Home Search Assistant Help - I have run Adaware and Spybot

Unknown · May 2005

Thank you very much in advance for your help with this issue. My system is definitely infested with spyware, ad-ware, viruses, who knows, u name it. Shopping Wizard, Home Search Assistant -- both present.

I have run the newest versions of Adaware and Spybot, to no avail. I planned on running hsremove.exe but my operating system is server 2003 so I could not run it. anyway, I read through the instructional threads and downloaded the highjackthis application and used it to create a log-file, which I will paste below. Again, thank you very much for your help and I look forward to futher direction.

Logfile of HijackThis v1.99.1
Scan saved at 10:57:09 AM, on 5/12/2005
Platform: Windows 2003 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\resetservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
D:\Program Files\AdMunch.exe
C:\WINDOWS\system32\iebd32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
D:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Agent Fitz\Downloads\Hijack This\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

res://C:\WINDOWS\lqdch.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

res://C:\WINDOWS\lqdch.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

res://C:\WINDOWS\lqdch.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

res://C:\WINDOWS\lqdch.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

res://C:\WINDOWS\lqdch.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

res://C:\WINDOWS\lqdch.dll/sp.html#10001
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and

Settings\Administrator\Application Data\Mozilla\Profiles\default\9l6vmx2l.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",

"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");

(C:\Documents and Settings\Administrator\Application

Data\Mozilla\Profiles\default\9l6vmx2l.slt\prefs.js)
O2 - BHO: Class - {3486A396-7595-B288-69FC-2B5649058C5B} - C:\WINDOWS\system32\javara.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Adobe

Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdobeVersionCue] D:\Program Files\Adobe\Adobe Version

Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [ecnzhc] C:\WINDOWS\system32\ecnzhc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"

-osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\Run: [AD Killer] D:\Program Files\AD Killer\adkiller.exe
O4 - HKLM\..\Run: [Ad Muncher] D:\Program Files\AdMunch.exe /bt
O4 - HKLM\..\Run: [iebd32.exe] C:\WINDOWS\system32\iebd32.exe
O4 - HKLM\..\RunOnce: [atlay32.exe] C:\WINDOWS\atlay32.exe
O4 - HKLM\..\RunOnce: [sdknh32.exe] C:\WINDOWS\sdknh32.exe
O4 - HKLM\..\RunOnce: [addwn.exe] C:\WINDOWS\system32\addwn.exe
O4 - HKLM\..\RunOnce: [sysfo32.exe] C:\WINDOWS\system32\sysfo32.exe
O4 - HKLM\..\RunOnce: [ieuj.exe] C:\WINDOWS\ieuj.exe
O4 - HKLM\..\RunOnce: [iepa.exe] C:\WINDOWS\system32\iepa.exe
O4 - HKLM\..\RunOnce: [sysxi32.exe] C:\WINDOWS\system32\sysxi32.exe
O4 - HKLM\..\RunOnce: [netas32.exe] C:\WINDOWS\netas32.exe
O4 - HKLM\..\RunOnce: [javaea32.exe] C:\WINDOWS\javaea32.exe
O4 - HKLM\..\RunOnce: [netuq32.exe] C:\WINDOWS\system32\netuq32.exe
O4 - HKLM\..\RunOnce: [ipcy32.exe] C:\WINDOWS\system32\ipcy32.exe
O4 - HKLM\..\RunOnce: [d3ey32.exe] C:\WINDOWS\d3ey32.exe
O4 - HKLM\..\RunOnce: [mfcmg.exe] C:\WINDOWS\system32\mfcmg.exe
O4 - HKLM\..\RunOnce: [addhl.exe] C:\WINDOWS\addhl.exe
O4 - HKLM\..\RunOnce: [netfa32.exe] C:\WINDOWS\system32\netfa32.exe
O4 - HKLM\..\RunOnce: [javavh32.exe] C:\WINDOWS\system32\javavh32.exe
O4 - HKLM\..\RunOnce: [ntqt.exe] C:\WINDOWS\ntqt.exe
O4 - HKLM\..\RunOnce: [apppj32.exe] C:\WINDOWS\apppj32.exe
O4 - HKLM\..\RunOnce: [ieny32.exe] C:\WINDOWS\system32\ieny32.exe
O4 - HKLM\..\RunOnce: [sysng.exe] C:\WINDOWS\sysng.exe
O4 - HKLM\..\RunOnce: [iewg.exe] C:\WINDOWS\system32\iewg.exe
O4 - HKLM\..\RunOnce: [mfclv.exe] C:\WINDOWS\mfclv.exe
O4 - HKLM\..\RunOnce: [addbl32.exe] C:\WINDOWS\system32\addbl32.exe
O4 - HKLM\..\RunOnce: [appmw.exe] C:\WINDOWS\system32\appmw.exe
O4 - HKLM\..\RunOnce: [netqa32.exe] C:\WINDOWS\netqa32.exe
O4 - HKLM\..\RunOnce: [mfcai.exe] C:\WINDOWS\system32\mfcai.exe
O4 - HKLM\..\RunOnce: [apifx32.exe] C:\WINDOWS\apifx32.exe
O4 - HKLM\..\RunOnce: [mfcuu32.exe] C:\WINDOWS\system32\mfcuu32.exe
O4 - HKLM\..\RunOnce: [iezq32.exe] C:\WINDOWS\system32\iezq32.exe
O4 - HKLM\..\RunOnce: [apiuk32.exe] C:\WINDOWS\system32\apiuk32.exe
O4 - HKLM\..\RunOnce: [ntgg.exe] C:\WINDOWS\ntgg.exe
O4 - HKLM\..\RunOnce: [netho32.exe] C:\WINDOWS\system32\netho32.exe
O4 - HKLM\..\RunOnce: [netwd32.exe] C:\WINDOWS\netwd32.exe
O4 - HKLM\..\RunOnce: [ipwt32.exe] C:\WINDOWS\ipwt32.exe
O4 - HKLM\..\RunOnce: [crfm32.exe] C:\WINDOWS\crfm32.exe
O4 - HKLM\..\RunOnce: [mfcfu.exe] C:\WINDOWS\system32\mfcfu.exe
O4 - HKLM\..\RunOnce: [addjg.exe] C:\WINDOWS\system32\addjg.exe
O4 - HKLM\..\RunOnce: [netyv32.exe] C:\WINDOWS\netyv32.exe
