnce: [netny.exe] C:\WINDOWS\netny.exe
O4 - HKLM\..\RunOnce: [addmo32.exe] C:\WINDOWS\addmo32.exe
O4 - HKLM\..\RunOnce: [msce32.exe] C:\WINDOWS\system32\msce32.exe
O4 - HKLM\..\RunOnce: [mscm.exe] C:\WINDOWS\mscm.exe
O4 - HKLM\..\RunOnce: [d3lm.exe] C:\WINDOWS\system32\d3lm.exe
O4 - HKLM\..\RunOnce: [appaj32.exe] C:\WINDOWS\appaj32.exe
O4 - HKLM\..\RunOnce: [apiqq32.exe] C:\WINDOWS\apiqq32.exe
O4 - HKLM\..\RunOnce: [msax.exe] C:\WINDOWS\msax.exe
O4 - HKLM\..\RunOnce: [addeb.exe] C:\WINDOWS\system32\addeb.exe
O4 - HKLM\..\RunOnce: [mfcou32.exe] C:\WINDOWS\mfcou32.exe
O4 - HKLM\..\RunOnce: [ntmb.exe] C:\WINDOWS\ntmb.exe
O4 - HKLM\..\RunOnce: [d3if32.exe] C:\WINDOWS\system32\d3if32.exe
O4 - HKLM\..\RunOnce: [sdksg.exe] C:\WINDOWS\sdksg.exe
O4 - HKLM\..\RunOnce: [javagc32.exe] C:\WINDOWS\system32\javagc32.exe
O4 - HKLM\..\RunOnce: [sdkuz32.exe] C:\WINDOWS\sdkuz32.exe
O4 - HKLM\..\RunOnce: [mfczv32.exe] C:\WINDOWS\mfczv32.exe
O4 - HKLM\..\RunOnce: [javauh32.exe] C:\WINDOWS\javauh32.exe
O4 - HKLM\..\RunOnce: [nten32.exe] C:\WINDOWS\system32\nten32.exe
O4 - HKLM\..\RunOnce: [mfccd.exe] C:\WINDOWS\mfccd.exe
O4 - HKLM\..\RunOnce: [iebl32.exe] C:\WINDOWS\iebl32.exe
O4 - HKLM\..\RunOnce: [javara32.exe] C:\WINDOWS\system32\javara32.exe
O4 - HKLM\..\RunOnce: [crzq.exe] C:\WINDOWS\system32\crzq.exe
O4 - HKLM\..\RunOnce: [javaaq.exe] C:\WINDOWS\javaaq.exe
O4 - HKLM\..\RunOnce: [syspg.exe] C:\WINDOWS\system32\syspg.exe
O4 - HKLM\..\RunOnce: [msfv32.exe] C:\WINDOWS\system32\msfv32.exe
O4 - HKLM\..\RunOnce: [ieyg.exe] C:\WINDOWS\ieyg.exe
O4 - HKLM\..\RunOnce: [appck32.exe] C:\WINDOWS\appck32.exe
O4 - HKLM\..\RunOnce: [javarn32.exe] C:\WINDOWS\javarn32.exe
O4 - HKLM\..\RunOnce: [ntmq.exe] C:\WINDOWS\system32\ntmq.exe
O4 - HKLM\..\RunOnce: [atllg32.exe] C:\WINDOWS\system32\atllg32.exe
O4 - HKLM\..\RunOnce: [sysjv.exe] C:\WINDOWS\sysjv.exe
O4 - HKLM\..\RunOnce: [sdkil32.exe] C:\WINDOWS\sdkil32.exe
O4 - HKLM\..\RunOnce: [apiyt32.exe] C:\WINDOWS\system32\apiyt32.exe
O4 - HKLM\..\RunOnce: [netgj.exe] C:\WINDOWS\netgj.exe
O4 - HKLM\..\RunOnce: [atlum32.exe] C:\WINDOWS\atlum32.exe
O4 - HKLM\..\RunOnce: [appij.exe] C:\WINDOWS\system32\appij.exe
O4 - HKLM\..\RunOnce: [d3dy32.exe] C:\WINDOWS\system32\d3dy32.exe
O4 - HKLM\..\RunOnce: [apidg.exe] C:\WINDOWS\system32\apidg.exe
O4 - HKLM\..\RunOnce: [addhs.exe] C:\WINDOWS\system32\addhs.exe
O4 - HKLM\..\RunOnce: [ipwh32.exe] C:\WINDOWS\ipwh32.exe
O4 - HKLM\..\RunOnce: [crmp.exe] C:\WINDOWS\crmp.exe
O4 - HKLM\..\RunOnce: [sdkvn.exe] C:\WINDOWS\system32\sdkvn.exe
O4 - HKLM\..\RunOnce: [mfcuc32.exe] C:\WINDOWS\system32\mfcuc32.exe
O4 - HKLM\..\RunOnce: [appyo.exe] C:\WINDOWS\system32\appyo.exe
O4 - HKLM\..\RunOnce: [msxw32.exe] C:\WINDOWS\system32\msxw32.exe
O4 - HKLM\..\RunOnce: [ntnl.exe] C:\WINDOWS\ntnl.exe
O4 - HKLM\..\RunOnce: [atlmb32.exe] C:\WINDOWS\atlmb32.exe
O4 - HKLM\..\RunOnce: [syskq32.exe] C:\WINDOWS\system32\syskq32.exe
O4 - HKLM\..\RunOnce: [winky.exe] C:\WINDOWS\system32\winky.exe
O4 - HKLM\..\RunOnce: [ietz.exe] C:\WINDOWS\ietz.exe
O4 - HKLM\..\RunOnce: [mfciw32.exe] C:\WINDOWS\system32\mfciw32.exe
O4 - HKLM\..\RunOnce: [ntyd32.exe] C:\WINDOWS\system32\ntyd32.exe
O4 - HKLM\..\RunOnce: [netth.exe] C:\WINDOWS\system32\netth.exe
O4 - HKLM\..\RunOnce: [winsx32.exe] C:\WINDOWS\system32\winsx32.exe
O4 - HKLM\..\RunOnce: [mfclw32.exe] C:\WINDOWS\system32\mfclw32.exe
O4 - HKLM\..\RunOnce: [apifh32.exe] C:\WINDOWS\system32\apifh32.exe
O4 - HKLM\..\RunOnce: [winjl32.exe] C:\WINDOWS\winjl32.exe
O4 - HKLM\..\RunOnce: [netex.exe] C:\WINDOWS\system32\netex.exe
O4 - HKLM\..\RunOnce: [atlib32.exe] C:\WINDOWS\system32\atlib32.exe
O4 - HKLM\..\RunOnce: [sysyq.exe] C:\WINDOWS\sysyq.exe
O4 - HKLM\..\RunOnce: [sdkxg32.exe] C:\WINDOWS\system32\sdkxg32.exe
O4 - HKLM\..\RunOnce: [apiwv32.exe] C:\WINDOWS\apiwv32.exe
O4 - HKLM\..\RunOnce: [netvd.exe] C:\WINDOWS\netvd.exe
O4 - HKLM\..\RunOnce: [apiee.exe] C:\WINDOWS\system32\apiee.exe
O4 - HKLM\..\RunOnce: [javaub.exe] C:\WINDOWS\javaub.exe
O4 - HKLM\..\RunOnce: [ntji32.exe] C:\WINDOWS\ntji32.exe
O4 - HKLM\..\RunOnce: [mfciv32.exe] C:\WINDOWS\system32\mfciv32.exe
O4 - HKLM\..\RunOnce: [apito.exe] C:\WINDOWS\apito.exe
O4 - HKLM\..\RunOnce: [sdkxk.exe] C:\WINDOWS\sdkxk.exe
O4 - HKLM\..\RunOnce: [mshl32.exe] C:\WINDOWS\mshl32.exe
O4 - HKLM\..\RunOnce: [wingt.exe] C:\WINDOWS\wingt.exe
O4 - HKLM\..\RunOnce: [mfccx32.exe] C:\WINDOWS\system32\mfccx32.exe
O4 - HKLM\..\RunOnce: [applx.exe] C:\WINDOWS\applx.exe
O4 - HKLM\..\RunOnce: [appfr32.exe] C:\WINDOWS\appfr32.exe
O4 - HKLM\..\RunOnce: [d3kn32.exe] C:\WINDOWS\d3kn32.exe
O4 - HKLM\..\RunOnce: [atlnz32.exe] C:\WINDOWS\atlnz32.exe
O4 - HKLM\..\RunOnce: [netsd.exe] C:\WINDOWS\system32\netsd.exe
O4 - HKLM\..\RunOnce: [netnu32.exe] C:\WINDOWS\netnu32.exe
O4 - HKLM\..\RunOnce: [iehg32.exe] C:\WINDOWS\system32\iehg32.exe
O4 - HKLM\..\RunOnce: [crqg.exe] C:\WINDOWS\system32\crqg.exe
O4 - HKLM\..\RunOnce: [crla32.exe] C:\WINDOWS\crla32.exe
O4 - HKLM\..\RunOnce: [netpw32.exe] C:\WINDOWS\netpw32.exe
O4 - HKLM\..\RunOnce: [d3si32.exe] C:\WINDOWS\d3si32.exe
O4 - HKLM\..\RunOnce: [sysxm.exe] C:\WINDOWS\system32\sysxm.exe
O4 - HKLM\..\RunOnce: [msym32.exe] C:\WINDOWS\msym32.exe
O4 - HKLM\..\RunOnce: [msmj32.exe] C:\WINDOWS\system32\msmj32.exe
O4 - HKLM\..\RunOnce: [iprf32.exe] C:\WINDOWS\system32\iprf32.exe
O4 - HKLM\..\RunOnce: [ieur32.exe] C:\WINDOWS\system32\ieur32.exe
O4 - HKLM\..\RunOnce: [addzv.exe] C:\WINDOWS\addzv.exe
O4 - HKLM\..\RunOnce: [javany.exe] C:\WINDOWS\system32\javany.exe
O4 - HKLM\..\RunOnce: [netjk.exe] C:\WINDOWS\system32\netjk.exe
O4 - HKLM\..\RunOnce: [d3yz32.exe] C:\WINDOWS\d3yz32.exe
O4 - HKLM\..\RunOnce: [winxh.exe] C:\WINDOWS\winxh.exe
O4 - HKLM\..\RunOnce: [mfctl32.exe] C:\WINDOWS\mfctl32.exe
O4 - HKLM\..\RunOnce: [addcl.exe] C:\WINDOWS\addcl.exe
O4 - HKLM\..\RunOnce: [addef32.exe] C:\WINDOWS\addef32.exe
O4 - HKLM\..\RunOnce: [d3bb32.exe] C:\WINDOWS\d3bb32.exe
O4 - HKLM\..\RunOnce: [appen32.exe] C:\WINDOWS\system32\appen32.exe
O4 - HKLM\..\RunOnce: [apijr.exe] C:\WINDOWS\system32\apijr.exe
O4 - HKLM\..\RunOnce: [mfcsr32.exe] C:\WINDOWS\system32\mfcsr32.exe
O4 - HKLM\..\RunOnce: [iemi.exe] C:\WINDOWS\system32\iemi.exe
O4 - HKLM\..\RunOnce: [apigu.exe] C:\WINDOWS\apigu.exe
O4 - HKLM\..\RunOnce: [atlvj.exe] C:\WINDOWS\atlvj.exe
O4 - HKLM\..\RunOnce: [iegc32.exe] C:\WINDOWS\iegc32.exe
O4 - HKLM\..\RunOnce: [sysrv.exe] C:\WINDOWS\system32\sysrv.exe
O4 - HKLM\..\RunOnce: [atlvr.exe] C:\WINDOWS\atlvr.exe
O4 - HKLM\..\RunOnce: [sdkko32.exe] C:\WINDOWS\system32\sdkko32.exe
O4 - HKLM\..\RunOnce: [msbv32.exe] C:\WINDOWS\system32\msbv32.exe
O4 - HKLM\..\RunOnce: [javaez.exe] C:\WINDOWS\system32\javaez.exe
O4 - HKLM\..\RunOnce: [apidp32.exe] C:\WINDOWS\system32\apidp32.exe
O4 - HKLM\..\RunOnce: [addte32.exe] C:\WINDOWS\addte32.exe
O4 - HKLM\..\RunOnce: [appbm.exe] C:\WINDOWS\appbm.exe
O4 - HKLM\..\RunOnce: [wincm.exe] C:\WINDOWS\system32\wincm.exe
O4 - HKLM\..\RunOnce: [netrk32.exe] C:\WINDOWS\netrk32.exe
O4 - HKLM\..\RunOnce: [javapr32.exe] C:\WINDOWS\javapr32.exe
O4 - HKLM\..\RunOnce: [appqx32.exe] C:\WINDOWS\system32\appqx32.exe
O4 - HKLM\..\RunOnce: [mfcji.exe] C:\WINDOWS\mfcji.exe
O4 - HKLM\..\RunOnce: [ieiy32.exe] C:\WINDOWS\system32\ieiy32.exe
O4 - HKLM\..\RunOnce: [javayn32.exe] C:\WINDOWS\javayn32.exe
O4 - HKLM\..\RunOnce: [crgv.exe] C:\WINDOWS\crgv.exe
O4 - HKLM\..\RunOnce: [syswt32.exe] C:\WINDOWS\syswt32.exe
O4 - HKLM\..\RunOnce: [atlua32.exe] C:\WINDOWS\atlua32.exe
O4 - HKLM\..\RunOnce: [addpe.exe] C:\WINDOWS\system32\addpe.exe
O4 - HKLM\..\RunOnce: [crou32.exe] C:\WINDOWS\system32\crou32.exe
O4 - HKLM\..\RunOnce: [ipfj32.exe] C:\WINDOWS\ipfj32.exe
O4 - HKLM\..\RunOnce: [ntnr.exe] C:\WINDOWS\system32\ntnr.exe
O4 - HKLM\..\RunOnce: [ipnr.exe] C:\WINDOWS\ipnr.exe
O4 - HKLM\..\RunOnce: [ipqj32.exe] C:\WINDOWS\ipqj32.exe
O4 - HKLM\..\RunOnce: [addvf32.exe] C:\WINDOWS\addvf32.exe
O4 - HKLM\..\RunOnce: [ntqr32.exe] C:\WINDOWS\ntqr32.exe
O4 - HKLM\..\RunOnce: [crvv.exe] C:\WINDOWS\system32\crvv.exe
O4 - HKLM\..\RunOnce: [sdkdv32.exe] C:\WINDOWS\sdkdv32.exe
O4 - HKLM\..\RunOnce: [sdkss32.exe] C:\WINDOWS\system32\sdkss32.exe
O4 - HKLM\..\RunOnce: [atlxw.exe] C:\WINDOWS\system32\atlxw.exe
O4 - HKLM\..\RunOnce: [winsa.exe] C:\WINDOWS\winsa.exe
O4 - HKLM\..\RunOnce: [sdkgx32.exe] C:\WINDOWS\sdkgx32.exe
O4 - HKLM\..\RunOnce: [ipbj.exe] C:\WINDOWS\ipbj.exe
O4 - HKLM\..\RunOnce: [d3gt.exe] C:\WINDOWS\d3gt.exe
O4 - HKLM\..\RunOnce: [apitx32.exe] C:\WINDOWS\apitx32.exe
O4 - HKLM\..\RunOnce: [ipei32.exe] C:\WINDOWS\ipei32.exe
O4 - HKLM\..\RunOnce: [addjf32.exe] C:\WINDOWS\system32\addjf32.exe
O4 - HKLM\..\RunOnce: [ipmq.exe] C:\WINDOWS\ipmq.exe
O4 - HKLM\..\RunOnce: [wings.exe] C:\WINDOWS\wings.exe
O4 - HKLM\..\RunOnce: [crfh32.exe] C:\WINDOWS\crfh32.exe
O4 - HKLM\..\RunOnce: [netep32.exe] C:\WINDOWS\netep32.exe
O4 - HKLM\..\RunOnce: [ipdf.exe] C:\WINDOWS\system32\ipdf.exe
O4 - HKLM\..\RunOnce: [netmf.exe] C:\WINDOWS\netmf.exe
