Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help- sdkar, sdkxr32, winyk32 exe +more [CLOSED]


  • This topic is locked This topic is locked

#1
X Myth

X Myth

    New Member

  • Member
  • Pip
  • 5 posts
;)

The computer seems to be slowing down, sites are also taking extra time to process, and I'm ads every so often that can't be thwarted with Adware or Spybot. I also noticed so far 2 new processes in my task manager, and the online slow downs seem to be connected to them.

sdkar.exe
sdkxr32.exe
winyk32.exe

Any sort of help would make me forever gratful.

:tazz:

Edit- Also I think my AIM service isn't working now because of one of these things... I can load it up, but whenever I try to msg someone or someone tries to msg me it crashes.

----------
Logfile of HijackThis v1.99.1
Scan saved at 8:22:30 AM, on 7/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Valve\Steam\Steam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Mark\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kfozh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kfozh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\kfozh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kfozh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kfozh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\kfozh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\kfozh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.32.212.89
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {0D064D84-ED78-BC93-66E2-030B7A926E0F} - C:\WINDOWS\system32\winiz.dll
O2 - BHO: Class - {5E8BA5AA-42CF-368F-88E1-1CDF46D25744} - C:\WINDOWS\system32\ipqr32.dll
O2 - BHO: Class - {66100307-54EE-8324-718F-DA7041322625} - C:\WINDOWS\system32\crnb32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Class - {F1D1E8C9-4FA8-1ACF-0E3A-A0F331D618C5} - C:\WINDOWS\crlq.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [crip32.exe] C:\WINDOWS\crip32.exe
O4 - HKLM\..\Run: [sysuc.exe] C:\WINDOWS\system32\sysuc.exe
O4 - HKLM\..\Run: [sdkxr32.exe] C:\WINDOWS\sdkxr32.exe
O4 - HKLM\..\Run: [sdkzc.exe] C:\WINDOWS\sdkzc.exe
O4 - HKLM\..\Run: [sdkar.exe] C:\WINDOWS\sdkar.exe
O4 - HKLM\..\Run: [winyk32.exe] C:\WINDOWS\winyk32.exe
O4 - HKLM\..\RunOnce: [sysce32.exe] C:\WINDOWS\sysce32.exe
O4 - HKLM\..\RunOnce: [javadn32.exe] C:\WINDOWS\system32\javadn32.exe
O4 - HKLM\..\RunOnce: [sysco.exe] C:\WINDOWS\sysco.exe
O4 - HKLM\..\RunOnce: [d3na32.exe] C:\WINDOWS\d3na32.exe
O4 - HKLM\..\RunOnce: [d3hj.exe] C:\WINDOWS\d3hj.exe
O4 - HKLM\..\RunOnce: [atleo32.exe] C:\WINDOWS\system32\atleo32.exe
O4 - HKLM\..\RunOnce: [javaoq32.exe] C:\WINDOWS\javaoq32.exe
O4 - HKLM\..\RunOnce: [mfccz32.exe] C:\WINDOWS\system32\mfccz32.exe
O4 - HKLM\..\RunOnce: [mfcrt.exe] C:\WINDOWS\mfcrt.exe
O4 - HKLM\..\RunOnce: [atljd32.exe] C:\WINDOWS\system32\atljd32.exe
O4 - HKLM\..\RunOnce: [netrj.exe] C:\WINDOWS\netrj.exe
O4 - HKLM\..\RunOnce: [crvb.exe] C:\WINDOWS\crvb.exe
O4 - HKLM\..\RunOnce: [mspa32.exe] C:\WINDOWS\system32\mspa32.exe
O4 - HKLM\..\RunOnce: [mssk.exe] C:\WINDOWS\mssk.exe
O4 - HKLM\..\RunOnce: [ipzx.exe] C:\WINDOWS\ipzx.exe
O4 - HKLM\..\RunOnce: [d3kc.exe] C:\WINDOWS\d3kc.exe
O4 - HKLM\..\RunOnce: [mfcen.exe] C:\WINDOWS\mfcen.exe
O4 - HKLM\..\RunOnce: [iexy.exe] C:\WINDOWS\system32\iexy.exe
O4 - HKLM\..\RunOnce: [sdkte.exe] C:\WINDOWS\system32\sdkte.exe
O4 - HKLM\..\RunOnce: [javabc.exe] C:\WINDOWS\javabc.exe
O4 - HKLM\..\RunOnce: [winqy.exe] C:\WINDOWS\winqy.exe
O4 - HKLM\..\RunOnce: [ntuv32.exe] C:\WINDOWS\system32\ntuv32.exe
O4 - HKLM\..\RunOnce: [msyx32.exe] C:\WINDOWS\system32\msyx32.exe
O4 - HKLM\..\RunOnce: [javapo32.exe] C:\WINDOWS\javapo32.exe
O4 - HKLM\..\RunOnce: [sysyj32.exe] C:\WINDOWS\sysyj32.exe
O4 - HKLM\..\RunOnce: [winqq32.exe] C:\WINDOWS\winqq32.exe
O4 - HKLM\..\RunOnce: [mfcyi32.exe] C:\WINDOWS\system32\mfcyi32.exe
O4 - HKLM\..\RunOnce: [ipop.exe] C:\WINDOWS\system32\ipop.exe
O4 - HKLM\..\RunOnce: [iexm32.exe] C:\WINDOWS\iexm32.exe
O4 - HKLM\..\RunOnce: [javaku.exe] C:\WINDOWS\javaku.exe
O4 - HKLM\..\RunOnce: [ierg.exe] C:\WINDOWS\ierg.exe
O4 - HKLM\..\RunOnce: [ntea32.exe] C:\WINDOWS\ntea32.exe
O4 - HKLM\..\RunOnce: [netzm32.exe] C:\WINDOWS\system32\netzm32.exe
O4 - HKLM\..\RunOnce: [addfg.exe] C:\WINDOWS\system32\addfg.exe
O4 - HKLM\..\RunOnce: [ieuv.exe] C:\WINDOWS\system32\ieuv.exe
O4 - HKLM\..\RunOnce: [sdkap32.exe] C:\WINDOWS\sdkap32.exe
O4 - HKLM\..\RunOnce: [msdt.exe] C:\WINDOWS\msdt.exe
O4 - HKLM\..\RunOnce: [winub32.exe] C:\WINDOWS\winub32.exe
O4 - HKLM\..\RunOnce: [crhd.exe] C:\WINDOWS\system32\crhd.exe
O4 - HKLM\..\RunOnce: [netsw.exe] C:\WINDOWS\netsw.exe
O4 - HKLM\..\RunOnce: [addxq32.exe] C:\WINDOWS\addxq32.exe
O4 - HKLM\..\RunOnce: [javaoa.exe] C:\WINDOWS\javaoa.exe
O4 - HKLM\..\RunOnce: [apibu32.exe] C:\WINDOWS\apibu32.exe
O4 - HKLM\..\RunOnce: [sdkfg32.exe] C:\WINDOWS\system32\sdkfg32.exe
O4 - HKLM\..\RunOnce: [sdkfw32.exe] C:\WINDOWS\system32\sdkfw32.exe
O4 - HKLM\..\RunOnce: [d3sa.exe] C:\WINDOWS\system32\d3sa.exe
O4 - HKLM\..\RunOnce: [crtb32.exe] C:\WINDOWS\system32\crtb32.exe
O4 - HKLM\..\RunOnce: [javahy32.exe] C:\WINDOWS\system32\javahy32.exe
O4 - HKLM\..\RunOnce: [apimu32.exe] C:\WINDOWS\system32\apimu32.exe
O4 - HKLM\..\RunOnce: [crhg32.exe] C:\WINDOWS\crhg32.exe
O4 - HKLM\..\RunOnce: [iemk.exe] C:\WINDOWS\iemk.exe
O4 - HKLM\..\RunOnce: [msvk32.exe] C:\WINDOWS\msvk32.exe
O4 - HKLM\..\RunOnce: [d3jh32.exe] C:\WINDOWS\d3jh32.exe
O4 - HKLM\..\RunOnce: [ipod.exe] C:\WINDOWS\ipod.exe
O4 - HKLM\..\RunOnce: [sdkhe32.exe] C:\WINDOWS\sdkhe32.exe
O4 - HKLM\..\RunOnce: [d3xm32.exe] C:\WINDOWS\d3xm32.exe
O4 - HKLM\..\RunOnce: [javaty.exe] C:\WINDOWS\system32\javaty.exe
O4 - HKLM\..\RunOnce: [apisf32.exe] C:\WINDOWS\system32\apisf32.exe
O4 - HKLM\..\RunOnce: [addqv32.exe] C:\WINDOWS\addqv32.exe
O4 - HKLM\..\RunOnce: [appql.exe] C:\WINDOWS\appql.exe
O4 - HKLM\..\RunOnce: [winyl.exe] C:\WINDOWS\winyl.exe
O4 - HKLM\..\RunOnce: [netoa.exe] C:\WINDOWS\netoa.exe
O4 - HKLM\..\RunOnce: [atldp32.exe] C:\WINDOWS\atldp32.exe
O4 - HKLM\..\RunOnce: [apiob.exe] C:\WINDOWS\apiob.exe
O4 - HKLM\..\RunOnce: [sdksf32.exe] C:\WINDOWS\system32\sdksf32.exe
O4 - HKLM\..\RunOnce: [syswo.exe] C:\WINDOWS\syswo.exe
O4 - HKLM\..\RunOnce: [netcf.exe] C:\WINDOWS\system32\netcf.exe
O4 - HKLM\..\RunOnce: [ipic32.exe] C:\WINDOWS\system32\ipic32.exe
O4 - HKLM\..\RunOnce: [atlgp32.exe] C:\WINDOWS\atlgp32.exe
O4 - HKLM\..\RunOnce: [netwz32.exe] C:\WINDOWS\netwz32.exe
O4 - HKLM\..\RunOnce: [sysdt.exe] C:\WINDOWS\sysdt.exe
O4 - HKLM\..\RunOnce: [addbv32.exe] C:\WINDOWS\addbv32.exe
O4 - HKLM\..\RunOnce: [sdkbd.exe] C:\WINDOWS\system32\sdkbd.exe
O4 - HKLM\..\RunOnce: [winkj32.exe] C:\WINDOWS\system32\winkj32.exe
O4 - HKLM\..\RunOnce: [atlpn.exe] C:\WINDOWS\atlpn.exe
O4 - HKLM\..\RunOnce: [appyo32.exe] C:\WINDOWS\system32\appyo32.exe
O4 - HKLM\..\RunOnce: [addmk.exe] C:\WINDOWS\addmk.exe
O4 - HKLM\..\RunOnce: [sysfh.exe] C:\WINDOWS\sysfh.exe
O4 - HKLM\..\RunOnce: [crfe.exe] C:\WINDOWS\crfe.exe
O4 - HKLM\..\RunOnce: [atlap.exe] C:\WINDOWS\atlap.exe
O4 - HKLM\..\RunOnce: [winhe.exe] C:\WINDOWS\system32\winhe.exe
O4 - HKLM\..\RunOnce: [crax32.exe] C:\WINDOWS\system32\crax32.exe
O4 - HKLM\..\RunOnce: [msli.exe] C:\WINDOWS\msli.exe
O4 - HKLM\..\RunOnce: [addpm.exe] C:\WINDOWS\addpm.exe
O4 - HKLM\..\RunOnce: [msrn32.exe] C:\WINDOWS\system32\msrn32.exe
O4 - HKLM\..\RunOnce: [apizn32.exe] C:\WINDOWS\apizn32.exe
O4 - HKLM\..\RunOnce: [ntyu.exe] C:\WINDOWS\ntyu.exe
O4 - HKLM\..\RunOnce: [d3uy32.exe] C:\WINDOWS\system32\d3uy32.exe
O4 - HKLM\..\RunOnce: [iptg.exe] C:\WINDOWS\iptg.exe
O4 - HKLM\..\RunOnce: [javarw32.exe] C:\WINDOWS\system32\javarw32.exe
O4 - HKLM\..\RunOnce: [Pest Cleaning] "c:\Program Files\PestPatrol\ppclean.exe" "clean" "ts:20050710201659" "cws" "2"
O4 - HKLM\..\RunOnce: [d3ax32.exe] C:\WINDOWS\d3ax32.exe
O4 - HKLM\..\RunOnce: [atlpu.exe] C:\WINDOWS\system32\atlpu.exe
O4 - HKLM\..\RunOnce: [javaxl32.exe] C:\WINDOWS\javaxl32.exe
O4 - HKLM\..\RunOnce: [sysof32.exe] C:\WINDOWS\sysof32.exe
O4 - HKLM\..\RunOnce: [ntff.exe] C:\WINDOWS\ntff.exe
O4 - HKLM\..\RunOnce: [d3fw32.exe] C:\WINDOWS\system32\d3fw32.exe
O4 - HKLM\..\RunOnce: [mfccp32.exe] C:\WINDOWS\mfccp32.exe
O4 - HKLM\..\RunOnce: [crfb32.exe] C:\WINDOWS\system32\crfb32.exe
O4 - HKLM\..\RunOnce: [iekf.exe] C:\WINDOWS\system32\iekf.exe
O4 - HKLM\..\RunOnce: [d3lf32.exe] C:\WINDOWS\d3lf32.exe
O4 - HKLM\..\RunOnce: [atlul.exe] C:\WINDOWS\system32\atlul.exe
O4 - HKLM\..\RunOnce: [sdkra32.exe] C:\WINDOWS\sdkra32.exe
O4 - HKLM\..\RunOnce: [msii.exe] C:\WINDOWS\system32\msii.exe
O4 - HKLM\..\RunOnce: [addlm32.exe] C:\WINDOWS\system32\addlm32.exe
O4 - HKLM\..\RunOnce: [atlam32.exe] C:\WINDOWS\system32\atlam32.exe
O4 - HKLM\..\RunOnce: [ievm.exe] C:\WINDOWS\system32\ievm.exe
O4 - HKLM\..\RunOnce: [sysbj32.exe] C:\WINDOWS\system32\sysbj32.exe
O4 - HKLM\..\RunOnce: [addap.exe] C:\WINDOWS\addap.exe
O4 - HKLM\..\RunOnce: [apibg.exe] C:\WINDOWS\system32\apibg.exe
