Tech Support Forum banner
Cancel

Explorer.Exe Error & WinIK.Sys

Jump to Latest Follow
Status
Not open for further replies.
1 - 20 of 73 Posts
S

· Registered
Joined
·
67 Posts
Discussion Starter · #1 ·
My system is hanging on from a thread from a functionality standpoint. My Windows XP will not load all the way. It will go to the logo welcome screen and then give me an error message which says the following:
"Explorer.exe - Application Error. The Application failed to initialize properly (0xc0000022) click on OK to terminate the Application."
After I click OK the screen just hangs there. I can only access certain programs through my task manager application (Ctrl+alt+del). Some programs work through there and some don't. I am accessing the internet through there right now using mozilla.
I also ran a trojan remover and now know I also have WinIK.Sys. If anybody can PLEASE help me get regular functionality back to my computer so I don't have to format the whole thing, it would be greatly appreciated. I ran Hijack This and here is the log file. SOMEBODY PLEASE HELP!

Logfile of HijackThis v1.99.1
Scan saved at 4:05:14 PM, on 10/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Abbas\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.roxio.com/adban/partner_oem_microsites/plextor/qd9ci8f.jhtml
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\Abbas\Application Data\Mozilla\Profiles\default\gz0qktzl.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Abbas\Application Data\Mozilla\Profiles\default\gz0qktzl.slt\prefs.js)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\Hotbar\bin\450~1.0\SBInst.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nknufmp] C:\WINDOWS\nknufmp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [exbrtwbe] C:\WINDOWS\System32\qovqco.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [YkFJW9Ew] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cgFGRs1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [aIFJQ5ov] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fMFHZoUx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fUFHX5ox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [Qw0HX5Uw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [eYVGYg1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fkpGV5ox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ekFJVwEw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [cUVJQ1Ew] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [RMFJZc1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [RYFJYoEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [egFGRsEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ekpGSAUx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [RMFGXcow] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [QkVHWwEw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ewFGWoEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bY0GTwox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [RgpHWAUx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [QIVHWkov] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [aY0GR91w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bEFHSAEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [eYVGW1ox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YkpGZcEw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [RwFHXwEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YQVHX51x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [QMFHUo1v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [eQVHVcUw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dEFHVc1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [RQ0GWkEw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YMVJZoox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bEVHR11v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bgVGQkUw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ZAFJRsow] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ZEVHR91x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [aMVJUo1x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bwpHZoow] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fgFHTkUw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [aY0GZ91v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [cIVHUo1x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [cMpGXw1v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ew0HRs1x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bkFJXg1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ZEpGUAEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bYFGScow] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fMpHZ5Ew] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bwVHVsEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [cMpHVcow] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ewFJZ1Uw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [eQFGU5Uw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fEVGTg1v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [RQ0HYw1x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ZUFHWsov] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YIVGWoEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [Qk0HRg1v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ZMVJXw1x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [eQVHYg1v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bAFJTkEw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [aE0HYsEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [cgVHUcox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ZQ0HYAEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bUFJV51v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dI0HXkEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [RM0GSgEw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fgVJRsEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fI0HUA1x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [eEFHRc1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [RIFHR91x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [QEVJYg1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dw0HZ9Ux] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [QA0HWwox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fAFJRAEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [eMVGVwUx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fY0HXAov] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [eUpGTkEw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [aMVJWoEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [eMFHT1Ux] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [aw0GYkUw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [cApGZsov] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [Qg0HTkox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fkFJQc1v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ZIFHZwEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fA0HZ1Ew] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fU0HZ5ox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dU0HUcov] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [akpHTc1v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dgFGTcUx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [eMVJXAUw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ZgpHYwov] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dUFHSsox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [awFJYAUw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [aQ0GSwow] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [eg0GSsox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ewFHVgox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fEVJV91w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [QIFJUAox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fgpGUg1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bkFJTc1x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [cgpGR1Uw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fgVGVk1x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [akVGQA1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [RMFHSkox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YEpHR1ox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ZYpGS11w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fUpGS91x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bkVHXA1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dI0HUsox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [RUFGVoEw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [REFJUgov] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [Qk0GRo1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bgFGV5Uw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fAFJQ9Ex] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [aAVJR51x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fYVJZ1Uw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dUFJW5ow] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [QQFHZsEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [agVHZg1v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [cwVGS51v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bYFHY1ox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bEFGRAox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fEpHRoUw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dUFJXoox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [RYVJVcUw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dE0HQcox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YApGU11w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [eMVJWk1v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dkFHVsov] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YE0HU91v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YkVJR9Ew] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [QAVHWsUw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [cEVJTwUx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ekVJScEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YgFJR1ov] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [eApHV9Ex] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [aU0HVAov] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fA0HUoow] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ZwVHUkEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ZAVHQoow] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bAFHT51x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bgFGUc1v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ZIpGXkEw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YgVHRkUw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bAVJVw1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [QkFGQsUw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [cUpGUsox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dgpHQo1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YAFJUgUw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dwpGUc1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YQ0HZ5Uw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [RApGT11x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dMFHX9Ux] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YIpHZw1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [cMFHTsEw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [cQVJVk1x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [egFHWoEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ZAVGR5Ex] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YQFJRwov] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [QM0GVs1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Jbdw] C:\WINDOWS\System32\bqld.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [DVDXGhost] C:\Program Files\DVD X Studios\DVD X Utilities 1.5\DVDGhost\DVDGhost.exe
O4 - Startup: Mobipocket Web Companion.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/08569f122376a4f5df05/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?319
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
 
