Svchost.exe error

[Hanky]

Good day, I got this error everytime I send/receive email which leads to restarting the computer and then the whole story all over again... Have you got any suggestions on how I can fix this problem?

[Mobo]

Lets start here hank:

Download HijackThis from:

[Only Registered and Activated Users Can See Links. Click Here To Register...]

Save this file into the directory you made previously and then run the program named hijackthis.exe. When the program opens click on the Config button, then click on the Misc Tools button, and click on the Check for update online button. When it completes checking/applying updates press the back button.

Now click on the Scan button and when it is finished click on the Save Log button. A Notepad window will open with the contents of this log. Click on Edit then click on Select all. Then click on Edit and then Click on Copy.

Create a reply to this post here and right click in message area and select paste to paste the log into the post.

[Hanky]

Logfile of HijackThis v1.99.0
Scan saved at 8:14:01 a.m., on 12/02/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\McAfee\Mcshield.exe
D:\Program Files\McAfee\VsTskMgr.exe
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\Mixer.exe
D:\Program Files\McAfee\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINNT\System32\wprikl.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\defragfatx.exe
C:\WINNT\system32\wnmsconfig.exe
C:\WINNT\system32\internat.exe
D:\Spyware Doctor\swdoctor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINNT\ZServ.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-nz\msntb.dll (file missing)
O3 - Toolbar: xtramsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-nz\msntb.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\McAfee\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-nz\msnappau.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] D:\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [P2P Networkingp2p7B] C:\Documents and Settings\Bob\Local Settings\Temp\P2P Networkingp2p7B.EXE /AUTOSTART
O4 - HKLM\..\Run: [dbhfibyiqklx] C:\WINNT\system32\daxvhqa.exe
O4 - HKLM\..\Run: [satmat] C:\WINNT\satmat.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [farmmext] C:\WINNT\farmmext.exe
O4 - HKLM\..\Run: [duptziwm] C:\WINNT\System32\wprikl.exe
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINNT\system32\defragfatx.exe
O4 - HKLM\..\Run: [Win Microsoft Config] wnmsconfig.exe
O4 - HKLM\..\RunServices: [Win Microsoft Config] wnmsconfig.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Win Microsoft Config] wnmsconfig.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF6C49B8-AF59-4A40-B0A1-D3130447B26B}: NameServer = 203.97.33.14 203.97.37.14
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - D:\Program Files\McAfee\Mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - D:\Program Files\McAfee\VsTskMgr.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe

Hope this will help... Thank you

[Mobo]

Now rescan again with hijack, insert a check next to each of the following then close all other open browser windows and click "fix checked"


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\about.htm

R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINNT\ZServ.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll (file missing)

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-nz\msntb.dll (file missing)

O3 - Toolbar: xtramsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-nz\msntb.dll (file missing)

O4 - HKLM\..\Run: [dbhfibyiqklx] C:\WINNT\system32\daxvhqa.exe

O4 - HKLM\..\Run: [satmat] C:\WINNT\satmat.exe

O4 - HKLM\..\Run: [farmmext] C:\WINNT\farmmext.exe

O4 - HKLM\..\Run: [duptziwm] C:\WINNT\System32\wprikl.exe

O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINNT\system32\defragfatx.exe

O4 - HKLM\..\Run: [Win Microsoft Config] wnmsconfig.exe

O4 - HKLM\..\RunServices: [Win Microsoft Config] wnmsconfig.exe

O4 - HKCU\..\Run: [Win Microsoft Config] wnmsconfig.exe


O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - [Only Registered and Activated Users Can See Links. Click Here To Register...]



then set the system to show hidden files and folders as per [Only Registered and Activated Users Can See Links. Click Here To Register...]


reboot into safe mode [Only Registered and Activated Users Can See Links. Click Here To Register...]


Then locate and delete:
C:\WINNT\system32\daxvhqa.exe

C:\WINNT\satmat.exe

C:\WINNT\farmmext.exe

C:\WINNT\System32\wprikl.exe

C:\WINNT\system32\defragfatx.exe

Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


Empty the Recycle Bin

Reboot

Get The latest version of Adaware
You can download the free version here:
[Only Registered and Activated Users Can See Links. Click Here To Register...]

or here (alternate download location)
[Only Registered and Activated Users Can See Links. Click Here To Register...]

You need to be logged on as Adminstrator through the installation.
For ease in installation and operation, view the tutorial here [Only Registered and Activated Users Can See Links. Click Here To Register...]

Just download it to your desktop and then to install click on the file you just downloaded (aawsepersonal.exe). You will be guided through the installation. It is recommended to use the default setting of "Protect anyone who uses this computer".

On the main screen of Adaware please look for the *check for updates now* link, just above the start button in the bottom right corner or you can click on the Webupdate button that looks like a globe icon at the top. Press * connect* to let it check for any recent updates. If any are found, please let it download and install them.

Now, configure your settings. Click the gear icon at the top. These are the recommended settings:

AAW SE settings

General Button
Safety:
Check (Green) all three.

Advanced Button
Logfile Detail Level:
All options under this should be checked (Green).

Tweak Button
Check (Green) the following:
Log Files
Include basic Ad-Aware settings in logfile:
Include additional Ad-Aware settings in logfile:
Please do not check (Green): Include Module list in logfile:

On your first scan, use the Full Scan (Perform full system scan) mode.

Let Adaware remove any *bad* objects found. Reboot your PC and scan again. Repeat this process until no more bad items are found. It may take several scans to clean everything, depending on the type of infections found.

Then post a fresh hijack log.

[Hanky]

Hey Buddy,

Thanks alot for the help thus far.... I did everything you said and here is the new log file...


Thanks again for everything, you rock!!!




Logfile of HijackThis v1.99.0
Scan saved at 7:40:49 p.m., on 13/02/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\McAfee\Mcshield.exe
D:\Program Files\McAfee\VsTskMgr.exe
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\Mixer.exe
D:\Program Files\McAfee\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINNT\system32\wnmsconfig.exe
C:\WINNT\system32\internat.exe
D:\Spyware Doctor\swdoctor.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\hpwsnnsbc.exe
C:\WINNT\system32\hpwsnnsbc.exe
D:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\McAfee\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-nz\msnappau.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] D:\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [P2P Networkingp2p7B] C:\Documents and Settings\Bob\Local Settings\Temp\P2P Networkingp2p7B.EXE /AUTOSTART
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [dpfpmtkincqay] C:\WINNT\System32\wprikl.exe
O4 - HKLM\..\Run: [Win Microsoft Config] wnmsconfig.exe
O4 - HKLM\..\Run: [Win Drivers SSL32] hpwsnnsbc.exe
O4 - HKLM\..\RunServices: [Win Microsoft Config] wnmsconfig.exe
O4 - HKLM\..\RunServices: [Win Drivers SSL32] hpwsnnsbc.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"
O4 - HKCU\..\Run: [Win Microsoft Config] wnmsconfig.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Handling the loading of the MAPI API. - Unknown - C:\WINNT\system32\Mapi32.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - D:\Program Files\McAfee\Mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - D:\Program Files\McAfee\VsTskMgr.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe

[Mobo]

Rescan and check each of these then close all other open windows and click "fix checked"



O4 - HKLM\..\Run: [dpfpmtkincqay] C:\WINNT\System32\wprikl.exe

O4 - HKLM\..\Run: [Win Microsoft Config] wnmsconfig.exe

O4 - HKLM\..\Run: [Win Drivers SSL32] hpwsnnsbc.exe

O4 - HKLM\..\RunServices: [Win Microsoft Config] wnmsconfig.exe

O4 - HKLM\..\RunServices: [Win Drivers SSL32] hpwsnnsbc.exe

O4 - HKCU\..\Run: [Win Microsoft Config] wnmsconfig.exe

O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)

Then reboot into safe mode, locate then delete:
C:\WINNT\system32\wnmsconfig.exe
C:\WINNT\System32\wprikl.exe