O4 - HKLM\..\RunOnce: [msvl32.exe] C:\WINDOWS\msvl32.exe
O4 - HKLM\..\RunOnce: [sdkmb.exe] C:\WINDOWS\system32\sdkmb.exe
O4 - HKLM\..\RunOnce: [mfclr32.exe] C:\WINDOWS\system32\mfclr32.exe
O4 - HKLM\..\RunOnce: [winjy32.exe] C:\WINDOWS\winjy32.exe
O4 - HKLM\..\RunOnce: [winjo.exe] C:\WINDOWS\system32\winjo.exe
O4 - HKLM\..\RunOnce: [sysro.exe] C:\WINDOWS\sysro.exe
O4 - HKLM\..\RunOnce: [apihd32.exe] C:\WINDOWS\system32\apihd32.exe
O4 - HKLM\..\RunOnce: [ntxl32.exe] C:\WINDOWS\system32\ntxl32.exe
O4 - HKLM\..\RunOnce: [netsx.exe] C:\WINDOWS\netsx.exe
O4 - HKLM\..\RunOnce: [addrm32.exe] C:\WINDOWS\addrm32.exe
O4 - HKLM\..\RunOnce: [mspu32.exe] C:\WINDOWS\system32\mspu32.exe
O4 - HKLM\..\RunOnce: [crld.exe] C:\WINDOWS\system32\crld.exe
O4 - HKLM\..\RunOnce: [sysph32.exe] C:\WINDOWS\sysph32.exe
O4 - HKLM\..\RunOnce: [d3yi.exe] C:\WINDOWS\system32\d3yi.exe
O4 - HKLM\..\RunOnce: [msee32.exe] C:\WINDOWS\msee32.exe
O4 - HKLM\..\RunOnce: [d3tb32.exe] C:\WINDOWS\system32\d3tb32.exe
O4 - HKLM\..\RunOnce: [ipxy32.exe] C:\WINDOWS\system32\ipxy32.exe
O4 - HKLM\..\RunOnce: [mssj32.exe] C:\WINDOWS\system32\mssj32.exe
O4 - HKLM\..\RunOnce: [winfo.exe] C:\WINDOWS\winfo.exe
O4 - HKLM\..\RunOnce: [winzz32.exe] C:\WINDOWS\system32\winzz32.exe
O4 - HKLM\..\RunOnce: [apijy.exe] C:\WINDOWS\apijy.exe
O4 - HKLM\..\RunOnce: [iemx.exe] C:\WINDOWS\system32\iemx.exe
O4 - HKLM\..\RunOnce: [winxq32.exe] C:\WINDOWS\system32\winxq32.exe
O4 - HKLM\..\RunOnce: [mfcwf.exe] C:\WINDOWS\system32\mfcwf.exe
O4 - HKLM\..\RunOnce: [ntsb32.exe] C:\WINDOWS\ntsb32.exe
O4 - HKLM\..\RunOnce: [apibk.exe] C:\WINDOWS\system32\apibk.exe
O4 - HKLM\..\RunOnce: [winia32.exe] C:\WINDOWS\system32\winia32.exe
O4 - HKLM\..\RunOnce: [ntdb32.exe] C:\WINDOWS\system32\ntdb32.exe
O4 - HKLM\..\RunOnce: [mfctn.exe] C:\WINDOWS\mfctn.exe
O4 - HKLM\..\RunOnce: [adddo32.exe] C:\WINDOWS\system32\adddo32.exe
O4 - HKLM\..\RunOnce: [ntwq32.exe] C:\WINDOWS\ntwq32.exe
O4 - HKLM\..\RunOnce: [appuk.exe] C:\WINDOWS\appuk.exe
O4 - HKLM\..\RunOnce: [mscw32.exe] C:\WINDOWS\mscw32.exe
O4 - HKLM\..\RunOnce: [mfchc.exe] C:\WINDOWS\mfchc.exe
O4 - HKLM\..\RunOnce: [winla.exe] C:\WINDOWS\system32\winla.exe
O4 - HKLM\..\RunOnce: [ieep.exe] C:\WINDOWS\system32\ieep.exe
O4 - HKLM\..\RunOnce: [iesl.exe] C:\WINDOWS\iesl.exe
O4 - HKLM\..\RunOnce: [winwb32.exe] C:\WINDOWS\system32\winwb32.exe
O4 - HKLM\..\RunOnce: [addwj32.exe] C:\WINDOWS\addwj32.exe
O4 - HKLM\..\RunOnce: [netgj32.exe] C:\WINDOWS\system32\netgj32.exe
O4 - HKLM\..\RunOnce: [iefj.exe] C:\WINDOWS\iefj.exe
O4 - HKLM\..\RunOnce: [crjv.exe] C:\WINDOWS\system32\crjv.exe
O4 - HKLM\..\RunOnce: [addzk32.exe] C:\WINDOWS\addzk32.exe
O4 - HKLM\..\RunOnce: [netrj32.exe] C:\WINDOWS\system32\netrj32.exe
O4 - HKLM\..\RunOnce: [d3mv32.exe] C:\WINDOWS\system32\d3mv32.exe
O4 - HKLM\..\RunOnce: [sysrz.exe] C:\WINDOWS\sysrz.exe
O4 - HKLM\..\RunOnce: [iezz32.exe] C:\WINDOWS\system32\iezz32.exe
O4 - HKLM\..\RunOnce: [msgw.exe] C:\WINDOWS\msgw.exe
O4 - HKLM\..\RunOnce: [ieut.exe] C:\WINDOWS\ieut.exe
O4 - HKLM\..\RunOnce: [ipzp.exe] C:\WINDOWS\system32\ipzp.exe
O4 - HKLM\..\RunOnce: [sdkzm32.exe] C:\WINDOWS\system32\sdkzm32.exe
O4 - HKLM\..\RunOnce: [d3eq.exe] C:\WINDOWS\d3eq.exe
O4 - HKLM\..\RunOnce: [crer32.exe] C:\WINDOWS\system32\crer32.exe
O4 - HKLM\..\RunOnce: [javatn32.exe] C:\WINDOWS\javatn32.exe
O4 - HKLM\..\RunOnce: [atltd32.exe] C:\WINDOWS\system32\atltd32.exe
O4 - HKLM\..\RunOnce: [addae.exe] C:\WINDOWS\system32\addae.exe
O4 - HKLM\..\RunOnce: [winzy32.exe] C:\WINDOWS\system32\winzy32.exe
O4 - HKLM\..\RunOnce: [mfckp32.exe] C:\WINDOWS\mfckp32.exe
O4 - HKLM\..\RunOnce: [ieyr.exe] C:\WINDOWS\system32\ieyr.exe
O4 - HKLM\..\RunOnce: [atlev.exe] C:\WINDOWS\atlev.exe
O4 - HKLM\..\RunOnce: [iejx32.exe] C:\WINDOWS\iejx32.exe
O4 - HKLM\..\RunOnce: [apiei32.exe] C:\WINDOWS\system32\apiei32.exe
O4 - HKLM\..\RunOnce: [winjc32.exe] C:\WINDOWS\system32\winjc32.exe
O4 - HKLM\..\RunOnce: [mfcld.exe] C:\WINDOWS\system32\mfcld.exe
O4 - HKLM\..\RunOnce: [ierx32.exe] C:\WINDOWS\system32\ierx32.exe
O4 - HKLM\..\RunOnce: [netlg32.exe] C:\WINDOWS\netlg32.exe
O4 - HKLM\..\RunOnce: [cred32.exe] C:\WINDOWS\system32\cred32.exe
O4 - HKLM\..\RunOnce: [syssk32.exe] C:\WINDOWS\syssk32.exe
O4 - HKLM\..\RunOnce: [netnu.exe] C:\WINDOWS\system32\netnu.exe
O4 - HKLM\..\RunOnce: [msig32.exe] C:\WINDOWS\msig32.exe
O4 - HKLM\..\RunOnce: [netbz.exe] C:\WINDOWS\netbz.exe
O4 - HKLM\..\RunOnce: [iekh.exe] C:\WINDOWS\system32\iekh.exe