O4 - HKLM\..\RunOnce: [iepg32.exe] C:\WINDOWS\iepg32.exe
O4 - HKLM\..\RunOnce: [javaek32.exe] C:\WINDOWS\javaek32.exe
O4 - HKLM\..\RunOnce: [ntwo.exe] C:\WINDOWS\ntwo.exe
O4 - HKLM\..\RunOnce: [atlpf32.exe] C:\WINDOWS\system32\atlpf32.exe
O4 - HKLM\..\RunOnce: [msel.exe] C:\WINDOWS\msel.exe
O4 - HKLM\..\RunOnce: [ntsn32.exe] C:\WINDOWS\ntsn32.exe
O4 - HKLM\..\RunOnce: [atlte.exe] C:\WINDOWS\system32\atlte.exe
O4 - HKLM\..\RunOnce: [msyh32.exe] C:\WINDOWS\system32\msyh32.exe
O4 - HKLM\..\RunOnce: [msss32.exe] C:\WINDOWS\system32\msss32.exe
O4 - HKLM\..\RunOnce: [iezu32.exe] C:\WINDOWS\iezu32.exe
O4 - HKLM\..\RunOnce: [ieai32.exe] C:\WINDOWS\system32\ieai32.exe
O4 - HKLM\..\RunOnce: [sdkfc.exe] C:\WINDOWS\system32\sdkfc.exe
O4 - HKLM\..\RunOnce: [addiz32.exe] C:\WINDOWS\system32\addiz32.exe
O4 - HKLM\..\RunOnce: [d3ou.exe] C:\WINDOWS\d3ou.exe
O4 - HKLM\..\RunOnce: [mstq.exe] C:\WINDOWS\mstq.exe
O4 - HKLM\..\RunOnce: [iphk32.exe] C:\WINDOWS\system32\iphk32.exe
O4 - HKLM\..\RunOnce: [d3in32.exe] C:\WINDOWS\system32\d3in32.exe
O4 - HKLM\..\RunOnce: [ipnh32.exe] C:\WINDOWS\ipnh32.exe
O4 - HKLM\..\RunOnce: [wingu32.exe] C:\WINDOWS\system32\wingu32.exe
O4 - HKLM\..\RunOnce: [javalp.exe] C:\WINDOWS\javalp.exe
O4 - HKLM\..\RunOnce: [apiwh32.exe] C:\WINDOWS\apiwh32.exe
O4 - HKLM\..\RunOnce: [ippb.exe] C:\WINDOWS\system32\ippb.exe
O4 - HKLM\..\RunOnce: [crlf.exe] C:\WINDOWS\crlf.exe
O4 - HKLM\..\RunOnce: [sysex32.exe] C:\WINDOWS\system32\sysex32.exe
O4 - HKLM\..\RunOnce: [appun.exe] C:\WINDOWS\system32\appun.exe
O4 - HKLM\..\RunOnce: [netyj32.exe] C:\WINDOWS\netyj32.exe
O4 - HKLM\..\RunOnce: [mfcis.exe] C:\WINDOWS\system32\mfcis.exe
O4 - HKLM\..\RunOnce: [mfcng32.exe] C:\WINDOWS\mfcng32.exe
O4 - HKLM\..\RunOnce: [mfccd32.exe] C:\WINDOWS\system32\mfccd32.exe
O4 - HKLM\..\RunOnce: [iegh32.exe] C:\WINDOWS\system32\iegh32.exe
O4 - HKLM\..\RunOnce: [apict32.exe] C:\WINDOWS\system32\apict32.exe
O4 - HKLM\..\RunOnce: [ipgx.exe] C:\WINDOWS\ipgx.exe
O4 - HKLM\..\RunOnce: [netpy32.exe] C:\WINDOWS\system32\netpy32.exe
O4 - HKLM\..\RunOnce: [neteu32.exe] C:\WINDOWS\neteu32.exe
O4 - HKLM\..\RunOnce: [winar32.exe] C:\WINDOWS\winar32.exe
O4 - HKLM\..\RunOnce: [netdc32.exe] C:\WINDOWS\netdc32.exe
O4 - HKLM\..\RunOnce: [sdkih.exe] C:\WINDOWS\system32\sdkih.exe
O4 - HKLM\..\RunOnce: [ntrh32.exe] C:\WINDOWS\ntrh32.exe
O4 - HKLM\..\RunOnce: [ipxe.exe] C:\WINDOWS\system32\ipxe.exe
O4 - HKLM\..\RunOnce: [ntla.exe] C:\WINDOWS\system32\ntla.exe
O4 - HKLM\..\RunOnce: [addrx.exe] C:\WINDOWS\system32\addrx.exe
O4 - HKLM\..\RunOnce: [sdkli.exe] C:\WINDOWS\system32\sdkli.exe
O4 - HKLM\..\RunOnce: [netay.exe] C:\WINDOWS\system32\netay.exe
O4 - HKLM\..\RunOnce: [addlq32.exe] C:\WINDOWS\addlq32.exe
O4 - HKLM\..\RunOnce: [atlec.exe] C:\WINDOWS\system32\atlec.exe
O4 - HKLM\..\RunOnce: [ipag.exe] C:\WINDOWS\system32\ipag.exe
O4 - HKLM\..\RunOnce: [crtg32.exe] C:\WINDOWS\system32\crtg32.exe
O4 - HKLM\..\RunOnce: [iejo.exe] C:\WINDOWS\system32\iejo.exe
O4 - HKLM\..\RunOnce: [appns32.exe] C:\WINDOWS\system32\appns32.exe
O4 - HKLM\..\RunOnce: [winws.exe] C:\WINDOWS\system32\winws.exe
O4 - HKLM\..\RunOnce: [wincp32.exe] C:\WINDOWS\system32\wincp32.exe
O4 - HKLM\..\RunOnce: [winre32.exe] C:\WINDOWS\winre32.exe
O4 - HKLM\..\RunOnce: [javavi32.exe] C:\WINDOWS\system32\javavi32.exe
O4 - HKLM\..\RunOnce: [atlvi.exe] C:\WINDOWS\atlvi.exe
O4 - HKLM\..\RunOnce: [syszu.exe] C:\WINDOWS\system32\syszu.exe
O4 - HKLM\..\RunOnce: [apipj32.exe] C:\WINDOWS\apipj32.exe
O4 - HKLM\..\RunOnce: [ntfr.exe] C:\WINDOWS\ntfr.exe
O4 - HKLM\..\RunOnce: [msjv32.exe] C:\WINDOWS\system32\msjv32.exe
O4 - HKLM\..\RunOnce: [javasv.exe] C:\WINDOWS\javasv.exe
O4 - HKLM\..\RunOnce: [crys32.exe] C:\WINDOWS\system32\crys32.exe
O4 - HKLM\..\RunOnce: [javamp32.exe] C:\WINDOWS\javamp32.exe
O4 - HKLM\..\RunOnce: [apirl32.exe] C:\WINDOWS\apirl32.exe
O4 - HKLM\..\RunOnce: [crmx32.exe] C:\WINDOWS\crmx32.exe
O4 - HKLM\..\RunOnce: [iezb.exe] C:\WINDOWS\system32\iezb.exe
O4 - HKLM\..\RunOnce: [d3ab32.exe] C:\WINDOWS\d3ab32.exe
O4 - HKLM\..\RunOnce: [d3oy32.exe] C:\WINDOWS\system32\d3oy32.exe
O4 - HKLM\..\RunOnce: [nettd32.exe] C:\WINDOWS\system32\nettd32.exe
O4 - HKLM\..\RunOnce: [msoo32.exe] C:\WINDOWS\system32\msoo32.exe
O4 - HKLM\..\RunOnce: [wintt.exe] C:\WINDOWS\wintt.exe
O4 - HKLM\..\RunOnce: [iect32.exe] C:\WINDOWS\system32\iect32.exe
O4 - HKLM\..\RunOnce: [ieqq.exe] C:\WINDOWS\ieqq.exe
O4 - HKLM\..\RunOnce: [iewe.exe] C:\WINDOWS\iewe.exe
O4 - HKLM\..\RunOnce: [syses32.exe] C:\WINDOWS\syses32.exe
O4 - HKLM\..\RunOnce: [appjw32.exe] C:\WINDOWS\system32\appjw32.exe
O4 - HKLM\..\RunOnce: [crje.exe] C:\WINDOWS\crje.exe
O4 - HKLM\..\RunOnce: [ipni.exe] C:\WINDOWS\ipni.exe
O4 - HKLM\..\RunOnce: [mscy32.exe] C:\WINDOWS\system32\mscy32.exe
O4 - HKLM\..\RunOnce: [winsn.exe] C:\WINDOWS\system32\winsn.exe
O4 - HKLM\..\RunOnce: [apiwj32.exe] C:\WINDOWS\system32\apiwj32.exe
O4 - HKLM\..\RunOnce: [appgs.exe] C:\WINDOWS\system32\appgs.exe
O4 - HKLM\..\RunOnce: [atlmg32.exe] C:\WINDOWS\system32\atlmg32.exe
O4 - HKLM\..\RunOnce: [appad32.exe] C:\WINDOWS\appad32.exe
O4 - HKLM\..\RunOnce: [d3fh32.exe] C:\WINDOWS\system32\d3fh32.exe
O4 - HKLM\..\RunOnce: [atlat32.exe] C:\WINDOWS\atlat32.exe
O4 - HKLM\..\RunOnce: [netnx.exe] C:\WINDOWS\system32\netnx.exe
O4 - HKLM\..\RunOnce: [mfcny32.exe] C:\WINDOWS\mfcny32.exe
O4 - HKLM\..\RunOnce: [mfccv32.exe] C:\WINDOWS\system32\mfccv32.exe
O4 - HKLM\..\RunOnce: [iehr.exe] C:\WINDOWS\iehr.exe
O4 - HKLM\..\RunOnce: [crlv.exe] C:\WINDOWS\system32\crlv.exe
O4 - HKLM\..\RunOnce: [addas32.exe] C:\WINDOWS\addas32.exe
O4 - HKLM\..\RunOnce: [mfcqz32.exe] C:\WINDOWS\mfcqz32.exe
O4 - HKLM\..\RunOnce: [appld.exe] C:\WINDOWS\system32\appld.exe
O4 - HKLM\..\RunOnce: [mskt32.exe] C:\WINDOWS\system32\mskt32.exe
O4 - HKLM\..\RunOnce: [ntji32.exe] C:\WINDOWS\ntji32.exe
O4 - HKLM\..\RunOnce: [sdkiq.exe] C:\WINDOWS\system32\sdkiq.exe
O4 - HKLM\..\RunOnce: [ntrr.exe] C:\WINDOWS\ntrr.exe
O4 - HKLM\..\RunOnce: [iego32.exe] C:\WINDOWS\system32\iego32.exe
O4 - HKLM\..\RunOnce: [addxv32.exe] C:\WINDOWS\system32\addxv32.exe
O4 - HKLM\..\RunOnce: [sysaz.exe] C:\WINDOWS\sysaz.exe
O4 - HKLM\..\RunOnce: [javazp32.exe] C:\WINDOWS\javazp32.exe
O4 - HKLM\..\RunOnce: [netpe.exe] C:\WINDOWS\system32\netpe.exe
O4 - HKLM\..\RunOnce: [winou32.exe] C:\WINDOWS\system32\winou32.exe
O4 - HKLM\..\RunOnce: [d3mb32.exe] C:\WINDOWS\d3mb32.exe
O4 - HKLM\..\RunOnce: [msmr32.exe] C:\WINDOWS\msmr32.exe
O4 - HKLM\..\RunOnce: [appwk32.exe] C:\WINDOWS\appwk32.exe
O4 - HKLM\..\RunOnce: [javaws.exe] C:\WINDOWS\system32\javaws.exe
O4 - HKLM\..\RunOnce: [ipae.exe] C:\WINDOWS\system32\ipae.exe
O4 - HKLM\..\RunOnce: [mspt32.exe] C:\WINDOWS\mspt32.exe
O4 - HKLM\..\RunOnce: [winfa32.exe] C:\WINDOWS\winfa32.exe
O4 - HKLM\..\RunOnce: [ieie.exe] C:\WINDOWS\ieie.exe
O4 - HKLM\..\RunOnce: [sdkhu32.exe] C:\WINDOWS\sdkhu32.exe
O4 - HKLM\..\RunOnce: [mfcxj32.exe] C:\WINDOWS\system32\mfcxj32.exe
O4 - HKLM\..\RunOnce: [apifr.exe] C:\WINDOWS\system32\apifr.exe
O4 - HKLM\..\RunOnce: [mfcga.exe] C:\WINDOWS\mfcga.exe
O4 - HKLM\..\RunOnce: [javavp32.exe] C:\WINDOWS\system32\javavp32.exe
O4 - HKLM\..\RunOnce: [msuw32.exe] C:\WINDOWS\system32\msuw32.exe
O4 - HKLM\..\RunOnce: [crpa.exe] C:\WINDOWS\system32\crpa.exe
O4 - HKLM\..\RunOnce: [netoq32.exe] C:\WINDOWS\system32\netoq32.exe
O4 - HKLM\..\RunOnce: [mfcjb.exe] C:\WINDOWS\mfcjb.exe
O4 - HKLM\..\RunOnce: [ieir32.exe] C:\WINDOWS\ieir32.exe
O4 - HKLM\..\RunOnce: [javagy.exe] C:\WINDOWS\system32\javagy.exe
O4 - HKLM\..\RunOnce: [apifo32.exe] C:\WINDOWS\system32\apifo32.exe
O4 - HKLM\..\RunOnce: [addve32.exe] C:\WINDOWS\addve32.exe
O4 - HKLM\..\RunOnce: [adddm.exe] C:\WINDOWS\system32\adddm.exe
O4 - HKLM\..\RunOnce: [winem.exe] C:\WINDOWS\winem.exe
O4 - HKLM\..\RunOnce: [nettj32.exe] C:\WINDOWS\system32\nettj32.exe
O4 - HKLM\..\RunOnce: [sdkrq32.exe] C:\WINDOWS\system32\sdkrq32.exe
O4 - HKLM\..\RunOnce: [ipnu.exe] C:\WINDOWS\ipnu.exe
O4 - HKLM\..\RunOnce: [appmk32.exe] C:\WINDOWS\appmk32.exe
O4 - HKLM\..\RunOnce: [iecz32.exe] C:\WINDOWS\system32\iecz32.exe
O4 - HKLM\..\RunOnce: [syskh.exe] C:\WINDOWS\system32\syskh.exe
O4 - HKLM\..\RunOnce: [mski.exe] C:\WINDOWS\system32\mski.exe
O4 - HKLM\..\RunOnce: [atlaf32.exe] C:\WINDOWS\system32\atlaf32.exe
O4 - HKLM\..\RunOnce: [netym32.exe] C:\WINDOWS\system32\netym32.exe
O4 - HKLM\..\RunOnce: [mfctq.exe] C:\WINDOWS\system32\mfctq.exe
O4 - HKLM\..\RunOnce: [syssg32.exe] C:\WINDOWS\system32\syssg32.exe
O4 - HKLM\..\RunOnce: [atlle32.exe] C:\WINDOWS\system32\atlle32.exe
O4 - HKLM\..\RunOnce: [mfcwq32.exe] C:\WINDOWS\system32\mfcwq32.exe
O4 - HKLM\..\RunOnce: [iebu32.exe] C:\WINDOWS\iebu32.exe
O4 - HKLM\..\RunOnce: [apieg.exe] C:\WINDOWS\system32\apieg.exe
O4 - HKLM\..\RunOnce: [addik32.exe] C:\WINDOWS\addik32.exe
O4 - HKLM\..\RunOnce: [msyz.exe] C:\WINDOWS\system32\msyz.exe
O4 - HKLM\..\RunOnce: [ntxp32.exe] C:\WINDOWS\system32\ntxp32.exe
O4 - HKLM\..\RunOnce: [mfcve32.exe] C:\WINDOWS\mfcve32.exe
O4 - HKLM\..\RunOnce: [apivm.exe] C:\WINDOWS\apivm.exe
O4 - HKLM\..\RunOnce: [atlwm.exe] C:\WINDOWS\system32\atlwm.exe
O4 - HKLM\..\RunOnce: [sdktk.exe] C:\WINDOWS\sdktk.exe
O4 - HKLM\..\RunOnce: [netjr32.exe] C:\WINDOWS\netjr32.exe
O4 - HKLM\..\RunOnce: [ntuk.exe] C:\WINDOWS\system32\ntuk.exe
O4 - HKLM\..\RunOnce: [d3yo32.exe] C:\WINDOWS\system32\d3yo32.exe
O4 - HKLM\..\RunOnce: [sdkip.exe] C:\WINDOWS\system32\sdkip.exe
O4 - HKLM\..\RunOnce: [javanl32.exe] C:\WINDOWS\system32\javanl32.exe
O4 - HKLM\..\RunOnce: [sdkca32.exe] C:\WINDOWS\sdkca32.exe
O4 - HKLM\..\RunOnce: [mfche32.exe] C:\WINDOWS\system32\mfche32.exe
O4 - HKLM\..\RunOnce: [javacq32.exe] C:\WINDOWS\javacq32.exe
O4 - HKLM\..\RunOnce: [msgu.exe] C:\WINDOWS\system32\msgu.exe
O4 - HKLM\..\RunOnce: [d3pv32.exe] C:\WINDOWS\d3pv32.exe
O4 - HKLM\..\RunOnce: [crer32.exe] C:\WINDOWS\system32\crer32.exe
O4 - HKLM\..\RunOnce: [netjo32.exe] C:\WINDOWS\netjo32.exe
O4 - HKLM\..\RunOnce: [d3ez32.exe] C:\WINDOWS\system32\d3ez32.exe
O4 - HKLM\..\RunOnce: [sysie.exe] C:\WINDOWS\system32\sysie.exe
O4 - HKLM\..\RunOnce: [iere32.exe] C:\WINDOWS\system32\iere32.exe
O4 - HKLM\..\RunOnce: [msgb.exe] C:\WINDOWS\system32\msgb.exe
O4 - HKLM\..\RunOnce: [ielx.exe] C:\WINDOWS\system32\ielx.exe
O4 - HKLM\..\RunOnce: [ipru.exe] C:\WINDOWS\ipru.exe
O4 - HKLM\..\RunOnce: [syslf.exe] C:\WINDOWS\system32\syslf.exe
O4 - HKLM\..\RunOnce: [d3bv.exe] C:\WINDOWS\system32\d3bv.exe
O4 - HKLM\..\RunOnce: [ipln32.exe] C:\WINDOWS\ipln32.exe
O4 - HKLM\..\RunOnce: [ntez.exe] C:\WINDOWS\ntez.exe
O4 - HKLM\..\RunOnce: [msid.exe] C:\WINDOWS\system32\msid.exe
O4 - HKLM\..\RunOnce: [wintd32.exe] C:\WINDOWS\wintd32.exe
O4 - HKLM\..\RunOnce: [mfcjl.exe] C:\WINDOWS\mfcjl.exe
O4 - HKLM\..\RunOnce: [ntnp32.exe] C:\WINDOWS\system32\ntnp32.exe
O4 - HKLM\..\RunOnce: [apixp.exe] C:\WINDOWS\apixp.exe
O4 - HKLM\..\RunOnce: [netcm32.exe] C:\WINDOWS\system32\netcm32.exe
O4 - HKLM\..\RunOnce: [apirj32.exe] C:\WINDOWS\apirj32.exe
O4 - HKLM\..\RunOnce: [winwf32.exe] C:\WINDOWS\winwf32.exe
O4 - HKLM\..\RunOnce: [netzr32.exe] C:\WINDOWS\netzr32.exe
O4 - HKLM\..\RunOnce: [sdkdv.exe] C:\WINDOWS\system32\sdkdv.exe
O4 - HKLM\..\RunOnce: [ntev32.exe] C:\WINDOWS\ntev32.exe
O4 - HKLM\..\RunOnce: [ipts32.exe] C:\WINDOWS\system32\ipts32.exe
O4 - HKLM\..\RunOnce: [appxp32.exe] C:\WINDOWS\system32\appxp32.exe
O4 - HKLM\..\RunOnce: [ntsa32.exe] C:\WINDOWS\system32\ntsa32.exe
O4 - HKLM\..\RunOnce: [crff.exe] C:\WINDOWS\crff.exe
O4 - HKLM\..\RunOnce: [d3lb32.exe] C:\WINDOWS\d3lb32.exe
O4 - HKLM\..\RunOnce: [crzy32.exe] C:\WINDOWS\system32\crzy32.exe
O4 - HKLM\..\RunOnce: [apieu32.exe] C:\WINDOWS\apieu32.exe
O4 - HKLM\..\RunOnce: [d3zg.exe] C:\WINDOWS\system32\d3zg.exe
O4 - HKLM\..\RunOnce: [ntds32.exe] C:\WINDOWS\system32\ntds32.exe
O4 - HKLM\..\RunOnce: [mfcti.exe] C:\WINDOWS\mfcti.exe
O4 - HKLM\..\RunOnce: [syssp32.exe] C:\WINDOWS\system32\syssp32.exe
O4 - HKLM\..\RunOnce: [crrf32.exe] C:\WINDOWS\system32\crrf32.exe
O4 - HKLM\..\RunOnce: [d3qv.exe] C:\WINDOWS\d3qv.exe
O4 - HKLM\..\RunOnce: [javazv.exe] C:\WINDOWS\system32\javazv.exe
O4 - HKLM\..\RunOnce: [winok32.exe] C:\WINDOWS\winok32.exe
O4 - HKLM\..\RunOnce: [atlfs32.exe] C:\WINDOWS\atlfs32.exe
O4 - HKLM\..\RunOnce: [addav.exe] C:\WINDOWS\system32\addav.exe
O4 - HKLM\..\RunOnce: [d3zl32.exe] C:\WINDOWS\system32\d3zl32.exe
O4 - HKLM\..\RunOnce: [ntxa32.exe] C:\WINDOWS\ntxa32.exe
O4 - HKLM\..\RunOnce: [sdkxi.exe] C:\WINDOWS\sdkxi.exe
O4 - HKLM\..\RunOnce: [sysaa.exe] C:\WINDOWS\system32\sysaa.exe
O4 - HKLM\..\RunOnce: [javazq32.exe] C:\WINDOWS\system32\javazq32.exe
O4 - HKLM\..\RunOnce: [netyx32.exe] C:\WINDOWS\netyx32.exe
O4 - HKLM\..\RunOnce: [ipxn32.exe] C:\WINDOWS\ipxn32.exe
O4 - HKLM\..\RunOnce: [mfcho.exe] C:\WINDOWS\system32\mfcho.exe
O4 - HKLM\..\RunOnce: [addla.exe] C:\WINDOWS\system32\addla.exe
O4 - HKLM\..\RunOnce: [netap32.exe] C:\WINDOWS\netap32.exe
O4 - HKLM\..\RunOnce: [javaqw32.exe] C:\WINDOWS\javaqw32.exe
O4 - HKLM\..\RunOnce: [ntua.exe] C:\WINDOWS\ntua.exe
O4 - HKLM\..\RunOnce: [apptq32.exe] C:\WINDOWS\apptq32.exe
O4 - HKLM\..\RunOnce: [iejf32.exe] C:\WINDOWS\system32\iejf32.exe
O4 - HKLM\..\RunOnce: [sysrn.exe] C:\WINDOWS\system32\sysrn.exe
O4 - HKLM\..\RunOnce: [iero.exe] C:\WINDOWS\iero.exe
O4 - HKLM\..\RunOnce: [atlhl32.exe] C:\WINDOWS\system32\atlhl32.exe
O4 - HKLM\..\RunOnce: [ipfs32.exe] C:\WINDOWS\system32\ipfs32.exe
O4 - HKLM\..\RunOnce: [apiaw.exe] C:\WINDOWS\apiaw.exe
O4 - HKLM\..\RunOnce: [syszm32.exe] C:\WINDOWS\system32\syszm32.exe
O4 - HKLM\..\RunOnce: [crpb.exe] C:\WINDOWS\crpb.exe
O4 - HKLM\..\RunOnce: [netor32.exe] C:\WINDOWS\netor32.exe
O4 - HKLM\..\RunOnce: [appmg32.exe] C:\WINDOWS\system32\appmg32.exe
O4 - HKLM\..\RunOnce: [atlmo32.exe] C:\WINDOWS\system32\atlmo32.exe
O4 - HKLM\..\RunOnce: [ipwp32.exe] C:\WINDOWS\ipwp32.exe
O4 - HKLM\..\RunOnce: [winwp.exe] C:\WINDOWS\system32\winwp.exe
O4 - HKLM\..\RunOnce: [msab.exe] C:\WINDOWS\msab.exe
O4 - HKLM\..\RunOnce: [apppq32.exe] C:\WINDOWS\system32\apppq32.exe
O4 - HKLM\..\RunOnce: [netnx32.exe] C:\WINDOWS\system32\netnx32.exe
O4 - HKLM\..\RunOnce: [mfcij.exe] C:\WINDOWS\mfcij.exe
O4 - HKLM\..\RunOnce: [iehr32.exe] C:\WINDOWS\iehr32.exe
O4 - HKLM\..\RunOnce: [javayg32.exe] C:\WINDOWS\system32\javayg32.exe
O4 - HKLM\..\RunOnce: [crgw.exe] C:\WINDOWS\crgw.exe
O4 - HKLM\..\RunOnce: [javagx.exe] C:\WINDOWS\system32\javagx.exe
O4 - HKLM\..\RunOnce: [syswm32.exe] C:\WINDOWS\syswm32.exe
O4 - HKLM\..\RunOnce: [atlut32.exe] C:\WINDOWS\system32\atlut32.exe
O4 - HKLM\..\RunOnce: [addpx.exe] C:\WINDOWS\system32\addpx.exe
O4 - HKLM\..\RunOnce: [cron32.exe] C:\WINDOWS\system32\cron32.exe
O4 - HKLM\..\RunOnce: [ipmc.exe] C:\WINDOWS\ipmc.exe
O4 - HKLM\..\RunOnce: [appls32.exe] C:\WINDOWS\appls32.exe
O4 - HKLM\..\RunOnce: [iebh32.exe] C:\WINDOWS\system32\iebh32.exe
O4 - HKLM\..\RunOnce: [sysjp32.exe] C:\WINDOWS\system32\sysjp32.exe
O4 - HKLM\..\RunOnce: [atllq32.exe] C:\WINDOWS\system32\atllq32.exe
O4 - HKLM\..\RunOnce: [d3tq.exe] C:\WINDOWS\d3tq.exe
O4 - HKLM\..\RunOnce: [cruy32.exe] C:\WINDOWS\system32\cruy32.exe
O4 - HKLM\..\RunOnce: [javain32.exe] C:\WINDOWS\javain32.exe
O4 - HKLM\..\RunOnce: [mfcnr32.exe] C:\WINDOWS\system32\mfcnr32.exe
O4 - HKLM\..\RunOnce: [crid32.exe] C:\WINDOWS\crid32.exe
O4 - HKLM\..\RunOnce: [ienh.exe] C:\WINDOWS\system32\ienh.exe
O4 - HKLM\..\RunOnce: [d3vh32.exe] C:\WINDOWS\d3vh32.exe
O4 - HKLM\..\RunOnce: [msck.exe] C:\WINDOWS\system32\msck.exe
O4 - HKLM\..\RunOnce: [d3ke32.exe] C:\WINDOWS\system32\d3ke32.exe
O4 - HKLM\..\RunOnce: [netlo32.exe] C:\WINDOWS\netlo32.exe
O4 - HKLM\..\RunOnce: [netpb32.exe] C:\WINDOWS\netpb32.exe
O4 - HKLM\..\RunOnce: [mskm32.exe] C:\WINDOWS\system32\mskm32.exe
O4 - HKLM\..\RunOnce: [sysor.exe] C:\WINDOWS\sysor.exe
O4 - HKLM\..\RunOnce: [iexr32.exe] C:\WINDOWS\system32\iexr32.exe
O4 - HKLM\..\RunOnce: [iemo.exe] C:\WINDOWS\iemo.exe
O4 - HKLM\..\RunOnce: [ierk.exe] C:\WINDOWS\system32\ierk.exe
O4 - HKLM\..\RunOnce: [ipxh.exe] C:\WINDOWS\ipxh.exe
O4 - HKLM\..\RunOnce: [crqe32.exe] C:\WINDOWS\system32\crqe32.exe
O4 - HKLM\..\RunOnce: [crmt32.exe] C:\WINDOWS\crmt32.exe
O4 - HKLM\..\RunOnce: [sysrv32.exe] C:\WINDOWS\sysrv32.exe
O4 - HKLM\..\RunOnce: [d3ge32.exe] C:\WINDOWS\system32\d3ge32.exe
O4 - HKLM\..\RunOnce: [iplg32.exe] C:\WINDOWS\system32\iplg32.exe
O4 - HKLM\..\RunOnce: [appzo.exe] C:\WINDOWS\system32\appzo.exe
O4 - HKLM\..\RunOnce: [msvm.exe] C:\WINDOWS\msvm.exe
O4 - HKLM\..\RunOnce: [javaor.exe] C:\WINDOWS\system32\javaor.exe
O4 - HKLM\..\RunOnce: [appsc32.exe] C:\WINDOWS\system32\appsc32.exe
O4 - HKLM\..\RunOnce: [msye32.exe] C:\WINDOWS\system32\msye32.exe
O4 - HKLM\..\RunOnce: [netjj32.exe] C:\WINDOWS\system32\netjj32.exe
O4 - HKLM\..\RunOnce: [winol.exe] C:\WINDOWS\system32\winol.exe
O4 - HKLM\..\RunOnce: [ipqp.exe] C:\WINDOWS\ipqp.exe
O4 - HKLM\..\RunOnce: [javann32.exe] C:\WINDOWS\system32\javann32.exe
O4 - HKLM\..\RunOnce: [mfcsp32.exe] C:\WINDOWS\mfcsp32.exe
O4 - HKLM\..\RunOnce: [crnb32.exe] C:\WINDOWS\system32\crnb32.exe
O4 - HKLM\..\RunOnce: [netgs32.exe] C:\WINDOWS\netgs32.exe
O4 - HKLM\..\RunOnce: [winuc.exe] C:\WINDOWS\system32\winuc.exe
O4 - HKLM\..\RunOnce: [crzw32.exe] C:\WINDOWS\system32\crzw32.exe
O4 - HKLM\..\RunOnce: [addeu.exe] C:\WINDOWS\system32\addeu.exe
O4 - HKLM\..\RunOnce: [d3jo32.exe] C:\WINDOWS\d3jo32.exe
O4 - HKLM\..\RunOnce: [crvt32.exe] C:\WINDOWS\system32\crvt32.exe
O4 - HKLM\..\RunOnce: [javado.exe] C:\WINDOWS\system32\javado.exe
O4 - HKLM\..\RunOnce: [mfcce32.exe] C:\WINDOWS\system32\mfcce32.exe
O4 - HKLM\..\RunOnce: [syspg.exe] C:\WINDOWS\syspg.exe
O4 - HKLM\..\RunOnce: [atlfi32.exe] C:\WINDOWS\system32\atlfi32.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121022516328
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: Network Security Service (NSS) ( 11F#`I) - Unknown owner - C:\WINDOWS\sysce32.exe" /s (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\GHOSTS~2.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
----------

Edited by X Myth, 11 July 2005 - 06:33 AM.

  • 0

Advertisements


#2
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi X Myth,

You have a bunch of infections on your PC. We can still clean it up :tazz:


You have a CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download and install CleanUp! Here

Save all of these files somewhere you will remember like to the Desktop.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run CleanUp!Reboot your computer into normal windows.

Please run an on-line virus scan at TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)
  • 0

#3
X Myth

X Myth

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Couldn't continue with the first step, it repeatedly said "removing resjdne.dll" with buster. AVG can't even heal, delete, or move to the vault... Seems to have a mind of it's own.. It's located in the System32 folder, it's 56kb, it was created on Friday, June 18, 2004, 12:13:09 AM, and AVG calls it "Trojan horse BackDoor.Agent.BA" with no further information...
  • 0

#4
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi X Myth,

Can you download and save the attached file ??

Unzip the contants and save them on your desktop. Double click on Get_Active_Services_179.vbs file. Your AV software may flag it as a warning but let it run. It will generate a log. Post back the log here
  • 0

#5
X Myth

X Myth

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I'm sorry what do you mean by save and attached file? (If there is one on the last msg you just sent, then no I don't see it.) If you ment about the 3 programs you listed above, yes I downloaded and saved them to my desktop -Buster, CWShredder, and Cleanup!

I do not see "Get_Active_Services_179.vbs" file

I'm a bit lost so sorry.. :tazz:


Edit- Note, I'm using AVG free version.

Edited by X Myth, 13 July 2005 - 02:13 PM.

  • 0

#6
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi

I will attach it again for you


[attachment=2259:attachment]
  • 0

#7
X Myth

X Myth

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
After double clicking on the file my computer thought for about 3 seconds then came up with this msg-


Windows Script Host
Script: C:\Documents and settings\mark\Desktop\get active services.vbs
Line: 7
Char: 1
Error: 0x8004100A
Code: 8004100A
Source: (null)

There is only a OK to hit then it closes.
  • 0

#8
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi X_Myth,

Lets clean up the stuff first then.

Please print out these instructions or copy them into a text file on your Desktop for easy access.

During the fix, u will be asked to fix some entries, delete some files or uninstall sosme programs. If in case, you do not see those entries / files / programs, please make a note of it. Continue with the fix and in your next post please inform me of all deviations from the fix prescribed.

1. Download Programs

Please download these programs and save them in a new folder on your desktop -

CleanUp
Ewido Security Suite

Install Ewido, and update the definitions to the newest files. Do NOT run a scan yet.

3. Run Hijack This

Run Hijack This and click on scan. The following items need to be fixed -

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kfozh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kfozh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\kfozh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kfozh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kfozh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\kfozh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\kfozh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {0D064D84-ED78-BC93-66E2-030B7A926E0F} - C:\WINDOWS\system32\winiz.dll
O2 - BHO: Class - {5E8BA5AA-42CF-368F-88E1-1CDF46D25744} - C:\WINDOWS\system32\ipqr32.dll
O2 - BHO: Class - {66100307-54EE-8324-718F-DA7041322625} - C:\WINDOWS\system32\crnb32.dll
O2 - BHO: Class - {F1D1E8C9-4FA8-1ACF-0E3A-A0F331D618C5} - C:\WINDOWS\crlq.dll
O4 - HKLM\..\Run: [crip32.exe] C:\WINDOWS\crip32.exe
O4 - HKLM\..\Run: [sysuc.exe] C:\WINDOWS\system32\sysuc.exe
O4 - HKLM\..\Run: [sdkxr32.exe] C:\WINDOWS\sdkxr32.exe
O4 - HKLM\..\Run: [sdkzc.exe] C:\WINDOWS\sdkzc.exe
O4 - HKLM\..\Run: [sdkar.exe] C:\WINDOWS\sdkar.exe
O4 - HKLM\..\Run: [winyk32.exe] C:\WINDOWS\winyk32.exe
O4 - HKLM\..\RunOnce: [sysce32.exe] C:\WINDOWS\sysce32.exe
O4 - HKLM\..\RunOnce: [javadn32.exe] C:\WINDOWS\system32\javadn32.exe
O4 - HKLM\..\RunOnce: [sysco.exe] C:\WINDOWS\sysco.exe
O4 - HKLM\..\RunOnce: [d3na32.exe] C:\WINDOWS\d3na32.exe
O4 - HKLM\..\RunOnce: [d3hj.exe] C:\WINDOWS\d3hj.exe
O4 - HKLM\..\RunOnce: [atleo32.exe] C:\WINDOWS\system32\atleo32.exe
O4 - HKLM\..\RunOnce: [javaoq32.exe] C:\WINDOWS\javaoq32.exe
O4 - HKLM\..\RunOnce: [mfccz32.exe] C:\WINDOWS\system32\mfccz32.exe
O4 - HKLM\..\RunOnce: [mfcrt.exe] C:\WINDOWS\mfcrt.exe
O4 - HKLM\..\RunOnce: [atljd32.exe] C:\WINDOWS\system32\atljd32.exe
O4 - HKLM\..\RunOnce: [netrj.exe] C:\WINDOWS\netrj.exe
O4 - HKLM\..\RunOnce: [crvb.exe] C:\WINDOWS\crvb.exe
O4 - HKLM\..\RunOnce: [mspa32.exe] C:\WINDOWS\system32\mspa32.exe
O4 - HKLM\..\RunOnce: [mssk.exe] C:\WINDOWS\mssk.exe
O4 - HKLM\..\RunOnce: [ipzx.exe] C:\WINDOWS\ipzx.exe
O4 - HKLM\..\RunOnce: [d3kc.exe] C:\WINDOWS\d3kc.exe
O4 - HKLM\..\RunOnce: [mfcen.exe] C:\WINDOWS\mfcen.exe
O4 - HKLM\..\RunOnce: [iexy.exe] C:\WINDOWS\system32\iexy.exe
O4 - HKLM\..\RunOnce: [sdkte.exe] C:\WINDOWS\system32\sdkte.exe
O4 - HKLM\..\RunOnce: [javabc.exe] C:\WINDOWS\javabc.exe
O4 - HKLM\..\RunOnce: [winqy.exe] C:\WINDOWS\winqy.exe
O4 - HKLM\..\RunOnce: [ntuv32.exe] C:\WINDOWS\system32\ntuv32.exe
O4 - HKLM\..\RunOnce: [msyx32.exe] C:\WINDOWS\system32\msyx32.exe
O4 - HKLM\..\RunOnce: [javapo32.exe] C:\WINDOWS\javapo32.exe
O4 - HKLM\..\RunOnce: [sysyj32.exe] C:\WINDOWS\sysyj32.exe
O4 - HKLM\..\RunOnce: [winqq32.exe] C:\WINDOWS\winqq32.exe
O4 - HKLM\..\RunOnce: [mfcyi32.exe] C:\WINDOWS\system32\mfcyi32.exe
O4 - HKLM\..\RunOnce: [ipop.exe] C:\WINDOWS\system32\ipop.exe
O4 - HKLM\..\RunOnce: [iexm32.exe] C:\WINDOWS\iexm32.exe
O4 - HKLM\..\RunOnce: [javaku.exe] C:\WINDOWS\javaku.exe
O4 - HKLM\..\RunOnce: [ierg.exe] C:\WINDOWS\ierg.exe
O4 - HKLM\..\RunOnce: [ntea32.exe] C:\WINDOWS\ntea32.exe
O4 - HKLM\..\RunOnce: [netzm32.exe] C:\WINDOWS\system32\netzm32.exe
O4 - HKLM\..\RunOnce: [addfg.exe] C:\WINDOWS\system32\addfg.exe
O4 - HKLM\..\RunOnce: [ieuv.exe] C:\WINDOWS\system32\ieuv.exe
O4 - HKLM\..\RunOnce: [sdkap32.exe] C:\WINDOWS\sdkap32.exe
O4 - HKLM\..\RunOnce: [msdt.exe] C:\WINDOWS\msdt.exe
O4 - HKLM\..\RunOnce: [winub32.exe] C:\WINDOWS\winub32.exe
O4 - HKLM\..\RunOnce: [crhd.exe] C:\WINDOWS\system32\crhd.exe
O4 - HKLM\..\RunOnce: [netsw.exe] C:\WINDOWS\netsw.exe
O4 - HKLM\..\RunOnce: [addxq32.exe] C:\WINDOWS\addxq32.exe
O4 - HKLM\..\RunOnce: [javaoa.exe] C:\WINDOWS\javaoa.exe
O4 - HKLM\..\RunOnce: [apibu32.exe] C:\WINDOWS\apibu32.exe
O4 - HKLM\..\RunOnce: [sdkfg32.exe] C:\WINDOWS\system32\sdkfg32.exe
O4 - HKLM\..\RunOnce: [sdkfw32.exe] C:\WINDOWS\system32\sdkfw32.exe
O4 - HKLM\..\RunOnce: [d3sa.exe] C:\WINDOWS\system32\d3sa.exe
O4 - HKLM\..\RunOnce: [crtb32.exe] C:\WINDOWS\system32\crtb32.exe
O4 - HKLM\..\RunOnce: [javahy32.exe] C:\WINDOWS\system32\javahy32.exe
O4 - HKLM\..\RunOnce: [apimu32.exe] C:\WINDOWS\system32\apimu32.exe
O4 - HKLM\..\RunOnce: [crhg32.exe] C:\WINDOWS\crhg32.exe
O4 - HKLM\..\RunOnce: [iemk.exe] C:\WINDOWS\iemk.exe
O4 - HKLM\..\RunOnce: [msvk32.exe] C:\WINDOWS\msvk32.exe
O4 - HKLM\..\RunOnce: [d3jh32.exe] C:\WINDOWS\d3jh32.exe
O4 - HKLM\..\RunOnce: [ipod.exe] C:\WINDOWS\ipod.exe
O4 - HKLM\..\RunOnce: [sdkhe32.exe] C:\WINDOWS\sdkhe32.exe
O4 - HKLM\..\RunOnce: [d3xm32.exe] C:\WINDOWS\d3xm32.exe
O4 - HKLM\..\RunOnce: [javaty.exe] C:\WINDOWS\system32\javaty.exe
O4 - HKLM\..\RunOnce: [apisf32.exe] C:\WINDOWS\system32\apisf32.exe
O4 - HKLM\..\RunOnce: [addqv32.exe] C:\WINDOWS\addqv32.exe
O4 - HKLM\..\RunOnce: [appql.exe] C:\WINDOWS\appql.exe
O4 - HKLM\..\RunOnce: [winyl.exe] C:\WINDOWS\winyl.exe
O4 - HKLM\..\RunOnce: [netoa.exe] C:\WINDOWS\netoa.exe
O4 - HKLM\..\RunOnce: [atldp32.exe] C:\WINDOWS\atldp32.exe
O4 - HKLM\..\RunOnce: [apiob.exe] C:\WINDOWS\apiob.exe
O4 - HKLM\..\RunOnce: [sdksf32.exe] C:\WINDOWS\system32\sdksf32.exe
O4 - HKLM\..\RunOnce: [syswo.exe] C:\WINDOWS\syswo.exe
O4 - HKLM\..\RunOnce: [netcf.exe] C:\WINDOWS\system32\netcf.exe
O4 - HKLM\..\RunOnce: [ipic32.exe] C:\WINDOWS\system32\ipic32.exe
O4 - HKLM\..\RunOnce: [atlgp32.exe] C:\WINDOWS\atlgp32.exe
O4 - HKLM\..\RunOnce: [netwz32.exe] C:\WINDOWS\netwz32.exe
O4 - HKLM\..\RunOnce: [sysdt.exe] C:\WINDOWS\sysdt.exe
O4 - HKLM\..\RunOnce: [addbv32.exe] C:\WINDOWS\addbv32.exe
O4 - HKLM\..\RunOnce: [sdkbd.exe] C:\WINDOWS\system32\sdkbd.exe
O4 - HKLM\..\RunOnce: [winkj32.exe] C:\WINDOWS\system32\winkj32.exe
O4 - HKLM\..\RunOnce: [atlpn.exe] C:\WINDOWS\atlpn.exe
O4 - HKLM\..\RunOnce: [appyo32.exe] C:\WINDOWS\system32\appyo32.exe
O4 - HKLM\..\RunOnce: [addmk.exe] C:\WINDOWS\addmk.exe
O4 - HKLM\..\RunOnce: [sysfh.exe] C:\WINDOWS\sysfh.exe
O4 - HKLM\..\RunOnce: [crfe.exe] C:\WINDOWS\crfe.exe
O4 - HKLM\..\RunOnce: [atlap.exe] C:\WINDOWS\atlap.exe
O4 - HKLM\..\RunOnce: [winhe.exe] C:\WINDOWS\system32\winhe.exe
O4 - HKLM\..\RunOnce: [crax32.exe] C:\WINDOWS\system32\crax32.exe
O4 - HKLM\..\RunOnce: [msli.exe] C:\WINDOWS\msli.exe
O4 - HKLM\..\RunOnce: [addpm.exe] C:\WINDOWS\addpm.exe
O4 - HKLM\..\RunOnce: [msrn32.exe] C:\WINDOWS\system32\msrn32.exe
O4 - HKLM\..\RunOnce: [apizn32.exe] C:\WINDOWS\apizn32.exe
O4 - HKLM\..\RunOnce: [ntyu.exe] C:\WINDOWS\ntyu.exe
O4 - HKLM\..\RunOnce: [d3uy32.exe] C:\WINDOWS\system32\d3uy32.exe
O4 - HKLM\..\RunOnce: [iptg.exe] C:\WINDOWS\iptg.exe
O4 - HKLM\..\RunOnce: [javarw32.exe] C:\WINDOWS\system32\javarw32.exe
O4 - HKLM\..\RunOnce: [d3ax32.exe] C:\WINDOWS\d3ax32.exe
O4 - HKLM\..\RunOnce: [atlpu.exe] C:\WINDOWS\system32\atlpu.exe
O4 - HKLM\..\RunOnce: [javaxl32.exe] C:\WINDOWS\javaxl32.exe
O4 - HKLM\..\RunOnce: [sysof32.exe] C:\WINDOWS\sysof32.exe
O4 - HKLM\..\RunOnce: [ntff.exe] C:\WINDOWS\ntff.exe
O4 - HKLM\..\RunOnce: [d3fw32.exe] C:\WINDOWS\system32\d3fw32.exe
O4 - HKLM\..\RunOnce: [mfccp32.exe] C:\WINDOWS\mfccp32.exe
O4 - HKLM\..\RunOnce: [crfb32.exe] C:\WINDOWS\system32\crfb32.exe
O4 - HKLM\..\RunOnce: [iekf.exe] C:\WINDOWS\system32\iekf.exe
O4 - HKLM\..\RunOnce: [d3lf32.exe] C:\WINDOWS\d3lf32.exe
O4 - HKLM\..\RunOnce: [atlul.exe] C:\WINDOWS\system32\atlul.exe
O4 - HKLM\..\RunOnce: [sdkra32.exe] C:\WINDOWS\sdkra32.exe
O4 - HKLM\..\RunOnce: [msii.exe] C:\WINDOWS\system32\msii.exe
O4 - HKLM\..\RunOnce: [addlm32.exe] C:\WINDOWS\system32\addlm32.exe
O4 - HKLM\..\RunOnce: [atlam32.exe] C:\WINDOWS\system32\atlam32.exe
O4 - HKLM\..\RunOnce: [ievm.exe] C:\WINDOWS\system32\ievm.exe
O4 - HKLM\..\RunOnce: [sysbj32.exe] C:\WINDOWS\system32\sysbj32.exe
O4 - HKLM\..\RunOnce: [addap.exe] C:\WINDOWS\addap.exe
O4 - HKLM\..\RunOnce: [apibg.exe] C:\WINDOWS\system32\apibg.exe
O4 - HKLM\..\RunOnce: [iepg32.exe] C:\WINDOWS\iepg32.exe
O4 - HKLM\..\RunOnce: [javaek32.exe] C:\WINDOWS\javaek32.exe
O4 - HKLM\..\RunOnce: [ntwo.exe] C:\WINDOWS\ntwo.exe
O4 - HKLM\..\RunOnce: [atlpf32.exe] C:\WINDOWS\system32\atlpf32.exe
O4 - HKLM\..\RunOnce: [msel.exe] C:\WINDOWS\msel.exe
O4 - HKLM\..\RunOnce: [ntsn32.exe] C:\WINDOWS\ntsn32.exe
O4 - HKLM\..\RunOnce: [atlte.exe] C:\WINDOWS\system32\atlte.exe
O4 - HKLM\..\RunOnce: [msyh32.exe] C:\WINDOWS\system32\msyh32.exe
O4 - HKLM\..\RunOnce: [msss32.exe] C:\WINDOWS\system32\msss32.exe
O4 - HKLM\..\RunOnce: [iezu32.exe] C:\WINDOWS\iezu32.exe
O4 - HKLM\..\RunOnce: [ieai32.exe] C:\WINDOWS\system32\ieai32.exe
O4 - HKLM\..\RunOnce: [sdkfc.exe] C:\WINDOWS\system32\sdkfc.exe
O4 - HKLM\..\RunOnce: [addiz32.exe] C:\WINDOWS\system32\addiz32.exe
O4 - HKLM\..\RunOnce: [d3ou.exe] C:\WINDOWS\d3ou.exe
O4 - HKLM\..\RunOnce: [mstq.exe] C:\WINDOWS\mstq.exe
O4 - HKLM\..\RunOnce: [iphk32.exe] C:\WINDOWS\system32\iphk32.exe
O4 - HKLM\..\RunOnce: [d3in32.exe] C:\WINDOWS\system32\d3in32.exe
O4 - HKLM\..\RunOnce: [ipnh32.exe] C:\WINDOWS\ipnh32.exe
O4 - HKLM\..\RunOnce: [wingu32.exe] C:\WINDOWS\system32\wingu32.exe
O4 - HKLM\..\RunOnce: [javalp.exe] C:\WINDOWS\javalp.exe
O4 - HKLM\..\RunOnce: [apiwh32.exe] C:\WINDOWS\apiwh32.exe
O4 - HKLM\..\RunOnce: [ippb.exe] C:\WINDOWS\system32\ippb.exe
O4 - HKLM\..\RunOnce: [crlf.exe] C:\WINDOWS\crlf.exe
O4 - HKLM\..\RunOnce: [sysex32.exe] C:\WINDOWS\system32\sysex32.exe
O4 - HKLM\..\RunOnce: [appun.exe] C:\WINDOWS\system32\appun.exe
O4 - HKLM\..\RunOnce: [netyj32.exe] C:\WINDOWS\netyj32.exe
O4 - HKLM\..\RunOnce: [mfcis.exe] C:\WINDOWS\system32\mfcis.exe
O4 - HKLM\..\RunOnce: [mfcng32.exe] C:\WINDOWS\mfcng32.exe
O4 - HKLM\..\RunOnce: [mfccd32.exe] C:\WINDOWS\system32\mfccd32.exe
O4 - HKLM\..\RunOnce: [iegh32.exe] C:\WINDOWS\system32\iegh32.exe
O4 - HKLM\..\RunOnce: [apict32.exe] C:\WINDOWS\system32\apict32.exe
O4 - HKLM\..\RunOnce: [ipgx.exe] C:\WINDOWS\ipgx.exe
O4 - HKLM\..\RunOnce: [netpy32.exe] C:\WINDOWS\system32\netpy32.exe
O4 - HKLM\..\RunOnce: [neteu32.exe] C:\WINDOWS\neteu32.exe
O4 - HKLM\..\RunOnce: [winar32.exe] C:\WINDOWS\winar32.exe
O4 - HKLM\..\RunOnce: [netdc32.exe] C:\WINDOWS\netdc32.exe
O4 - HKLM\..\RunOnce: [sdkih.exe] C:\WINDOWS\system32\sdkih.exe
O4 - HKLM\..\RunOnce: [ntrh32.exe] C:\WINDOWS\ntrh32.exe
O4 - HKLM\..\RunOnce: [ipxe.exe] C:\WINDOWS\system32\ipxe.exe
O4 - HKLM\..\RunOnce: [ntla.exe] C:\WINDOWS\system32\ntla.exe
O4 - HKLM\..\RunOnce: [addrx.exe] C:\WINDOWS\system32\addrx.exe
O4 - HKLM\..\RunOnce: [sdkli.exe] C:\WINDOWS\system32\sdkli.exe
O4 - HKLM\..\RunOnce: [netay.exe] C:\WINDOWS\system32\netay.exe
O4 - HKLM\..\RunOnce: [addlq32.exe] C:\WINDOWS\addlq32.exe
O4 - HKLM\..\RunOnce: [atlec.exe] C:\WINDOWS\system32\atlec.exe
O4 - HKLM\..\RunOnce: [ipag.exe] C:\WINDOWS\system32\ipag.exe
O4 - HKLM\..\RunOnce: [crtg32.exe] C:\WINDOWS\system32\crtg32.exe
O4 - HKLM\..\RunOnce: [iejo.exe] C:\WINDOWS\system32\iejo.exe
O4 - HKLM\..\RunOnce: [appns32.exe] C:\WINDOWS\system32\appns32.exe
O4 - HKLM\..\RunOnce: [winws.exe] C:\WINDOWS\system32\winws.exe
O4 - HKLM\..\RunOnce: [wincp32.exe] C:\WINDOWS\system32\wincp32.exe
O4 - HKLM\..\RunOnce: [winre32.exe] C:\WINDOWS\winre32.exe
O4 - HKLM\..\RunOnce: [javavi32.exe] C:\WINDOWS\system32\javavi32.exe
O4 - HKLM\..\RunOnce: [atlvi.exe] C:\WINDOWS\atlvi.exe
O4 - HKLM\..\RunOnce: [syszu.exe] C:\WINDOWS\system32\syszu.exe
O4 - HKLM\..\RunOnce: [apipj32.exe] C:\WINDOWS\apipj32.exe
O4 - HKLM\..\RunOnce: [ntfr.exe] C:\WINDOWS\ntfr.exe
O4 - HKLM\..\RunOnce: [msjv32.exe] C:\WINDOWS\system32\msjv32.exe
O4 - HKLM\..\RunOnce: [javasv.exe] C:\WINDOWS\javasv.exe
O4 - HKLM\..\RunOnce: [crys32.exe] C:\WINDOWS\system32\crys32.exe
O4 - HKLM\..\RunOnce: [javamp32.exe] C:\WINDOWS\javamp32.exe
O4 - HKLM\..\RunOnce: [apirl32.exe] C:\WINDOWS\apirl32.exe
O4 - HKLM\..\RunOnce: [crmx32.exe] C:\WINDOWS\crmx32.exe
O4 - HKLM\..\RunOnce: [iezb.exe] C:\WINDOWS\system32\iezb.exe
O4 - HKLM\..\RunOnce: [d3ab32.exe] C:\WINDOWS\d3ab32.exe
O4 - HKLM\..\RunOnce: [d3oy32.exe] C:\WINDOWS\system32\d3oy32.exe
O4 - HKLM\..\RunOnce: [nettd32.exe] C:\WINDOWS\system32\nettd32.exe
O4 - HKLM\..\RunOnce: [msoo32.exe] C:\WINDOWS\system32\msoo32.exe
O4 - HKLM\..\RunOnce: [wintt.exe] C:\WINDOWS\wintt.exe
O4 - HKLM\..\RunOnce: [iect32.exe] C:\WINDOWS\system32\iect32.exe
O4 - HKLM\..\RunOnce: [ieqq.exe] C:\WINDOWS\ieqq.exe
O4 - HKLM\..\RunOnce: [iewe.exe] C:\WINDOWS\iewe.exe
O4 - HKLM\..\RunOnce: [syses32.exe] C:\WINDOWS\syses32.exe
O4 - HKLM\..\RunOnce: [appjw32.exe] C:\WINDOWS\system32\appjw32.exe
O4 - HKLM\..\RunOnce: [crje.exe] C:\WINDOWS\crje.exe
O4 - HKLM\..\RunOnce: [ipni.exe] C:\WINDOWS\ipni.exe
O4 - HKLM\..\RunOnce: [mscy32.exe] C:\WINDOWS\system32\mscy32.exe
O4 - HKLM\..\RunOnce: [winsn.exe] C:\WINDOWS\system32\winsn.exe
O4 - HKLM\..\RunOnce: [apiwj32.exe] C:\WINDOWS\system32\apiwj32.exe
O4 - HKLM\..\RunOnce: [appgs.exe] C:\WINDOWS\system32\appgs.exe
O4 - HKLM\..\RunOnce: [atlmg32.exe] C:\WINDOWS\system32\atlmg32.exe
O4 - HKLM\..\RunOnce: [appad32.exe] C:\WINDOWS\appad32.exe
O4 - HKLM\..\RunOnce: [d3fh32.exe] C:\WINDOWS\system32\d3fh32.exe
O4 - HKLM\..\RunOnce: [atlat32.exe] C:\WINDOWS\atlat32.exe
O4 - HKLM\..\RunOnce: [netnx.exe] C:\WINDOWS\system32\netnx.exe
O4 - HKLM\..\RunOnce: [mfcny32.exe] C:\WINDOWS\mfcny32.exe
O4 - HKLM\..\RunOnce: [mfccv32.exe] C:\WINDOWS\system32\mfccv32.exe
O4 - HKLM\..\RunOnce: [iehr.exe] C:\WINDOWS\iehr.exe
O4 - HKLM\..\RunOnce: [crlv.exe] C:\WINDOWS\system32\crlv.exe
O4 - HKLM\..\RunOnce: [addas32.exe] C:\WINDOWS\addas32.exe
O4 - HKLM\..\RunOnce: [mfcqz32.exe] C:\WINDOWS\mfcqz32.exe
O4 - HKLM\..\RunOnce: [appld.exe] C:\WINDOWS\system32\appld.exe
O4 - HKLM\..\RunOnce: [mskt32.exe] C:\WINDOWS\system32\mskt32.exe
O4 - HKLM\..\RunOnce: [ntji32.exe] C:\WINDOWS\ntji32.exe
O4 - HKLM\..\RunOnce: [sdkiq.exe] C:\WINDOWS\system32\sdkiq.exe
O4 - HKLM\..\RunOnce: [ntrr.exe] C:\WINDOWS\ntrr.exe
O4 - HKLM\..\RunOnce: [iego32.exe] C:\WINDOWS\system32\iego32.exe
O4 - HKLM\..\RunOnce: [addxv32.exe] C:\WINDOWS\system32\addxv32.exe
O4 - HKLM\..\RunOnce: [sysaz.exe] C:\WINDOWS\sysaz.exe
O4 - HKLM\..\RunOnce: [javazp32.exe] C:\WINDOWS\javazp32.exe
O4 - HKLM\..\RunOnce: [netpe.exe] C:\WINDOWS\system32\netpe.exe
O4 - HKLM\..\RunOnce: [winou32.exe] C:\WINDOWS\system32\winou32.exe
O4 - HKLM\..\RunOnce: [d3mb32.exe] C:\WINDOWS\d3mb32.exe
O4 - HKLM\..\RunOnce: [msmr32.exe] C:\WINDOWS\msmr32.exe
O4 - HKLM\..\RunOnce: [appwk32.exe] C:\WINDOWS\appwk32.exe
O4 - HKLM\..\RunOnce: [javaws.exe] C:\WINDOWS\system32\javaws.exe
O4 - HKLM\..\RunOnce: [ipae.exe] C:\WINDOWS\system32\ipae.exe
O4 - HKLM\..\RunOnce: [mspt32.exe] C:\WINDOWS\mspt32.exe
O4 - HKLM\..\RunOnce: [winfa32.exe] C:\WINDOWS\winfa32.exe
O4 - HKLM\..\RunOnce: [ieie.exe] C:\WINDOWS\ieie.exe
O4 - HKLM\..\RunOnce: [sdkhu32.exe] C:\WINDOWS\sdkhu32.exe
O4 - HKLM\..\RunOnce: [mfcxj32.exe] C:\WINDOWS\system32\mfcxj32.exe
O4 - HKLM\..\RunOnce: [apifr.exe] C:\WINDOWS\system32\apifr.exe
O4 - HKLM\..\RunOnce: [mfcga.exe] C:\WINDOWS\mfcga.exe
O4 - HKLM\..\RunOnce: [javavp32.exe] C:\WINDOWS\system32\javavp32.exe
O4 - HKLM\..\RunOnce: [msuw32.exe] C:\WINDOWS\system32\msuw32.exe
O4 - HKLM\..\RunOnce: [crpa.exe] C:\WINDOWS\system32\crpa.exe
O4 - HKLM\..\RunOnce: [netoq32.exe] C:\WINDOWS\system32\netoq32.exe
O4 - HKLM\..\RunOnce: [mfcjb.exe] C:\WINDOWS\mfcjb.exe
O4 - HKLM\..\RunOnce: [ieir32.exe] C:\WINDOWS\ieir32.exe
O4 - HKLM\..\RunOnce: [javagy.exe] C:\WINDOWS\system32\javagy.exe
O4 - HKLM\..\RunOnce: [apifo32.exe] C:\WINDOWS\system32\apifo32.exe
O4 - HKLM\..\RunOnce: [addve32.exe] C:\WINDOWS\addve32.exe
O4 - HKLM\..\RunOnce: [adddm.exe] C:\WINDOWS\system32\adddm.exe
O4 - HKLM\..\RunOnce: [winem.exe] C:\WINDOWS\winem.exe
O4 - HKLM\..\RunOnce: [nettj32.exe] C:\WINDOWS\system32\nettj32.exe
O4 - HKLM\..\RunOnce: [sdkrq32.exe] C:\WINDOWS\system32\sdkrq32.exe
O4 - HKLM\..\RunOnce: [ipnu.exe] C:\WINDOWS\ipnu.exe
O4 - HKLM\..\RunOnce: [appmk32.exe] C:\WINDOWS\appmk32.exe
O4 - HKLM\..\RunOnce: [iecz32.exe] C:\WINDOWS\system32\iecz32.exe
O4 - HKLM\..\RunOnce: [syskh.exe] C:\WINDOWS\system32\syskh.exe
O4 - HKLM\..\RunOnce: [mski.exe] C:\WINDOWS\system32\mski.exe
O4 - HKLM\..\RunOnce: [atlaf32.exe] C:\WINDOWS\system32\atlaf32.exe
O4 - HKLM\..\RunOnce: [netym32.exe] C:\WINDOWS\system32\netym32.exe
O4 - HKLM\..\RunOnce: [mfctq.exe] C:\WINDOWS\system32\mfctq.exe
O4 - HKLM\..\RunOnce: [syssg32.exe] C:\WINDOWS\system32\syssg32.exe
O4 - HKLM\..\RunOnce: [atlle32.exe] C:\WINDOWS\system32\atlle32.exe
O4 - HKLM\..\RunOnce: [mfcwq32.exe] C:\WINDOWS\system32\mfcwq32.exe
O4 - HKLM\..\RunOnce: [iebu32.exe] C:\WINDOWS\iebu32.exe
O4 - HKLM\..\RunOnce: [apieg.exe] C:\WINDOWS\system32\apieg.exe
O4 - HKLM\..\RunOnce: [addik32.exe] C:\WINDOWS\addik32.exe
O4 - HKLM\..\RunOnce: [msyz.exe] C:\WINDOWS\system32\msyz.exe
O4 - HKLM\..\RunOnce: [ntxp32.exe] C:\WINDOWS\system32\ntxp32.exe
O4 - HKLM\..\RunOnce: [mfcve32.exe] C:\WINDOWS\mfcve32.exe
O4 - HKLM\..\RunOnce: [apivm.exe] C:\WINDOWS\apivm.exe
O4 - HKLM\..\RunOnce: [atlwm.exe] C:\WINDOWS\system32\atlwm.exe
O4 - HKLM\..\RunOnce: [sdktk.exe] C:\WINDOWS\sdktk.exe
O4 - HKLM\..\RunOnce: [netjr32.exe] C:\WINDOWS\netjr32.exe
O4 - HKLM\..\RunOnce: [ntuk.exe] C:\WINDOWS\system32\ntuk.exe
O4 - HKLM\..\RunOnce: [d3yo32.exe] C:\WINDOWS\system32\d3yo32.exe
O4 - HKLM\..\RunOnce: [sdkip.exe] C:\WINDOWS\system32\sdkip.exe
O4 - HKLM\..\RunOnce: [javanl32.exe] C:\WINDOWS\system32\javanl32.exe
O4 - HKLM\..\RunOnce: [sdkca32.exe] C:\WINDOWS\sdkca32.exe
O4 - HKLM\..\RunOnce: [mfche32.exe] C:\WINDOWS\system32\mfche32.exe
O4 - HKLM\..\RunOnce: [javacq32.exe] C:\WINDOWS\javacq32.exe
O4 - HKLM\..\RunOnce: [msgu.exe] C:\WINDOWS\system32\msgu.exe
O4 - HKLM\..\RunOnce: [d3pv32.exe] C:\WINDOWS\d3pv32.exe
O4 - HKLM\..\RunOnce: [crer32.exe] C:\WINDOWS\system32\crer32.exe
O4 - HKLM\..\RunOnce: [netjo32.exe] C:\WINDOWS\netjo32.exe
O4 - HKLM\..\RunOnce: [d3ez32.exe] C:\WINDOWS\system32\d3ez32.exe
O4 - HKLM\..\RunOnce: [sysie.exe] C:\WINDOWS\system32\sysie.exe
O4 - HKLM\..\RunOnce: [iere32.exe] C:\WINDOWS\system32\iere32.exe
O4 - HKLM\..\RunOnce: [msgb.exe] C:\WINDOWS\system32\msgb.exe
O4 - HKLM\..\RunOnce: [ielx.exe] C:\WINDOWS\system32\ielx.exe
O4 - HKLM\..\RunOnce: [ipru.exe] C:\WINDOWS\ipru.exe
O4 - HKLM\..\RunOnce: [syslf.exe] C:\WINDOWS\system32\syslf.exe
O4 - HKLM\..\RunOnce: [d3bv.exe] C:\WINDOWS\system32\d3bv.exe
O4 - HKLM\..\RunOnce: [ipln32.exe] C:\WINDOWS\ipln32.exe
O4 - HKLM\..\RunOnce: [ntez.exe] C:\WINDOWS\ntez.exe
O4 - HKLM\..\RunOnce: [msid.exe] C:\WINDOWS\system32\msid.exe
O4 - HKLM\..\RunOnce: [wintd32.exe] C:\WINDOWS\wintd32.exe
O4 - HKLM\..\RunOnce: [mfcjl.exe] C:\WINDOWS\mfcjl.exe
O4 - HKLM\..\RunOnce: [ntnp32.exe] C:\WINDOWS\system32\ntnp32.exe
O4 - HKLM\..\RunOnce: [apixp.exe] C:\WINDOWS\apixp.exe
O4 - HKLM\..\RunOnce: [netcm32.exe] C:\WINDOWS\system32\netcm32.exe
O4 - HKLM\..\RunOnce: [apirj32.exe] C:\WINDOWS\apirj32.exe
O4 - HKLM\..\RunOnce: [winwf32.exe] C:\WINDOWS\winwf32.exe
O4 - HKLM\..\RunOnce: [netzr32.exe] C:\WINDOWS\netzr32.exe
O4 - HKLM\..\RunOnce: [sdkdv.exe] C:\WINDOWS\system32\sdkdv.exe
O4 - HKLM\..\RunOnce: [ntev32.exe] C:\WINDOWS\ntev32.exe
O4 - HKLM\..\RunOnce: [ipts32.exe] C:\WINDOWS\system32\ipts32.exe
O4 - HKLM\..\RunOnce: [appxp32.exe] C:\WINDOWS\system32\appxp32.exe
O4 - HKLM\..\RunOnce: [ntsa32.exe] C:\WINDOWS\system32\ntsa32.exe
O4 - HKLM\..\RunOnce: [crff.exe] C:\WINDOWS\crff.exe
O4 - HKLM\..\RunOnce: [d3lb32.exe] C:\WINDOWS\d3lb32.exe
O4 - HKLM\..\RunOnce: [crzy32.exe] C:\WINDOWS\system32\crzy32.exe
O4 - HKLM\..\RunOnce: [apieu32.exe] C:\WINDOWS\apieu32.exe
O4 - HKLM\..\RunOnce: [d3zg.exe] C:\WINDOWS\system32\d3zg.exe
O4 - HKLM\..\RunOnce: [ntds32.exe] C:\WINDOWS\system32\ntds32.exe
O4 - HKLM\..\RunOnce: [mfcti.exe] C:\WINDOWS\mfcti.exe
O4 - HKLM\..\RunOnce: [syssp32.exe] C:\WINDOWS\system32\syssp32.exe
O4 - HKLM\..\RunOnce: [crrf32.exe] C:\WINDOWS\system32\crrf32.exe
O4 - HKLM\..\RunOnce: [d3qv.exe] C:\WINDOWS\d3qv.exe
O4 - HKLM\..\RunOnce: [javazv.exe] C:\WINDOWS\system32\javazv.exe
O4 - HKLM\..\RunOnce: [winok32.exe] C:\WINDOWS\winok32.exe
O4 - HKLM\..\RunOnce: [atlfs32.exe] C:\WINDOWS\atlfs32.exe
O4 - HKLM\..\RunOnce: [addav.exe] C:\WINDOWS\system32\addav.exe
O4 - HKLM\..\RunOnce: [d3zl32.exe] C:\WINDOWS\system32\d3zl32.exe
O4 - HKLM\..\RunOnce: [ntxa32.exe] C:\WINDOWS\ntxa32.exe
O4 - HKLM\..\RunOnce: [sdkxi.exe] C:\WINDOWS\sdkxi.exe
O4 - HKLM\..\RunOnce: [sysaa.exe] C:\WINDOWS\system32\sysaa.exe
O4 - HKLM\..\RunOnce: [javazq32.exe] C:\WINDOWS\system32\javazq32.exe
O4 - HKLM\..\RunOnce: [netyx32.exe] C:\WINDOWS\netyx32.exe
O4 - HKLM\..\RunOnce: [ipxn32.exe] C:\WINDOWS\ipxn32.exe
O4 - HKLM\..\RunOnce: [mfcho.exe] C:\WINDOWS\system32\mfcho.exe
O4 - HKLM\..\RunOnce: [addla.exe] C:\WINDOWS\system32\addla.exe
O4 - HKLM\..\RunOnce: [netap32.exe] C:\WINDOWS\netap32.exe
O4 - HKLM\..\RunOnce: [javaqw32.exe] C:\WINDOWS\javaqw32.exe
O4 - HKLM\..\RunOnce: [ntua.exe] C:\WINDOWS\ntua.exe
O4 - HKLM\..\RunOnce: [apptq32.exe] C:\WINDOWS\apptq32.exe
O4 - HKLM\..\RunOnce: [iejf32.exe] C:\WINDOWS\system32\iejf32.exe
O4 - HKLM\..\RunOnce: [sysrn.exe] C:\WINDOWS\system32\sysrn.exe
O4 - HKLM\..\RunOnce: [iero.exe] C:\WINDOWS\iero.exe
O4 - HKLM\..\RunOnce: [atlhl32.exe] C:\WINDOWS\system32\atlhl32.exe
O4 - HKLM\..\RunOnce: [ipfs32.exe] C:\WINDOWS\system32\ipfs32.exe
O4 - HKLM\..\RunOnce: [apiaw.exe] C:\WINDOWS\apiaw.exe
O4 - HKLM\..\RunOnce: [syszm32.exe] C:\WINDOWS\system32\syszm32.exe
O4 - HKLM\..\RunOnce: [crpb.exe] C:\WINDOWS\crpb.exe
O4 - HKLM\..\RunOnce: [netor32.exe] C:\WINDOWS\netor32.exe
O4 - HKLM\..\RunOnce: [appmg32.exe] C:\WINDOWS\system32\appmg32.exe
O4 - HKLM\..\RunOnce: [atlmo32.exe] C:\WINDOWS\system32\atlmo32.exe
O4 - HKLM\..\RunOnce: [ipwp32.exe] C:\WINDOWS\ipwp32.exe
O4 - HKLM\..\RunOnce: [winwp.exe] C:\WINDOWS\system32\winwp.exe
O4 - HKLM\..\RunOnce: [msab.exe] C:\WINDOWS\msab.exe
O4 - HKLM\..\RunOnce: [apppq32.exe] C:\WINDOWS\system32\apppq32.exe
O4 - HKLM\..\RunOnce: [netnx32.exe] C:\WINDOWS\system32\netnx32.exe
O4 - HKLM\..\RunOnce: [mfcij.exe] C:\WINDOWS\mfcij.exe
O4 - HKLM\..\RunOnce: [iehr32.exe] C:\WINDOWS\iehr32.exe
O4 - HKLM\..\RunOnce: [javayg32.exe] C:\WINDOWS\system32\javayg32.exe
O4 - HKLM\..\RunOnce: [crgw.exe] C:\WINDOWS\crgw.exe
O4 - HKLM\..\RunOnce: [javagx.exe] C:\WINDOWS\system32\javagx.exe
O4 - HKLM\..\RunOnce: [syswm32.exe] C:\WINDOWS\syswm32.exe
O4 - HKLM\..\RunOnce: [atlut32.exe] C:\WINDOWS\system32\atlut32.exe
O4 - HKLM\..\RunOnce: [addpx.exe] C:\WINDOWS\system32\addpx.exe
O4 - HKLM\..\RunOnce: [cron32.exe] C:\WINDOWS\system32\cron32.exe
O4 - HKLM\..\RunOnce: [ipmc.exe] C:\WINDOWS\ipmc.exe
O4 - HKLM\..\RunOnce: [appls32.exe] C:\WINDOWS\appls32.exe
O4 - HKLM\..\RunOnce: [iebh32.exe] C:\WINDOWS\system32\iebh32.exe
O4 - HKLM\..\RunOnce: [sysjp32.exe] C:\WINDOWS\system32\sysjp32.exe
O4 - HKLM\..\RunOnce: [atllq32.exe] C:\WINDOWS\system32\atllq32.exe
O4 - HKLM\..\RunOnce: [d3tq.exe] C:\WINDOWS\d3tq.exe
O4 - HKLM\..\RunOnce: [cruy32.exe] C:\WINDOWS\system32\cruy32.exe
O4 - HKLM\..\RunOnce: [javain32.exe] C:\WINDOWS\javain32.exe
O4 - HKLM\..\RunOnce: [mfcnr32.exe] C:\WINDOWS\system32\mfcnr32.exe
O4 - HKLM\..\RunOnce: [crid32.exe] C:\WINDOWS\crid32.exe
O4 - HKLM\..\RunOnce: [ienh.exe] C:\WINDOWS\system32\ienh.exe
O4 - HKLM\..\RunOnce: [d3vh32.exe] C:\WINDOWS\d3vh32.exe
O4 - HKLM\..\RunOnce: [msck.exe] C:\WINDOWS\system32\msck.exe
O4 - HKLM\..\RunOnce: [d3ke32.exe] C:\WINDOWS\system32\d3ke32.exe
O4 - HKLM\..\RunOnce: [netlo32.exe] C:\WINDOWS\netlo32.exe
O4 - HKLM\..\RunOnce: [netpb32.exe] C:\WINDOWS\netpb32.exe
O4 - HKLM\..\RunOnce: [mskm32.exe] C:\WINDOWS\system32\mskm32.exe
O4 - HKLM\..\RunOnce: [sysor.exe] C:\WINDOWS\sysor.exe
O4 - HKLM\..\RunOnce: [iexr32.exe] C:\WINDOWS\system32\iexr32.exe
O4 - HKLM\..\RunOnce: [iemo.exe] C:\WINDOWS\iemo.exe
O4 - HKLM\..\RunOnce: [ierk.exe] C:\WINDOWS\system32\ierk.exe
O4 - HKLM\..\RunOnce: [ipxh.exe] C:\WINDOWS\ipxh.exe
O4 - HKLM\..\RunOnce: [crqe32.exe] C:\WINDOWS\system32\crqe32.exe
O4 - HKLM\..\RunOnce: [crmt32.exe] C:\WINDOWS\crmt32.exe
O4 - HKLM\..\RunOnce: [sysrv32.exe] C:\WINDOWS\sysrv32.exe
O4 - HKLM\..\RunOnce: [d3ge32.exe] C:\WINDOWS\system32\d3ge32.exe
O4 - HKLM\..\RunOnce: [iplg32.exe] C:\WINDOWS\system32\iplg32.exe
O4 - HKLM\..\RunOnce: [appzo.exe] C:\WINDOWS\system32\appzo.exe
O4 - HKLM\..\RunOnce: [msvm.exe] C:\WINDOWS\msvm.exe
O4 - HKLM\..\RunOnce: [javaor.exe] C:\WINDOWS\system32\javaor.exe
O4 - HKLM\..\RunOnce: [appsc32.exe] C:\WINDOWS\system32\appsc32.exe
O4 - HKLM\..\RunOnce: [msye32.exe] C:\WINDOWS\system32\msye32.exe
O4 - HKLM\..\RunOnce: [netjj32.exe] C:\WINDOWS\system32\netjj32.exe
O4 - HKLM\..\RunOnce: [winol.exe] C:\WINDOWS\system32\winol.exe
O4 - HKLM\..\RunOnce: [ipqp.exe] C:\WINDOWS\ipqp.exe
O4 - HKLM\..\RunOnce: [javann32.exe] C:\WINDOWS\system32\javann32.exe
O4 - HKLM\..\RunOnce: [mfcsp32.exe] C:\WINDOWS\mfcsp32.exe
O4 - HKLM\..\RunOnce: [crnb32.exe] C:\WINDOWS\system32\crnb32.exe
O4 - HKLM\..\RunOnce: [netgs32.exe] C:\WINDOWS\netgs32.exe
O4 - HKLM\..\RunOnce: [winuc.exe] C:\WINDOWS\system32\winuc.exe
O4 - HKLM\..\RunOnce: [crzw32.exe] C:\WINDOWS\system32\crzw32.exe
O4 - HKLM\..\RunOnce: [addeu.exe] C:\WINDOWS\system32\addeu.exe
O4 - HKLM\..\RunOnce: [d3jo32.exe] C:\WINDOWS\d3jo32.exe
O4 - HKLM\..\RunOnce: [crvt32.exe] C:\WINDOWS\system32\crvt32.exe
O4 - HKLM\..\RunOnce: [javado.exe] C:\WINDOWS\system32\javado.exe
O4 - HKLM\..\RunOnce: [mfcce32.exe] C:\WINDOWS\system32\mfcce32.exe
O4 - HKLM\..\RunOnce: [syspg.exe] C:\WINDOWS\syspg.exe
O4 - HKLM\..\RunOnce: [atlfi32.exe] C:\WINDOWS\system32\atlfi32.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

Click on Start ---> Run. Type Services.msc and hit enter. Locate the item Network Security Service in the right hand pane. Right click on it and click on Properties. In the Startup Type choose the option - Disable.

Restart the PC in Safe Mode (repeatedly tap the F8 key when the PC is starting up).

3. Clean Up Stuff

Run CleanUp and delete all temp files including temporary internet files

Run Ewido full scan. Let it fix any items it finds.

4. Delete Rogue files

[attachment=2267:attachment]

I have made you a text file which contains the names of all files. Please download and save the file - delfiles.txt. Open the file in Notepad and save the file as delfiles.bat (make sure the Save as Type is set to All Files).

Double click on delfiles.bat.

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder. Dont delete the folder, only the files in it !!!!!!!!


Reboot the PC in Normal Mode.


Run Hijack This and post a fresh HJT log along with Ewido scan report.
  • 0

#9
X Myth

X Myth

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:07:15 PM, on 7/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\PROGRA~1\NORTON~1\NORTON~3\GHOSTS~2.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mark\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.32.212.89
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121022516328
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\GHOSTS~2.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


----------------------------- Fresh ewido Scan- The first report deleted over 1500 infections. -----------------------------

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:06:26 PM, 7/14/2005
+ Report-Checksum: 28A3738E

+ Scan result:

No infected objects found.


::Report End



So far things seem pretty clean, I've also done the AVG Scan Adware Scan, and Spybot Scan.

I don't know why, but I can't open txt or log (notepad) files, I get a msg that says - Access is denied, so Instead edit or open it with word pad. (but I don't save the settings)
  • 0

#10
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi X_Myth,

Your log has shrunk to manageable size now :tazz: ;)


Run Hijack This and click on scan. The following items need to be fixed -

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - Global Startup: winlogin.exe


Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

Reboot the PC in Safe Mode.

Locate and delete the file -

winlogin.exe

(most probbaly in the folder c:\windows folder but use the windows search function to locate this file).

Please run about:buster by RubbeRDuckY:

* Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
* Click Yes to allow it to shutdown explorer.exe.
* It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
* When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
* Reboot your computer into safe mode again

Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run CleanUp!Reboot your computer into normal windows.

Please do an online scan at Trendmicro and save the scan report.

Post the scan report from Trendmicro along with the log from About Buster and a fresh HJT log.
  • 0

#11
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP