Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pls help-"Only the Best and about:Blank spyware"


  • Please log in to reply

#1
joeigurl

joeigurl

    New Member

  • Member
  • Pip
  • 2 posts
Hello everyone,

I'm trying to remove the about:Blank and Only the Best spyware in my computer and I need your help. I've already ran the following:

Ad-aware SE
about:Buster
SpyBot S&D
Ccleaner
HijackThis

I've attached the HijackThis log for interpretation. Please help as I have a deadline to meet. Thanks so much!

Thanks,
Joei.

Attached Files


  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Hi joeigurl,

The first thing I'd like to do is to make your log a bit better readable.

Download and Save Spywadfix to your computer from this link:
http://www.thespykil...s/spywadfix.exe

It will automatically extract to c:\spywad where it needs to be to run and will automatically open the remove spywad.vbs script for you ready to paste in the line mentioned below.
If you have script blocking enabled you will get a warning about a malicious script wanting to run. Please allow this script to run.

It is not malicious.
It will open an Input box. Paste this line into the box

C:\WINDOWS\system32\crsi32.exe

The script will kill that process, backup and then delete any matching files in System32 and your Windows Directory. It will create a log of all files deleted. This log file will be named Spywad.txt and be located inside the C:\Spywad Folder. The backups will also be located in two subfolders there. One named Systems and the other named Window.

The script will search the Windows Directory and delete desktop.html and popup.html if they exist. It will add entries to the log if these files are found and deleted.

It will then kill Explorer. You will lose your taskbar and desktop. It will repair the registry entries returning your windows default desktop and context menu functions.
It will restart Explorer.

** Script Does not remove the orphaned run entries.

Finally, it will Run hijackthis so that you can remove the orphaned run entries and anything else as instructed by your Advisor on the forums.

If hijackthis doesn't start, run it manually.

--------------------------
When finished, post the contents of Spywad.txt and a new Hijackthis log.

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\bqajf.dll/sp.html#44980
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\bqajf.dll/sp.html#44980
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\bqajf.dll/sp.html#44980
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\bqajf.dll/sp.html#44980
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\bqajf.dll/sp.html#44980
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\bqajf.dll/sp.html#44980
R3 - Default URLSearchHook is missing

O2 - BHO: Class - {F0B66E90-EAA0-4E15-2336-CC0A96015175} - C:\WINDOWS\system32\apijf.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [crsi32.exe] C:\WINDOWS\system32\crsi32.exe