O4 - HKLM\..\RunOnce: [winjn32.exe] C:\WINDOWS\winjn32.exe
O4 - HKLM\..\RunOnce: [apitl32.exe] C:\WINDOWS\system32\apitl32.exe
O4 - HKLM\..\RunOnce: [crwx32.exe] C:\WINDOWS\system32\crwx32.exe
O4 - HKLM\..\RunOnce: [msnh32.exe] C:\WINDOWS\msnh32.exe
O4 - HKLM\..\RunOnce: [appaf32.exe] C:\WINDOWS\system32\appaf32.exe
O4 - HKLM\..\RunOnce: [crff.exe] C:\WINDOWS\system32\crff.exe
O4 - HKLM\..\RunOnce: [apikh32.exe] C:\WINDOWS\apikh32.exe
O4 - HKLM\..\RunOnce: [mfcli.exe] C:\WINDOWS\system32\mfcli.exe
O4 - HKLM\..\RunOnce: [javaix32.exe] C:\WINDOWS\javaix32.exe
O4 - HKLM\..\RunOnce: [mfcft32.exe] C:\WINDOWS\mfcft32.exe
O4 - HKLM\..\RunOnce: [apinh.exe] C:\WINDOWS\apinh.exe
O4 - HKLM\..\RunOnce: [msis.exe] C:\WINDOWS\msis.exe
O4 - HKLM\..\RunOnce: [ntdt32.exe] C:\WINDOWS\ntdt32.exe
O4 - HKLM\..\RunOnce: [ntra32.exe] C:\WINDOWS\ntra32.exe
O4 - HKLM\..\RunOnce: [appsr32.exe] C:\WINDOWS\system32\appsr32.exe
O4 - HKLM\..\RunOnce: [d3ta.exe] C:\WINDOWS\d3ta.exe
O4 - HKLM\..\RunOnce: [mfcyt.exe] C:\WINDOWS\system32\mfcyt.exe
O4 - HKLM\..\RunOnce: [addpj.exe] C:\WINDOWS\addpj.exe
O4 - HKLM\..\RunOnce: [apieh32.exe] C:\WINDOWS\apieh32.exe
O4 - HKLM\..\RunOnce: [sdkgi32.exe] C:\WINDOWS\system32\sdkgi32.exe
O4 - HKLM\..\RunOnce: [apptx32.exe] C:\WINDOWS\apptx32.exe
O4 - HKLM\..\RunOnce: [crgl32.exe] C:\WINDOWS\crgl32.exe
O4 - HKLM\..\RunOnce: [sdkxk32.exe] C:\WINDOWS\system32\sdkxk32.exe
O4 - HKLM\..\RunOnce: [iphg32.exe] C:\WINDOWS\iphg32.exe
O4 - HKLM\..\RunOnce: [addcv32.exe] C:\WINDOWS\system32\addcv32.exe
O4 - HKLM\..\RunOnce: [winoa.exe] C:\WINDOWS\winoa.exe
O4 - HKLM\..\RunOnce: [javani32.exe] C:\WINDOWS\javani32.exe
O4 - HKLM\..\RunOnce: [nttt.exe] C:\WINDOWS\nttt.exe
O4 - HKLM\..\RunOnce: [ipdx32.exe] C:\WINDOWS\system32\ipdx32.exe
O4 - HKLM\..\RunOnce: [crxq32.exe] C:\WINDOWS\crxq32.exe
O4 - HKLM\..\RunOnce: [apikk.exe] C:\WINDOWS\system32\apikk.exe
O4 - HKLM\..\RunOnce: [winoc32.exe] C:\WINDOWS\winoc32.exe
O4 - HKLM\..\RunOnce: [neted32.exe] C:\WINDOWS\neted32.exe
O4 - HKLM\..\RunOnce: [winjz32.exe] C:\WINDOWS\system32\winjz32.exe
O4 - HKLM\..\RunOnce: [netel32.exe] C:\WINDOWS\netel32.exe
O4 - HKLM\..\RunOnce: [addkn32.exe] C:\WINDOWS\addkn32.exe
O4 - HKLM\..\RunOnce: [appmp.exe] C:\WINDOWS\appmp.exe
O4 - HKLM\..\RunOnce: [mfclu32.exe] C:\WINDOWS\system32\mfclu32.exe
O4 - HKLM\..\RunOnce: [ipvh.exe] C:\WINDOWS\ipvh.exe
O4 - HKLM\..\RunOnce: [mslc.exe] C:\WINDOWS\mslc.exe
O4 - HKLM\..\RunOnce: [crud32.exe] C:\WINDOWS\crud32.exe
O4 - HKLM\..\RunOnce: [netzx.exe] C:\WINDOWS\system32\netzx.exe
O4 - HKLM\..\RunOnce: [appdj.exe] C:\WINDOWS\appdj.exe
O4 - HKLM\..\RunOnce: [msid32.exe] C:\WINDOWS\system32\msid32.exe
O4 - HKLM\..\RunOnce: [ntsy32.exe] C:\WINDOWS\system32\ntsy32.exe
O4 - HKLM\..\RunOnce: [ieiu.exe] C:\WINDOWS\ieiu.exe
O4 - HKLM\..\RunOnce: [atllp.exe] C:\WINDOWS\atllp.exe
O4 - HKLM\..\RunOnce: [ierr32.exe] C:\WINDOWS\ierr32.exe
O4 - HKLM\..\RunOnce: [msrt.exe] C:\WINDOWS\system32\msrt.exe
O4 - HKLM\..\RunOnce: [ipwn32.exe] C:\WINDOWS\ipwn32.exe
O4 - HKLM\..\RunOnce: [mfclf.exe] C:\WINDOWS\mfclf.exe
O4 - HKLM\..\RunOnce: [sdkvd32.exe] C:\WINDOWS\system32\sdkvd32.exe
O4 - HKLM\..\RunOnce: [winyp.exe] C:\WINDOWS\winyp.exe
O4 - HKLM\..\RunOnce: [javaej32.exe] C:\WINDOWS\javaej32.exe
O4 - HKLM\..\RunOnce: [mfcxc32.exe] C:\WINDOWS\mfcxc32.exe
O4 - HKLM\..\RunOnce: [sysce.exe] C:\WINDOWS\sysce.exe
O4 - HKLM\..\RunOnce: [ntbe32.exe] C:\WINDOWS\ntbe32.exe
O4 - HKLM\..\RunOnce: [msdg.exe] C:\WINDOWS\system32\msdg.exe
O4 - HKLM\..\RunOnce: [addhi.exe] C:\WINDOWS\addhi.exe
O4 - HKLM\..\RunOnce: [ierc.exe] C:\WINDOWS\ierc.exe
O4 - HKLM\..\RunOnce: [ntww32.exe] C:\WINDOWS\ntww32.exe
O4 - HKLM\..\RunOnce: [ntkt32.exe] C:\WINDOWS\system32\ntkt32.exe
O4 - HKLM\..\RunOnce: [javakh.exe] C:\WINDOWS\javakh.exe
O4 - HKLM\..\RunOnce: [mfcpb32.exe] C:\WINDOWS\system32\mfcpb32.exe
O4 - HKLM\..\RunOnce: [sysux32.exe] C:\WINDOWS\system32\sysux32.exe
O4 - HKLM\..\RunOnce: [javaza.exe] C:\WINDOWS\system32\javaza.exe
O4 - HKLM\..\RunOnce: [ntro32.exe] C:\WINDOWS\system32\ntro32.exe
O4 - HKLM\..\RunOnce: [javaru.exe] C:\WINDOWS\javaru.exe
O4 - HKLM\..\RunOnce: [apieo.exe] C:\WINDOWS\apieo.exe
O4 - HKLM\..\RunOnce: [sdkas.exe] C:\WINDOWS\system32\sdkas.exe
O4 - HKLM\..\RunOnce: [d3tt32.exe] C:\WINDOWS\d3tt32.exe
O4 - HKLM\..\RunOnce: [ntej32.exe] C:\WINDOWS\system32\ntej32.exe
O4 - HKLM\..\RunOnce: [appxa.exe] C:\WINDOWS\system32\appxa.exe
O4 - HKLM\..\RunOnce: [winvy.exe] C:\WINDOWS\system32\winvy.exe
O4 - HKLM\..\RunOnce: [javaaa.exe] C:\WINDOWS\system32\javaaa.exe
O4 - HKLM\..\RunOnce: [javamf32.exe] C:\WINDOWS\system32\javamf32.exe
O4 - HKLM\..\RunOnce: [mfcra.exe] C:\WINDOWS\system32\mfcra.exe
O4 - HKLM\..\RunOnce: [ntve32.exe] C:\WINDOWS\system32\ntve32.exe
O4 - HKLM\..\RunOnce: [atlag.exe] C:\WINDOWS\atlag.exe
O4 - HKLM\..\RunOnce: [iezv32.exe] C:\WINDOWS\iezv32.exe
O4 - HKLM\..\RunOnce: [ntnq32.exe] C:\WINDOWS\ntnq32.exe
O4 - HKLM\..\RunOnce: [crru.exe] C:\WINDOWS\system32\crru.exe
O4 - HKLM\..\RunOnce: [sysij32.exe] C:\WINDOWS\system32\sysij32.exe
O4 - HKLM\..\RunOnce: [javavm32.exe] C:\WINDOWS\javavm32.exe
O4 - HKLM\..\RunOnce: [crvu32.exe] C:\WINDOWS\crvu32.exe
O4 - HKLM\..\RunOnce: [apiaw.exe] C:\WINDOWS\apiaw.exe
O4 - HKLM\..\RunOnce: [apiuh32.exe] C:\WINDOWS\system32\apiuh32.exe
O4 - HKLM\..\RunOnce: [javabc.exe] C:\WINDOWS\system32\javabc.exe
O4 - HKLM\..\RunOnce: [apihq32.exe] C:\WINDOWS\apihq32.exe
O4 - HKLM\..\RunOnce: [ntlr32.exe] C:\WINDOWS\system32\ntlr32.exe
O4 - HKLM\..\RunOnce: [atlyl.exe] C:\WINDOWS\system32\atlyl.exe
O4 - HKLM\..\RunOnce: [apipt.exe] C:\WINDOWS\apipt.exe
O4 - HKLM\..\RunOnce: [wincd.exe] C:\WINDOWS\wincd.exe
O4 - HKLM\..\RunOnce: [crif32.exe] C:\WINDOWS\system32\crif32.exe
O4 - HKLM\..\RunOnce: [ipgn.exe] C:\WINDOWS\ipgn.exe
O4 - HKLM\..\RunOnce: [addlp32.exe] C:\WINDOWS\addlp32.exe
O4 - HKLM\..\RunOnce: [d3ke.exe] C:\WINDOWS\d3ke.exe
O4 - HKLM\..\RunOnce: [apiyb.exe] C:\WINDOWS\system32\apiyb.exe
O4 - HKLM\..\RunOnce: [windd.exe] C:\WINDOWS\windd.exe
O4 - HKLM\..\RunOnce: [ieee.exe] C:\WINDOWS\ieee.exe
O4 - HKLM\..\RunOnce: [sdkry32.exe] C:\WINDOWS\system32\sdkry32.exe
O4 - HKLM\..\RunOnce: [javaxc32.exe] C:\WINDOWS\system32\javaxc32.exe
O4 - HKLM\..\RunOnce: [javalz32.exe] C:\WINDOWS\javalz32.exe
O4 - HKLM\..\RunOnce: [d3ln.exe] C:\WINDOWS\system32\d3ln.exe
O4 - HKLM\..\RunOnce: [sdkau.exe] C:\WINDOWS\system32\sdkau.exe
O4 - HKLM\..\RunOnce: [sdkzo.exe] C:\WINDOWS\sdkzo.exe
O4 - HKLM\..\RunOnce: [javadz.exe] C:\WINDOWS\system32\javadz.exe
O4 - HKLM\..\RunOnce: [apiqt32.exe] C:\WINDOWS\system32\apiqt32.exe
O4 - HKLM\..\RunOnce: [d3xi.exe] C:\WINDOWS\system32\d3xi.exe
O4 - HKLM\..\RunOnce: [ipkk32.exe] C:\WINDOWS\ipkk32.exe
O4 - HKLM\..\RunOnce: [mseh.exe] C:\WINDOWS\system32\mseh.exe
O4 - HKLM\..\RunOnce: [ntyn.exe] C:\WINDOWS\ntyn.exe
O4 - HKLM\..\RunOnce: [netoc.exe] C:\WINDOWS\netoc.exe
O4 - HKLM\..\RunOnce: [wintw32.exe] C:\WINDOWS\wintw32.exe
O4 - HKLM\..\RunOnce: [sdkte32.exe] C:\WINDOWS\system32\sdkte32.exe
O4 - HKLM\..\RunOnce: [atlyy.exe] C:\WINDOWS\atlyy.exe
O4 - HKLM\..\RunOnce: [addwt.exe] C:\WINDOWS\addwt.exe
O4 - HKLM\..\RunOnce: [crvb.exe] C:\WINDOWS\crvb.exe
O4 - HKLM\..\RunOnce: [sysrf32.exe] C:\WINDOWS\sysrf32.exe
O4 - HKLM\..\RunOnce: [mfcvp32.exe] C:\WINDOWS\system32\mfcvp32.exe
O4 - HKLM\..\RunOnce: [sysjr.exe] C:\WINDOWS\system32\sysjr.exe
O4 - HKLM\..\RunOnce: [winte.exe] C:\WINDOWS\winte.exe
O4 - HKLM\..\RunOnce: [atlxz32.exe] C:\WINDOWS\atlxz32.exe
O4 - HKLM\..\RunOnce: [iexg.exe] C:\WINDOWS\iexg.exe
O4 - HKLM\..\RunOnce: [atltk32.exe] C:\WINDOWS\system32\atltk32.exe
O4 - HKLM\..\RunOnce: [msbo.exe] C:\WINDOWS\system32\msbo.exe
O4 - HKLM\..\RunOnce: [sdkfs.exe] C:\WINDOWS\sdkfs.exe
O4 - HKLM\..\RunOnce: [ntoy.exe] C:\WINDOWS\system32\ntoy.exe
O4 - HKLM\..\RunOnce: [atlng32.exe] C:\WINDOWS\system32\atlng32.exe
O4 - HKLM\..\RunOnce: [syslv32.exe] C:\WINDOWS\syslv32.exe
O4 - HKLM\..\RunOnce: [sysll32.exe] C:\WINDOWS\sysll32.exe
O4 - HKLM\..\RunOnce: [apikp32.exe] C:\WINDOWS\apikp32.exe
O4 - HKLM\..\RunOnce: [crbp32.exe] C:\WINDOWS\crbp32.exe
O4 - HKLM\..\RunOnce: [msgt.exe] C:\WINDOWS\system32\msgt.exe
O4 - HKLM\..\RunOnce: [d3hc32.exe] C:\WINDOWS\d3hc32.exe
O4 - HKLM\..\RunOnce: [crvr.exe] C:\WINDOWS\system32\crvr.exe
O4 - HKLM\..\RunOnce: [winum32.exe] C:\WINDOWS\system32\winum32.exe
O4 - HKLM\..\RunOnce: [apiem32.exe] C:\WINDOWS\apiem32.exe
O4 - HKLM\..\RunOnce: [msdm32.exe] C:\WINDOWS\system32\msdm32.exe
O4 - HKLM\..\RunOnce: [mfcgy32.exe] C:\WINDOWS\mfcgy32.exe
O4 - HKLM\..\RunOnce: [iplc.exe] C:\WINDOWS\iplc.exe
O4 - HKLM\..\RunOnce: [winty32.exe] C:\WINDOWS\winty32.exe
O4 - HKLM\..\RunOnce: [netpk32.exe] C:\WINDOWS\netpk32.exe
O4 - HKLM\..\RunOnce: [ntcp32.exe] C:\WINDOWS\ntcp32.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O23 - Service: Network Security Service (NSS) ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\addae.exe" /s (file missing)

*Close all open windows except hijackthis and click 'Fix Checked'.

*Go to start >run and type: services.msc and click OK
Scroll down in that list and look if the following services are present:

Network Security Service (NSS)
Remote Procedure Call (RPC) Helper
Workstation NetLogon Service


Please make sure it is exactly the same written as above, because there are also legit services that look very the same as the ones above, so please choose the right one!! For example, there's also a legit service called Remote Procedure Call (RPC), without the word Helper in it. That is a good one, so please don't select that one.

Doubleclick on it. In the window that will appear, click on "Stop" (if not greyed out) and change the Startup Type to disabled.
Click apply and OK and close all open windows.

*Start Aboutbuster and let it scan. When the scan is done and you choose exit, it will automatically create a log in the same folder where aboutbuster is in.

*Start Cwshredder and click FIX

* Doubleclick on HSfix you downloaded earlier before which is present on your desktop and when it asks you if you want to add the contents to the registry, click yes/ok

* Still in safe mode Run CleanUp.

* Now open Ewido Security Suite
Click on scanner

* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

Close Ewido

*Go to start>Control Panel>Internet Options>tab programs> and click restore websettings.

* Reboot your PC back to normal.

* Perform an onlinescan with bitdefender and/or HouseCall(check here autodelete) and let it delete everything it is finding.

*Post a new hijackthis-log + log from ewido and log from aboutbuster which you'll find in the aboutbuster-folder
  • 0

#5
quiktitanium

quiktitanium

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
there were some things that were missing on this second pass in hijack this. also about buster froze the first time, but i ran it a second time and it finished. however there were some otf the things that were deleted that weren't in the second scan log. here they are:

Logfile of HijackThis v1.99.1
Scan saved at 1:58:11 PM, on 8/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

hijack this:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Patrick McDaniel\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=081405 serial=pe02cbx-0000003-nmd lang=EN
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

ewido:

+ Created on: 1:16:04 PM, 8/10/2005
+ Report-Checksum: 6B38DAEF

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{03BFEDA6-8678-C773-5452-E7082FCA1BD7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{09312E20-8C50-C241-742B-35F21EDA9875} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0ADD4D53-B7DD-20F8-2AC9-AB9CB538A46F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{12094FCA-1EE9-6EE5-5B4B-4B1EDA5F575C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1323178D-09E3-B628-CC3A-95630B64B7DA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1E920882-80EF-BD61-DBBD-0847C13D1197} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1EA0CE66-D6D5-2CEB-D734-97906011F9A8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1F5650BA-2C95-0E8C-5C3F-D482646BF979} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{25742C0F-DC0D-F5DC-55DE-C66285AA22AB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{286ECE71-3F17-089B-F6BD-0E16D255AE8A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2A9B7B46-3BB6-BB3C-9E0A-6C988B9DE22E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2BFAB072-A3F3-0A97-6990-3673392B7DFC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{32FB9A97-C47A-795A-3B47-9A97C1448DFC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38D4E2FB-BB30-60CB-0D77-12064B5A0EE4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3D1F3C37-49CA-66D3-9877-04375ADE521D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3E8AEA49-2882-96D1-D4B0-D1EA3E4EEFD2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{452C15DF-936D-C8CB-B825-97DD4A210ABD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{46C8C875-7053-566F-B7DF-A8735884B10E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{47B70B6F-A6B0-230A-43C3-9F9B5C710209} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{491288EB-D314-5571-9C18-B1EAC89ADE09} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4C1CBC17-3C15-343F-1E7C-D8F447935C05} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4FCD2C21-6232-FD0F-36AA-4EFFC9284B2A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{50B9D537-5DB0-52B1-FF6F-ED6C70DA477E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{52343DBF-CF46-B3EA-81BB-8A3DCB6B9A64} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5E60DAD4-D59A-D1EA-A0B3-BD226EE43523} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{67D02480-710B-80D7-0624-27BB57B32CDE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{735DDAC7-F8F1-47DD-D87A-6AF0100B6A48} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{78CA5367-0660-D7DE-5424-C4AD26542538} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8007F30A-ADD5-7E61-D29C-8F166BC8A3DD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{818D123D-B7CF-1169-DD32-2310AD262479} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{826D0369-102B-4A44-F27B-D9DCC50A8EE6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{88261A8F-96F3-66D7-0279-B1C677B30B41} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8A0FEDBB-3762-AEB7-E85E-6BCC16F76759} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8CD1D4D3-8260-44A7-67DD-A71E995AB77F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8D1DF6CE-07E4-C211-83F6-537E054EDC98} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{966FA744-197F-E95E-EB31-73BE39619DE2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9CC4194D-70AD-AC3B-8852-00B56740427F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9D7705A4-9543-9869-8249-F62AC961BDA5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A1BC7CDD-070B-7E5C-FEAD-F4789795AD1A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A7737E2C-9C15-D4BE-4A5B-C15B7E8C41E9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A97B64CA-35C4-DD86-2890-054EE94CE844} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AB8789CE-01B6-4B58-C2C0-77D8144D5741} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AF197E67-53B8-6C01-4733-3E7C25BA3A3B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AF6BCC5C-38B1-5871-226C-AC6482380057} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B1169ABC-E367-2937-9F96-3B9CB54E0F31} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B30EFD56-F6AF-2F6B-C3AB-6571E5627F1F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B4F697AE-7E58-DC0D-D012-24F83EAB9F25} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B595A235-53A2-27D5-EFF6-D0208801D071} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BA8C901D-7125-D60E-C709-3E7F4A433A01} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC0DC8BD-646D-FA46-8739-116B4F8B8228} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BD757058-7180-2CE5-E5B6-8C70AEF236CC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BE5DCDBC-54D3-95EA-B258-2D53BD817431} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C75B8795-6012-883F-06EE-5F1501763CFE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CAEA3DE4-DAC7-8DF9-1A53-651E63E86CDF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CAF35453-A9AB-61D6-E032-1F6CE85168F3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D02510A9-69A7-24D5-85DA-D3EC8E911C73} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D0EFC5AD-B041-13C1-482F-CF46EFEFF6C3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D3E61C7F-BD83-EA01-13F4-464C2595C096} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D4451521-F203-568E-2657-C5AD1F0B1F77} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DE064CF5-809E-A243-CC14-F5427E5967A1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E8C74323-6EAC-41DF-4232-E6575DCCE375} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EA8D7DFA-04BF-99E7-595C-535DC7F0EFBA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EE5F21BB-197A-041B-53A6-055C6B35DD91} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EF4CB83E-BEF0-2DE3-F01E-55D0127FF3EA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FB277F1B-89B6-A114-DD01-EC507A933F39} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1708537768-492894223-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F52B4B29-EAA0-A4B2-3FF3-0A8EE5DB6566} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1708537768-492894223-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F547C47F-8034-3D35-963A-C6B0626566D7} -> Spyware.CoolWebSearch : Cleaned with backup
C:\Documents and Settings\Patrick McDaniel\Desktop\hijackthis\backups\backup-20050810-104937-486.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\RECYCLER\NPROTECT\00034644.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\RECYCLER\NPROTECT\00034664.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\RECYCLER\NPROTECT\00035702.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\RECYCLER\NPROTECT\00035703.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\RECYCLER\NPROTECT\00035704.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\RECYCLER\NPROTECT\00035801.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addae.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addar.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addar32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addav.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addbh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addbh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addcb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addcl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addcv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\adddb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\adddr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\adddy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addec32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addef32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addex.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addfa32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addfc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addgg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addgh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addgo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addgt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addgw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addgy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addhi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addhl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addho32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addht.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addhy32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addhy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addiq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addix.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addjg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addjv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addkm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addkn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addlj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addlj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addlk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addll32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addlp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addlt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addlu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addlx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addly32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addmc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addmd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addml.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addmo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addmr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addnc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addnc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addoj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addoj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addon32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addop32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addpe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addpj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addpx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addpz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addrm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addrs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addsh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addsr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addte32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addtt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addtw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addua.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addug.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addus32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addvf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addvf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addvn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addwe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addwi32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addwi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addwj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addwt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addww32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addxy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addxz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addye.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addyl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addyl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addyr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addyv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addzk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addzp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addzv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiaa.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiaq32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apiaw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apibb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apibl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apibp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apice32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apicm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apicp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apicq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apicu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apide.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apidh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apieh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiel.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiem32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apieo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apies.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apign32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apigs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apigs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apigu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apihq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiig32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiii32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiiq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apijf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apijm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apijy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apikh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apikp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apikz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apimx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apinh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apinl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apinq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apinz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apioo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apioz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apipe.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apipt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiqb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiqe32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apiqi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiqp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiqq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiqt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apird.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apirj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apirl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apirt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiru32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apisk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apisz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apitf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiti.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apito.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apitx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apity.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiuf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiuj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apive.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apivn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiwg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiwl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiws32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiwv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apixm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiyp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiyw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiyz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apizd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apizi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apizt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apizz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appag32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appaj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appak.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appaq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appbm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appcd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appce32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appch.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appck32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appcq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appcr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appcu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appcv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appdj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appdn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appdt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apper.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appfe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appfr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appfy32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\appga.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apphb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apphc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apphq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appip32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appir.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appix32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appjd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appjo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appjt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appkh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appki32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\applg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\applh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\applx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appmp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appmw.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\appnk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appnt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appof32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appog.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appok.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appov.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apppm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apppt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appqe.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appqn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appqw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apprp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apprw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appsa32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appsb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appsh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apptx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appua.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appue32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appuk.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\appuk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appum.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appuo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appuv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appuw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appvb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appvf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appvz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appwk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appww.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appxj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appxv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appyl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appyz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appze32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\appzk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appzz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apzou.dll.tcf:arlsq -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apzou.dll.tcf:bhvgw -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apzou.dll.tcf:dwyix -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apzou.dll.tcf:eszza -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apzou.dll.tcf:moxjy -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apzou.dll.tcf:shtlw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apzou.dll.tcf:vaavp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apzou.dll.tcf -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\atlag.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlba.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlbl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlbs.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atlca32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlcz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atldh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atldq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atldt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atldu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atldx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlee.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlev.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlfe.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlft32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlfu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlhe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlhm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlhm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlip.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atliq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atljg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atljg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atljj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atljo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlkb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atllh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlll.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atllp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlmb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlmk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlnp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlnu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlny.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\atlnz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlog.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atlov.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlpa32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlpw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlpz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlqe.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlrq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlsb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlta.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlua32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atluc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atluj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlum32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atluo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlva.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlvc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlvj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlvr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlwe.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlwm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlws32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlxx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlxz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlya.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlyq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlyy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlzh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlzk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlzu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\bcbvx.log:ekerv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bcbvx.log:guake -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bcbvx.log:idejy -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\bcbvx.log:ldevs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bcbvx.log:mqjzd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bcbvx.log:nhjwo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\bcbvx.log:onkfy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bcbvx.log:tpmpu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bipif.log:agzdp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bipif.log:ctgpg -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\bipif.log:deqgg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bipif.log:hhaer -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bipif.log:htqsn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bipif.log:kulhd -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\bipif.log:lxjxf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bipif.log:ofhny -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\bipif.log:ogqcx -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\bipif.log:qzspn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Blue Lace 16.bmp:byppu -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Blue Lace 16.bmp:ddljv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Blue Lace 16.bmp:dihcy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Blue Lace 16.bmp:eoxkq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Blue Lace 16.bmp:pemfm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Blue Lace 16.bmp:qkwbk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Blue Lace 16.bmp:vpqkw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Blue Lace 16.bmp:xcidt -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Blue Lace 16.bmp:ydinz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\bootstat.dat:gbdgm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bootstat.dat:gjxnm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bootstat.dat:mjyrs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bootstat.dat:sunhd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bootstat.dat:xdzle -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\bootstat.dat:xqitu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\cfndh.log:hgrhy -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\cfndh.log:obvvr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ciqhv.log:apyqe -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ciqhv.log:gsgtv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ciqhv.log:mvqcr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ciqhv.log:nwosa -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ciqhv.log:rgkyv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ciqhv.log:tehtu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ciqhv.log:txhnm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\clock.avi:idtvp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\clock.avi:ikdlo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\clock.avi:jelfv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\clock.avi:nvjhc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\clock.avi:pjuok -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\clock.avi:ssddl -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\clock.avi:szfif -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\clock.avi:xqsjp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\cmodm.log:aapof -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\cmodm.log:rjgxm -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\cmodm.log:vlqpo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\cmodm.log:zzcvl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\cmsetacl.log:cszkn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\cmsetacl.log:enbhu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\cmsetacl.log:iecwa -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\cmsetacl.log:lssvy -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\cmsetacl.log:nkcie -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\cmsetacl.log:rqvyg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Coffee Bean.bmp:ajuqc -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Coffee Bean.bmp:dmmsh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Coffee Bean.bmp:maazr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Coffee Bean.bmp:npbjp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Coffee Bean.bmp:wjkfh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Coffee Bean.bmp:wwszr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\COM+.log:hwdiy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\COM+.log:xtlyz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\COM+.log:yshxw -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\COM+.log:zdygn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\comsetup.log:kiuzu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\comsetup.log:tilyx -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\comsetup.log:vdfat -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\control.ini:isvcl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\control.ini:jujmr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\control.ini:licjb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\control.ini:vcomu -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\control.ini:zxahf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\crae.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crbd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crbp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crbp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crby32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crbz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crcw.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crdg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crdk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crec32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crfh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crfz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crgd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crge.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\crgl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crgm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crgn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crgv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crgy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crgz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crhd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crhr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crib.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crin.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crio.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crio32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cris.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crit32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crjk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crjp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crjx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crkb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crkc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crko32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crkv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crla32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crlb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crlo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crlp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crly32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crmi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crmm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crmp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crnb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crnc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crnk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crny32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\croe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cros32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crpb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crpc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crpj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crqk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crqo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crqx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crrd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crrl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crrs.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crsb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crsd.exe -
  • 0

#6
quiktitanium

quiktitanium

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
here's the partial of about buster

AboutBuster 5.0 reference file 31
Scan started on [8/10/2005] at [10:58:38 AM]
------------------------------------------------
Removed Stream! C:\WINDOWS\sessmgr.setup.log:kfosv
Removed Stream! C:\WINDOWS\SynInst.log:pwyoi
------------------------------------------------
Removed File! : C:\Windows\bbero.dat
Removed File! : C:\Windows\buddi.dat
Removed File! : C:\Windows\cpkkr.dll
Removed File! : C:\Windows\dekat.dll
Removed File! : C:\Windows\duwki.dat
Removed File! : C:\Windows\fiwhl.dat
Removed File! : C:\Windows\gajnh.dll
Removed File! : C:\Windows\gjiau.dat
Removed File! : C:\Windows\gudcy.dat
Removed File! : C:\Windows\jfiet.dat
Removed File! : C:\Windows\jsgqr.dll
Removed File! : C:\Windows\lezrv.dat
Removed File! : C:\Windows\mdeey.dat
Removed File! : C:\Windows\oavpj.dat
Removed File! : C:\Windows\pgnen.dat
Removed File! : C:\Windows\wqnwz.dll
Removed File! : C:\Windows\wswik.dat
Removed File! : C:\Windows\xrrtt.dat
Removed File! : C:\Windows\xxynr.dat
Removed File! : C:\Windows\ydnsn.dll
Removed File! : C:\Windows\System32\btdyw.dat
Removed File! : C:\Windows\System32\clfho.dat
Removed File! : C:\Windows\System32\efkur.dat
Removed File! : C:\Windows\System32\fhqju.dll
Removed File! : C:\Windows\System32\fkvbt.dat
Removed File! : C:\Windows\System32\icmfx.dat
Removed File! : C:\Windows\System32\iljsw.dll
Removed File! : C:\Windows\System32\ixhwy.dll
Removed File! : C:\Windows\System32\jhmfo.dll
Removed File! : C:\Windows\System32\jifbs.dat
Removed File! : C:\Windows\System32\pmxgc.dll
Removed File! : C:\Windows\System32\putdh.dll
Removed File! : C:\Windows\System32\qcnay.dat
Removed File! : C:\Windows\System32\sytdk.dll
Removed File! : C:\Windows\System32\tonmq.dll
Removed File! : C:\Windows\System32\wihvu.dat
Removed File! : C:\Windows\System32\yigqq.dat
Removed File! : C:\Windows\System32\zikke.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 11:02:36 AM


and it appears that everything is back to normal. everything you did was very nice, thank you very much.
  • 0

#7
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
I have been at work all day and I'm about to run out the door again. Let me look at this when I get back. Please give me a new hijack this log. :tazz:
  • 0

#8
quiktitanium

quiktitanium

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
here you go:

Logfile of HijackThis v1.99.1
Scan saved at 2:01:41 PM, on 8/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Patrick McDaniel\Desktop\Spyware stuff\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=081405 serial=pe02cbx-0000003-nmd lang=EN
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
  • 0

#9
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Sorry, I had a long day and will get to this later tonight.
  • 0

#10
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Much, much better. How is it running? :tazz:

Just a few more things.

Check these in hijack this:

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Reboot and post a new hijack this log and let me know if you are having any more problems.
  • 0

#11
quiktitanium

quiktitanium

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
here's my new log. everything is still working well.

Logfile of HijackThis v1.99.1
Scan saved at 8:30:02 PM, on 8/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Program Files\palmOne\LifeDriveMgrTray.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\palmOne\pil.exe
C:\Program Files\palmOne\PalmOneLiveConnect.exe
C:\Program Files\palmOne\HotSyncWizard.exe
C:\Program Files\palmOne\DeviceMonitor.exe
C:\Program Files\palmOne\LifeDriveMgr.exe
C:\Documents and Settings\Patrick McDaniel\Desktop\Spyware stuff\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=081405 serial=pe02cbx-0000003-nmd lang=EN
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LifeDrive Manager.lnk = C:\Program Files\palmOne\LifeDriveMgrTray.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
  • 0

#12
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts

everything is still working well.


Best news I've heard all weekend. :tazz: Here's some suggestions to keep yourself clean. ;)

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.
And also see TonyKlein's good advice
So how did I get infected in the first place? and Spyware Aid's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.

Edited by coachwife6, 14 August 2005 - 09:39 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP