Options

ONEFIVE-needs computer help badly, please read HJT log!!!!THX!

Unknown
edited August 2004 in Spyware & Virus Removal
hopefully u guys can fix my computer because i am starting to lose it!


Logfile of HijackThis v1.98.1
Scan saved at 5:59:42 PM, on 8/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mfctu.exe
C:\WINDOWS\iedp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\sdkjr32.exe
C:\Documents and Settings\J Dogg\Desktop\HJT\HijackThis.exe
C:\WINDOWS\System32\wmadmoe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ycghy.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ycghy.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ycghy.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://ycghy.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ycghy.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ycghy.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ycghy.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ycghy.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ycghy.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ycghy.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {E3B10B63-55DB-3198-B589-EEA0CF1B7956} - C:\WINDOWS\system32\appbr32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [agcvgzc] rundll32 C:\WINDOWS\System32:agcvgzc.dll,Init 1
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Debug logo] C:\PROGRA~1\MANAGE~1\DATEGPLDALE.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [sdkjr32.exe] C:\WINDOWS\system32\sdkjr32.exe
O4 - HKLM\..\Run: [ieiz.exe] C:\WINDOWS\system32\ieiz.exe
O4 - HKLM\..\Run: [winay.exe] C:\WINDOWS\system32\winay.exe
O4 - HKLM\..\Run: [netgt32.exe] C:\WINDOWS\system32\netgt32.exe
O4 - HKLM\..\Run: [syswt32.exe] C:\WINDOWS\system32\syswt32.exe
O4 - HKLM\..\Run: [d3bi.exe] C:\WINDOWS\system32\d3bi.exe
O4 - HKLM\..\Run: [netvm.exe] C:\WINDOWS\system32\netvm.exe
O4 - HKLM\..\Run: [crcl32.exe] C:\WINDOWS\system32\crcl32.exe
O4 - HKLM\..\Run: [addgl.exe] C:\WINDOWS\system32\addgl.exe
O4 - HKLM\..\RunOnce: [d3mg32.exe] C:\WINDOWS\d3mg32.exe
O4 - HKLM\..\RunOnce: [sdkxz32.exe] C:\WINDOWS\system32\sdkxz32.exe
O4 - HKLM\..\RunOnce: [sdkyf32.exe] C:\WINDOWS\system32\sdkyf32.exe
O4 - HKLM\..\RunOnce: [msch32.exe] C:\WINDOWS\msch32.exe
O4 - HKLM\..\RunOnce: [netzz.exe] C:\WINDOWS\netzz.exe
O4 - HKLM\..\RunOnce: [netvo32.exe] C:\WINDOWS\netvo32.exe
O4 - HKLM\..\RunOnce: [sysdd.exe] C:\WINDOWS\sysdd.exe
O4 - HKLM\..\RunOnce: [netlt.exe] C:\WINDOWS\system32\netlt.exe
O4 - HKLM\..\RunOnce: [atlcl32.exe] C:\WINDOWS\atlcl32.exe
O4 - HKLM\..\RunOnce: [javagr32.exe] C:\WINDOWS\system32\javagr32.exe
O4 - HKLM\..\RunOnce: [appzm.exe] C:\WINDOWS\system32\appzm.exe
O4 - HKLM\..\RunOnce: [syscc.exe] C:\WINDOWS\syscc.exe
O4 - HKLM\..\RunOnce: [appfi32.exe] C:\WINDOWS\system32\appfi32.exe
O4 - HKLM\..\RunOnce: [sdkrq.exe] C:\WINDOWS\system32\sdkrq.exe
O4 - HKLM\..\RunOnce: [winio32.exe] C:\WINDOWS\winio32.exe
O4 - HKLM\..\RunOnce: [ntmh.exe] C:\WINDOWS\system32\ntmh.exe
O4 - HKLM\..\RunOnce: [appxx32.exe] C:\WINDOWS\appxx32.exe
O4 - HKLM\..\RunOnce: [syszn32.exe] C:\WINDOWS\system32\syszn32.exe
O4 - HKLM\..\RunOnce: [mfche.exe] C:\WINDOWS\system32\mfche.exe
O4 - HKLM\..\RunOnce: [syswi.exe] C:\WINDOWS\syswi.exe
O4 - HKLM\..\RunOnce: [sdkna.exe] C:\WINDOWS\system32\sdkna.exe
O4 - HKLM\..\RunOnce: [winil32.exe] C:\WINDOWS\system32\winil32.exe
O4 - HKLM\..\RunOnce: [sdkrl.exe] C:\WINDOWS\system32\sdkrl.exe
O4 - HKLM\..\RunOnce: [javasx.exe] C:\WINDOWS\javasx.exe
O4 - HKLM\..\RunOnce: [apidv.exe] C:\WINDOWS\system32\apidv.exe
O4 - HKLM\..\RunOnce: [apibu32.exe] C:\WINDOWS\apibu32.exe
O4 - HKLM\..\RunOnce: [iphv.exe] C:\WINDOWS\system32\iphv.exe
O4 - HKLM\..\RunOnce: [addgu.exe] C:\WINDOWS\system32\addgu.exe
O4 - HKLM\..\RunOnce: [sysdm32.exe] C:\WINDOWS\sysdm32.exe
O4 - HKLM\..\RunOnce: [mfcoa.exe] C:\WINDOWS\mfcoa.exe
O4 - HKLM\..\RunOnce: [syshu.exe] C:\WINDOWS\syshu.exe
O4 - HKLM\..\RunOnce: [javavh32.exe] C:\WINDOWS\javavh32.exe
O4 - HKLM\..\RunOnce: [addrq.exe] C:\WINDOWS\addrq.exe
O4 - HKLM\..\RunOnce: [addnx.exe] C:\WINDOWS\addnx.exe
O4 - HKLM\..\RunOnce: [addqd32.exe] C:\WINDOWS\system32\addqd32.exe
O4 - HKLM\..\RunOnce: [mfceb.exe] C:\WINDOWS\mfceb.exe
O4 - HKLM\..\RunOnce: [sysrq32.exe] C:\WINDOWS\sysrq32.exe
O4 - HKLM\..\RunOnce: [ntoo.exe] C:\WINDOWS\ntoo.exe
O4 - HKLM\..\RunOnce: [mfcgh32.exe] C:\WINDOWS\system32\mfcgh32.exe
O4 - HKLM\..\RunOnce: [ipjd.exe] C:\WINDOWS\ipjd.exe
O4 - HKLM\..\RunOnce: [crqo.exe] C:\WINDOWS\system32\crqo.exe
O4 - HKLM\..\RunOnce: [ieht32.exe] C:\WINDOWS\system32\ieht32.exe
O4 - HKLM\..\RunOnce: [iefr32.exe] C:\WINDOWS\system32\iefr32.exe
O4 - HKLM\..\RunOnce: [mfcxy.exe] C:\WINDOWS\mfcxy.exe
O4 - HKLM\..\RunOnce: [sdkiv32.exe] C:\WINDOWS\system32\sdkiv32.exe
O4 - HKLM\..\RunOnce: [netit32.exe] C:\WINDOWS\netit32.exe
O4 - HKLM\..\RunOnce: [ipyh.exe] C:\WINDOWS\system32\ipyh.exe
O4 - HKLM\..\RunOnce: [iepi.exe] C:\WINDOWS\system32\iepi.exe
O4 - HKLM\..\RunOnce: [atlnc.exe] C:\WINDOWS\atlnc.exe
O4 - HKLM\..\RunOnce: [atlla.exe] C:\WINDOWS\system32\atlla.exe
O4 - HKLM\..\RunOnce: [addyq32.exe] C:\WINDOWS\system32\addyq32.exe
O4 - HKLM\..\RunOnce: [winho32.exe] C:\WINDOWS\winho32.exe
O4 - HKLM\..\RunOnce: [javaqx32.exe] C:\WINDOWS\javaqx32.exe
O4 - HKLM\..\RunOnce: [sdkxm32.exe] C:\WINDOWS\sdkxm32.exe
O4 - HKLM\..\RunOnce: [crso.exe] C:\WINDOWS\system32\crso.exe
O4 - HKLM\..\RunOnce: [winmo32.exe] C:\WINDOWS\system32\winmo32.exe
O4 - HKLM\..\RunOnce: [d3ti32.exe] C:\WINDOWS\d3ti32.exe
O4 - HKLM\..\RunOnce: [addde32.exe] C:\WINDOWS\addde32.exe
O4 - HKLM\..\RunOnce: [atlvj32.exe] C:\WINDOWS\system32\atlvj32.exe
O4 - HKLM\..\RunOnce: [ipdh.exe] C:\WINDOWS\system32\ipdh.exe
O4 - HKLM\..\RunOnce: [ntri32.exe] C:\WINDOWS\system32\ntri32.exe
O4 - HKLM\..\RunOnce: [apinm32.exe] C:\WINDOWS\system32\apinm32.exe
O4 - HKLM\..\RunOnce: [winhv32.exe] C:\WINDOWS\system32\winhv32.exe
O4 - HKLM\..\RunOnce: [mfcez32.exe] C:\WINDOWS\system32\mfcez32.exe
O4 - HKLM\..\RunOnce: [ievg.exe] C:\WINDOWS\system32\ievg.exe
O4 - HKLM\..\RunOnce: [javagc32.exe] C:\WINDOWS\javagc32.exe
O4 - HKLM\..\RunOnce: [sysop.exe] C:\WINDOWS\system32\sysop.exe
O4 - HKLM\..\RunOnce: [sysmn32.exe] C:\WINDOWS\system32\sysmn32.exe
O4 - HKLM\..\RunOnce: [atlyy32.exe] C:\WINDOWS\system32\atlyy32.exe
O4 - HKLM\..\RunOnce: [crqi32.exe] C:\WINDOWS\crqi32.exe
O4 - HKLM\..\RunOnce: [crzn.exe] C:\WINDOWS\system32\crzn.exe
O4 - HKLM\..\RunOnce: [sdkbw32.exe] C:\WINDOWS\system32\sdkbw32.exe
O4 - HKLM\..\RunOnce: [syssh.exe] C:\WINDOWS\syssh.exe
O4 - HKLM\..\RunOnce: [appuq.exe] C:\WINDOWS\system32\appuq.exe
O4 - HKLM\..\RunOnce: [nton.exe] C:\WINDOWS\system32\nton.exe
O4 - HKLM\..\RunOnce: [windv.exe] C:\WINDOWS\system32\windv.exe
O4 - HKLM\..\RunOnce: [mszm.exe] C:\WINDOWS\system32\mszm.exe
O4 - HKLM\..\RunOnce: [ntrn32.exe] C:\WINDOWS\system32\ntrn32.exe
O4 - HKLM\..\RunOnce: [apiii32.exe] C:\WINDOWS\system32\apiii32.exe
O4 - HKLM\..\RunOnce: [ippy32.exe] C:\WINDOWS\system32\ippy32.exe
O4 - HKLM\..\RunOnce: [javaix.exe] C:\WINDOWS\system32\javaix.exe
O4 - HKLM\..\RunOnce: [sdkmo32.exe] C:\WINDOWS\system32\sdkmo32.exe
O4 - HKLM\..\RunOnce: [iedj32.exe] C:\WINDOWS\system32\iedj32.exe
O4 - HKLM\..\RunOnce: [ntqz.exe] C:\WINDOWS\system32\ntqz.exe
O4 - HKLM\..\RunOnce: [msre32.exe] C:\WINDOWS\msre32.exe
O4 - HKLM\..\RunOnce: [sdkmv32.exe] C:\WINDOWS\system32\sdkmv32.exe
O4 - HKLM\..\RunOnce: [iena32.exe] C:\WINDOWS\iena32.exe
O4 - HKLM\..\RunOnce: [atlkp.exe] C:\WINDOWS\atlkp.exe
O4 - HKLM\..\RunOnce: [addaq32.exe] C:\WINDOWS\addaq32.exe
O4 - HKLM\..\RunOnce: [ntfa.exe] C:\WINDOWS\ntfa.exe
O4 - HKLM\..\RunOnce: [sysxu.exe] C:\WINDOWS\sysxu.exe
O4 - HKLM\..\RunOnce: [msst32.exe] C:\WINDOWS\system32\msst32.exe
O4 - HKLM\..\RunOnce: [mfcrz.exe] C:\WINDOWS\mfcrz.exe
O4 - HKLM\..\RunOnce: [javaka.exe] C:\WINDOWS\system32\javaka.exe
O4 - HKLM\..\RunOnce: [netoj32.exe] C:\WINDOWS\netoj32.exe
O4 - HKLM\..\RunOnce: [mfctu.exe] C:\WINDOWS\mfctu.exe
O4 - HKLM\..\RunOnce: [mfcoa32.exe] C:\WINDOWS\system32\mfcoa32.exe
O4 - HKLM\..\RunOnce: [netjf32.exe] C:\WINDOWS\system32\netjf32.exe
O4 - HKLM\..\RunOnce: [javape.exe] C:\WINDOWS\system32\javape.exe
O4 - HKLM\..\RunOnce: [javalw.exe] C:\WINDOWS\javalw.exe
O4 - HKLM\..\RunOnce: [mssu32.exe] C:\WINDOWS\mssu32.exe
O4 - HKLM\..\RunOnce: [netde32.exe] C:\WINDOWS\system32\netde32.exe
O4 - HKLM\..\RunOnce: [syslx32.exe] C:\WINDOWS\syslx32.exe
O4 - HKLM\..\RunOnce: [ntsp32.exe] C:\WINDOWS\system32\ntsp32.exe
O4 - HKLM\..\RunOnce: [appxq.exe] C:\WINDOWS\system32\appxq.exe
O4 - HKLM\..\RunOnce: [iefa32.exe] C:\WINDOWS\system32\iefa32.exe
O4 - HKLM\..\RunOnce: [addjg32.exe] C:\WINDOWS\system32\addjg32.exe
O4 - HKLM\..\RunOnce: [d3pt32.exe] C:\WINDOWS\system32\d3pt32.exe
O4 - HKLM\..\RunOnce: [d3qz.exe] C:\WINDOWS\d3qz.exe
O4 - HKLM\..\RunOnce: [sdkmu32.exe] C:\WINDOWS\sdkmu32.exe
O4 - HKLM\..\RunOnce: [sdkiw32.exe] C:\WINDOWS\sdkiw32.exe
O4 - HKLM\..\RunOnce: [atlxp.exe] C:\WINDOWS\atlxp.exe
O4 - HKLM\..\RunOnce: [d3vj32.exe] C:\WINDOWS\d3vj32.exe
O4 - HKLM\..\RunOnce: [javaei32.exe] C:\WINDOWS\system32\javaei32.exe
O4 - HKLM\..\RunOnce: [d3dx.exe] C:\WINDOWS\d3dx.exe
O4 - HKLM\..\RunOnce: [appyi32.exe] C:\WINDOWS\system32\appyi32.exe
O4 - HKLM\..\RunOnce: [d3vu.exe] C:\WINDOWS\d3vu.exe
O4 - HKLM\..\RunOnce: [iebr.exe] C:\WINDOWS\system32\iebr.exe
O4 - HKLM\..\RunOnce: [mfcpc.exe] C:\WINDOWS\system32\mfcpc.exe
O4 - HKLM\..\RunOnce: [ieok32.exe] C:\WINDOWS\ieok32.exe
O4 - HKLM\..\RunOnce: [winrt.exe] C:\WINDOWS\system32\winrt.exe
O4 - HKLM\..\RunOnce: [mfcrn.exe] C:\WINDOWS\system32\mfcrn.exe
O4 - HKLM\..\RunOnce: [iexi32.exe] C:\WINDOWS\iexi32.exe
O4 - HKLM\..\RunOnce: [windk32.exe] C:\WINDOWS\windk32.exe
O4 - HKLM\..\RunOnce: [d3xw.exe] C:\WINDOWS\d3xw.exe
O4 - HKLM\..\RunOnce: [ipga32.exe] C:\WINDOWS\ipga32.exe
O4 - HKLM\..\RunOnce: [addeq.exe] C:\WINDOWS\addeq.exe
O4 - HKLM\..\RunOnce: [atldv32.exe] C:\WINDOWS\atldv32.exe
O4 - HKLM\..\RunOnce: [winyi.exe] C:\WINDOWS\winyi.exe
O4 - HKLM\..\RunOnce: [sysyj32.exe] C:\WINDOWS\system32\sysyj32.exe
O4 - HKLM\..\RunOnce: [sdkzu.exe] C:\WINDOWS\sdkzu.exe
O4 - HKLM\..\RunOnce: [sdkxy32.exe] C:\WINDOWS\sdkxy32.exe
O4 - HKLM\..\RunOnce: [atlaq.exe] C:\WINDOWS\atlaq.exe
O4 - HKLM\..\RunOnce: [mssy32.exe] C:\WINDOWS\system32\mssy32.exe
O4 - HKLM\..\RunOnce: [d3aq32.exe] C:\WINDOWS\system32\d3aq32.exe
O4 - HKLM\..\RunOnce: [netdb.exe] C:\WINDOWS\system32\netdb.exe
O4 - HKLM\..\RunOnce: [msoz.exe] C:\WINDOWS\msoz.exe
O4 - HKLM\..\RunOnce: [appzw.exe] C:\WINDOWS\system32\appzw.exe
O4 - HKLM\..\RunOnce: [appyi.exe] C:\WINDOWS\system32\appyi.exe
O4 - HKLM\..\RunOnce: [addio.exe] C:\WINDOWS\addio.exe
O4 - HKLM\..\RunOnce: [crbj32.exe] C:\WINDOWS\system32\crbj32.exe
O4 - HKLM\..\RunOnce: [d3zc32.exe] C:\WINDOWS\d3zc32.exe
O4 - HKLM\..\RunOnce: [sdkcq32.exe] C:\WINDOWS\sdkcq32.exe
O4 - HKLM\..\RunOnce: [ipkq.exe] C:\WINDOWS\system32\ipkq.exe
O4 - HKLM\..\RunOnce: [javabl32.exe] C:\WINDOWS\javabl32.exe
O4 - HKLM\..\RunOnce: [crqw.exe] C:\WINDOWS\system32\crqw.exe
O4 - HKLM\..\RunOnce: [mfcdi.exe] C:\WINDOWS\mfcdi.exe
O4 - HKLM\..\RunOnce: [sdkya.exe] C:\WINDOWS\sdkya.exe
O4 - HKLM\..\RunOnce: [crec.exe] C:\WINDOWS\crec.exe
O4 - HKLM\..\RunOnce: [appnt32.exe] C:\WINDOWS\system32\appnt32.exe
O4 - HKLM\..\RunOnce: [apiyw.exe] C:\WINDOWS\apiyw.exe
O4 - HKLM\..\RunOnce: [iexw.exe] C:\WINDOWS\iexw.exe
O4 - HKLM\..\RunOnce: [d3ml.exe] C:\WINDOWS\system32\d3ml.exe
O4 - HKLM\..\RunOnce: [sdkma.exe] C:\WINDOWS\sdkma.exe
O4 - HKLM\..\RunOnce: [craw32.exe] C:\WINDOWS\craw32.exe
O4 - HKLM\..\RunOnce: [crpt.exe] C:\WINDOWS\crpt.exe
O4 - HKLM\..\RunOnce: [crik.exe] C:\WINDOWS\crik.exe
O4 - HKLM\..\RunOnce: [ntcg32.exe] C:\WINDOWS\system32\ntcg32.exe
O4 - HKLM\..\RunOnce: [apiwr32.exe] C:\WINDOWS\system32\apiwr32.exe
O4 - HKLM\..\RunOnce: [ipyf32.exe] C:\WINDOWS\system32\ipyf32.exe
O4 - HKLM\..\RunOnce: [ieca32.exe] C:\WINDOWS\ieca32.exe
O4 - HKLM\..\RunOnce: [wintk32.exe] C:\WINDOWS\system32\wintk32.exe
O4 - HKLM\..\RunOnce: [appoe.exe] C:\WINDOWS\system32\appoe.exe
O4 - HKLM\..\RunOnce: [sdktr32.exe] C:\WINDOWS\system32\sdktr32.exe
O4 - HKLM\..\RunOnce: [mszb32.exe] C:\WINDOWS\mszb32.exe
O4 - HKLM\..\RunOnce: [atlad.exe] C:\WINDOWS\system32\atlad.exe
O4 - HKLM\..\RunOnce: [mstb32.exe] C:\WINDOWS\system32\mstb32.exe
O4 - HKLM\..\RunOnce: [atlgh.exe] C:\WINDOWS\atlgh.exe
O4 - HKLM\..\RunOnce: [javaft.exe] C:\WINDOWS\javaft.exe
O4 - HKLM\..\RunOnce: [apion32.exe] C:\WINDOWS\system32\apion32.exe
O4 - HKLM\..\RunOnce: [apput32.exe] C:\WINDOWS\apput32.exe
O4 - HKLM\..\RunOnce: [appaz32.exe] C:\WINDOWS\appaz32.exe
O4 - HKLM\..\RunOnce: [d3tf32.exe] C:\WINDOWS\system32\d3tf32.exe
O4 - HKLM\..\RunOnce: [javaoq.exe] C:\WINDOWS\javaoq.exe
O4 - HKLM\..\RunOnce: [addzp32.exe] C:\WINDOWS\system32\addzp32.exe
O4 - HKLM\..\RunOnce: [mswg32.exe] C:\WINDOWS\system32\mswg32.exe
O4 - HKLM\..\RunOnce: [ntgb.exe] C:\WINDOWS\ntgb.exe
O4 - HKLM\..\RunOnce: [winmg.exe] C:\WINDOWS\system32\winmg.exe
O4 - HKLM\..\RunOnce: [sdkqb.exe] C:\WINDOWS\sdkqb.exe
O4 - HKLM\..\RunOnce: [appee.exe] C:\WINDOWS\system32\appee.exe
O4 - HKLM\..\RunOnce: [iecr.exe] C:\WINDOWS\iecr.exe
O4 - HKLM\..\RunOnce: [appiu.exe] C:\WINDOWS\system32\appiu.exe
O4 - HKLM\..\RunOnce: [ntuy32.exe] C:\WINDOWS\system32\ntuy32.exe
O4 - HKLM\..\RunOnce: [windx32.exe] C:\WINDOWS\system32\windx32.exe
O4 - HKLM\..\RunOnce: [mfcxr32.exe] C:\WINDOWS\mfcxr32.exe
O4 - HKLM\..\RunOnce: [appfc32.exe] C:\WINDOWS\system32\appfc32.exe
O4 - HKLM\..\RunOnce: [crda.exe] C:\WINDOWS\system32\crda.exe
O4 - HKLM\..\RunOnce: [mfcia.exe] C:\WINDOWS\system32\mfcia.exe
O4 - HKLM\..\RunOnce: [addyw32.exe] C:\WINDOWS\system32\addyw32.exe
O4 - HKLM\..\RunOnce: [wingl32.exe] C:\WINDOWS\wingl32.exe
O4 - HKLM\..\RunOnce: [iehd32.exe] C:\WINDOWS\iehd32.exe
O4 - HKLM\..\RunOnce: [iekq32.exe] C:\WINDOWS\iekq32.exe
O4 - HKLM\..\RunOnce: [ntnj.exe] C:\WINDOWS\ntnj.exe
O4 - HKLM\..\RunOnce: [msie32.exe] C:\WINDOWS\msie32.exe
O4 - HKLM\..\RunOnce: [d3ie32.exe] C:\WINDOWS\system32\d3ie32.exe
O4 - HKLM\..\RunOnce: [winux32.exe] C:\WINDOWS\system32\winux32.exe
O4 - HKLM\..\RunOnce: [appuk.exe] C:\WINDOWS\system32\appuk.exe
O4 - HKLM\..\RunOnce: [syspk32.exe] C:\WINDOWS\system32\syspk32.exe
O4 - HKLM\..\RunOnce: [crud.exe] C:\WINDOWS\system32\crud.exe
O4 - HKLM\..\RunOnce: [apium.exe] C:\WINDOWS\apium.exe
O4 - HKLM\..\RunOnce: [atlan32.exe] C:\WINDOWS\system32\atlan32.exe
O4 - HKLM\..\RunOnce: [mfccx.exe] C:\WINDOWS\system32\mfccx.exe
O4 - HKLM\..\RunOnce: [atlav.exe] C:\WINDOWS\atlav.exe
O4 - HKLM\..\RunOnce: [winyw.exe] C:\WINDOWS\system32\winyw.exe
O4 - HKLM\..\RunOnce: [apppp32.exe] C:\WINDOWS\apppp32.exe
O4 - HKLM\..\RunOnce: [winiq32.exe] C:\WINDOWS\winiq32.exe
O4 - HKLM\..\RunOnce: [sdktw32.exe] C:\WINDOWS\sdktw32.exe
O4 - HKLM\..\RunOnce: [crtj32.exe] C:\WINDOWS\system32\crtj32.exe
O4 - HKLM\..\RunOnce: [adddl32.exe] C:\WINDOWS\system32\adddl32.exe
O4 - HKLM\..\RunOnce: [sdkxb32.exe] C:\WINDOWS\sdkxb32.exe
O4 - HKLM\..\RunOnce: [crbr.exe] C:\WINDOWS\system32\crbr.exe
O4 - HKLM\..\RunOnce: [addmn32.exe] C:\WINDOWS\addmn32.exe
O4 - HKLM\..\RunOnce: [ipim32.exe] C:\WINDOWS\system32\ipim32.exe
O4 - HKLM\..\RunOnce: [sdkwp32.exe] C:\WINDOWS\sdkwp32.exe
O4 - HKLM\..\RunOnce: [apipu.exe] C:\WINDOWS\apipu.exe
O4 - HKLM\..\RunOnce: [sysow32.exe] C:\WINDOWS\sysow32.exe
O4 - HKLM\..\RunOnce: [mskm32.exe] C:\WINDOWS\system32\mskm32.exe
O4 - HKLM\..\RunOnce: [iplv.exe] C:\WINDOWS\iplv.exe
O4 - HKLM\..\RunOnce: [ietm.exe] C:\WINDOWS\system32\ietm.exe
O4 - HKLM\..\RunOnce: [netsg.exe] C:\WINDOWS\system32\netsg.exe
O4 - HKLM\..\RunOnce: [appng32.exe] C:\WINDOWS\appng32.exe
O4 - HKLM\..\RunOnce: [addlf32.exe] C:\WINDOWS\addlf32.exe
O4 - HKLM\..\RunOnce: [mfcdk32.exe] C:\WINDOWS\mfcdk32.exe
O4 - HKLM\..\RunOnce: [javawu32.exe] C:\WINDOWS\javawu32.exe
O4 - HKLM\..\RunOnce: [netlv32.exe] C:\WINDOWS\system32\netlv32.exe
O4 - HKLM\..\RunOnce: [sysau.exe] C:\WINDOWS\system32\sysau.exe
O4 - HKLM\..\RunOnce: [ipis32.exe] C:\WINDOWS\ipis32.exe
O4 - HKLM\..\RunOnce: [ipgq32.exe] C:\WINDOWS\ipgq32.exe
O4 - HKLM\..\RunOnce: [addjj.exe] C:\WINDOWS\system32\addjj.exe
O4 - HKLM\..\RunOnce: [ntoc.exe] C:\WINDOWS\ntoc.exe
O4 - HKLM\..\RunOnce: [atlmt.exe] C:\WINDOWS\system32\atlmt.exe
O4 - HKLM\..\RunOnce: [sdkzz32.exe] C:\WINDOWS\system32\sdkzz32.exe
O4 - HKLM\..\RunOnce: [atlnm.exe] C:\WINDOWS\system32\atlnm.exe
O4 - HKLM\..\RunOnce: [crwj.exe] C:\WINDOWS\system32\crwj.exe
O4 - HKLM\..\RunOnce: [appcy.exe] C:\WINDOWS\appcy.exe
O4 - HKLM\..\RunOnce: [netmm32.exe] C:\WINDOWS\netmm32.exe
O4 - HKLM\..\RunOnce: [apiqc.exe] C:\WINDOWS\system32\apiqc.exe
O4 - HKLM\..\RunOnce: [apiiy32.exe] C:\WINDOWS\system32\apiiy32.exe
O4 - HKLM\..\RunOnce: [addjv32.exe] C:\WINDOWS\system32\addjv32.exe
O4 - HKLM\..\RunOnce: [apppj.exe] C:\WINDOWS\system32\apppj.exe
O4 - HKLM\..\RunOnce: [ipdv.exe] C:\WINDOWS\ipdv.exe
O4 - HKLM\..\RunOnce: [mfctk.exe] C:\WINDOWS\mfctk.exe
O4 - HKLM\..\RunOnce: [javazn32.exe] C:\WINDOWS\system32\javazn32.exe
O4 - HKLM\..\RunOnce: [crom32.exe] C:\WINDOWS\crom32.exe
O4 - HKLM\..\RunOnce: [addzq.exe] C:\WINDOWS\addzq.exe
O4 - HKLM\..\RunOnce: [d3ms32.exe] C:\WINDOWS\system32\d3ms32.exe
O4 - HKLM\..\RunOnce: [apirr.exe] C:\WINDOWS\apirr.exe
O4 - HKLM\..\RunOnce: [apiwu.exe] C:\WINDOWS\apiwu.exe
O4 - HKLM\..\RunOnce: [winrz.exe] C:\WINDOWS\winrz.exe
O4 - HKLM\..\RunOnce: [ntfq32.exe] C:\WINDOWS\system32\ntfq32.exe
O4 - HKLM\..\RunOnce: [mfcsz.exe] C:\WINDOWS\mfcsz.exe
O4 - HKLM\..\RunOnce: [ieui32.exe] C:\WINDOWS\ieui32.exe
O4 - HKLM\..\RunOnce: [iepf32.exe] C:\WINDOWS\iepf32.exe
O4 - HKLM\..\RunOnce: [apige.exe] C:\WINDOWS\system32\apige.exe
O4 - HKLM\..\RunOnce: [javaki32.exe] C:\WINDOWS\system32\javaki32.exe
O4 - HKLM\..\RunOnce: [ipxl32.exe] C:\WINDOWS\ipxl32.exe
O4 - HKLM\..\RunOnce: [netao.exe] C:\WINDOWS\system32\netao.exe
O4 - HKLM\..\RunOnce: [windz.exe] C:\WINDOWS\windz.exe
O4 - HKLM\..\RunOnce: [netar.exe] C:\WINDOWS\system32\netar.exe
O4 - HKLM\..\RunOnce: [addej32.exe] C:\WINDOWS\addej32.exe
O4 - HKLM\..\RunOnce: [ipxm32.exe] C:\WINDOWS\system32\ipxm32.exe
O4 - HKLM\..\RunOnce: [ipsb.exe] C:\WINDOWS\ipsb.exe
O4 - HKLM\..\RunOnce: [ipnz32.exe] C:\WINDOWS\system32\ipnz32.exe
O4 - HKLM\..\RunOnce: [netez.exe] C:\WINDOWS\netez.exe
O4 - HKLM\..\RunOnce: [d3rw32.exe] C:\WINDOWS\d3rw32.exe
O4 - HKLM\..\RunOnce: [atlke32.exe] C:\WINDOWS\system32\atlke32.exe
O4 - HKLM\..\RunOnce: [ntmf.exe] C:\WINDOWS\ntmf.exe
O4 - HKLM\..\RunOnce: [addnd.exe] C:\WINDOWS\system32\addnd.exe
O4 - HKLM\..\RunOnce: [ipif32.exe] C:\WINDOWS\system32\ipif32.exe
O4 - HKLM\..\RunOnce: [addlp.exe] C:\WINDOWS\addlp.exe
O4 - HKLM\..\RunOnce: [winri32.exe] C:\WINDOWS\winri32.exe
O4 - HKLM\..\RunOnce: [ipiu32.exe] C:\WINDOWS\ipiu32.exe
O4 - HKLM\..\RunOnce: [ipgs32.exe] C:\WINDOWS\system32\ipgs32.exe
O4 - HKLM\..\RunOnce: [javaqm.exe] C:\WINDOWS\system32\javaqm.exe
O4 - HKLM\..\RunOnce: [javanv.exe] C:\WINDOWS\system32\javanv.exe
O4 - HKLM\..\RunOnce: [d3go.exe] C:\WINDOWS\system32\d3go.exe
O4 - HKLM\..\RunOnce: [apiba.exe] C:\WINDOWS\apiba.exe
O4 - HKLM\..\RunOnce: [iees.exe] C:\WINDOWS\system32\iees.exe
O4 - HKLM\..\RunOnce: [syseu32.exe] C:\WINDOWS\system32\syseu32.exe
O4 - HKLM\..\RunOnce: [sdkrx.exe] C:\WINDOWS\sdkrx.exe
O4 - HKLM\..\RunOnce: [apimr32.exe] C:\WINDOWS\system32\apimr32.exe
O4 - HKLM\..\RunOnce: [nthw32.exe] C:\WINDOWS\nthw32.exe
O4 - HKLM\..\RunOnce: [winxe32.exe] C:\WINDOWS\system32\winxe32.exe
O4 - HKLM\..\RunOnce: [d3mq.exe] C:\WINDOWS\system32\d3mq.exe
O4 - HKLM\..\RunOnce: [msba32.exe] C:\WINDOWS\msba32.exe
O4 - HKLM\..\RunOnce: [addzi32.exe] C:\WINDOWS\addzi32.exe
O4 - HKLM\..\RunOnce: [netfq.exe] C:\WINDOWS\netfq.exe
O4 - HKLM\..\RunOnce: [sdkiv.exe] C:\WINDOWS\sdkiv.exe
O4 - HKLM\..\RunOnce: [atlll.exe] C:\WINDOWS\system32\atlll.exe
O4 - HKLM\..\RunOnce: [d3ln32.exe] C:\WINDOWS\d3ln32.exe
O4 - HKLM\..\RunOnce: [winic.exe] C:\WINDOWS\winic.exe
O4 - HKLM\..\RunOnce: [winfx32.exe] C:\WINDOWS\system32\winfx32.exe
O4 - HKLM\..\RunOnce: [sdkxh32.exe] C:\WINDOWS\sdkxh32.exe
O4 - HKLM\..\RunOnce: [winhd.exe] C:\WINDOWS\system32\winhd.exe
O4 - HKLM\..\RunOnce: [ieds.exe] C:\WINDOWS\ieds.exe
O4 - HKLM\..\RunOnce: [atlkj32.exe] C:\WINDOWS\system32\atlkj32.exe
O4 - HKLM\..\RunOnce: [winxr32.exe] C:\WINDOWS\winxr32.exe
O4 - HKLM\..\RunOnce: [mfcxc32.exe] C:\WINDOWS\mfcxc32.exe
O4 - HKLM\..\RunOnce: [sdkhz.exe] C:\WINDOWS\system32\sdkhz.exe
O4 - HKLM\..\RunOnce: [iehu.exe] C:\WINDOWS\system32\iehu.exe
O4 - HKLM\..\RunOnce: [atlmn.exe] C:\WINDOWS\system32\atlmn.exe
O4 - HKLM\..\RunOnce: [msld32.exe] C:\WINDOWS\system32\msld32.exe
O4 - HKLM\..\RunOnce: [sysup32.exe] C:\WINDOWS\sysup32.exe
O4 - HKLM\..\RunOnce: [addyb.exe] C:\WINDOWS\addyb.exe
O4 - HKLM\..\RunOnce: [winoa.exe] C:\WINDOWS\system32\winoa.exe
O4 - HKLM\..\RunOnce: [crgu32.exe] C:\WINDOWS\system32\crgu32.exe
O4 - HKLM\..\RunOnce: [ntvk32.exe] C:\WINDOWS\ntvk32.exe
O4 - HKLM\..\RunOnce: [d3cg.exe] C:\WINDOWS\system32\d3cg.exe
O4 - HKLM\..\RunOnce: [netri.exe] C:\WINDOWS\system32\netri.exe
O4 - HKLM\..\RunOnce: [iprj.exe] C:\WINDOWS\iprj.exe
O4 - HKLM\..\RunOnce: [*agcvgzc] rundll32 C:\WINDOWS\System32:agcvgzc.dll,Init 1
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
O4 - HKCU\..\Run: [PopupGuard] C:\PROGRA~1\POPUPG~1\POPUPG~1.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [wmadmoe] C:\WINDOWS\System32\wmadmoe.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Downloads/AXELPlayerAX_Win32.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install2.5/Installer.exe
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)

Comments

  • DexterDexter Vancouver, BC Canada
    edited August 2004
    Please look up, waaaay up, to the very top of this page, and find the BIG RED LETTERS with two links listed below them. Read those, then come back and tell us what problem you are having, and what steps you have taken already.

    Dexter...
  • ONEFIVE
    edited August 2004
    sorry guys.. ok well my problem is, my homepage is always reset to some weird search engine, also i get many popups and if i end a process in task manager that i know isnt legit it pops back up again in seconds, it takes extra long for my computer to log me in and its just really slow, ive tried goign through search and searching for the files that pop up in my task manager, but they never show up, ive run spybot S%D and ad-aware, which have helped a bit, but i would really appreciate it if you guys would tell me what programs i have to get rid of in my HJT log. thanks so much for your help and time.
    1 5
  • DexterDexter Vancouver, BC Canada
    edited August 2004
    OK, thanks for letting us know what the symptoms are and what steps you have taken already, it makes our work easier :)

    And let me just say HOLY CRAP! You have a LOT of bad stuff in here....

    OK, first, because your infection is so widespread, please disable your system restore. If you do not know how to do that, click the link at the top of this page titled "Steps to take before posting a HijackThis log" Near the bottom of that page you will find instructions on how to disable and later re-enable system restore.


    Next, please, reboot your computer into SAFE MODE. Run HJT. FIX the following:



    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ycghy.dll/sp.html#96676

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ycghy.dll/sp.html#96676

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ycghy.dll/index.html#96676

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://ycghy.dll/index.html#96676

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ycghy.dll/sp.html#96676

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ycghy.dll/sp.html#96676

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ycghy.dll/sp.html#96676

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ycghy.dll/index.html#96676

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ycghy.dll/sp.html#96676

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ycghy.dll/sp.html#96676

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost

    R3 - Default URLSearchHook is missing


    O2 - BHO: (no name) - {E3B10B63-55DB-3198-B589-EEA0CF1B7956} - C:\WINDOWS\system32\appbr32.dll

    O4 - HKLM\..\Run: [agcvgzc] rundll32 C:\WINDOWS\System32:agcvgzc.dll,Init 1

    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

    O4 - HKLM\..\Run: [Debug logo] C:\PROGRA~1\MANAGE~1\DATEGPLDALE.exe

    O4 - HKLM\..\Run: [sdkjr32.exe] C:\WINDOWS\system32\sdkjr32.exe

    O4 - HKLM\..\Run: [ieiz.exe] C:\WINDOWS\system32\ieiz.exe

    O4 - HKLM\..\Run: [winay.exe] C:\WINDOWS\system32\winay.exe

    O4 - HKLM\..\Run: [netgt32.exe] C:\WINDOWS\system32\netgt32.exe

    O4 - HKLM\..\Run: [syswt32.exe] C:\WINDOWS\system32\syswt32.exe

    O4 - HKLM\..\Run: [d3bi.exe] C:\WINDOWS\system32\d3bi.exe

    O4 - HKLM\..\Run: [netvm.exe] C:\WINDOWS\system32\netvm.exe

    O4 - HKLM\..\Run: [crcl32.exe] C:\WINDOWS\system32\crcl32.exe

    O4 - HKLM\..\Run: [addgl.exe] C:\WINDOWS\system32\addgl.exe

    O4 - HKLM\..\RunOnce: [d3mg32.exe] C:\WINDOWS\d3mg32.exe

    O4 - HKLM\..\RunOnce: [sdkxz32.exe] C:\WINDOWS\system32\sdkxz32.exe

    O4 - HKLM\..\RunOnce: [sdkyf32.exe] C:\WINDOWS\system32\sdkyf32.exe

    O4 - HKLM\..\RunOnce: [msch32.exe] C:\WINDOWS\msch32.exe

    O4 - HKLM\..\RunOnce: [netzz.exe] C:\WINDOWS\netzz.exe

    O4 - HKLM\..\RunOnce: [netvo32.exe] C:\WINDOWS\netvo32.exe

    O4 - HKLM\..\RunOnce: [sysdd.exe] C:\WINDOWS\sysdd.exe

    O4 - HKLM\..\RunOnce: [netlt.exe] C:\WINDOWS\system32\netlt.exe

    O4 - HKLM\..\RunOnce: [atlcl32.exe] C:\WINDOWS\atlcl32.exe

    O4 - HKLM\..\RunOnce: [javagr32.exe] C:\WINDOWS\system32\javagr32.exe

    O4 - HKLM\..\RunOnce: [appzm.exe] C:\WINDOWS\system32\appzm.exe

    O4 - HKLM\..\RunOnce: [syscc.exe] C:\WINDOWS\syscc.exe

    O4 - HKLM\..\RunOnce: [appfi32.exe] C:\WINDOWS\system32\appfi32.exe

    O4 - HKLM\..\RunOnce: [sdkrq.exe] C:\WINDOWS\system32\sdkrq.exe

    O4 - HKLM\..\RunOnce: [winio32.exe] C:\WINDOWS\winio32.exe

    O4 - HKLM\..\RunOnce: [ntmh.exe] C:\WINDOWS\system32\ntmh.exe

    O4 - HKLM\..\RunOnce: [appxx32.exe] C:\WINDOWS\appxx32.exe

    O4 - HKLM\..\RunOnce: [syszn32.exe] C:\WINDOWS\system32\syszn32.exe

    O4 - HKLM\..\RunOnce: [mfche.exe] C:\WINDOWS\system32\mfche.exe

    O4 - HKLM\..\RunOnce: [syswi.exe] C:\WINDOWS\syswi.exe

    O4 - HKLM\..\RunOnce: [sdkna.exe] C:\WINDOWS\system32\sdkna.exe

    O4 - HKLM\..\RunOnce: [winil32.exe] C:\WINDOWS\system32\winil32.exe

    O4 - HKLM\..\RunOnce: [sdkrl.exe] C:\WINDOWS\system32\sdkrl.exe

    O4 - HKLM\..\RunOnce: [javasx.exe] C:\WINDOWS\javasx.exe

    O4 - HKLM\..\RunOnce: [apidv.exe] C:\WINDOWS\system32\apidv.exe

    O4 - HKLM\..\RunOnce: [apibu32.exe] C:\WINDOWS\apibu32.exe

    O4 - HKLM\..\RunOnce: [iphv.exe] C:\WINDOWS\system32\iphv.exe

    O4 - HKLM\..\RunOnce: [addgu.exe] C:\WINDOWS\system32\addgu.exe

    O4 - HKLM\..\RunOnce: [sysdm32.exe] C:\WINDOWS\sysdm32.exe

    O4 - HKLM\..\RunOnce: [mfcoa.exe] C:\WINDOWS\mfcoa.exe

    O4 - HKLM\..\RunOnce: [syshu.exe] C:\WINDOWS\syshu.exe

    O4 - HKLM\..\RunOnce: [javavh32.exe] C:\WINDOWS\javavh32.exe

    O4 - HKLM\..\RunOnce: [addrq.exe] C:\WINDOWS\addrq.exe

    O4 - HKLM\..\RunOnce: [addnx.exe] C:\WINDOWS\addnx.exe

    O4 - HKLM\..\RunOnce: [addqd32.exe] C:\WINDOWS\system32\addqd32.exe

    O4 - HKLM\..\RunOnce: [mfceb.exe] C:\WINDOWS\mfceb.exe

    O4 - HKLM\..\RunOnce: [sysrq32.exe] C:\WINDOWS\sysrq32.exe

    O4 - HKLM\..\RunOnce: [ntoo.exe] C:\WINDOWS\ntoo.exe

    O4 - HKLM\..\RunOnce: [mfcgh32.exe] C:\WINDOWS\system32\mfcgh32.exe

    O4 - HKLM\..\RunOnce: [ipjd.exe] C:\WINDOWS\ipjd.exe

    O4 - HKLM\..\RunOnce: [crqo.exe] C:\WINDOWS\system32\crqo.exe

    O4 - HKLM\..\RunOnce: [ieht32.exe] C:\WINDOWS\system32\ieht32.exe

    O4 - HKLM\..\RunOnce: [iefr32.exe] C:\WINDOWS\system32\iefr32.exe

    O4 - HKLM\..\RunOnce: [mfcxy.exe] C:\WINDOWS\mfcxy.exe

    O4 - HKLM\..\RunOnce: [sdkiv32.exe] C:\WINDOWS\system32\sdkiv32.exe

    O4 - HKLM\..\RunOnce: [netit32.exe] C:\WINDOWS\netit32.exe

    O4 - HKLM\..\RunOnce: [ipyh.exe] C:\WINDOWS\system32\ipyh.exe

    O4 - HKLM\..\RunOnce: [iepi.exe] C:\WINDOWS\system32\iepi.exe

    O4 - HKLM\..\RunOnce: [atlnc.exe] C:\WINDOWS\atlnc.exe

    O4 - HKLM\..\RunOnce: [atlla.exe] C:\WINDOWS\system32\atlla.exe

    O4 - HKLM\..\RunOnce: [addyq32.exe] C:\WINDOWS\system32\addyq32.exe

    O4 - HKLM\..\RunOnce: [winho32.exe] C:\WINDOWS\winho32.exe

    O4 - HKLM\..\RunOnce: [javaqx32.exe] C:\WINDOWS\javaqx32.exe

    O4 - HKLM\..\RunOnce: [sdkxm32.exe] C:\WINDOWS\sdkxm32.exe

    O4 - HKLM\..\RunOnce: [crso.exe] C:\WINDOWS\system32\crso.exe

    O4 - HKLM\..\RunOnce: [winmo32.exe] C:\WINDOWS\system32\winmo32.exe

    O4 - HKLM\..\RunOnce: [d3ti32.exe] C:\WINDOWS\d3ti32.exe

    O4 - HKLM\..\RunOnce: [addde32.exe] C:\WINDOWS\addde32.exe

    O4 - HKLM\..\RunOnce: [atlvj32.exe] C:\WINDOWS\system32\atlvj32.exe

    O4 - HKLM\..\RunOnce: [ipdh.exe] C:\WINDOWS\system32\ipdh.exe

    O4 - HKLM\..\RunOnce: [ntri32.exe] C:\WINDOWS\system32\ntri32.exe

    O4 - HKLM\..\RunOnce: [apinm32.exe] C:\WINDOWS\system32\apinm32.exe

    O4 - HKLM\..\RunOnce: [winhv32.exe] C:\WINDOWS\system32\winhv32.exe

    O4 - HKLM\..\RunOnce: [mfcez32.exe] C:\WINDOWS\system32\mfcez32.exe

    O4 - HKLM\..\RunOnce: [ievg.exe] C:\WINDOWS\system32\ievg.exe

    O4 - HKLM\..\RunOnce: [javagc32.exe] C:\WINDOWS\javagc32.exe

    O4 - HKLM\..\RunOnce: [sysop.exe] C:\WINDOWS\system32\sysop.exe

    O4 - HKLM\..\RunOnce: [sysmn32.exe] C:\WINDOWS\system32\sysmn32.exe

    O4 - HKLM\..\RunOnce: [atlyy32.exe] C:\WINDOWS\system32\atlyy32.exe

    O4 - HKLM\..\RunOnce: [crqi32.exe] C:\WINDOWS\crqi32.exe

    O4 - HKLM\..\RunOnce: [crzn.exe] C:\WINDOWS\system32\crzn.exe

    O4 - HKLM\..\RunOnce: [sdkbw32.exe] C:\WINDOWS\system32\sdkbw32.exe

    O4 - HKLM\..\RunOnce: [syssh.exe] C:\WINDOWS\syssh.exe

    O4 - HKLM\..\RunOnce: [appuq.exe] C:\WINDOWS\system32\appuq.exe

    O4 - HKLM\..\RunOnce: [nton.exe] C:\WINDOWS\system32\nton.exe

    O4 - HKLM\..\RunOnce: [windv.exe] C:\WINDOWS\system32\windv.exe

    O4 - HKLM\..\RunOnce: [mszm.exe] C:\WINDOWS\system32\mszm.exe

    O4 - HKLM\..\RunOnce: [ntrn32.exe] C:\WINDOWS\system32\ntrn32.exe

    O4 - HKLM\..\RunOnce: [apiii32.exe] C:\WINDOWS\system32\apiii32.exe

    O4 - HKLM\..\RunOnce: [ippy32.exe] C:\WINDOWS\system32\ippy32.exe

    O4 - HKLM\..\RunOnce: [javaix.exe] C:\WINDOWS\system32\javaix.exe

    O4 - HKLM\..\RunOnce: [sdkmo32.exe] C:\WINDOWS\system32\sdkmo32.exe

    O4 - HKLM\..\RunOnce: [iedj32.exe] C:\WINDOWS\system32\iedj32.exe

    O4 - HKLM\..\RunOnce: [ntqz.exe] C:\WINDOWS\system32\ntqz.exe

    O4 - HKLM\..\RunOnce: [msre32.exe] C:\WINDOWS\msre32.exe

    O4 - HKLM\..\RunOnce: [sdkmv32.exe] C:\WINDOWS\system32\sdkmv32.exe

    O4 - HKLM\..\RunOnce: [iena32.exe] C:\WINDOWS\iena32.exe

    O4 - HKLM\..\RunOnce: [atlkp.exe] C:\WINDOWS\atlkp.exe

    O4 - HKLM\..\RunOnce: [addaq32.exe] C:\WINDOWS\addaq32.exe

    O4 - HKLM\..\RunOnce: [ntfa.exe] C:\WINDOWS\ntfa.exe

    O4 - HKLM\..\RunOnce: [sysxu.exe] C:\WINDOWS\sysxu.exe

    O4 - HKLM\..\RunOnce: [msst32.exe] C:\WINDOWS\system32\msst32.exe

    O4 - HKLM\..\RunOnce: [mfcrz.exe] C:\WINDOWS\mfcrz.exe

    O4 - HKLM\..\RunOnce: [javaka.exe] C:\WINDOWS\system32\javaka.exe

    O4 - HKLM\..\RunOnce: [netoj32.exe] C:\WINDOWS\netoj32.exe

    O4 - HKLM\..\RunOnce: [mfctu.exe] C:\WINDOWS\mfctu.exe

    O4 - HKLM\..\RunOnce: [mfcoa32.exe] C:\WINDOWS\system32\mfcoa32.exe

    O4 - HKLM\..\RunOnce: [netjf32.exe] C:\WINDOWS\system32\netjf32.exe

    O4 - HKLM\..\RunOnce: [javape.exe] C:\WINDOWS\system32\javape.exe

    O4 - HKLM\..\RunOnce: [javalw.exe] C:\WINDOWS\javalw.exe

    O4 - HKLM\..\RunOnce: [mssu32.exe] C:\WINDOWS\mssu32.exe

    O4 - HKLM\..\RunOnce: [netde32.exe] C:\WINDOWS\system32\netde32.exe

    O4 - HKLM\..\RunOnce: [syslx32.exe] C:\WINDOWS\syslx32.exe

    O4 - HKLM\..\RunOnce: [ntsp32.exe] C:\WINDOWS\system32\ntsp32.exe

    O4 - HKLM\..\RunOnce: [appxq.exe] C:\WINDOWS\system32\appxq.exe

    O4 - HKLM\..\RunOnce: [iefa32.exe] C:\WINDOWS\system32\iefa32.exe

    O4 - HKLM\..\RunOnce: [addjg32.exe] C:\WINDOWS\system32\addjg32.exe

    O4 - HKLM\..\RunOnce: [d3pt32.exe] C:\WINDOWS\system32\d3pt32.exe

    O4 - HKLM\..\RunOnce: [d3qz.exe] C:\WINDOWS\d3qz.exe

    O4 - HKLM\..\RunOnce: [sdkmu32.exe] C:\WINDOWS\sdkmu32.exe

    O4 - HKLM\..\RunOnce: [sdkiw32.exe] C:\WINDOWS\sdkiw32.exe

    O4 - HKLM\..\RunOnce: [atlxp.exe] C:\WINDOWS\atlxp.exe

    O4 - HKLM\..\RunOnce: [d3vj32.exe] C:\WINDOWS\d3vj32.exe

    O4 - HKLM\..\RunOnce: [javaei32.exe] C:\WINDOWS\system32\javaei32.exe

    O4 - HKLM\..\RunOnce: [d3dx.exe] C:\WINDOWS\d3dx.exe

    O4 - HKLM\..\RunOnce: [appyi32.exe] C:\WINDOWS\system32\appyi32.exe

    O4 - HKLM\..\RunOnce: [d3vu.exe] C:\WINDOWS\d3vu.exe

    O4 - HKLM\..\RunOnce: [iebr.exe] C:\WINDOWS\system32\iebr.exe

    O4 - HKLM\..\RunOnce: [mfcpc.exe] C:\WINDOWS\system32\mfcpc.exe

    O4 - HKLM\..\RunOnce: [ieok32.exe] C:\WINDOWS\ieok32.exe

    O4 - HKLM\..\RunOnce: [winrt.exe] C:\WINDOWS\system32\winrt.exe

    O4 - HKLM\..\RunOnce: [mfcrn.exe] C:\WINDOWS\system32\mfcrn.exe

    O4 - HKLM\..\RunOnce: [iexi32.exe] C:\WINDOWS\iexi32.exe

    O4 - HKLM\..\RunOnce: [windk32.exe] C:\WINDOWS\windk32.exe

    O4 - HKLM\..\RunOnce: [d3xw.exe] C:\WINDOWS\d3xw.exe

    O4 - HKLM\..\RunOnce: [ipga32.exe] C:\WINDOWS\ipga32.exe

    O4 - HKLM\..\RunOnce: [addeq.exe] C:\WINDOWS\addeq.exe

    O4 - HKLM\..\RunOnce: [atldv32.exe] C:\WINDOWS\atldv32.exe

    O4 - HKLM\..\RunOnce: [winyi.exe] C:\WINDOWS\winyi.exe

    O4 - HKLM\..\RunOnce: [sysyj32.exe] C:\WINDOWS\system32\sysyj32.exe

    O4 - HKLM\..\RunOnce: [sdkzu.exe] C:\WINDOWS\sdkzu.exe

    O4 - HKLM\..\RunOnce: [sdkxy32.exe] C:\WINDOWS\sdkxy32.exe

    O4 - HKLM\..\RunOnce: [atlaq.exe] C:\WINDOWS\atlaq.exe

    O4 - HKLM\..\RunOnce: [mssy32.exe] C:\WINDOWS\system32\mssy32.exe

    O4 - HKLM\..\RunOnce: [d3aq32.exe] C:\WINDOWS\system32\d3aq32.exe

    O4 - HKLM\..\RunOnce: [netdb.exe] C:\WINDOWS\system32\netdb.exe

    O4 - HKLM\..\RunOnce: [msoz.exe] C:\WINDOWS\msoz.exe

    O4 - HKLM\..\RunOnce: [appzw.exe] C:\WINDOWS\system32\appzw.exe

    O4 - HKLM\..\RunOnce: [appyi.exe] C:\WINDOWS\system32\appyi.exe

    O4 - HKLM\..\RunOnce: [addio.exe] C:\WINDOWS\addio.exe

    O4 - HKLM\..\RunOnce: [crbj32.exe] C:\WINDOWS\system32\crbj32.exe

    O4 - HKLM\..\RunOnce: [d3zc32.exe] C:\WINDOWS\d3zc32.exe

    O4 - HKLM\..\RunOnce: [sdkcq32.exe] C:\WINDOWS\sdkcq32.exe

    O4 - HKLM\..\RunOnce: [ipkq.exe] C:\WINDOWS\system32\ipkq.exe

    O4 - HKLM\..\RunOnce: [javabl32.exe] C:\WINDOWS\javabl32.exe

    O4 - HKLM\..\RunOnce: [crqw.exe] C:\WINDOWS\system32\crqw.exe

    O4 - HKLM\..\RunOnce: [mfcdi.exe] C:\WINDOWS\mfcdi.exe

    O4 - HKLM\..\RunOnce: [sdkya.exe] C:\WINDOWS\sdkya.exe

    O4 - HKLM\..\RunOnce: [crec.exe] C:\WINDOWS\crec.exe

    O4 - HKLM\..\RunOnce: [appnt32.exe] C:\WINDOWS\system32\appnt32.exe

    O4 - HKLM\..\RunOnce: [apiyw.exe] C:\WINDOWS\apiyw.exe

    O4 - HKLM\..\RunOnce: [iexw.exe] C:\WINDOWS\iexw.exe

    O4 - HKLM\..\RunOnce: [d3ml.exe] C:\WINDOWS\system32\d3ml.exe

    O4 - HKLM\..\RunOnce: [sdkma.exe] C:\WINDOWS\sdkma.exe

    O4 - HKLM\..\RunOnce: [craw32.exe] C:\WINDOWS\craw32.exe

    O4 - HKLM\..\RunOnce: [crpt.exe] C:\WINDOWS\crpt.exe

    O4 - HKLM\..\RunOnce: [crik.exe] C:\WINDOWS\crik.exe

    O4 - HKLM\..\RunOnce: [ntcg32.exe] C:\WINDOWS\system32\ntcg32.exe

    O4 - HKLM\..\RunOnce: [apiwr32.exe] C:\WINDOWS\system32\apiwr32.exe

    O4 - HKLM\..\RunOnce: [ipyf32.exe] C:\WINDOWS\system32\ipyf32.exe

    O4 - HKLM\..\RunOnce: [ieca32.exe] C:\WINDOWS\ieca32.exe

    O4 - HKLM\..\RunOnce: [wintk32.exe] C:\WINDOWS\system32\wintk32.exe

    O4 - HKLM\..\RunOnce: [appoe.exe] C:\WINDOWS\system32\appoe.exe

    O4 - HKLM\..\RunOnce: [sdktr32.exe] C:\WINDOWS\system32\sdktr32.exe

    O4 - HKLM\..\RunOnce: [mszb32.exe] C:\WINDOWS\mszb32.exe

    O4 - HKLM\..\RunOnce: [atlad.exe] C:\WINDOWS\system32\atlad.exe

    O4 - HKLM\..\RunOnce: [mstb32.exe] C:\WINDOWS\system32\mstb32.exe

    O4 - HKLM\..\RunOnce: [atlgh.exe] C:\WINDOWS\atlgh.exe

    O4 - HKLM\..\RunOnce: [javaft.exe] C:\WINDOWS\javaft.exe

    O4 - HKLM\..\RunOnce: [apion32.exe] C:\WINDOWS\system32\apion32.exe

    O4 - HKLM\..\RunOnce: [apput32.exe] C:\WINDOWS\apput32.exe

    O4 - HKLM\..\RunOnce: [appaz32.exe] C:\WINDOWS\appaz32.exe

    O4 - HKLM\..\RunOnce: [d3tf32.exe] C:\WINDOWS\system32\d3tf32.exe

    O4 - HKLM\..\RunOnce: [javaoq.exe] C:\WINDOWS\javaoq.exe

    O4 - HKLM\..\RunOnce: [addzp32.exe] C:\WINDOWS\system32\addzp32.exe

    O4 - HKLM\..\RunOnce: [mswg32.exe] C:\WINDOWS\system32\mswg32.exe

    O4 - HKLM\..\RunOnce: [ntgb.exe] C:\WINDOWS\ntgb.exe

    O4 - HKLM\..\RunOnce: [winmg.exe] C:\WINDOWS\system32\winmg.exe

    O4 - HKLM\..\RunOnce: [sdkqb.exe] C:\WINDOWS\sdkqb.exe

    O4 - HKLM\..\RunOnce: [appee.exe] C:\WINDOWS\system32\appee.exe

    O4 - HKLM\..\RunOnce: [iecr.exe] C:\WINDOWS\iecr.exe

    O4 - HKLM\..\RunOnce: [appiu.exe] C:\WINDOWS\system32\appiu.exe

    O4 - HKLM\..\RunOnce: [ntuy32.exe] C:\WINDOWS\system32\ntuy32.exe

    O4 - HKLM\..\RunOnce: [windx32.exe] C:\WINDOWS\system32\windx32.exe

    O4 - HKLM\..\RunOnce: [mfcxr32.exe] C:\WINDOWS\mfcxr32.exe

    O4 - HKLM\..\RunOnce: [appfc32.exe] C:\WINDOWS\system32\appfc32.exe

    O4 - HKLM\..\RunOnce: [crda.exe] C:\WINDOWS\system32\crda.exe

    O4 - HKLM\..\RunOnce: [mfcia.exe] C:\WINDOWS\system32\mfcia.exe

    O4 - HKLM\..\RunOnce: [addyw32.exe] C:\WINDOWS\system32\addyw32.exe

    O4 - HKLM\..\RunOnce: [wingl32.exe] C:\WINDOWS\wingl32.exe

    O4 - HKLM\..\RunOnce: [iehd32.exe] C:\WINDOWS\iehd32.exe

    O4 - HKLM\..\RunOnce: [iekq32.exe] C:\WINDOWS\iekq32.exe

    O4 - HKLM\..\RunOnce: [ntnj.exe] C:\WINDOWS\ntnj.exe

    O4 - HKLM\..\RunOnce: [msie32.exe] C:\WINDOWS\msie32.exe

    O4 - HKLM\..\RunOnce: [d3ie32.exe] C:\WINDOWS\system32\d3ie32.exe

    O4 - HKLM\..\RunOnce: [winux32.exe] C:\WINDOWS\system32\winux32.exe

    O4 - HKLM\..\RunOnce: [appuk.exe] C:\WINDOWS\system32\appuk.exe

    O4 - HKLM\..\RunOnce: [syspk32.exe] C:\WINDOWS\system32\syspk32.exe

    O4 - HKLM\..\RunOnce: [crud.exe] C:\WINDOWS\system32\crud.exe

    O4 - HKLM\..\RunOnce: [apium.exe] C:\WINDOWS\apium.exe

    O4 - HKLM\..\RunOnce: [atlan32.exe] C:\WINDOWS\system32\atlan32.exe

    O4 - HKLM\..\RunOnce: [mfccx.exe] C:\WINDOWS\system32\mfccx.exe

    O4 - HKLM\..\RunOnce: [atlav.exe] C:\WINDOWS\atlav.exe

    O4 - HKLM\..\RunOnce: [winyw.exe] C:\WINDOWS\system32\winyw.exe

    O4 - HKLM\..\RunOnce: [apppp32.exe] C:\WINDOWS\apppp32.exe

    O4 - HKLM\..\RunOnce: [winiq32.exe] C:\WINDOWS\winiq32.exe

    O4 - HKLM\..\RunOnce: [sdktw32.exe] C:\WINDOWS\sdktw32.exe

    O4 - HKLM\..\RunOnce: [crtj32.exe] C:\WINDOWS\system32\crtj32.exe

    O4 - HKLM\..\RunOnce: [adddl32.exe] C:\WINDOWS\system32\adddl32.exe

    O4 - HKLM\..\RunOnce: [sdkxb32.exe] C:\WINDOWS\sdkxb32.exe

    O4 - HKLM\..\RunOnce: [crbr.exe] C:\WINDOWS\system32\crbr.exe
    O4 - HKLM\..\RunOnce: [addmn32.exe] C:\WINDOWS\addmn32.exe

    O4 - HKLM\..\RunOnce: [ipim32.exe] C:\WINDOWS\system32\ipim32.exe

    O4 - HKLM\..\RunOnce: [sdkwp32.exe] C:\WINDOWS\sdkwp32.exe

    O4 - HKLM\..\RunOnce: [apipu.exe] C:\WINDOWS\apipu.exe

    O4 - HKLM\..\RunOnce: [sysow32.exe] C:\WINDOWS\sysow32.exe

    O4 - HKLM\..\RunOnce: [mskm32.exe] C:\WINDOWS\system32\mskm32.exe

    O4 - HKLM\..\RunOnce: [iplv.exe] C:\WINDOWS\iplv.exe

    O4 - HKLM\..\RunOnce: [ietm.exe] C:\WINDOWS\system32\ietm.exe

    O4 - HKLM\..\RunOnce: [netsg.exe] C:\WINDOWS\system32\netsg.exe

    O4 - HKLM\..\RunOnce: [appng32.exe] C:\WINDOWS\appng32.exe

    O4 - HKLM\..\RunOnce: [addlf32.exe] C:\WINDOWS\addlf32.exe

    O4 - HKLM\..\RunOnce: [mfcdk32.exe] C:\WINDOWS\mfcdk32.exe

    O4 - HKLM\..\RunOnce: [javawu32.exe] C:\WINDOWS\javawu32.exe

    O4 - HKLM\..\RunOnce: [netlv32.exe] C:\WINDOWS\system32\netlv32.exe

    O4 - HKLM\..\RunOnce: [sysau.exe] C:\WINDOWS\system32\sysau.exe

    O4 - HKLM\..\RunOnce: [ipis32.exe] C:\WINDOWS\ipis32.exe

    O4 - HKLM\..\RunOnce: [ipgq32.exe] C:\WINDOWS\ipgq32.exe

    O4 - HKLM\..\RunOnce: [addjj.exe] C:\WINDOWS\system32\addjj.exe

    O4 - HKLM\..\RunOnce: [ntoc.exe] C:\WINDOWS\ntoc.exe

    O4 - HKLM\..\RunOnce: [atlmt.exe] C:\WINDOWS\system32\atlmt.exe

    O4 - HKLM\..\RunOnce: [sdkzz32.exe] C:\WINDOWS\system32\sdkzz32.exe

    O4 - HKLM\..\RunOnce: [atlnm.exe] C:\WINDOWS\system32\atlnm.exe

    O4 - HKLM\..\RunOnce: [crwj.exe] C:\WINDOWS\system32\crwj.exe

    O4 - HKLM\..\RunOnce: [appcy.exe] C:\WINDOWS\appcy.exe

    O4 - HKLM\..\RunOnce: [netmm32.exe] C:\WINDOWS\netmm32.exe

    O4 - HKLM\..\RunOnce: [apiqc.exe] C:\WINDOWS\system32\apiqc.exe

    O4 - HKLM\..\RunOnce: [apiiy32.exe] C:\WINDOWS\system32\apiiy32.exe

    O4 - HKLM\..\RunOnce: [addjv32.exe] C:\WINDOWS\system32\addjv32.exe

    O4 - HKLM\..\RunOnce: [apppj.exe] C:\WINDOWS\system32\apppj.exe

    O4 - HKLM\..\RunOnce: [ipdv.exe] C:\WINDOWS\ipdv.exe

    O4 - HKLM\..\RunOnce: [mfctk.exe] C:\WINDOWS\mfctk.exe

    O4 - HKLM\..\RunOnce: [javazn32.exe] C:\WINDOWS\system32\javazn32.exe

    O4 - HKLM\..\RunOnce: [crom32.exe] C:\WINDOWS\crom32.exe

    O4 - HKLM\..\RunOnce: [addzq.exe] C:\WINDOWS\addzq.exe

    O4 - HKLM\..\RunOnce: [d3ms32.exe] C:\WINDOWS\system32\d3ms32.exe

    O4 - HKLM\..\RunOnce: [apirr.exe] C:\WINDOWS\apirr.exe

    O4 - HKLM\..\RunOnce: [apiwu.exe] C:\WINDOWS\apiwu.exe

    O4 - HKLM\..\RunOnce: [winrz.exe] C:\WINDOWS\winrz.exe

    O4 - HKLM\..\RunOnce: [ntfq32.exe] C:\WINDOWS\system32\ntfq32.exe

    O4 - HKLM\..\RunOnce: [mfcsz.exe] C:\WINDOWS\mfcsz.exe

    O4 - HKLM\..\RunOnce: [ieui32.exe] C:\WINDOWS\ieui32.exe

    O4 - HKLM\..\RunOnce: [iepf32.exe] C:\WINDOWS\iepf32.exe

    O4 - HKLM\..\RunOnce: [apige.exe] C:\WINDOWS\system32\apige.exe

    O4 - HKLM\..\RunOnce: [javaki32.exe] C:\WINDOWS\system32\javaki32.exe

    O4 - HKLM\..\RunOnce: [ipxl32.exe] C:\WINDOWS\ipxl32.exe

    O4 - HKLM\..\RunOnce: [netao.exe] C:\WINDOWS\system32\netao.exe

    O4 - HKLM\..\RunOnce: [windz.exe] C:\WINDOWS\windz.exe

    O4 - HKLM\..\RunOnce: [netar.exe] C:\WINDOWS\system32\netar.exe

    O4 - HKLM\..\RunOnce: [addej32.exe] C:\WINDOWS\addej32.exe

    O4 - HKLM\..\RunOnce: [ipxm32.exe] C:\WINDOWS\system32\ipxm32.exe

    O4 - HKLM\..\RunOnce: [ipsb.exe] C:\WINDOWS\ipsb.exe

    O4 - HKLM\..\RunOnce: [ipnz32.exe] C:\WINDOWS\system32\ipnz32.exe

    O4 - HKLM\..\RunOnce: [netez.exe] C:\WINDOWS\netez.exe

    O4 - HKLM\..\RunOnce: [d3rw32.exe] C:\WINDOWS\d3rw32.exe

    O4 - HKLM\..\RunOnce: [atlke32.exe] C:\WINDOWS\system32\atlke32.exe

    O4 - HKLM\..\RunOnce: [ntmf.exe] C:\WINDOWS\ntmf.exe

    O4 - HKLM\..\RunOnce: [addnd.exe] C:\WINDOWS\system32\addnd.exe

    O4 - HKLM\..\RunOnce: [ipif32.exe] C:\WINDOWS\system32\ipif32.exe

    O4 - HKLM\..\RunOnce: [addlp.exe] C:\WINDOWS\addlp.exe

    O4 - HKLM\..\RunOnce: [winri32.exe] C:\WINDOWS\winri32.exe

    O4 - HKLM\..\RunOnce: [ipiu32.exe] C:\WINDOWS\ipiu32.exe

    O4 - HKLM\..\RunOnce: [ipgs32.exe] C:\WINDOWS\system32\ipgs32.exe

    O4 - HKLM\..\RunOnce: [javaqm.exe] C:\WINDOWS\system32\javaqm.exe

    O4 - HKLM\..\RunOnce: [javanv.exe] C:\WINDOWS\system32\javanv.exe

    O4 - HKLM\..\RunOnce: [d3go.exe] C:\WINDOWS\system32\d3go.exe

    O4 - HKLM\..\RunOnce: [apiba.exe] C:\WINDOWS\apiba.exe

    O4 - HKLM\..\RunOnce: [iees.exe] C:\WINDOWS\system32\iees.exe

    O4 - HKLM\..\RunOnce: [syseu32.exe] C:\WINDOWS\system32\syseu32.exe

    O4 - HKLM\..\RunOnce: [sdkrx.exe] C:\WINDOWS\sdkrx.exe

    O4 - HKLM\..\RunOnce: [apimr32.exe] C:\WINDOWS\system32\apimr32.exe

    O4 - HKLM\..\RunOnce: [nthw32.exe] C:\WINDOWS\nthw32.exe

    O4 - HKLM\..\RunOnce: [winxe32.exe] C:\WINDOWS\system32\winxe32.exe

    O4 - HKLM\..\RunOnce: [d3mq.exe] C:\WINDOWS\system32\d3mq.exe

    O4 - HKLM\..\RunOnce: [msba32.exe] C:\WINDOWS\msba32.exe

    O4 - HKLM\..\RunOnce: [addzi32.exe] C:\WINDOWS\addzi32.exe

    O4 - HKLM\..\RunOnce: [netfq.exe] C:\WINDOWS\netfq.exe

    O4 - HKLM\..\RunOnce: [sdkiv.exe] C:\WINDOWS\sdkiv.exe

    O4 - HKLM\..\RunOnce: [atlll.exe] C:\WINDOWS\system32\atlll.exe

    O4 - HKLM\..\RunOnce: [d3ln32.exe] C:\WINDOWS\d3ln32.exe

    O4 - HKLM\..\RunOnce: [winic.exe] C:\WINDOWS\winic.exe

    O4 - HKLM\..\RunOnce: [winfx32.exe] C:\WINDOWS\system32\winfx32.exe

    O4 - HKLM\..\RunOnce: [sdkxh32.exe] C:\WINDOWS\sdkxh32.exe

    O4 - HKLM\..\RunOnce: [winhd.exe] C:\WINDOWS\system32\winhd.exe

    O4 - HKLM\..\RunOnce: [ieds.exe] C:\WINDOWS\ieds.exe

    O4 - HKLM\..\RunOnce: [atlkj32.exe] C:\WINDOWS\system32\atlkj32.exe

    O4 - HKLM\..\RunOnce: [winxr32.exe] C:\WINDOWS\winxr32.exe

    O4 - HKLM\..\RunOnce: [mfcxc32.exe] C:\WINDOWS\mfcxc32.exe

    O4 - HKLM\..\RunOnce: [sdkhz.exe] C:\WINDOWS\system32\sdkhz.exe

    O4 - HKLM\..\RunOnce: [iehu.exe] C:\WINDOWS\system32\iehu.exe

    O4 - HKLM\..\RunOnce: [atlmn.exe] C:\WINDOWS\system32\atlmn.exe

    O4 - HKLM\..\RunOnce: [msld32.exe] C:\WINDOWS\system32\msld32.exe

    O4 - HKLM\..\RunOnce: [sysup32.exe] C:\WINDOWS\sysup32.exe

    O4 - HKLM\..\RunOnce: [addyb.exe] C:\WINDOWS\addyb.exe

    O4 - HKLM\..\RunOnce: [winoa.exe] C:\WINDOWS\system32\winoa.exe

    O4 - HKLM\..\RunOnce: [crgu32.exe] C:\WINDOWS\system32\crgu32.exe

    O4 - HKLM\..\RunOnce: [ntvk32.exe] C:\WINDOWS\ntvk32.exe

    O4 - HKLM\..\RunOnce: [d3cg.exe] C:\WINDOWS\system32\d3cg.exe

    O4 - HKLM\..\RunOnce: [netri.exe] C:\WINDOWS\system32\netri.exe

    O4 - HKLM\..\RunOnce: [iprj.exe] C:\WINDOWS\iprj.exe

    O4 - HKLM\..\RunOnce: [*agcvgzc] rundll32
    C:\WINDOWS\System32:agcvgzc.dll,Init 1

    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

    O4 - HKCU\..\Run: [wmadmoe] C:\WINDOWS\System32\wmadmoe.exe

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

    O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Downloads/AXELPlayerAX_Win32.cab


    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install2.5/Installer.exe

    O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)[/QUOTE]


    Ok, if your finger is not worn out from clicking the mouse so many times.....after fixing those entries, exit HJT. Stay in SAFE MODE, and manually locate every single one of those .exe files and .dll files. You may have to set your system to show hidden files and folders. If you do not know how to do that, click the link at the top of this page titled "Steps to take before posting a HijackThis log" Near the bottom of that page (above the system restore instructions) you will find instructions to do this.

    So, locate all the .dll and .exe files in each of those entries above. Move these to a new folder called :C:\Quarantine. Rename the .dll's to .ddd, and the .exe's to .xxx. That way you can always replace them if it somehow turns out that one or more of these are necessary files....which is not likely, but quarantining is safer than deleting them.


    After that, reboot your system normally, and check things out. If it looks somewhat cleaner, re-enable your system restore and set a new restore point. Then run another HJT scan and post a fresh log for for further review.

    Dexter...
  • ONEFIVE
    edited August 2004
    OK so i removed most of the files through hijack this and then tried to find most of them through search, my computer is a lot cleaner, but when i restart one weird program always starts up and i look in my HJT log and its in there so i get rid of it, anyway, here is a fresh log from HJT

    Logfile of HijackThis v1.98.1
    Scan saved at 7:41:17 PM, on 8/9/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\msch32.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\J Dogg\Desktop\HJT\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab



    looks better to me, thanks a lot for your help, but i do have another problem, i tried to go to re-enable my system restore, and it says system restore is turned off, do you want to turn it on, so i click Ok and then i get a message saying windows cannot find rundll32.exe make sure u typed it correctly then retry.... so im not sure what to do with that, is system restore important? please answer when u have time, i like to say thank you so much for helping me out, my computer has improved thanks to you guys! THANKS!!!
  • Straight_ManStraight_Man Geeky, in my own way Naples, FL Icrontian
    edited August 2004
    Do you have a Windows XP CD??? Do you know how to run the recovery console and expand one file, or how to use the System Verification Tool or System File Checker??? And is this Home or Professional???

    System restore can be a blessing if you or XP legitimately make the restore points, or be a PITA of a thing if you do not and something you do not want restored(junk stuff, viruses, trojans, spyware, etc.) DOES make itself a restore point. Given what you HAVE RIGHT NOW, before we go any further, restart Windows and see if the problem with rundll32.exe self-repairs or not.... If not, look in your C:\Quarantine directory and see if you have a file called rundll32.xxx in there, and tell us, ok???? What we do next depends on what the answers to the questions are, but this too can be fixed one way or another....
Sign In or Register to comment.