O4 - HKLM\..\RunOnce: [netzl.exe] C:\WINDOWS\netzl.exe
O4 - HKLM\..\RunOnce: [atlxz32.exe] C:\WINDOWS\system32\atlxz32.exe
O4 - HKLM\..\RunOnce: [iecb32.exe] C:\WINDOWS\system32\iecb32.exe
O4 - HKLM\..\RunOnce: [mfcxp.exe] C:\WINDOWS\system32\mfcxp.exe
O4 - HKLM\..\RunOnce: [iecj32.exe] C:\WINDOWS\system32\iecj32.exe
O4 - HKLM\..\RunOnce: [addhn.exe] C:\WINDOWS\addhn.exe
O4 - HKLM\..\RunOnce: [mfcob32.exe] C:\WINDOWS\system32\mfcob32.exe
O4 - HKLM\..\RunOnce: [ietx32.exe] C:\WINDOWS\ietx32.exe
O4 - HKLM\..\RunOnce: [sdkyr32.exe] C:\WINDOWS\sdkyr32.exe
O4 - HKLM\..\RunOnce: [mfcoj.exe] C:\WINDOWS\system32\mfcoj.exe
O4 - HKLM\..\RunOnce: [systd32.exe] C:\WINDOWS\systd32.exe
O4 - HKLM\..\RunOnce: [addtr.exe] C:\WINDOWS\system32\addtr.exe
O4 - HKLM\..\RunOnce: [d3gl32.exe] C:\WINDOWS\system32\d3gl32.exe
O4 - HKLM\..\RunOnce: [atlsy.exe] C:\WINDOWS\atlsy.exe
O4 - HKLM\..\RunOnce: [ntan32.exe] C:\WINDOWS\ntan32.exe
O4 - HKLM\..\RunOnce: [atlnp.exe] C:\WINDOWS\atlnp.exe
O4 - HKLM\..\RunOnce: [iect.exe] C:\WINDOWS\iect.exe
O4 - HKLM\..\RunOnce: [javanm32.exe] C:\WINDOWS\system32\javanm32.exe
O4 - HKLM\..\RunOnce: [crbt32.exe] C:\WINDOWS\system32\crbt32.exe
O4 - HKLM\..\RunOnce: [apigq32.exe] C:\WINDOWS\apigq32.exe
O4 - HKLM\..\RunOnce: [crbj.exe] C:\WINDOWS\system32\crbj.exe
O4 - HKLM\..\RunOnce: [ntfn32.exe] C:\WINDOWS\system32\ntfn32.exe
O4 - HKLM\..\RunOnce: [mfcvd.exe] C:\WINDOWS\mfcvd.exe
O4 - HKLM\..\RunOnce: [sysut32.exe] C:\WINDOWS\system32\sysut32.exe
O4 - HKLM\..\RunOnce: [javasa32.exe] C:\WINDOWS\javasa32.exe
O4 - HKLM\..\RunOnce: [ipwm32.exe] C:\WINDOWS\ipwm32.exe
O4 - HKLM\..\RunOnce: [appbg.exe] C:\WINDOWS\appbg.exe
O4 - HKLM\..\RunOnce: [crsq.exe] C:\WINDOWS\crsq.exe
O4 - HKLM\..\RunOnce: [sdkjh.exe] C:\WINDOWS\system32\sdkjh.exe
O4 - HKLM\..\RunOnce: [atlxj32.exe] C:\WINDOWS\atlxj32.exe
O4 - HKLM\..\RunOnce: [javabq.exe] C:\WINDOWS\system32\javabq.exe
O4 - HKLM\..\RunOnce: [winqf32.exe] C:\WINDOWS\winqf32.exe
O4 - HKLM\..\RunOnce: [atlgn32.exe] C:\WINDOWS\atlgn32.exe
O4 - HKLM\..\RunOnce: [addjz.exe] C:\WINDOWS\system32\addjz.exe
O4 - HKLM\..\RunOnce: [sysfa32.exe] C:\WINDOWS\system32\sysfa32.exe
O4 - HKLM\..\RunOnce: [ntqn32.exe] C:\WINDOWS\system32\ntqn32.exe
O4 - HKLM\..\RunOnce: [atlvi.exe] C:\WINDOWS\system32\atlvi.exe
O4 - HKLM\..\RunOnce: [syshm32.exe] C:\WINDOWS\syshm32.exe
O4 - HKLM\..\RunOnce: [mfczi.exe] C:\WINDOWS\system32\mfczi.exe
O4 - HKLM\..\RunOnce: [msam.exe] C:\WINDOWS\msam.exe
O4 - HKLM\..\RunOnce: [ieez32.exe] C:\WINDOWS\system32\ieez32.exe
O4 - HKLM\..\RunOnce: [ntrt.exe] C:\WINDOWS\ntrt.exe
O4 - HKLM\..\RunOnce: [atlzk32.exe] C:\WINDOWS\atlzk32.exe
O4 - HKLM\..\RunOnce: [ntkh.exe] C:\WINDOWS\ntkh.exe
O4 - HKLM\..\RunOnce: [ntzc32.exe] C:\WINDOWS\ntzc32.exe
O4 - HKLM\..\RunOnce: [sysrg32.exe] C:\WINDOWS\system32\sysrg32.exe
O4 - HKLM\..\RunOnce: [mfcxj32.exe] C:\WINDOWS\system32\mfcxj32.exe
O4 - HKLM\..\RunOnce: [mfcxz.exe] C:\WINDOWS\mfcxz.exe
O4 - HKLM\..\RunOnce: [atlgz.exe] C:\WINDOWS\system32\atlgz.exe
O4 - HKLM\..\RunOnce: [apirk32.exe] C:\WINDOWS\system32\apirk32.exe
O4 - HKLM\..\RunOnce: [sysfn.exe] C:\WINDOWS\sysfn.exe
O4 - HKLM\..\RunOnce: [sdkvo32.exe] C:\WINDOWS\sdkvo32.exe
O4 - HKLM\..\RunOnce: [d3mw32.exe] C:\WINDOWS\d3mw32.exe
O4 - HKLM\..\RunOnce: [javapi.exe] C:\WINDOWS\system32\javapi.exe
O4 - HKLM\..\RunOnce: [sdkye32.exe] C:\WINDOWS\sdkye32.exe
O4 - HKLM\..\RunOnce: [apiox32.exe] C:\WINDOWS\system32\apiox32.exe
O4 - HKLM\..\RunOnce: [atljb.exe] C:\WINDOWS\system32\atljb.exe
O4 - HKLM\..\RunOnce: [mfcsn32.exe] C:\WINDOWS\system32\mfcsn32.exe
O4 - HKLM\..\RunOnce: [iexh32.exe] C:\WINDOWS\iexh32.exe
O4 - HKLM\..\RunOnce: [msir32.exe] C:\WINDOWS\system32\msir32.exe
O4 - HKLM\..\RunOnce: [sdkyg.exe] C:\WINDOWS\sdkyg.exe
O4 - HKLM\..\RunOnce: [winae32.exe] C:\WINDOWS\system32\winae32.exe
O4 - HKLM\..\RunOnce: [javang.exe] C:\WINDOWS\system32\javang.exe
O4 - HKLM\..\RunOnce: [mfcxw32.exe] C:\WINDOWS\mfcxw32.exe
O4 - HKLM\..\RunOnce: [mfcws.exe] C:\WINDOWS\mfcws.exe
O4 - HKLM\..\RunOnce: [winvd32.exe] C:\WINDOWS\system32\winvd32.exe
O4 - HKLM\..\RunOnce: [addvt.exe] C:\WINDOWS\system32\addvt.exe
O4 - HKLM\..\RunOnce: [sysck.exe] C:\WINDOWS\system32\sysck.exe
O4 - HKLM\..\RunOnce: [iefc32.exe] C:\WINDOWS\system32\iefc32.exe
O4 - HKLM\..\RunOnce: [sdkfp32.exe] C:\WINDOWS\system32\sdkfp32.exe
O4 - HKLM\..\RunOnce: [appyj32.exe] C:\WINDOWS\system32\appyj32.exe
O4 - HKLM\..\RunOnce: [atlyz32.exe] C:\WINDOWS\atlyz32.exe
O4 - HKLM\..\RunOnce: [nthr32.exe] C:\WINDOWS\system32\nthr32.exe
O4 - HKLM\..\RunOnce: [addhz.exe] C:\WINDOWS\addhz.exe
O4 - HKLM\..\RunOnce: [msld.exe] C:\WINDOWS\system32\msld.exe
O4 - HKLM\..\RunOnce: [atlaa32.exe] C:\WINDOWS\system32\atlaa32.exe
O4 - HKLM\..\RunOnce: [ntlr.exe] C:\WINDOWS\system32\ntlr.exe
O4 - HKLM\..\RunOnce: [apiod.exe] C:\WINDOWS\system32\apiod.exe
O4 - HKLM\..\RunOnce: [javaes32.exe] C:\WINDOWS\javaes32.exe
O4 - HKLM\..\RunOnce: [iecz32.exe] C:\WINDOWS\iecz32.exe
O4 - HKLM\..\RunOnce: [d3xl.exe] C:\WINDOWS\d3xl.exe
O4 - HKLM\..\RunOnce: [netwb32.exe] C:\WINDOWS\netwb32.exe
O4 - HKLM\..\RunOnce: [appmi32.exe] C:\WINDOWS\system32\appmi32.exe
O4 - HKLM\..\RunOnce: [atluy.exe] C:\WINDOWS\system32\atluy.exe
O4 - HKLM\..\RunOnce: [appvz.exe] C:\WINDOWS\appvz.exe
O4 - HKLM\..\RunOnce: [ipko.exe] C:\WINDOWS\system32\ipko.exe
O4 - HKLM\..\RunOnce: [mfcad32.exe] C:\WINDOWS\system32\mfcad32.exe
O4 - HKLM\..\RunOnce: [netto.exe] C:\WINDOWS\netto.exe
O4 - HKLM\..\RunOnce: [javaxs32.exe] C:\WINDOWS\javaxs32.exe
O4 - HKLM\..\RunOnce: [ipht.exe] C:\WINDOWS\ipht.exe
O4 - HKLM\..\RunOnce: [ntmp32.exe] C:\WINDOWS\ntmp32.exe
O4 - HKLM\..\RunOnce: [ntbm32.exe] C:\WINDOWS\system32\ntbm32.exe
O4 - HKLM\..\RunOnce: [appgi32.exe] C:\WINDOWS\appgi32.exe
O4 - HKLM\..\RunOnce: [ntbu32.exe] C:\WINDOWS\system32\ntbu32.exe
O4 - HKLM\..\RunOnce: [crfy.exe] C:\WINDOWS\crfy.exe
O4 - HKLM\..\RunOnce: [javaoh32.exe] C:\WINDOWS\system32\javaoh32.exe
O4 - HKLM\..\RunOnce: [addxf.exe] C:\WINDOWS\system32\addxf.exe
O4 - HKLM\..\RunOnce: [ipnc32.exe] C:\WINDOWS\ipnc32.exe
O4 - HKLM\..\RunOnce: [javadj.exe] C:\WINDOWS\javadj.exe
O4 - HKLM\..\RunOnce: [syshn32.exe] C:\WINDOWS\system32\syshn32.exe
O4 - HKLM\..\RunOnce: [d3ro.exe] C:\WINDOWS\d3ro.exe
O4 - HKLM\..\RunOnce: [mswk32.exe] C:\WINDOWS\system32\mswk32.exe
O4 - HKLM\..\RunOnce: [d3lh32.exe] C:\WINDOWS\d3lh32.exe
O4 - HKLM\..\RunOnce: [netqe32.exe] C:\WINDOWS\netqe32.exe
O4 - HKLM\..\RunOnce: [mslp32.exe] C:\WINDOWS\mslp32.exe
O4 - HKLM\..\RunOnce: [winxu.exe] C:\WINDOWS\system32\winxu.exe
O4 - HKLM\..\RunOnce: [ieyu32.exe] C:\WINDOWS\ieyu32.exe
O4 - HKLM\..\RunOnce: [ienr32.exe] C:\WINDOWS\system32\ienr32.exe
O4 - HKLM\..\RunOnce: [ntrn32.exe] C:\WINDOWS\system32\ntrn32.exe
O4 - HKLM\..\RunOnce: [sysmz32.exe] C:\WINDOWS\system32\sysmz32.exe
O4 - HKLM\..\RunOnce: [apprd.exe] C:\WINDOWS\apprd.exe
O4 - HKLM\..\RunOnce: [winad32.exe] C:\WINDOWS\system32\winad32.exe
O4 - HKLM\..\RunOnce: [winoa32.exe] C:\WINDOWS\winoa32.exe
O4 - HKLM\..\RunOnce: [appoo.exe] C:\WINDOWS\system32\appoo.exe
O4 - HKLM\..\RunOnce: [sysdv.exe] C:\WINDOWS\system32\sysdv.exe
O4 - HKLM\..\RunOnce: [javaoo32.exe] C:\WINDOWS\javaoo32.exe
O4 - HKLM\..\RunOnce: [d3hh.exe] C:\WINDOWS\d3hh.exe
O4 - HKLM\..\RunOnce: [windl.exe] C:\WINDOWS\system32\windl.exe
O4 - HKLM\..\RunOnce: [mfcwe.exe] C:\WINDOWS\mfcwe.exe
O4 - HKLM\..\RunOnce: [msnm32.exe] C:\WINDOWS\system32\msnm32.exe
O4 - HKLM\..\RunOnce: [mfcba.exe] C:\WINDOWS\system32\mfcba.exe
O4 - HKLM\..\RunOnce: [netai.exe] C:\WINDOWS\netai.exe
O4 - HKLM\..\RunOnce: [javalj.exe] C:\WINDOWS\system32\javalj.exe
O4 - HKLM\..\RunOnce: [mfckr32.exe] C:\WINDOWS\system32\mfckr32.exe
O4 - HKLM\..\RunOnce: [crzg32.exe] C:\WINDOWS\crzg32.exe
O4 - HKLM\..\RunOnce: [atlyg.exe] C:\WINDOWS\system32\atlyg.exe
O4 - HKLM\..\RunOnce: [wincs.exe] C:\WINDOWS\wincs.exe
O4 - HKLM\..\RunOnce: [ippd.exe] C:\WINDOWS\ippd.exe
O4 - HKLM\..\RunOnce: [apies.exe] C:\WINDOWS\system32\apies.exe
O4 - HKLM\..\RunOnce: [winwl32.exe] C:\WINDOWS\system32\winwl32.exe
O4 - HKLM\..\RunOnce: [addiw.exe] C:\WINDOWS\system32\addiw.exe
O4 - HKLM\..\RunOnce: [netma.exe] C:\WINDOWS\netma.exe
O4 - HKLM\..\RunOnce: [sdkwb32.exe] C:\WINDOWS\sdkwb32.exe
O4 - HKLM\..\RunOnce: [msvi.exe] C:\WINDOWS\msvi.exe
O4 - HKLM\..\RunOnce: [addqm32.exe] C:\WINDOWS\system32\addqm32.exe
O4 - HKLM\..\RunOnce: [apipa.exe] C:\WINDOWS\system32\apipa.exe
O4 - HKLM\..\RunOnce: [winuc32.exe] C:\WINDOWS\system32\winuc32.exe
O4 - HKLM\..\RunOnce: [appcf.exe] C:\WINDOWS\appcf.exe
O4 - HKLM\..\RunOnce: [msii32.exe] C:\WINDOWS\msii32.exe
O4 - HKLM\..\RunOnce: [netvw32.exe] C:\WINDOWS\system32\netvw32.exe
O4 - HKLM\..\RunOnce: [atlkm32.exe] C:\WINDOWS\system32\atlkm32.exe
O4 - HKLM\..\RunOnce: [ntda.exe] C:\WINDOWS\ntda.exe
O4 - HKLM\..\RunOnce: [netym32.exe] C:\WINDOWS\netym32.exe
O4 - HKLM\..\RunOnce: [adddg.exe] C:\WINDOWS\system32\adddg.exe
O4 - HKLM\..\RunOnce: [mfcpc32.exe] C:\WINDOWS\system32\mfcpc32.exe
O4 - HKLM\..\RunOnce: [iede.exe] C:\WINDOWS\iede.exe
O4 - HKLM\..\RunOnce: [apptm.exe] C:\WINDOWS\apptm.exe
O4 - HKLM\..\RunOnce: [sdkib.exe] C:\WINDOWS\sdkib.exe
O4 - HKLM\..\RunOnce: [atlnv32.exe] C:\WINDOWS\system32\atlnv32.exe
O4 - HKLM\..\RunOnce: [appxz32.exe] C:\WINDOWS\system32\appxz32.exe
O4 - HKLM\..\RunOnce: [ntpv32.exe] C:\WINDOWS\ntpv32.exe
O4 - HKLM\..\RunOnce: [mssc32.exe] C:\WINDOWS\mssc32.exe
O4 - HKLM\..\RunOnce: [iedp.exe] C:\WINDOWS\iedp.exe
O4 - HKLM\..\RunOnce: [ntij32.exe] C:\WINDOWS\system32\ntij32.exe
O4 - HKLM\..\RunOnce: [ntxg32.exe] C:\WINDOWS\ntxg32.exe
O4 - HKLM\..\RunOnce: [sdkqz32.exe] C:\WINDOWS\system32\sdkqz32.exe
O4 - HKLM\..\RunOnce: [ieas32.exe] C:\WINDOWS\system32\ieas32.exe
O4 - HKLM\..\RunOnce: [ipaa.exe] C:\WINDOWS\ipaa.exe
O4 - HKLM\..\RunOnce: [atlde.exe] C:\WINDOWS\atlde.exe
O4 - HKLM\..\RunOnce: [ipvz32.exe] C:\WINDOWS\ipvz32.exe
O4 - HKLM\..\RunOnce: [sdktb32.exe] C:\WINDOWS\system32\sdktb32.exe
O4 - HKLM\..\RunOnce: [d3ji32.exe] C:\WINDOWS\system32\d3ji32.exe
O4 - HKLM\..\RunOnce: [javaem.exe] C:\WINDOWS\system32\javaem.exe
O4 - HKLM\..\RunOnce: [sdkga.exe] C:\WINDOWS\system32\sdkga.exe
O4 - HKLM\..\RunOnce: [iezw32.exe] C:\WINDOWS\iezw32.exe
O4 - HKLM\..\RunOnce: [apidc32.exe] C:\WINDOWS\system32\apidc32.exe
O4 - HKLM\..\RunOnce: [iphu32.exe] C:\WINDOWS\system32\iphu32.exe
O4 - HKLM\..\RunOnce: [addmw.exe] C:\WINDOWS\system32\addmw.exe
O4 - HKLM\..\RunOnce: [addbr32.exe] C:\WINDOWS\addbr32.exe
O4 - HKLM\..\RunOnce: [sdkpi32.exe] C:\WINDOWS\sdkpi32.exe
O4 - HKLM\..\RunOnce: [appbz.exe] C:\WINDOWS\appbz.exe
O4 - HKLM\..\RunOnce: [netzw32.exe] C:\WINDOWS\netzw32.exe
O4 - HKLM\..\RunOnce: [addfr32.exe] C:\WINDOWS\addfr32.exe
O4 - HKLM\..\RunOnce: [sdkqe32.exe] C:\WINDOWS\system32\sdkqe32.exe
O4 - HKLM\..\RunOnce: [ipti.exe] C:\WINDOWS\system32\ipti.exe
O4 - HKLM\..\RunOnce: [netse.exe] C:\WINDOWS\system32\netse.exe
O4 - HKLM\..\RunOnce: [winfy32.exe] C:\WINDOWS\system32\winfy32.exe
O4 - HKLM\..\RunOnce: [apica32.exe] C:\WINDOWS\system32\apica32.exe
O4 - HKLM\..\RunOnce: [syspd.exe] C:\WINDOWS\syspd.exe
O4 - HKLM\..\RunOnce: [appsx32.exe] C:\WINDOWS\appsx32.exe
O4 - HKLM\..\RunOnce: [d3ib32.exe] C:\WINDOWS\d3ib32.exe
O4 - HKLM\..\RunOnce: [ntnh32.exe] C:\WINDOWS\ntnh32.exe
O4 - HKLM\..\RunOnce: [d3lo.exe] C:\WINDOWS\d3lo.exe
O4 - HKLM\..\RunOnce: [winhs32.exe] C:\WINDOWS\winhs32.exe
O4 - HKLM\..\RunOnce: [d3he.exe] C:\WINDOWS\system32\d3he.exe
O4 - HKLM\..\RunOnce: [ipug32.exe] C:\WINDOWS\ipug32.exe
O4 - HKLM\..\RunOnce: [ierb.exe] C:\WINDOWS\ierb.exe
O4 - HKLM\..\RunOnce: [netzz.exe] C:\WINDOWS\system32\netzz.exe
O4 - HKLM\..\RunOnce: [addyp32.exe] C:\WINDOWS\system32\addyp32.exe
O4 - HKLM\..\RunOnce: [mspe.exe] C:\WINDOWS\mspe.exe
O4 - HKLM\..\RunOnce: [ipou32.exe] C:\WINDOWS\ipou32.exe
O4 - HKLM\..\RunOnce: [atlmj32.exe] C:\WINDOWS\system32\atlmj32.exe
O4 - HKLM\..\RunOnce: [sdkgx.exe] C:\WINDOWS\sdkgx.exe
O4 - HKLM\..\RunOnce: [mfcmr.exe] C:\WINDOWS\system32\mfcmr.exe
O4 - HKLM\..\RunOnce: [atlur.exe] C:\WINDOWS\system32\atlur.exe
O4 - HKLM\..\RunOnce: [ntkh32.exe] C:\WINDOWS\ntkh32.exe
O4 - HKLM\..\RunOnce: [d3aw32.exe] C:\WINDOWS\system32\d3aw32.exe
O4 - HKLM\..\RunOnce: [javada.exe] C:\WINDOWS\system32\javada.exe
O4 - HKLM\..\RunOnce: [javapn.exe] C:\WINDOWS\system32\javapn.exe
O4 - HKLM\..\RunOnce: [mfccp32.exe] C:\WINDOWS\system32\mfccp32.exe
O4 - HKLM\..\RunOnce: [ntsx.exe] C:\WINDOWS\system32\ntsx.exe
O4 - HKLM\..\RunOnce: [msdt32.exe] C:\WINDOWS\msdt32.exe
O4 - HKLM\..\RunOnce: [netwh32.exe] C:\WINDOWS\netwh32.exe
O4 - HKLM\..\RunOnce: [winbb.exe] C:\WINDOWS\winbb.exe
O4 - HKLM\..\RunOnce: [ierq.exe] C:\WINDOWS\ierq.exe
O4 - HKLM\..\RunOnce: [ntwk32.exe] C:\WINDOWS\system32\ntwk32.exe
O4 - HKLM\..\RunOnce: [winsf32.exe] C:\WINDOWS\winsf32.exe
O4 - HKLM\..\RunOnce: [addan.exe] C:\WINDOWS\addan.exe
O4 - HKLM\..\RunOnce: [winbn.exe] C:\WINDOWS\system32\winbn.exe
O4 - HKLM\..\RunOnce: [apiqc32.exe] C:\WINDOWS\apiqc32.exe
O4 - HKLM\..\RunOnce: [sdkps32.exe] C:\WINDOWS\sdkps32.exe
O4 - HKLM\..\RunOnce: [mfcxz32.exe] C:\WINDOWS\mfcxz32.exe
O4 - HKLM\..\RunOnce: [ipkw.exe] C:\WINDOWS\ipkw.exe
O4 - HKLM\..\RunOnce: [apifx32.exe] C:\WINDOWS\system32\apifx32.exe
O4 - HKLM\..\RunOnce: [atlij.exe] C:\WINDOWS\system32\atlij.exe
O4 - HKLM\..\RunOnce: [mshz32.exe] C:\WINDOWS\system32\mshz32.exe
O4 - HKLM\..\RunOnce: [sdkyo32.exe] C:\WINDOWS\sdkyo32.exe
O4 - HKLM\..\RunOnce: [netao.exe] C:\WINDOWS\system32\netao.exe
O4 - HKLM\..\RunOnce: [apixh32.exe] C:\WINDOWS\apixh32.exe
O4 - HKLM\..\RunOnce: [ipvj32.exe] C:\WINDOWS\ipvj32.exe
O4 - HKLM\..\RunOnce: [javafw.exe] C:\WINDOWS\javafw.exe
O4 - HKLM\..\RunOnce: [sdkgw.exe] C:\WINDOWS\system32\sdkgw.exe
O4 - HKLM\..\RunOnce: [ievl32.exe] C:\WINDOWS\ievl32.exe
O4 - HKLM\..\RunOnce: [apput32.exe] C:\WINDOWS\apput32.exe
O4 - HKLM\..\RunOnce: [winpf.exe] C:\WINDOWS\system32\winpf.exe
O4 - HKLM\..\RunOnce: [javaou32.exe] C:\WINDOWS\javaou32.exe
O4 - HKLM\..\RunOnce: [netec32.exe] C:\WINDOWS\system32\netec32.exe
O4 - HKLM\..\RunOnce: [ipms.exe] C:\WINDOWS\system32\ipms.exe
O4 - HKLM\..\RunOnce: [netns.exe] C:\WINDOWS\netns.exe
O4 - HKLM\..\RunOnce: [crch32.exe] C:\WINDOWS\system32\crch32.exe
O4 - HKLM\..\RunOnce: [sysap32.exe] C:\WINDOWS\system32\sysap32.exe
O4 - HKLM\..\RunOnce: [msva.exe] C:\WINDOWS\msva.exe
O4 - HKLM\..\RunOnce: [ntuq32.exe] C:\WINDOWS\ntuq32.exe
O4 - HKLM\..\RunOnce: [apipu.exe] C:\WINDOWS\apipu.exe
O4 - HKLM\..\RunOnce: [winok32.exe] C:\WINDOWS\winok32.exe
O4 - HKLM\..\RunOnce: [d3nz.exe] C:\WINDOWS\system32\d3nz.exe
O4 - HKLM\..\RunOnce: [addak.exe] C:\WINDOWS\system32\addak.exe
O4 - HKLM\..\RunOnce: [netwj32.exe] C:\WINDOWS\netwj32.exe
O4 - HKLM\..\RunOnce: [ipmp32.exe] C:\WINDOWS\system32\ipmp32.exe
O4 - HKLM\..\RunOnce: [addny.exe] C:\WINDOWS\addny.exe
O4 - HKLM\..\RunOnce: [mfcdf32.exe] C:\WINDOWS\mfcdf32.exe
O4 - HKLM\..\RunOnce: [sysjn.exe] C:\WINDOWS\system32\sysjn.exe
O4 - HKLM\..\RunOnce: [javafn32.exe] C:\WINDOWS\javafn32.exe
O4 - HKLM\..\RunOnce: [winvy.exe] C:\WINDOWS\winvy.exe
O4 - HKLM\..\RunOnce: [d3qz32.exe] C:\WINDOWS\system32\d3qz32.exe
O4 - HKLM\..\RunOnce: [netvv32.exe] C:\WINDOWS\system32\netvv32.exe
O4 - HKLM\..\RunOnce: [ipcx.exe] C:\WINDOWS\system32\ipcx.exe
O4 - HKLM\..\RunOnce: [msyh32.exe] C:\WINDOWS\system32\msyh32.exe
O4 - HKLM\..\RunOnce: [sysdl32.exe] C:\WINDOWS\sysdl32.exe
O4 - HKLM\..\RunOnce: [ntct.exe] C:\WINDOWS\system32\ntct.exe
O4 - HKLM\..\RunOnce: [mfcgf.exe] C:\WINDOWS\mfcgf.exe
O4 - HKLM\..\RunOnce: [sdkcd32.exe] C:\WINDOWS\system32\sdkcd32.exe
O4 - HKLM\..\RunOnce: [javawu32.exe] C:\WINDOWS\system32\javawu32.exe
O4 - HKLM\..\RunOnce: [iemb.exe] C:\WINDOWS\iemb.exe
O4 - HKLM\..\RunOnce: [appqf32.exe] C:\WINDOWS\appqf32.exe
O4 - HKLM\..\RunOnce: [syszg.exe] C:\WINDOWS\syszg.exe
O4 - HKLM\..\RunOnce: [sysuz32.exe] C:\WINDOWS\system32\sysuz32.exe
O4 - HKLM\..\RunOnce: [javayw32.exe] C:\WINDOWS\javayw32.exe
O4 - HKLM\..\RunOnce: [winth32.exe] C:\WINDOWS\system32\winth32.exe
O4 - HKLM\..\RunOnce: [atlym.exe] C:\WINDOWS\atlym.exe
O4 - HKLM\..\RunOnce: [apphm32.exe] C:\WINDOWS\system32\apphm32.exe
O4 - HKLM\..\RunOnce: [d3nu.exe] C:\WINDOWS\d3nu.exe
O4 - HKLM\..\RunOnce: [addvj32.exe] C:\WINDOWS\addvj32.exe
O4 - HKLM\..\RunOnce: [d3af.exe] C:\WINDOWS\system32\d3af.exe
O4 - HKLM\..\RunOnce: [javaqa.exe] C:\WINDOWS\system32\javaqa.exe
O4 - HKLM\..\RunOnce: [atlpi32.exe] C:\WINDOWS\system32\atlpi32.exe
O4 - HKLM\..\RunOnce: [javaex32.exe] C:\WINDOWS\system32\javaex32.exe
O4 - HKLM\..\RunOnce: [atlef32.exe] C:\WINDOWS\atlef32.exe
O4 - HKLM\..\RunOnce: [iepw32.exe] C:\WINDOWS\system32\iepw32.exe
O4 - HKLM\..\RunOnce: [netto32.exe] C:\WINDOWS\netto32.exe
O4 - HKLM\..\RunOnce: [mfcmj.exe] C:\WINDOWS\mfcmj.exe
O4 - HKLM\..\RunOnce: [sdkzr32.exe] C:\WINDOWS\system32\sdkzr32.exe
O4 - HKLM\..\RunOnce: [javawx32.exe] C:\WINDOWS\javawx32.exe
O4 - HKLM\..\RunOnce: [syspl.exe] C:\WINDOWS\system32\syspl.exe
O4 - HKLM\..\RunOnce: [d3cz32.exe] C:\WINDOWS\d3cz32.exe
O4 - HKLM\..\RunOnce: [netit32.exe] C:\WINDOWS\system32\netit32.exe
O4 - HKLM\..\RunOnce: [javawr.exe] C:\WINDOWS\javawr.exe
O4 - HKLM\..\RunOnce: [syspo.exe] C:\WINDOWS\system32\syspo.exe
O4 - HKLM\..\RunOnce: [javavt32.exe] C:\WINDOWS\javavt32.exe
O4 - HKLM\..\RunOnce: [mfcbv.exe] C:\WINDOWS\system32\mfcbv.exe
O4 - HKLM\..\RunOnce: [addob.exe] C:\WINDOWS\addob.exe
O4 - HKLM\..\RunOnce: [crxl32.exe] C:\WINDOWS\system32\crxl32.exe
O4 - HKLM\..\RunOnce: [winuu32.exe] C:\WINDOWS\system32\winuu32.exe
O4 - HKLM\..\RunOnce: [crac.exe] C:\WINDOWS\crac.exe
O4 - HKLM\..\RunOnce: [apifw32.exe] C:\WINDOWS\system32\apifw32.exe
O4 - HKLM\..\RunOnce: [javapv.exe] C:\WINDOWS\system32\javapv.exe
O4 - HKLM\..\RunOnce: [ierp.exe] C:\WINDOWS\system32\ierp.exe
O4 - HKLM\..\RunOnce: [d3iq32.exe] C:\WINDOWS\d3iq32.exe
O4 - HKLM\..\RunOnce: [netok.exe] C:\WINDOWS\netok.exe
O4 - HKLM\..\RunOnce: [sdkqx32.exe] C:\WINDOWS\sdkqx32.exe
O4 - HKLM\..\RunOnce: [ieiw.exe] C:\WINDOWS\system32\ieiw.exe
O4 - HKLM\..\RunOnce: [sdknq.exe] C:\WINDOWS\system32\sdknq.exe
O4 - HKLM\..\RunOnce: [sdktm32.exe] C:\WINDOWS\sdktm32.exe
O4 - HKLM\..\RunOnce: [mfcyp.exe] C:\WINDOWS\mfcyp.exe
O4 - HKLM\..\RunOnce: [sdkhj32.exe] C:\WINDOWS\system32\sdkhj32.exe
O4 - HKLM\..\RunOnce: [atlnd.exe] C:\WINDOWS\system32\atlnd.exe
O4 - HKLM\..\RunOnce: [crhp.exe] C:\WINDOWS\crhp.exe
O4 - HKLM\..\RunOnce: [netmr32.exe] C:\WINDOWS\netmr32.exe
O4 - HKLM\..\RunOnce: [ntwe.exe] C:\WINDOWS\ntwe.exe
O4 - HKLM\..\RunOnce: [atlcy32.exe] C:\WINDOWS\system32\atlcy32.exe
O4 - HKLM\..\RunOnce: [crkg.exe] C:\WINDOWS\system32\crkg.exe
O4 - HKLM\..\RunOnce: [netpi.exe] C:\WINDOWS\netpi.exe
O4 - HKLM\..\RunOnce: [ntfs.exe] C:\WINDOWS\system32\ntfs.exe
O4 - HKLM\..\RunOnce: [apptm32.exe] C:\WINDOWS\system32\apptm32.exe
O4 - HKLM\..\RunOnce: [apiyr.exe] C:\WINDOWS\apiyr.exe
O4 - HKLM\..\RunOnce: [windt.exe] C:\WINDOWS\system32\windt.exe
O4 - HKLM\..\RunOnce: [msnr.exe] C:\WINDOWS\system32\msnr.exe
O4 - HKLM\..\RunOnce: [ntal32.exe] C:\WINDOWS\system32\ntal32.exe
O4 - HKLM\..\RunOnce: [d3ws32.exe] C:\WINDOWS\system32\d3ws32.exe
O4 - HKLM\..\RunOnce: [ipbu.exe] C:\WINDOWS\ipbu.exe
O4 - HKLM\..\RunOnce: [atlfy.exe] C:\WINDOWS\system32\atlfy.exe
O4 - HKLM\..\RunOnce: [ieka32.exe] C:\WINDOWS\ieka32.exe
O4 - HKLM\..\RunOnce: [addpw.exe] C:\WINDOWS\system32\addpw.exe
O4 - HKLM\..\RunOnce: [crcy32.exe] C:\WINDOWS\system32\crcy32.exe
O4 - HKLM\..\RunOnce: [sysye32.exe] C:\WINDOWS\sysye32.exe
O4 - HKLM\..\RunOnce: [javadz.exe] C:\WINDOWS\javadz.exe
O4 - HKLM\..\RunOnce: [iphl.exe] C:\WINDOWS\system32\iphl.exe
O4 - HKLM\..\RunOnce: [addmf32.exe] C:\WINDOWS\addmf32.exe
O4 - HKLM\..\RunOnce: [ieva.exe] C:\WINDOWS\ieva.exe
O4 - HKLM\..\RunOnce: [ipcu.exe] C:\WINDOWS\system32\ipcu.exe
O4 - HKLM\..\RunOnce: [addpw32.exe] C:\WINDOWS\system32\addpw32.exe
O4 - HKLM\..\RunOnce: [netva32.exe] C:\WINDOWS\system32\netva32.exe
O4 - HKLM\..\RunOnce: [ntpr32.exe] C:\WINDOWS\system32\ntpr32.exe
O4 - HKLM\..\RunOnce: [appvt32.exe] C:\WINDOWS\system32\appvt32.exe
O4 - HKLM\..\RunOnce: [atldz.exe] C:\WINDOWS\system32\atldz.exe
O4 - HKLM\..\RunOnce: [atlxs32.exe] C:\WINDOWS\system32\atlxs32.exe
O4 - HKLM\..\RunOnce: [msql32.exe] C:\WINDOWS\msql32.exe
O4 - HKLM\..\RunOnce: [ntwf.exe] C:\WINDOWS\system32\ntwf.exe
O4 - HKLM\..\RunOnce: [addvn32.exe] C:\WINDOWS\system32\addvn32.exe
O4 - HKLM\..\RunOnce: [d3ah.exe] C:\WINDOWS\system32\d3ah.exe
O4 - HKLM\..\RunOnce: [ntbc.exe] C:\WINDOWS\system32\ntbc.exe
O4 - HKLM\..\RunOnce: [atlhw32.exe] C:\WINDOWS\atlhw32.exe
O4 - HKLM\..\RunOnce: [msav.exe] C:\WINDOWS\system32\msav.exe
O4 - HKLM\..\RunOnce: [apivh.exe] C:\WINDOWS\apivh.exe
O4 - HKLM\..\RunOnce: [sysib32.exe] C:\WINDOWS\sysib32.exe
O4 - HKLM\..\RunOnce: [appko.exe] C:\WINDOWS\appko.exe
O4 - HKLM\..\RunOnce: [d3xq32.exe] C:\WINDOWS\d3xq32.exe
O4 - HKLM\..\RunOnce: [apixy.exe] C:\WINDOWS\system32\apixy.exe
O4 - HKLM\..\RunOnce: [sysds.exe] C:\WINDOWS\sysds.exe
O4 - HKLM\..\RunOnce: [ntir32.exe] C:\WINDOWS\system32\ntir32.exe
O4 - HKLM\..\RunOnce: [atlnt.exe] C:\WINDOWS\system32\atlnt.exe
O4 - HKLM\..\RunOnce: [msmt32.exe] C:\WINDOWS\system32\msmt32.exe
O4 - HKLM\..\RunOnce: [ipsv.exe] C:\WINDOWS\ipsv.exe
O4 - HKLM\..\RunOnce: [d3wz.exe] C:\WINDOWS\d3wz.exe
O4 - HKLM\..\RunOnce: [netbt.exe] C:\WINDOWS\netbt.exe
O4 - HKLM\..\RunOnce: [sysgs32.exe] C:\WINDOWS\sysgs32.exe
O4 - HKLM\..\RunOnce: [javatu.exe] C:\WINDOWS\javatu.exe
O4 - HKLM\..\RunOnce: [javazi32.exe] C:\WINDOWS\javazi32.exe
O4 - HKLM\..\RunOnce: [apiel32.exe] C:\WINDOWS\system32\apiel32.exe
O4 - HKLM\..\RunOnce: [javanf32.exe] C:\WINDOWS\javanf32.exe
O4 - HKLM\..\RunOnce: [msvz.exe] C:\WINDOWS\msvz.exe
O4 - HKLM\..\RunOnce: [atlwt.exe] C:\WINDOWS\atlwt.exe
O4 - HKLM\..\RunOnce: [iebv32.exe] C:\WINDOWS\system32\iebv32.exe
O4 - HKLM\..\RunOnce: [mfcwh.exe] C:\WINDOWS\mfcwh.exe
O4 - HKLM\..\RunOnce: [sysjb32.exe] C:\WINDOWS\sysjb32.exe
O4 - HKLM\..\RunOnce: [d3qt.exe] C:\WINDOWS\system32\d3qt.exe
O4 - HKLM\..\RunOnce: [neten32.exe] C:\WINDOWS\system32\neten32.exe
O4 - HKLM\..\RunOnce: [addar32.exe] C:\WINDOWS\system32\addar32.exe
O4 - HKLM\..\RunOnce: [ipdd32.exe] C:\WINDOWS\system32\ipdd32.exe
O4 - HKLM\..\RunOnce: [javaih.exe] C:\WINDOWS\javaih.exe
O4 - HKLM\..\RunOnce: [sdkrh32.exe] C:\WINDOWS\system32\sdkrh32.exe
O4 - HKLM\..\RunOnce: [ntxe32.exe] C:\WINDOWS\ntxe32.exe
O4 - HKLM\..\RunOnce: [atlca32.exe] C:\WINDOWS\atlca32.exe
O4 - HKLM\..\RunOnce: [sdkfm32.exe] C:\WINDOWS\sdkfm32.exe
O4 - HKLM\..\RunOnce: [d3kq.exe] C:\WINDOWS\system32\d3kq.exe
O4 - HKLM\..\RunOnce: [crlr32.exe] C:\WINDOWS\crlr32.exe
O4 - HKLM\..\RunOnce: [javazo32.exe] C:\WINDOWS\system32\javazo32.exe
O4 - HKLM\..\RunOnce: [mfcek.exe] C:\WINDOWS\mfcek.exe
O4 - HKLM\..\RunOnce: [ipxl32.exe] C:\WINDOWS\ipxl32.exe
O4 - HKLM\..\RunOnce: [javaos32.exe] C:\WINDOWS\javaos32.exe
O4 - HKLM\..\RunOnce: [ntre.exe] C:\WINDOWS\system32\ntre.exe
O4 - HKLM\..\RunOnce: [msvo.exe] C:\WINDOWS\system32\msvo.exe
O4 - HKLM\..\RunOnce: [netjl32.exe] C:\WINDOWS\netjl32.exe
O4 - HKLM\..\RunOnce: [ntue32.exe] C:\WINDOWS\system32\ntue32.exe
O4 - HKLM\..\RunOnce: [appza32.exe] C:\WINDOWS\system32\appza32.exe
O4 - HKLM\..\RunOnce: [sdkum.exe] C:\WINDOWS\sdkum.exe
O4 - HKLM\..\RunOnce: [apiyy32.exe] C:\WINDOWS\apiyy32.exe
O4 - HKLM\..\RunOnce: [addwn.exe] C:\WINDOWS\system32\addwn.exe
O4 - HKLM\..\RunOnce: [d3vv32.exe] C:\WINDOWS\system32\d3vv32.exe
O4 - HKLM\..\RunOnce: [ntlk32.exe] C:\WINDOWS\ntlk32.exe
O4 - HKLM\..\RunOnce: [sdkta.exe] C:\WINDOWS\sdkta.exe
O4 - HKLM\..\RunOnce: [ipub.exe] C:\WINDOWS\ipub.exe
O4 - HKLM\..\RunOnce: [msjq32.exe] C:\WINDOWS\system32\msjq32.exe
O4 - HKLM\..\RunOnce: [winhx32.exe] C:\WINDOWS\winhx32.exe
O4 - HKLM\..\RunOnce: [iecb.exe] C:\WINDOWS\iecb.exe
O4 - HKLM\..\RunOnce: [sdkbr32.exe] C:\WINDOWS\sdkbr32.exe
O4 - HKLM\..\RunOnce: [apisg32.exe] C:\WINDOWS\system32\apisg32.exe
O4 - HKLM\..\RunOnce: [netzw.exe] C:\WINDOWS\system32\netzw.exe
O4 - HKLM\..\RunOnce: [mfcaw.exe] C:\WINDOWS\mfcaw.exe
O4 - HKLM\..\RunOnce: [javaym.exe] C:\WINDOWS\system32\javaym.exe
O4 - HKLM\..\RunOnce: [ipnb32.exe] C:\WINDOWS\system32\ipnb32.exe
O4 - HKLM\..\RunOnce: [sdkym.exe] C:\WINDOWS\system32\sdkym.exe
O4 - HKLM\..\RunOnce: [mscq32.exe] C:\WINDOWS\mscq32.exe
O4 - HKLM\..\RunOnce: [apirt32.exe] C:\WINDOWS\apirt32.exe
O4 - HKLM\..\RunOnce: [atlmw.exe] C:\WINDOWS\system32\atlmw.exe
O4 - HKLM\..\RunOnce: [mslm32.exe] C:\WINDOWS\mslm32.exe
O4 - HKLM\..\RunOnce: [sdkjc.exe] C:\WINDOWS\system32\sdkjc.exe
O4 - HKLM\..\RunOnce: [mfcir32.exe] C:\WINDOWS\system32\mfcir32.exe
O4 - HKLM\..\RunOnce: [winzz32.exe] C:\WINDOWS\winzz32.exe
O4 - HKLM\..\RunOnce: [addhp.exe] C:\WINDOWS\addhp.exe
O4 - HKLM\..\RunOnce: [syshp.exe] C:\WINDOWS\system32\syshp.exe
O4 - HKLM\..\RunOnce: [apixe32.exe] C:\WINDOWS\apixe32.exe
O4 - HKLM\..\RunOnce: [ntvm32.exe] C:\WINDOWS\ntvm32.exe
O4 - HKLM\..\RunOnce: [netqx.exe] C:\WINDOWS\system32\netqx.exe
O4 - HKLM\..\RunOnce: [addpn32.exe] C:\WINDOWS\addpn32.exe
O4 - HKLM\..\RunOnce: [msnu32.exe] C:\WINDOWS\system32\msnu32.exe
O4 - HKLM\..\RunOnce: [ienk.exe] C:\WINDOWS\system32\ienk.exe
O4 - HKLM\..\RunOnce: [d3ol.exe] C:\WINDOWS\d3ol.exe
O4 - HKLM\..\RunOnce: [appla32.exe] C:\WINDOWS\system32\appla32.exe
O4 - HKLM\..\RunOnce: [apibh32.exe] C:\WINDOWS\system32\apibh32.exe
O4 - HKLM\..\RunOnce: [atlxt.exe] C:\WINDOWS\atlxt.exe
O4 - HKLM\..\RunOnce: [iewj32.exe] C:\WINDOWS\iewj32.exe
O4 - HKLM\..\RunOnce: [javauq32.exe] C:\WINDOWS\system32\javauq32.exe
O4 - HKLM\..\RunOnce: [crug.exe] C:\WINDOWS\crug.exe
O4 - HKLM\..\RunOnce: [sdkch.exe] C:\WINDOWS\system32\sdkch.exe
O4 - HKLM\..\RunOnce: [addmn32.exe] C:\WINDOWS\system32\addmn32.exe
O4 - HKLM\..\RunOnce: [syshq32.exe] C:\WINDOWS\syshq32.exe
O4 - HKLM\..\RunOnce: [atlfo.exe] C:\WINDOWS\system32\atlfo.exe
O4 - HKLM\..\RunOnce: [d3kk32.exe] C:\WINDOWS\system32\d3kk32.exe
O4 - HKLM\..\RunOnce: [ieew32.exe] C:\WINDOWS\system32\ieew32.exe
O4 - HKLM\..\RunOnce: [ntja32.exe] C:\WINDOWS\ntja32.exe
O4 - HKLM\..\RunOnce: [ieem.exe] C:\WINDOWS\system32\ieem.exe
O4 - HKLM\..\RunOnce: [crhq32.exe] C:\WINDOWS\crhq32.exe
O4 - HKLM\..\RunOnce: [ipyf.exe] C:\WINDOWS\system32\ipyf.exe
O4 - HKLM\..\RunOnce: [addxv32.exe] C:\WINDOWS\system32\addxv32.exe
O4 - HKLM\..\RunOnce: [msvk32.exe] C:\WINDOWS\msvk32.exe
O4 - HKLM\..\RunOnce: [ievs.exe] C:\WINDOWS\ievs.exe
O4 - HKLM\..\RunOnce: [msds.exe] C:\WINDOWS\system32\msds.exe
O4 - HKLM\..\RunOnce: [atltq32.exe] C:\WINDOWS\atltq32.exe
O4 - HKLM\..\RunOnce: [netjx32.exe] C:\WINDOWS\netjx32.exe
O4 - HKLM\..\RunOnce: [mfceb.exe] C:\WINDOWS\system32\mfceb.exe
O4 - HKLM\..\RunOnce: [syslr32.exe] C:\WINDOWS\system32\syslr32.exe
O4 - HKLM\..\RunOnce: [javabg.exe] C:\WINDOWS\javabg.exe
O4 - HKLM\..\RunOnce: [apiaw32.exe] C:\WINDOWS\system32\apiaw32.exe
O4 - HKLM\..\RunOnce: [addzd32.exe] C:\WINDOWS\addzd32.exe
O4 - HKLM\..\RunOnce: [appyt32.exe] C:\WINDOWS\appyt32.exe
O4 - HKLM\..\RunOnce: [ipim32.exe] C:\WINDOWS\system32\ipim32.exe
O4 - HKLM\..\RunOnce: [addcl.exe] C:\WINDOWS\system32\addcl.exe
O4 - HKLM\..\RunOnce: [addiz.exe] C:\WINDOWS\system32\addiz.exe
O4 - HKLM\..\RunOnce: [crve.exe] C:\WINDOWS\crve.exe
O4 - HKLM\..\RunOnce: [apppp.exe] C:\WINDOWS\system32\apppp.exe
O4 - HKLM\..\RunOnce: [sysfw.exe] C:\WINDOWS\system32\sysfw.exe
O4 - HKLM\..\RunOnce: [crpp32.exe] C:\WINDOWS\crpp32.exe
O4 - HKLM\..\RunOnce: [d3bi.exe] C:\WINDOWS\d3bi.exe
O4 - HKLM\..\RunOnce: [winfm.exe] C:\WINDOWS\system32\winfm.exe
O4 - HKLM\..\RunOnce: [mfcpf32.exe] C:\WINDOWS\mfcpf32.exe
O4 - HKLM\..\RunOnce: [ipnv.exe] C:\WINDOWS\ipnv.exe
O4 - HKLM\..\RunOnce: [d3jr32.exe] C:\WINDOWS\system32\d3jr32.exe
O4 - HKLM\..\RunOnce: [sdktz.exe] C:\WINDOWS\sdktz.exe
O4 - HKLM\..\RunOnce: [javaho32.exe] C:\WINDOWS\system32\javaho32.exe
O4 - HKLM\..\RunOnce: [sdknl32.exe] C:\WINDOWS\sdknl32.exe
O4 - HKLM\..\RunOnce: [mfcsp32.exe] C:\WINDOWS\mfcsp32.exe
O4 - HKLM\..\RunOnce: [javavb32.exe] C:\WINDOWS\javavb32.exe
O4 - HKLM\..\RunOnce: [msaf.exe] C:\WINDOWS\system32\msaf.exe
O4 - HKLM\..\RunOnce: [craf32.exe] C:\WINDOWS\craf32.exe
O4 - HKLM\..\RunOnce: [crpc32.exe] C:\WINDOWS\system32\crpc32.exe
O4 - HKLM\..\RunOnce: [apiuz.exe] C:\WINDOWS\system32\apiuz.exe
O4 - HKLM\..\RunOnce: [appyd.exe] C:\WINDOWS\system32\appyd.exe
O4 - HKLM\..\RunOnce: [ntna32.exe] C:\WINDOWS\ntna32.exe
O4 - HKLM\..\RunOnce: [msxq32.exe] C:\WINDOWS\system32\msxq32.exe
O4 - HKLM\..\RunOnce: [atlak32.exe] C:\WINDOWS\atlak32.exe
O4 - HKLM\..\RunOnce: [netfg.exe] C:\WINDOWS\system32\netfg.exe
O4 - HKLM\..\RunOnce: [apigo32.exe] C:\WINDOWS\apigo32.exe
O4 - HKLM\..\RunOnce: [mfcud.exe] C:\WINDOWS\system32\mfcud.exe
O4 - HKLM\..\RunOnce: [apiia.exe] C:\WINDOWS\apiia.exe
O4 - HKLM\..\RunOnce: [iene.exe] C:\WINDOWS\system32\iene.exe
O4 - HKLM\..\RunOnce: [netiq.exe] C:\WINDOWS\system32\netiq.exe
O4 - HKLM\..\RunOnce: [atlxx.exe] C:\WINDOWS\atlxx.exe
O4 - HKLM\..\RunOnce: [ieiq32.exe] C:\WINDOWS\ieiq32.exe
O4 - HKLM\..\RunOnce: [sysbj.exe] C:\WINDOWS\sysbj.exe
O4 - HKLM\..\RunOnce: [mfcxn.exe] C:\WINDOWS\system32\mfcxn.exe
O4 - HKLM\..\RunOnce: [ippg32.exe] C:\WINDOWS\system32\ippg32.exe
O4 - HKLM\..\RunOnce: [crgn.exe] C:\WINDOWS\system32\crgn.exe
O4 - HKLM\..\RunOnce: [syskr32.exe] C:\WINDOWS\syskr32.exe
O4 - HKLM\..\RunOnce: [d3ts.exe] C:\WINDOWS\system32\d3ts.exe
O4 - HKLM\..\RunOnce: [mszo32.exe] C:\WINDOWS\mszo32.exe
O4 - HKLM\..\RunOnce: [d3nl32.exe] C:\WINDOWS\system32\d3nl32.exe
O4 - HKLM\..\RunOnce: [ipsi32.exe] C:\WINDOWS\system32\ipsi32.exe
O4 - HKLM\..\RunOnce: [msnt32.exe] C:\WINDOWS\msnt32.exe
O4 - HKLM\..\RunOnce: [winsy.exe] C:\WINDOWS\winsy.exe
O4 - HKLM\..\RunOnce: [sysbg32.exe] C:\WINDOWS\system32\sysbg32.exe
O4 - HKLM\..\RunOnce: [sdkux.exe] C:\WINDOWS\sdkux.exe
O4 - HKLM\..\RunOnce: [winpi.exe] C:\WINDOWS\system32\winpi.exe
O4 - HKLM\..\RunOnce: [ieeq.exe] C:\WINDOWS\system32\ieeq.exe
O4 - HKLM\..\RunOnce: [javaic.exe] C:\WINDOWS\javaic.exe
O4 - HKLM\..\RunOnce: [apihr32.exe] C:\WINDOWS\apihr32.exe
O4 - HKLM\..\RunOnce: [addxh32.exe] C:\WINDOWS\system32\addxh32.exe
O4 - HKLM\..\RunOnce: [appxp32.exe] C:\WINDOWS\system32\appxp32.exe
O4 - HKLM\..\RunOnce: [iphp32.exe] C:\WINDOWS\iphp32.exe
O4 - HKLM\..\RunOnce: [syspp32.exe] C:\WINDOWS\system32\syspp32.exe
O4 - HKLM\..\RunOnce: [apikb32.exe] C:\WINDOWS\apikb32.exe
O4 - HKLM\..\RunOnce: [ntof.exe] C:\WINDOWS\system32\ntof.exe
O4 - HKLM\..\RunOnce: [ipxg32.exe] C:\WINDOWS\ipxg32.exe
O4 - HKLM\..\RunOnce: [netec.exe] C:\WINDOWS\system32\netec.exe
O4 - HKLM\..\RunOnce: [iprz.exe] C:\WINDOWS\iprz.exe
O4 - HKLM\..\RunOnce: [winxw.exe] C:\WINDOWS\system32\winxw.exe
O4 - HKLM\..\RunOnce: [ntrh.exe] C:\WINDOWS\system32\ntrh.exe
O4 - HKLM\..\RunOnce: [apihw.exe] C:\WINDOWS\system32\apihw.exe
O4 - HKLM\..\RunOnce: [winrp32.exe] C:\WINDOWS\winrp32.exe
O4 - HKLM\..\RunOnce: [d3qc32.exe] C:\WINDOWS\system32\d3qc32.exe
O4 - HKLM\..\RunOnce: [iejo.exe] C:\WINDOWS\iejo.exe
O4 - HKLM\..\RunOnce: [appfs.exe] C:\WINDOWS\appfs.exe
O4 - HKLM\..\RunOnce: [netys32.exe] C:\WINDOWS\netys32.exe
O4 - HKLM\..\RunOnce: [sdkoa.exe] C:\WINDOWS\sdkoa.exe
O4 - HKLM\..\RunOnce: [msse.exe] C:\WINDOWS\system32\msse.exe
O4 - HKLM\..\RunOnce: [addcf32.exe] C:\WINDOWS\addcf32.exe
O4 - HKLM\..\RunOnce: [mfcsm.exe] C:\WINDOWS\mfcsm.exe
O4 - HKLM\..\RunOnce: [sdkwq32.exe] C:\WINDOWS\system32\sdkwq32.exe
O4 - HKLM\..\RunOnce: [netgr.exe] C:\WINDOWS\netgr.exe
O4 - HKLM\..\RunOnce: [ipmn32.exe] C:\WINDOWS\system32\ipmn32.exe
O4 - HKLM\..\RunOnce: [netac32.exe] C:\WINDOWS\netac32.exe
O4 - HKLM\..\RunOnce: [winfg32.exe] C:\WINDOWS\winfg32.exe
O4 - HKLM\..\RunOnce: [ipis32.exe] C:\WINDOWS\ipis32.exe
O4 - HKLM\..\RunOnce: [javanw.exe] C:\WINDOWS\system32\javanw.exe
O4 - HKLM\..\RunOnce: [ntox32.exe] C:\WINDOWS\ntox32.exe
O4 - HKLM\..\RunOnce: [appho.exe] C:\WINDOWS\system32\appho.exe
O4 - HKLM\..\RunOnce: [javacz.exe] C:\WINDOWS\javacz.exe
O4 - HKLM\..\RunOnce: [ipro.exe] C:\WINDOWS\ipro.exe
O4 - HKLM\..\RunOnce: [appbh32.exe] C:\WINDOWS\system32\appbh32.exe
O4 - HKLM\..\RunOnce: [mfcvs.exe] C:\WINDOWS\system32\mfcvs.exe
O4 - HKLM\..\RunOnce: [ntzw.exe] C:\WINDOWS\ntzw.exe
O4 - HKLM\..\RunOnce: [d3jx32.exe] C:\WINDOWS\system32\d3jx32.exe
O4 - HKLM\..\RunOnce: [sysaf.exe] C:\WINDOWS\sysaf.exe
O4 - HKLM\..\RunOnce: [atldj32.exe] C:\WINDOWS\atldj32.exe
O4 - HKLM\..\RunOnce: [addnj.exe] C:\WINDOWS\addnj.exe
O4 - HKLM\..\RunOnce: [addtg32.exe] C:\WINDOWS\addtg32.exe
O4 - HKLM\..\RunOnce: [addhd32.exe] C:\WINDOWS\system32\addhd32.exe
O4 - HKLM\..\RunOnce: [crmz32.exe] C:\WINDOWS\system32\crmz32.exe
O4 - HKLM\..\RunOnce: [apphl32.exe] C:\WINDOWS\system32\apphl32.exe
O4 - HKLM\..\RunOnce: [apiup.exe] C:\WINDOWS\apiup.exe
O4 - HKLM\..\RunOnce: [atlvp32.exe] C:\WINDOWS\system32\atlvp32.exe
O4 - HKLM\..\RunOnce: [msog.exe] C:\WINDOWS\system32\msog.exe
O4 - HKLM\..\RunOnce: [apijs.exe] C:\WINDOWS\system32\apijs.exe
O4 - HKLM\..\RunOnce: [appyh.exe] C:\WINDOWS\system32\appyh.exe
O4 - HKLM\..\RunOnce: [msja32.exe] C:\WINDOWS\msja32.exe
O4 - HKLM\..\RunOnce: [syscl32.exe] C:\WINDOWS\system32\syscl32.exe
O4 - HKLM\..\RunOnce: [sdkhp32.exe] C:\WINDOWS\system32\sdkhp32.exe
O4 - HKLM\..\RunOnce: [wincb.exe] C:\WINDOWS\wincb.exe
O4 - HKLM\..\RunOnce: [d3gf.exe] C:\WINDOWS\d3gf.exe
O4 - HKLM\..\RunOnce: [appvc32.exe] C:\WINDOWS\system32\appvc32.exe
O4 - HKLM\..\RunOnce: [apilj.exe] C:\WINDOWS\system32\apilj.exe
O4 - HKLM\..\RunOnce: [javapn32.exe] C:\WINDOWS\system32\javapn32.exe
O4 - HKLM\..\RunOnce: [ipzo.exe] C:\WINDOWS\system32\ipzo.exe
O4 - HKLM\..\RunOnce: [ntel32.exe] C:\WINDOWS\system32\ntel32.exe
O4 - HKLM\..\RunOnce: [ipta32.exe] C:\WINDOWS\system32\ipta32.exe
O4 - HKLM\..\RunOnce: [appye32.exe] C:\WINDOWS\system32\appye32.exe
O4 - HKLM\..\RunOnce: [ntbq32.exe] C:\WINDOWS\ntbq32.exe
O4 - HKLM\..\RunOnce: [apilo32.exe] C:\WINDOWS\apilo32.exe
O4 - HKLM\..\RunOnce: [addbd.exe] C:\WINDOWS\system32\addbd.exe
O4 - HKLM\..\RunOnce: [d3it32.exe] C:\WINDOWS\d3it32.exe
O4 - HKLM\..\RunOnce: [ntyj32.exe] C:\WINDOWS\ntyj32.exe
O4 - HKLM\..\RunOnce: [sdkyr.exe] C:\WINDOWS\sdkyr.exe
O4 - HKLM\..\RunOnce: [iphr.exe] C:\WINDOWS\system32\iphr.exe
O4 - HKLM\..\RunOnce: [mswg32.exe] C:\WINDOWS\mswg32.exe
O4 - HKLM\..\RunOnce: [winmv32.exe] C:\WINDOWS\winmv32.exe
O4 - HKLM\..\RunOnce: [ieqz.exe] C:\WINDOWS\ieqz.exe
O4 - HKLM\..\RunOnce: [sdkpp32.exe] C:\WINDOWS\sdkpp32.exe
O4 - HKLM\..\RunOnce: [ipkt.exe] C:\WINDOWS\system32\ipkt.exe
O4 - HKLM\..\RunOnce: [appji32.exe] C:\WINDOWS\system32\appji32.exe
O4 - HKLM\..\RunOnce: [mszy.exe] C:\WINDOWS\mszy.exe
O4 - HKLM\..\RunOnce: [ntgn32.exe] C:\WINDOWS\system32\ntgn32.exe
O4 - HKLM\..\RunOnce: [mfcwd32.exe] C:\WINDOWS\mfcwd32.exe
O4 - HKLM\..\RunOnce: [apiwl.exe] C:\WINDOWS\apiwl.exe
O4 - HKLM\..\RunOnce: [iekn32.exe] C:\WINDOWS\system32\iekn32.exe
O4 - HKLM\..\RunOnce: [addps32.exe] C:\WINDOWS\system32\addps32.exe
O4 - HKLM\..\RunOnce: [sdkxs.exe] C:\WINDOWS\sdkxs.exe
O4 - HKLM\..\RunOnce: [nette.exe] C:\WINDOWS\system32\nette.exe
O4 - HKLM\..\RunOnce: [sysga.exe] C:\WINDOWS\sysga.exe
O4 - HKLM\..\RunOnce: [atlce32.exe] C:\WINDOWS\system32\atlce32.exe
O4 - HKLM\..\RunOnce: [addmf.exe] C:\WINDOWS\addmf.exe
O4 - HKLM\..\RunOnce: [addzb32.exe] C:\WINDOWS\system32\addzb32.exe
O4 - HKLM\..\RunOnce: [addoy32.exe] C:\WINDOWS\addoy32.exe
O4 - HKLM\..\RunOnce: [crlv32.exe] C:\WINDOWS\crlv32.exe
O4 - HKLM\..\RunOnce: [appog32.exe] C:\WINDOWS\appog32.exe
O4 - HKLM\..\RunOnce: [mfcsl.exe] C:\WINDOWS\system32\mfcsl.exe
O4 - HKLM\..\RunOnce: [atlbl32.exe] C:\WINDOWS\atlbl32.exe
O4 - HKLM\..\RunOnce: [atlii32.exe] C:\WINDOWS\system32\atlii32.exe
O4 - HKLM\..\RunOnce: [msme.exe] C:\WINDOWS\system32\msme.exe
O4 - HKLM\..\RunOnce: [javaqq.exe] C:\WINDOWS\system32\javaqq.exe
O4 - HKLM\..\RunOnce: [addaw32.exe] C:\WINDOWS\addaw32.exe
O4 - HKLM\..\RunOnce: [msym.exe] C:\WINDOWS\system32\msym.exe
O4 - HKLM\..\RunOnce: [ipxb32.exe] C:\WINDOWS\system32\ipxb32.exe
O4 - HKLM\..\RunOnce: [atlnj32.exe] C:\WINDOWS\atlnj32.exe
O4 - HKLM\..\RunOnce: [mfcvz.exe] C:\WINDOWS\mfcvz.exe
O4 - HKLM\..\RunOnce: [atlwz.exe] C:\WINDOWS\system32\atlwz.exe
O4 - HKLM\..\RunOnce: [ntlo32.exe] C:\WINDOWS\ntlo32.exe
O4 - HKLM\..\RunOnce: [d3jw32.exe] C:\WINDOWS\d3jw32.exe
O4 - HKLM\..\RunOnce: [javaeh.exe] C:\WINDOWS\system32\javaeh.exe
O4 - HKLM\..\RunOnce: [mfcdx32.exe] C:\WINDOWS\mfcdx32.exe
O4 - HKLM\..\RunOnce: [wintf32.exe] C:\WINDOWS\system32\wintf32.exe
O4 - HKLM\..\RunOnce: [addbv.exe] C:\WINDOWS\system32\addbv.exe
O4 - HKLM\..\RunOnce: [wincv.exe] C:\WINDOWS\wincv.exe
O4 - HKLM\..\RunOnce: [sdkqr32.exe] C:\WINDOWS\system32\sdkqr32.exe
O4 - HKLM\..\RunOnce: [ipld.exe] C:\WINDOWS\ipld.exe
O4 - HKLM\..\RunOnce: [apiof32.exe] C:\WINDOWS\apiof32.exe
O4 - HKLM\..\RunOnce: [atlkq.exe] C:\WINDOWS\system32\atlkq.exe
O4 - HKLM\..\RunOnce: [msiy32.exe] C:\WINDOWS\system32\msiy32.exe
O4 - HKLM\..\RunOnce: [sdkzo32.exe] C:\WINDOWS\sdkzo32.exe
O4 - HKLM\..\RunOnce: [javahe.exe] C:\WINDOWS\system32\javahe.exe
O4 - HKLM\..\RunOnce: [sdkhe.exe] C:\WINDOWS\sdkhe.exe
O4 - HKLM\..\RunOnce: [sysxt32.exe] C:\WINDOWS\system32\sysxt32.exe
O4 - HKLM\..\RunOnce: [appvb32.exe] C:\WINDOWS\system32\appvb32.exe
O4 - HKLM\..\RunOnce: [winqe.exe] C:\WINDOWS\winqe.exe
O4 - HKLM\..\RunOnce: [crpu32.exe] C:\WINDOWS\crpu32.exe
O4 - HKLM\..\RunOnce: [netnj32.exe] C:\WINDOWS\system32\netnj32.exe
O4 - HKLM\..\RunOnce: [ipnz.exe] C:\WINDOWS\system32\ipnz.exe
O4 - HKLM\..\RunOnce: [netwa.exe] C:\WINDOWS\system32\netwa.exe
O4 - HKLM\..\RunOnce: [d3lp32.exe] C:\WINDOWS\system32\d3lp32.exe
O4 - HKLM\..\RunOnce: [sysbw32.exe] C:\WINDOWS\system32\sysbw32.exe
O4 - HKLM\..\RunOnce: [msxa.exe] C:\WINDOWS\system32\msxa.exe
O4 - HKLM\..\RunOnce: [crak32.exe] C:\WINDOWS\crak32.exe
O4 - HKLM\..\RunOnce: [sdkvn.exe] C:\WINDOWS\sdkvn.exe
O4 - HKLM\..\RunOnce: [mfcud32.exe] C:\WINDOWS\mfcud32.exe
O4 - HKLM\..\RunOnce: [winss32.exe] C:\WINDOWS\system32\winss32.exe
O4 - HKLM\..\RunOnce: [winsa.exe] C:\WINDOWS\system32\winsa.exe
O4 - HKLM\..\RunOnce: [apiqy32.exe] C:\WINDOWS\system32\apiqy32.exe
O4 - HKLM\..\RunOnce: [nthf32.exe] C:\WINDOWS\system32\nthf32.exe
O4 - HKLM\..\RunOnce: [netcj.exe] C:\WINDOWS\system32\netcj.exe
O4 - HKLM\..\RunOnce: [atlgv.exe] C:\WINDOWS\system32\atlgv.exe
O4 - HKLM\..\RunOnce: [ntvk32.exe] C:\WINDOWS\ntvk32.exe
O4 - HKLM\..\RunOnce: [d3ls.exe] C:\WINDOWS\d3ls.exe
O4 - HKLM\..\RunOnce: [winpw32.exe] C:\WINDOWS\winpw32.exe
O4 - HKLM\..\RunOnce: [iezw.exe] C:\WINDOWS\iezw.exe
O4 - HKLM\..\RunOnce: [ieet32.exe] C:\WINDOWS\ieet32.exe
O4 - HKLM\..\RunOnce: [ietq32.exe] C:\WINDOWS\ietq32.exe
O4 - HKLM\..\RunOnce: [winsv.exe] C:\WINDOWS\system32\winsv.exe
O4 - HKLM\..\RunOnce: [msik.exe] C:\WINDOWS\system32\msik.exe
O4 - HKLM\..\RunOnce: [ntad32.exe] C:\WINDOWS\system32\ntad32.exe
O4 - HKLM\..\RunOnce: [javamw.exe] C:\WINDOWS\javamw.exe
O4 - HKLM\..\RunOnce: [ieqs.exe] C:\WINDOWS\system32\ieqs.exe
O4 - HKLM\..\RunOnce: [appat32.exe] C:\WINDOWS\appat32.exe
O4 - HKLM\..\RunOnce: [apiyb.exe] C:\WINDOWS\apiyb.exe
O4 - HKLM\..\RunOnce: [sdkuf32.exe] C:\WINDOWS\system32\sdkuf32.exe
O4 - HKLM\..\RunOnce: [ipef.exe] C:\WINDOWS\ipef.exe
O4 - HKLM\..\RunOnce: [ipkc32.exe] C:\WINDOWS\system32\ipkc32.exe
O4 - HKLM\..\RunOnce: [ipyz32.exe] C:\WINDOWS\ipyz32.exe
O4 - HKLM\..\RunOnce: [adddv32.exe] C:\WINDOWS\adddv32.exe
O4 - HKLM\..\RunOnce: [ntgh32.exe] C:\WINDOWS\ntgh32.exe
O4 - HKLM\..\RunOnce: [javall.exe] C:\WINDOWS\system32\javall.exe
O4 - HKLM\..\RunOnce: [sdkml32.exe] C:\WINDOWS\sdkml32.exe
O4 - HKLM\..\RunOnce: [sdkai32.exe] C:\WINDOWS\system32\sdkai32.exe
O4 - HKLM\..\RunOnce: [craw.exe] C:\WINDOWS\craw.exe
O4 - HKLM\..\RunOnce: [ntpd.exe] C:\WINDOWS\ntpd.exe
O4 - HKLM\..\RunOnce: [atlzw32.exe] C:\WINDOWS\system32\atlzw32.exe
O4 - HKLM\..\RunOnce: [apitp.exe] C:\WINDOWS\system32\apitp.exe
O4 - HKLM\..\RunOnce: [sdkxt.exe] C:\WINDOWS\sdkxt.exe
O4 - HKLM\..\RunOnce: [d3hm32.exe] C:\WINDOWS\system32\d3hm32.exe
O4 - HKLM\..\RunOnce: [winyt.exe] C:\WINDOWS\winyt.exe
O4 - HKLM\..\RunOnce: [mfcbx.exe] C:\WINDOWS\mfcbx.exe
O4 - HKLM\..\RunOnce: [ntmy32.exe] C:\WINDOWS\ntmy32.exe
O4 - HKLM\..\RunOnce: [sysgk32.exe] C:\WINDOWS\sysgk32.exe
O4 - HKLM\..\RunOnce: [msqk.exe] C:\WINDOWS\msqk.exe
O4 - HKLM\..\RunOnce: [iedh32.exe] C:\WINDOWS\iedh32.exe
O4 - HKLM\..\RunOnce: [mske32.exe] C:\WINDOWS\system32\mske32.exe
O4 - HKLM\..\RunOnce: [ippa32.exe] C:\WINDOWS\ippa32.exe
O4 - HKLM\..\RunOnce: [iesm32.exe] C:\WINDOWS\system32\iesm32.exe
O4 - HKLM\..\RunOnce: [crck.exe] C:\WINDOWS\system32\crck.exe
O4 - HKLM\..\RunOnce: [addrh32.exe] C:\WINDOWS\addrh32.exe
O4 - HKLM\..\RunOnce: [mfcpp.exe] C:\WINDOWS\mfcpp.exe
O4 - HKLM\..\RunOnce: [sdklt32.exe] C:\WINDOWS\sdklt32.exe
O4 - HKLM\..\RunOnce: [netvt.exe] C:\WINDOWS\netvt.exe
O4 - HKLM\..\RunOnce: [ipjq32.exe] C:\WINDOWS\ipjq32.exe
O4 - HKLM\..\RunOnce: [netpn32.exe] C:\WINDOWS\netpn32.exe
O4 - HKLM\..\RunOnce: [ntxs.exe] C:\WINDOWS\system32\ntxs.exe
O4 - HKLM\..\RunOnce: [netmh.exe] C:\WINDOWS\system32\netmh.exe
O4 - HKLM\..\RunOnce: [addxa32.exe] C:\WINDOWS\system32\addxa32.exe
O4 - HKLM\..\RunOnce: [javalv32.exe] C:\WINDOWS\system32\javalv32.exe
O4 - HKLM\..\RunOnce: [addrk.exe] C:\WINDOWS\system32\addrk.exe
O4 - HKLM\..\RunOnce: [mfcpz32.exe] C:\WINDOWS\system32\mfcpz32.exe
O4 - HKLM\..\RunOnce: [atlnk.exe] C:\WINDOWS\atlnk.exe
O4 - HKLM\..\RunOnce: [apixx.exe] C:\WINDOWS\apixx.exe
O4 - HKLM\..\RunOnce: [sdkrs32.exe] C:\WINDOWS\sdkrs32.exe
O4 - HKLM\..\RunOnce: [mfcwo32.exe] C:\WINDOWS\mfcwo32.exe
O4 - HKLM\..\RunOnce: [ipla32.exe] C:\WINDOWS\ipla32.exe
O4 - HKLM\..\RunOnce: [javaza32.exe] C:\WINDOWS\javaza32.exe
O4 - HKLM\..\RunOnce: [msee.exe] C:\WINDOWS\system32\msee.exe
O4 - HKLM\..\RunOnce: [sysxx32.exe] C:\WINDOWS\sysxx32.exe
O4 - HKLM\..\RunOnce: [d3fm32.exe] C:\WINDOWS\d3fm32.exe
O4 - HKLM\..\RunOnce: [crtb32.exe] C:\WINDOWS\system32\crtb32.exe
O4 - HKLM\..\RunOnce: [netyf.exe] C:\WINDOWS\system32\netyf.exe
O4 - HKLM\..\RunOnce: [appcj.exe] C:\WINDOWS\system32\appcj.exe
O4 - HKLM\..\RunOnce: [addbq32.exe] C:\WINDOWS\system32\addbq32.exe
O4 - HKLM\..\RunOnce: [atlzu.exe] C:\WINDOWS\atlzu.exe
O4 - HKLM\..\RunOnce: [apiaj32.exe] C:\WINDOWS\system32\apiaj32.exe
O4 - HKLM\..\RunOnce: [systu32.exe] C:\WINDOWS\systu32.exe

O23 - Service: Workstation NetLogon Service ( 11F#`I) - Unknown owner - C:\WINDOWS\netzl.exe

Reboot and show me the logs when you are done.

Regards,
  • 0

#3
jackeral

jackeral

    New Member

  • Member
  • Pip
  • 4 posts
try etrust pest patrol or microsoft anti spyware latest versions etrust pest patrol finds a lot that others don't takes a bit of time to domnload updates tough.
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Hi jackeral,

Please read point number 4 of the rules in this forum.

ONLY Geeks to Go Staff members are allowed to reply to topics in this forum. This is due to damage that can be caused by improper advice.


If you really like to be helpful:
http://www.geekstogo...here-t4817.html

Thanks for your cooperation.

Regards,
  • 0

#5
jackeral

jackeral

    New Member

  • Member
  • Pip
  • 4 posts
sorry will stay out of the way for good thought it would help!!!!!!!!!!!
  • 0

#6
joeigurl

joeigurl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Here's the new Hijack THis log.

I still see some of the bad urls in the new log like this though:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tjobn.dll/sp.html#37049


Why is that?


Thanks!

Attached Files


  • 0

#7
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts

Here's the new Hijack THis log. 

I still see some of the bad urls in the new log like this though:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tjobn.dll/sp.html#37049
Why is that?
Thanks!

View Post


Because we were in the fase of making your log readable, remember?

Do me two favors:
- Do NOT PM me or any other staff member for help. It will not make it any faster
- Post your logs and don't attach them.

Download and run CWShredder from:
http://www.intermute...r_download.html
Use the Fix button.

Download and run About:Buster from:
http://www.majorgeek...wnload4289.html
It usually takes two runs to get cleaned.

Post a new HIjackTHis log when you are done.

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP