Options

taventu-hiderune.exe

Unknown
edited October 2004 in Spyware & Virus Removal
Please help! I just bought my computer and i am already having problems with it. I am getting many pop ups and it got really slow all of a sudden I ran McAfee and it told me i had hiderune.exe then i ran spybot and Ad-Aware i am not getting as many pop ups and my computer is running better but what do i need to do to get rid of the hiderune.exe. Here is my hijackthis log: Thank you very much !!
Logfile of HijackThis v1.98.2
Scan saved at 12:26:32 AM, on 10/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\syshelper.exe
C:\WINDOWS\System32\good.exe
C:\WINDOWS\System32\spoolsvc.exe
C:\WINDOWS\System32\systemproc.exe
C:\WINDOWS\System32\crsrs.exe
C:\dipset.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\sp2update.exe
C:\WINDOWS\system\rundll32.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MYTOTA~1\bar\1.bin\mtsoemon.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_server.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\WINDOWS\System32\compobj3.exe
C:\WINDOWS\System32\compobj9.exe
C:\WINDOWS\System32\winvc32.exe
c:\mes.exe
c:\msfs.exe
C:\iexpIerer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Application Data\ttuh.exe
C:\WINDOWS\System32\w?wexec.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Messenger\msmsgs.exe
c:\ms.exe
c:\dipset.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\WINDOWS\System32\cidaemon.exe
c:\netstar.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://runonce.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll
O4 - HKLM\..\Run: [Microsoftkeysd] systemproc.exe
O4 - HKLM\..\Run: [MicrosoftUpdate] syshelper.exe
O4 - HKLM\..\Run: [Auto updat] crsrs.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] good.exe
O4 - HKLM\..\Run: [Win32 System Spool] spoolsvc.exe
O4 - HKLM\..\Run: [Microsoft Features] ms32cfg.exe
O4 - HKLM\..\Run: [Printer] c:\dipset.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Windows XP Service Pack 2] sp2update.exe
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\system\rundll32.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MyTotalSearch Email Plugin] C:\PROGRA~1\MYTOTA~1\bar\1.bin\mtsoemon.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [mm_server] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_server.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: C:\windows\temp\i.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\zhkiyvr.exe
O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\Run: [ac0688683ede] C:\WINDOWS\System32\compobj3.exe
O4 - HKLM\..\Run: [78c78879044c] C:\WINDOWS\System32\compobj9.exe
O4 - HKLM\..\Run: [6E461753] C:\WINDOWS\System32\ovytabew.exe
O4 - HKLM\..\Run: [62] C:\windows\temp\62.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Oqds0WMP.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [Windows Network Service] winvc32.exe
O4 - HKLM\..\Run: [Sys29] c:\windows\system32\winjvc32.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [SYSTRAY] C:\UNMT.EXE
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\RunServices: [Microsoftkeysd] systemproc.exe
O4 - HKLM\..\RunServices: [Win32 System Spool] spoolsvc.exe
O4 - HKLM\..\RunServices: [A2FB3DC1] C:\WINDOWS\System32\ovytabew.exe
O4 - HKLM\..\RunServices: [Auto updat] crsrs.exe
O4 - HKLM\..\RunServices: [Microsoft Features] ms32cfg.exe
O4 - HKLM\..\RunServices: [Windows XP Service Pack 2] sp2update.exe
O4 - HKLM\..\RunServices: [MicrosoftUpdate] syshelper.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] good.exe
O4 - HKLM\..\RunServices: [Windows Network Service] winvc32.exe
O4 - HKLM\..\RunOnce: [MicrosoftUpdate] syshelper.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] good.exe
O4 - HKLM\..\RunOnce: [Win32 System Spool] spoolsvc.exe
O4 - HKLM\..\RunOnce: [Microsoftkeysd] systemproc.exe
O4 - HKLM\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\Owner\LOCALS~1\Temp\djtopr1150.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoftkeysd] systemproc.exe
O4 - HKCU\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKCU\..\Run: [Win32 System Spool] spoolsvc.exe
O4 - HKCU\..\Run: [Auto updat] crsrs.exe
O4 - HKCU\..\Run: [Microsoft Features] ms32cfg.exe
O4 - HKCU\..\Run: [MicrosoftUpdate] syshelper.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] good.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Owner\Application Data\ttuh.exe
O4 - HKCU\..\Run: [Hrsgdctt] C:\WINDOWS\System32\w?wexec.exe
O4 - HKCU\..\Run: [MyTotalSearch Email Plugin] C:\PROGRA~1\MYTOTA~1\bar\1.bin\mtsoemon.exe
O4 - HKCU\..\RunOnce: [MicrosoftUpdate] syshelper.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] good.exe
O4 - HKCU\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKCU\..\RunOnce: [Microsoftkeysd] systemproc.exe
O4 - HKCU\..\RunOnce: [Win32 System Spool] spoolsvc.exe
O4 - Startup: MyTotalSearch Email Plugin.lnk = C:\Program Files\MyTotalSearch\bar\1.bin\MTSOEMON.EXE
O4 - Global Startup: MyTotalSearch Email Plugin.lnk = C:\Program Files\MyTotalSearch\bar\1.bin\MTSOEMON.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mytotalsearch.com/menusearch.html?p=VNxmk09746US
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O15 - Trusted Zone: http://*.download.windowsupdate
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097076543281
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)

Comments

  • SpywareShooterSpywareShooter 127.0.0.1
    edited October 2004
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
    O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll
    O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll
    O4 - HKLM\..\Run: [Microsoftkeysd] systemproc.exe
    O4 - HKLM\..\Run: [MicrosoftUpdate] syshelper.exe
    O4 - HKLM\..\Run: [Auto updat] crsrs.exe
    O4 - HKLM\..\Run: [Win32 USB2 Driver] good.exe
    O4 - HKLM\..\Run: [Microsoft Features] ms32cfg.exe
    O4 - HKLM\..\Run: [Printer] c:\dipset.exe
    O4 - HKLM\..\Run: [Windows XP Service Pack 2] sp2update.exe
    O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
    O4 - HKLM\..\Run: [MyTotalSearch Email Plugin] C:\PROGRA~1\MYTOTA~1\bar\1.bin\mtsoemon.exe
    O4 - HKLM\..\Run: C:\windows\temp\i.exe
    O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\zhkiyvr.exe
    O4 - HKLM\..\Run: [ac0688683ede] C:\WINDOWS\System32\compobj3.exe
    O4 - HKLM\..\Run: [78c78879044c] C:\WINDOWS\System32\compobj9.exe
    O4 - HKLM\..\Run: [6E461753] C:\WINDOWS\System32\ovytabew.exe
    O4 - HKLM\..\Run: [62] C:\windows\temp\62.exe
    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Oqds0WMP.exe
    O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
    O4 - HKLM\..\Run: [Windows Network Service] winvc32.exe
    O4 - HKLM\..\Run: [Sys29] c:\windows\system32\winjvc32.exe
    O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [SYSTRAY] C:\UNMT.EXE
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKLM\..\RunServices: [Microsoftkeysd] systemproc.exe
    O4 - HKLM\..\RunServices: [Win32 System Spool] spoolsvc.exe
    O4 - HKLM\..\RunServices: [A2FB3DC1] C:\WINDOWS\System32\ovytabew.exe
    O4 - HKLM\..\RunServices: [Auto updat] crsrs.exe
    O4 - HKLM\..\RunServices: [Microsoft Features] ms32cfg.exe
    O4 - HKLM\..\RunServices: [Windows XP Service Pack 2] sp2update.exe
    O4 - HKLM\..\RunServices: [MicrosoftUpdate] syshelper.exe
    O4 - HKLM\..\RunServices: [Win32 USB2 Driver] good.exe
    O4 - HKLM\..\RunServices: [Windows Network Service] winvc32.exe
    O4 - HKLM\..\RunOnce: [MicrosoftUpdate] syshelper.exe
    O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] good.exe
    O4 - HKLM\..\RunOnce: [Microsoftkeysd] systemproc.exe
    O4 - HKLM\..\RunOnce: [Auto updat] crsrs.exe
    O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\Owner\LOCALS~1\Temp\djtopr1150.exe"
    O4 - HKCU\..\Run: [Auto updat] crsrs.exe
    O4 - HKCU\..\Run: [Microsoft Features] ms32cfg.exe
    O4 - HKCU\..\Run: [MicrosoftUpdate] syshelper.exe
    O4 - HKCU\..\Run: [Win32 USB2 Driver] good.exe
    O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Owner\Application Data\ttuh.exe
    O4 - HKCU\..\Run: [Hrsgdctt] C:\WINDOWS\System32\w?wexec.exe
    O4 - HKCU\..\Run: [MyTotalSearch Email Plugin] C:\PROGRA~1\MYTOTA~1\bar\1.bin\mtsoemon.exe
    O4 - HKCU\..\RunOnce: [MicrosoftUpdate] syshelper.exe
    O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] good.exe
    O4 - HKCU\..\RunOnce: [Auto updat] crsrs.exe
    O4 - HKCU\..\RunOnce: [Microsoftkeysd] systemproc.exe
    O4 - Startup: MyTotalSearch Email Plugin.lnk = C:\Program Files\MyTotalSearch\bar\1.bin\MTSOEMON.EXE
    O4 - Global Startup: MyTotalSearch Email Plugin.lnk = C:\Program Files\MyTotalSearch\bar\1.bin\MTSOEMON.EXE
    O8 - Extra context menu item: &Search - http://bar.mytotalsearch.com/menuse...?p=VNxmk09746US
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab
    O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares...ysb_regular.cab
    O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)

    Fix those entries then find and delete the files listed above, reboot and post a new log.
  • taventu
    edited October 2004
    I found and deleted the files here is the new HijackThis log. Internet is still slow and i am still getting pop ups. Thank you


    Logfile of HijackThis v1.98.2
    Scan saved at 8:18:18 PM, on 10/17/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\System32\good.exe
    C:\WINDOWS\System32\cisvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\System32\syshelper.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system\rundll32.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_server.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\System32\ms32cfg.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\ms32cfg.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
    C:\Documents and Settings\Owner\Application Data\ttuh.exe
    C:\WINDOWS\System32\w?wexec.exe
    C:\PROGRA~1\MYTOTA~1\bar\1.bin\mtsoemon.exe
    C:\WINDOWS\System32\spoolsvc.exe
    C:\Program Files\Common Files\Verizon Online\SFP\vzNetSvc.exe
    C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
    C:\WINDOWS\System32\Ftw7.exe
    C:\WINDOWS\System32\Ftw7.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Owner\My Documents\hijackthis\HijackThis.exe
    C:\WINDOWS\System32\wuauclt.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://runonce.msn.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O4 - HKLM\..\Run: [Win32 System Spool] spoolsvc.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\system\rundll32.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [mm_server] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_server.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\PlsO0A55.exe
    O4 - HKLM\..\Run: [Sys29] C:\windows\system32\windpe32.exe
    O4 - HKLM\..\Run: [Microsoft Features] ms32cfg.exe
    O4 - HKLM\..\Run: [MicrosoftUpdate] syshelper.exe
    O4 - HKLM\..\Run: [Win32 USB2 Driver] good.exe
    O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe
    O4 - HKLM\..\RunServices: [Win32 System Spool] spoolsvc.exe
    O4 - HKLM\..\RunServices: [Microsoft Features] ms32cfg.exe
    O4 - HKLM\..\RunServices: [MicrosoftUpdate] syshelper.exe
    O4 - HKLM\..\RunServices: [Win32 USB2 Driver] good.exe
    O4 - HKLM\..\RunOnce: [Win32 System Spool] spoolsvc.exe
    O4 - HKLM\..\RunOnce: [MicrosoftUpdate] syshelper.exe
    O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] good.exe
    O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
    O4 - HKCU\..\Run: [Win32 System Spool] spoolsvc.exe
    O4 - HKCU\..\Run: [Microsoft Features] ms32cfg.exe
    O4 - HKCU\..\Run: [MicrosoftUpdate] syshelper.exe
    O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Owner\Application Data\ttuh.exe
    O4 - HKCU\..\Run: [Hrsgdctt] C:\WINDOWS\System32\w?wexec.exe
    O4 - HKCU\..\Run: [MyTotalSearch Email Plugin] C:\PROGRA~1\MYTOTA~1\bar\1.bin\mtsoemon.exe
    O4 - HKCU\..\Run: [Win32 USB2 Driver] good.exe
    O4 - HKCU\..\RunOnce: [Win32 System Spool] spoolsvc.exe
    O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] good.exe
    O4 - HKCU\..\RunOnce: [MicrosoftUpdate] syshelper.exe
    O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O15 - Trusted Zone: http://*.download.windowsupdate
    O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097076543281
  • LincLinc Owner Detroit Icrontian
    edited October 2004
    Wow, this is pretty bad :-/

    Remove these again. If they come back, boot into safe mode (by tapping F8 during bootup), then find & delete any of these .exe files you find in your c:\windows\system32 folder.

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    O4 - HKLM\..\Run: [Win32 System Spool] spoolsvc.exe
    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\PlsO0A55.exe
    O4 - HKLM\..\Run: [Sys29] C:\windows\system32\windpe32.exe
    O4 - HKLM\..\Run: [Microsoft Features] ms32cfg.exe
    O4 - HKLM\..\Run: [MicrosoftUpdate] syshelper.exe
    O4 - HKLM\..\Run: [Win32 USB2 Driver] good.exe

    O4 - HKCU\..\Run: [Win32 System Spool] spoolsvc.exe
    O4 - HKCU\..\Run: [Microsoft Features] ms32cfg.exe
    O4 - HKCU\..\Run: [MicrosoftUpdate] syshelper.exe

    O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Owner\Application Data\ttuh.exe
    O4 - HKCU\..\Run: [Hrsgdctt] C:\WINDOWS\System32\w?wexec.exe
    O4 - HKCU\..\Run: [MyTotalSearch Email Plugin] C:\PROGRA~1\MYTOTA~1\bar\1.bin\mtsoemon.exe
    O4 - HKCU\..\Run: [Win32 USB2 Driver] good.exe
    O4 - HKCU\..\RunOnce: [Win32 System Spool] spoolsvc.exe
    O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] good.exe
    O4 - HKCU\..\RunOnce: [MicrosoftUpdate] syshelper.exe

    O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab
Sign In or Register to comment.