sUBs

· TSF Security Team, Emeritus
Joined
·
26,408 Posts
#2 ·
If you can read this.. DONT run any automated scanners on your machine yet.
It may cause your machine to crash.

Wait awhile for me to come up with a fix for you.
 
sUBs

· TSF Security Team, Emeritus
Joined
·
26,408 Posts
#4 · (Edited)
Hello and Welcome to TSF!

I'll be frank. You have a crappy infection on your hands. For this to work, I need you to follow my instructions RIGIDLY.

If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Open up Windows Task Manager by pressing [ctrl] + [alt] + [delete] simultaneously on your keyboard.
Locate & "End Task" for this processes, if present:

C:\WINDOWS\System32\wsaupdater.exe


Then Have HijackThis fix this entry:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,

Go to this directory - C:\Windows\System32
Rename the file - wsaupdater.exe - to wsaupdater.old
Locate this file - userinit.exe
Create a copy of it & rename it as wsaupdater.exe in the same System32 directory


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windo ws\System32\wsaupdater.exe,
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\Hotbar\bin\450~1.0\SBInst.exe
O4 - HKLM\..\Run: [nknufmp] C:\WINDOWS\nknufmp.exe
O4 - HKLM\..\Run: [exbrtwbe] C:\WINDOWS\System32\qovqco.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [YkFJW9Ew] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [cgFGRs1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [aIFJQ5ov] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fMFHZoUx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fUFHX5ox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [Qw0HX5Uw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [eYVGYg1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fkpGV5ox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ekFJVwEw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [cUVJQ1Ew] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [RMFJZc1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [RYFJYoEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [egFGRsEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ekpGSAUx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [RMFGXcow] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [QkVHWwEw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ewFGWoEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bY0GTwox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [RgpHWAUx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [QIVHWkov] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [aY0GR91w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bEFHSAEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [eYVGW1ox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YkpGZcEw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [RwFHXwEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YQVHX51x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [QMFHUo1v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [eQVHVcUw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dEFHVc1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [RQ0GWkEw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YMVJZoox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bEVHR11v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bgVGQkUw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ZAFJRsow] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ZEVHR91x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [aMVJUo1x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bwpHZoow] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fgFHTkUw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [aY0GZ91v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [cIVHUo1x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [cMpGXw1v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ew0HRs1x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bkFJXg1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ZEpGUAEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bYFGScow] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fMpHZ5Ew] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bwVHVsEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [cMpHVcow] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ewFJZ1Uw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [eQFGU5Uw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fEVGTg1v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [RQ0HYw1x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ZUFHWsov] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YIVGWoEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [Qk0HRg1v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ZMVJXw1x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [eQVHYg1v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bAFJTkEw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [aE0HYsEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [cgVHUcox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ZQ0HYAEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bUFJV51v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dI0HXkEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [RM0GSgEw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fgVJRsEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fI0HUA1x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [eEFHRc1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [RIFHR91x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [QEVJYg1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dw0HZ9Ux] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [QA0HWwox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fAFJRAEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [eMVGVwUx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fY0HXAov] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [eUpGTkEw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [aMVJWoEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [eMFHT1Ux] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [aw0GYkUw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [cApGZsov] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [Qg0HTkox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fkFJQc1v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ZIFHZwEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fA0HZ1Ew] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fU0HZ5ox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dU0HUcov] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [akpHTc1v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dgFGTcUx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [eMVJXAUw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ZgpHYwov] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dUFHSsox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [awFJYAUw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [aQ0GSwow] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [eg0GSsox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ewFHVgox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fEVJV91w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [QIFJUAox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fgpGUg1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bkFJTc1x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [cgpGR1Uw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fgVGVk1x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [akVGQA1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [RMFHSkox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YEpHR1ox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ZYpGS11w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fUpGS91x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bkVHXA1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dI0HUsox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [RUFGVoEw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [REFJUgov] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [Qk0GRo1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bgFGV5Uw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fAFJQ9Ex] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [aAVJR51x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fYVJZ1Uw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dUFJW5ow] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [QQFHZsEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [agVHZg1v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [cwVGS51v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bYFHY1ox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bEFGRAox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fEpHRoUw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dUFJXoox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [RYVJVcUw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dE0HQcox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YApGU11w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [eMVJWk1v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dkFHVsov] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YE0HU91v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YkVJR9Ew] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [QAVHWsUw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [cEVJTwUx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ekVJScEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YgFJR1ov] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [eApHV9Ex] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [aU0HVAov] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [fA0HUoow] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ZwVHUkEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ZAVHQoow] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bAFHT51x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bgFGUc1v] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ZIpGXkEw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YgVHRkUw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [bAVJVw1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [QkFGQsUw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [cUpGUsox] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dgpHQo1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YAFJUgUw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dwpGUc1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YQ0HZ5Uw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [RApGT11x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [dMFHX9Ux] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YIpHZw1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [cMFHTsEw] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [cQVJVk1x] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [egFHWoEx] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [ZAVGR5Ex] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [YQFJRwov] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [QM0GVs1w] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKCU\..\Run: [Jbdw] C:\WINDOWS\System32\bqld.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/08569f1...ip/RdxIE601.cab


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Reboot your computer & post a new log IMMEDIATELY. I shall await for news from you.
Let me know if your machine is still crippled.
 
S

· Registered
Joined
·
67 Posts
Discussion Starter · #5 ·
I looked to see if wsaupdater.exe was running so I could end the task but it was not. After I had HijackThis fix the following line:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windo ws\System32\wsaupdater.exe,

I went to my C:\Windows\System32 directory to locate the wsaupdater.exe file but it is not there. On the other hand userinit.exe is there. Should I still copy and rename userinit.exe to wsaupdater.exe?

I have not proceeded beyond this point with your instructions.
 
S

· Registered
Joined
·
67 Posts
Discussion Starter · #7 ·
I followed your instructions to the T. I rebooted my machine and still have the same Explorer.exe error and no access to my Windows XP. No difference as of yet. Here is my new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 5:09:39 PM, on 10/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Documents and Settings\Abbas\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.roxio.com/adban/partner_oem_microsites/plextor/qd9ci8f.jhtml
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\Abbas\Application Data\Mozilla\Profiles\default\gz0qktzl.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Abbas\Application Data\Mozilla\Profiles\default\gz0qktzl.slt\prefs.js)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [YkFJW9Ew] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [DVDXGhost] C:\Program Files\DVD X Studios\DVD X Utilities 1.5\DVDGhost\DVDGhost.exe
O4 - Startup: Mobipocket Web Companion.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?319
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
 
sUBs

· TSF Security Team, Emeritus
Joined
·
26,408 Posts
#8 ·
Do you have remote desktop running now? It's appearing in your log.

From task manager, click on File > New Task - type cmd <Press Enter>
type attrib -h -r -s "C\Program Files\wprvwpwp\*.*" <Press Enter>
type del "C\Program Files\wprvwpwp\*.*" <Press Enter>
type rd "C\Program Files\wprvwpwp" <Press Enter>
type exit <Press Enter>


Then Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan
 
sUBs

· TSF Security Team, Emeritus
Joined
·
26,408 Posts
#10 ·
Start HiJackThis & go to Config>Misc Tools> Open process manager
Look for this process..
  • C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe

If you see it, select Kill process

Please answer my query about Remote Desktop.
 
S

· Registered
Joined
·
67 Posts
Discussion Starter · #11 ·
It is not running in my process manager. To my knowledge I do not have remote desktop running, if it is I did not initiate it.
I am unable to do the Panda ActiveScan because it requires Internet Explorer and I receive the same error when my Explorer.Exe file tries to run when I try to load Internet Explorer. I am only able to use Mozilla right now to surf. This seems like a serious problem. Man this sucks!
 
sUBs

· TSF Security Team, Emeritus
Joined
·
26,408 Posts
#12 ·
Kill this process - C:\WINDOWS\system32\sessmgr.exe

Then try the instructions in post #8 again.

Tell me if you have the same problem when you're in Safe Mode.
 
S

· Registered
Joined
·
67 Posts
Discussion Starter · #13 · (Edited)
When I try to kill sessmgr.exe it says that the process cannot be killed because it may have already closed or is protected by windows.
How do I start in safe mode? I tried hitting F8 during boot up but it doesn't work.

I just used the services.msc in task manager and disabled the Remote Desktop help. It was running so I disabled it. I will now try post 8 again.
 
sUBs

· TSF Security Team, Emeritus
Joined
·
26,408 Posts
#14 ·
Are you the sole administrator of this machine? I need to know this before I can give you alternate instructions for accessing Safe Mode

Please download & run this program - KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)

Select all the filenames below & then right-click & select Copy
  • C:\WINDOWS\nknufmp.exe
    C:\WINDOWS\System32\qovqco.exe
    C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
    C:\WINDOWS\System32\bqld.exe
Launch KillBox.exe
Go to the File menu, and choose Paste from Clipboard
Select the following options:
  • delete on Reboot
Click the RED X button.
Click Yes at the Delete on Reboot prompt.
Click Yes at the 'Pending Operations prompt'.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.
Click to expand...
 
S

· Registered
Joined
·
67 Posts
Discussion Starter · #15 ·
Yes I am the sole admin of this machine.
I downloaded and ran Killbox. After I entered in all of the filenames and selected them to be deleted at reboot I chose "Yes" to reboot machine now. When I did that it gave me a message saying "PendingFileRenameOperations Registry Data Has Been Removed By External Process!"
 
sUBs

· TSF Security Team, Emeritus
Joined
·
26,408 Posts
#16 ·
You're right...This is a really nasty bugger!!

Please use these revised instructions..

Select all the filenames below & then right-click & select Copy
  • C:\WINDOWS\nknufmp.exe
    C:\WINDOWS\System32\qovqco.exe
    C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
    C:\WINDOWS\System32\bqld.exe
Launch KillBox.exe
Go to the File menu, and choose Paste from Clipboard
Select the following options:
  • Standard File Kill
    [*] End Explorer Shell While Killing File
    [*] Unregister DLL (If available)]
Click the RED X button.
 
S

· Registered
Joined
·
67 Posts
Discussion Starter · #19 ·
Logfile of HijackThis v1.99.1
Scan saved at 6:52:52 PM, on 10/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Abbas\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.roxio.com/adban/partner_oem_microsites/plextor/qd9ci8f.jhtml
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\Abbas\Application Data\Mozilla\Profiles\default\gz0qktzl.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Abbas\Application Data\Mozilla\Profiles\default\gz0qktzl.slt\prefs.js)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [YkFJW9Ew] C:\PROGRA~1\wprvwpwp\GcQDA8BL.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [DVDXGhost] C:\Program Files\DVD X Studios\DVD X Utilities 1.5\DVDGhost\DVDGhost.exe
O4 - Startup: Mobipocket Web Companion.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?319
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
 
sUBs

· TSF Security Team, Emeritus
Joined
·
26,408 Posts
#20 ·
I did some research on the error number you gave me "0xc0000022".

According to this article, your computer tried to initiate a remote connection upon logon. Please do this...

From new task (run...), type sysdm.cpl (this would bring up System Properties)
Under the Remote tab, verify that Remote Assistance & Remote Desktop is unticked.

Let me know if this computer is an office machine or a personal machine.
Do you have other computers on your network?
 
1 - 20 of 73 Posts
Status
Not open for further replies.
About this Discussion
72 Replies
2 Participants
Last post:
Sincere
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top