O4 - HKLM\..\RunOnce: [javaxc.exe] C:\WINDOWS\javaxc.exe
O4 - HKLM\..\RunOnce: [ietg32.exe] C:\WINDOWS\ietg32.exe
O4 - HKLM\..\RunOnce: [crch.exe] C:\WINDOWS\crch.exe
O4 - HKLM\..\RunOnce: [d3qd32.exe] C:\WINDOWS\d3qd32.exe
O4 - HKLM\..\RunOnce: [crwa32.exe] C:\WINDOWS\system32\crwa32.exe
O4 - HKLM\..\RunOnce: [netbx32.exe] C:\WINDOWS\netbx32.exe
O4 - HKLM\..\RunOnce: [d3ei32.exe] C:\WINDOWS\system32\d3ei32.exe
O4 - HKLM\..\RunOnce: [sysjn.exe] C:\WINDOWS\sysjn.exe
O4 - HKLM\..\RunOnce: [iekn32.exe] C:\WINDOWS\system32\iekn32.exe
O4 - HKLM\..\RunOnce: [msyk32.exe] C:\WINDOWS\msyk32.exe
O4 - HKLM\..\RunOnce: [appii.exe] C:\WINDOWS\system32\appii.exe
O4 - HKLM\..\RunOnce: [netbb.exe] C:\WINDOWS\system32\netbb.exe
O4 - HKLM\..\RunOnce: [syssj32.exe] C:\WINDOWS\system32\syssj32.exe
O4 - HKLM\..\RunOnce: [netgy.exe] C:\WINDOWS\system32\netgy.exe
O4 - HKLM\..\RunOnce: [sdkff32.exe] C:\WINDOWS\sdkff32.exe
O4 - HKLM\..\RunOnce: [appzh32.exe] C:\WINDOWS\appzh32.exe
O4 - HKLM\..\RunOnce: [atlzp.exe] C:\WINDOWS\system32\atlzp.exe
O4 - HKLM\..\RunOnce: [apphp.exe] C:\WINDOWS\apphp.exe
O4 - HKLM\..\RunOnce: [ntxe32.exe] C:\WINDOWS\system32\ntxe32.exe
O4 - HKLM\..\RunOnce: [crnt32.exe] C:\WINDOWS\system32\crnt32.exe
O4 - HKLM\..\RunOnce: [sdkix.exe] C:\WINDOWS\sdkix.exe
O4 - HKLM\..\RunOnce: [mfchn32.exe] C:\WINDOWS\mfchn32.exe
O4 - HKLM\..\RunOnce: [winfc32.exe] C:\WINDOWS\system32\winfc32.exe
O4 - HKLM\..\RunOnce: [winfk.exe] C:\WINDOWS\system32\winfk.exe
O4 - HKLM\..\RunOnce: [sysol.exe] C:\WINDOWS\sysol.exe
O4 - HKLM\..\RunOnce: [apida32.exe] C:\WINDOWS\system32\apida32.exe
O4 - HKLM\..\RunOnce: [ntuh32.exe] C:\WINDOWS\system32\ntuh32.exe
O4 - HKLM\..\RunOnce: [netxt.exe] C:\WINDOWS\system32\netxt.exe
O4 - HKLM\..\RunOnce: [addwj32.exe] C:\WINDOWS\system32\addwj32.exe
O4 - HKLM\..\RunOnce: [msmy32.exe] C:\WINDOWS\msmy32.exe
O4 - HKLM\..\RunOnce: [iemg.exe] C:\WINDOWS\iemg.exe
O4 - HKLM\..\RunOnce: [d3ug.exe] C:\WINDOWS\system32\d3ug.exe
O4 - HKLM\..\RunOnce: [appkw32.exe] C:\WINDOWS\appkw32.exe
O4 - HKLM\..\RunOnce: [apiad32.exe] C:\WINDOWS\apiad32.exe
O4 - HKLM\..\RunOnce: [atldp.exe] C:\WINDOWS\atldp.exe
O4 - HKLM\..\RunOnce: [iece32.exe] C:\WINDOWS\iece32.exe
O4 - HKLM\..\RunOnce: [javasm.exe] C:\WINDOWS\system32\javasm.exe
O4 - HKLM\..\RunOnce: [mfcrc32.exe] C:\WINDOWS\system32\mfcrc32.exe
O4 - HKLM\..\RunOnce: [winpr32.exe] C:\WINDOWS\winpr32.exe
O4 - HKLM\..\RunOnce: [addph32.exe] C:\WINDOWS\addph32.exe
O4 - HKLM\..\RunOnce: [netza32.exe] C:\WINDOWS\system32\netza32.exe
O4 - HKLM\..\RunOnce: [iezi.exe] C:\WINDOWS\iezi.exe
O4 - HKLM\..\RunOnce: [crdm.exe] C:\WINDOWS\system32\crdm.exe
O4 - HKLM\..\RunOnce: [addsj32.exe] C:\WINDOWS\addsj32.exe
O4 - HKLM\..\RunOnce: [mfciq32.exe] C:\WINDOWS\mfciq32.exe
O4 - HKLM\..\RunOnce: [appmu.exe] C:\WINDOWS\system32\appmu.exe
O4 - HKLM\..\RunOnce: [mskk32.exe] C:\WINDOWS\system32\mskk32.exe
O4 - HKLM\..\RunOnce: [sdkbz32.exe] C:\WINDOWS\sdkbz32.exe
O4 - HKLM\..\RunOnce: [sdkjh.exe] C:\WINDOWS\system32\sdkjh.exe
O4 - HKLM\..\RunOnce: [ntjh.exe] C:\WINDOWS\ntjh.exe
O4 - HKLM\..\RunOnce: [iezf32.exe] C:\WINDOWS\system32\iezf32.exe
O4 - HKLM\..\RunOnce: [d3cg.exe] C:\WINDOWS\d3cg.exe
O4 - HKLM\..\RunOnce: [ipnz32.exe] C:\WINDOWS\system32\ipnz32.exe
O4 - HKLM\..\RunOnce: [ntgs.exe] C:\WINDOWS\system32\ntgs.exe
O4 - HKLM\..\RunOnce: [msco.exe] C:\WINDOWS\msco.exe
O4 - HKLM\..\RunOnce: [winvp32.exe] C:\WINDOWS\system32\winvp32.exe
O4 - HKLM\..\RunOnce: [mfclw.exe] C:\WINDOWS\system32\mfclw.exe
O4 - HKLM\..\RunOnce: [ntpa32.exe] C:\WINDOWS\ntpa32.exe
O4 - HKLM\..\RunOnce: [apiyb.exe] C:\WINDOWS\system32\apiyb.exe
O4 - HKLM\..\RunOnce: [netey32.exe] C:\WINDOWS\netey32.exe
O4 - HKLM\..\RunOnce: [apisu32.exe] C:\WINDOWS\system32\apisu32.exe
O4 - HKLM\..\RunOnce: [netsc32.exe] C:\WINDOWS\system32\netsc32.exe
O4 - HKLM\..\RunOnce: [crcd32.exe] C:\WINDOWS\system32\crcd32.exe
O4 - HKLM\..\RunOnce: [mfccl.exe] C:\WINDOWS\mfccl.exe
O4 - HKLM\..\RunOnce: [wingp.exe] C:\WINDOWS\wingp.exe
O4 - HKLM\..\RunOnce: [netve32.exe] C:\WINDOWS\system32\netve32.exe
O4 - HKLM\..\RunOnce: [sdklu.exe] C:\WINDOWS\system32\sdklu.exe
O4 - HKLM\..\RunOnce: [iepq32.exe] C:\WINDOWS\system32\iepq32.exe
O4 - HKLM\..\RunOnce: [crzy.exe] C:\WINDOWS\system32\crzy.exe
O4 - HKLM\..\RunOnce: [d3fn32.exe] C:\WINDOWS\system32\d3fn32.exe
O4 - HKLM\..\RunOnce: [crtk32.exe] C:\WINDOWS\crtk32.exe
O4 - HKLM\..\RunOnce: [netyg32.exe] C:\WINDOWS\system32\netyg32.exe
O4 - HKLM\..\RunOnce: [d3ba.exe] C:\WINDOWS\d3ba.exe
O4 - HKLM\..\RunOnce: [sdkxe32.exe] C:\WINDOWS\sdkxe32.exe
O4 - HKLM\..\RunOnce: [mfcvt.exe] C:\WINDOWS\system32\mfcvt.exe
O4 - HKLM\..\RunOnce: [sysuj32.exe] C:\WINDOWS\sysuj32.exe
O4 - HKLM\..\RunOnce: [crky32.exe] C:\WINDOWS\crky32.exe
O4 - HKLM\..\RunOnce: [d3sg.exe] C:\WINDOWS\system32\d3sg.exe
O4 - HKLM\..\RunOnce: [javath.exe] C:\WINDOWS\javath.exe
O4 - HKLM\..\RunOnce: [winqw32.exe] C:\WINDOWS\system32\winqw32.exe
O4 - HKLM\..\RunOnce: [mfcgd32.exe] C:\WINDOWS\system32\mfcgd32.exe
O4 - HKLM\..\RunOnce: [appcp.exe] C:\WINDOWS\appcp.exe
O4 - HKLM\..\RunOnce: [d3bf32.exe] C:\WINDOWS\d3bf32.exe
O4 - HKLM\..\RunOnce: [ntzm32.exe] C:\WINDOWS\system32\ntzm32.exe
O4 - HKLM\..\RunOnce: [sdkzc.exe] C:\WINDOWS\system32\sdkzc.exe
O4 - HKLM\..\RunOnce: [nthc.exe] C:\WINDOWS\system32\nthc.exe
O4 - HKLM\..\RunOnce: [msxr32.exe] C:\WINDOWS\msxr32.exe
O4 - HKLM\..\RunOnce: [addnz32.exe] C:\WINDOWS\system32\addnz32.exe
O4 - HKLM\..\RunOnce: [sysil.exe] C:\WINDOWS\system32\sysil.exe
O4 - HKLM\..\RunOnce: [sdkha32.exe] C:\WINDOWS\system32\sdkha32.exe
O4 - HKLM\..\RunOnce: [apifi.exe] C:\WINDOWS\apifi.exe
O4 - HKLM\..\RunOnce: [winex32.exe] C:\WINDOWS\winex32.exe
O4 - HKLM\..\RunOnce: [d3un32.exe] C:\WINDOWS\system32\d3un32.exe
O4 - HKLM\..\RunOnce: [d3cv32.exe] C:\WINDOWS\system32\d3cv32.exe
O4 - HKLM\..\RunOnce: [addmv32.exe] C:\WINDOWS\system32\addmv32.exe
O4 - HKLM\..\RunOnce: [javamd.exe] C:\WINDOWS\javamd.exe
O4 - HKLM\..\RunOnce: [netqh.exe] C:\WINDOWS\netqh.exe
O4 - HKLM\..\RunOnce: [d3ff32.exe] C:\WINDOWS\system32\d3ff32.exe
O4 - HKLM\..\RunOnce: [winvm32.exe] C:\WINDOWS\system32\winvm32.exe
O4 - HKLM\..\RunOnce: [ieqq.exe] C:\WINDOWS\system32\ieqq.exe
O4 - HKLM\..\RunOnce: [ntpg32.exe] C:\WINDOWS\system32\ntpg32.exe
O4 - HKLM\..\RunOnce: [mfcov32.exe] C:\WINDOWS\mfcov32.exe
O4 - HKLM\..\RunOnce: [apind.exe] C:\WINDOWS\apind.exe
O4 - HKLM\..\RunOnce: [mfcwd.exe] C:\WINDOWS\system32\mfcwd.exe
O4 - HKLM\..\RunOnce: [sdkma32.exe] C:\WINDOWS\sdkma32.exe
O4 - HKLM\..\RunOnce: [msci32.exe] C:\WINDOWS\msci32.exe
O4 - HKLM\..\RunOnce: [crfm.exe] C:\WINDOWS\system32\crfm.exe
O4 - HKLM\..\RunOnce: [apieb32.exe] C:\WINDOWS\apieb32.exe
O4 - HKLM\..\RunOnce: [addur.exe] C:\WINDOWS\system32\addur.exe
O4 - HKLM\..\RunOnce: [d3tg32.exe] C:\WINDOWS\system32\d3tg32.exe
O4 - HKLM\..\RunOnce: [ntro32.exe] C:\WINDOWS\ntro32.exe
O4 - HKLM\..\RunOnce: [msbw32.exe] C:\WINDOWS\system32\msbw32.exe
O4 - HKLM\..\RunOnce: [netbe.exe] C:\WINDOWS\netbe.exe
O4 - HKLM\..\RunOnce: [appfi.exe] C:\WINDOWS\system32\appfi.exe
O4 - HKLM\..\RunOnce: [atlza32.exe] C:\WINDOWS\system32\atlza32.exe
O4 - HKLM\..\RunOnce: [msee32.exe] C:\WINDOWS\system32\msee32.exe
O4 - HKLM\..\RunOnce: [atlhq32.exe] C:\WINDOWS\atlhq32.exe
O4 - HKLM\..\RunOnce: [netmu.exe] C:\WINDOWS\netmu.exe
O4 - HKLM\..\RunOnce: [apinu32.exe] C:\WINDOWS\apinu32.exe
O4 - HKLM\..\RunOnce: [netgg32.exe] C:\WINDOWS\system32\netgg32.exe
O4 - HKLM\..\RunOnce: [addlc32.exe] C:\WINDOWS\addlc32.exe
O4 - HKLM\..\RunOnce: [ipgw.exe] C:\WINDOWS\system32\ipgw.exe
O4 - HKLM\..\RunOnce: [mfcka32.exe] C:\WINDOWS\mfcka32.exe
O4 - HKLM\..\RunOnce: [winip.exe] C:\WINDOWS\system32\winip.exe
O4 - HKLM\..\RunOnce: [javahf32.exe] C:\WINDOWS\system32\javahf32.exe
O4 - HKLM\..\RunOnce: [netxm32.exe] C:\WINDOWS\netxm32.exe
O4 - HKLM\..\RunOnce: [ipxc.exe] C:\WINDOWS\ipxc.exe
O4 - HKLM\..\RunOnce: [netgc.exe] C:\WINDOWS\system32\netgc.exe
O4 - HKLM\..\RunOnce: [crvs32.exe] C:\WINDOWS\crvs32.exe
O4 - HKLM\..\RunOnce: [syslz32.exe] C:\WINDOWS\syslz32.exe
O4 - HKLM\..\RunOnce: [msol.exe] C:\WINDOWS\msol.exe
O4 - HKLM\..\RunOnce: [ntna32.exe] C:\WINDOWS\ntna32.exe
O4 - HKLM\..\RunOnce: [atlei32.exe] C:\WINDOWS\system32\atlei32.exe
O4 - HKLM\..\RunOnce: [mfcmy.exe] C:\WINDOWS\system32\mfcmy.exe
O4 - HKLM\..\RunOnce: [atlmy.exe] C:\WINDOWS\atlmy.exe
O4 - HKLM\..\RunOnce: [sdkcn32.exe] C:\WINDOWS\system32\sdkcn32.exe
O4 - HKLM\..\RunOnce: [d3av32.exe] C:\WINDOWS\system32\d3av32.exe
O4 - HKLM\..\RunOnce: [javavg.exe] C:\WINDOWS\javavg.exe
O4 - HKLM\..\RunOnce: [apiuw32.exe] C:\WINDOWS\apiuw32.exe
O4 - HKLM\..\RunOnce: [addke.exe] C:\WINDOWS\system32\addke.exe
O4 - HKLM\..\RunOnce: [crjt32.exe] C:\WINDOWS\crjt32.exe
O4 - HKLM\..\RunOnce: [iphj32.exe] C:\WINDOWS\system32\iphj32.exe
O4 - HKLM\..\RunOnce: [nthr32.exe] C:\WINDOWS\system32\nthr32.exe
O4 - HKLM\..\RunOnce: [msrr32.exe] C:\WINDOWS\msrr32.exe
O4 - HKLM\..\RunOnce: [apirz.exe] C:\WINDOWS\system32\apirz.exe
O4 - HKLM\..\RunOnce: [appvd.exe] C:\WINDOWS\appvd.exe
O4 - HKLM\..\RunOnce: [ipkt32.exe] C:\WINDOWS\system32\ipkt32.exe
O4 - HKLM\..\RunOnce: [crii32.exe] C:\WINDOWS\system32\crii32.exe
O4 - HKLM\..\RunOnce: [sdkdm.exe] C:\WINDOWS\sdkdm.exe
O4 - HKLM\..\RunOnce: [atlcb32.exe] C:\WINDOWS\atlcb32.exe
O4 - HKLM\..\RunOnce: [systr32.exe] C:\WINDOWS\system32\systr32.exe
O4 - HKLM\..\RunOnce: [winaz.exe] C:\WINDOWS\system32\winaz.exe
O4 - HKLM\..\RunOnce: [sysbz.exe] C:\WINDOWS\system32\sysbz.exe
O4 - HKLM\..\RunOnce: [apizo.exe] C:\WINDOWS\apizo.exe
O4 - HKLM\..\RunOnce: [appod32.exe] C:\WINDOWS\system32\appod32.exe
O4 - HKLM\..\RunOnce: [atlzx.exe] C:\WINDOWS\system32\atlzx.exe
O4 - HKLM\..\RunOnce: [ipdt32.exe] C:\WINDOWS\ipdt32.exe
O4 - HKLM\..\RunOnce: [apinb.exe] C:\WINDOWS\system32\apinb.exe
O4 - HKLM\..\RunOnce: [nettq32.exe] C:\WINDOWS\nettq32.exe
O4 - HKLM\..\RunOnce: [apihn32.exe] C:\WINDOWS\system32\apihn32.exe
O4 - HKLM\..\RunOnce: [sysmr32.exe] C:\WINDOWS\system32\sysmr32.exe
O4 - HKLM\..\RunOnce: [nethd32.exe] C:\WINDOWS\system32\nethd32.exe
O4 - HKLM\..\RunOnce: [sdkmh.exe] C:\WINDOWS\sdkmh.exe
O4 - HKLM\..\RunOnce: [ipuh32.exe] C:\WINDOWS\system32\ipuh32.exe
O4 - HKLM\..\RunOnce: [ipje32.exe] C:\WINDOWS\ipje32.exe
O4 - HKLM\..\RunOnce: [addoa32.exe] C:\WINDOWS\addoa32.exe
O4 - HKLM\..\RunOnce: [ntjm32.exe] C:\WINDOWS\ntjm32.exe
O4 - HKLM\..\RunOnce: [javanq.exe] C:\WINDOWS\system32\javanq.exe
O4 - HKLM\..\RunOnce: [ieur32.exe] C:\WINDOWS\system32\ieur32.exe
O4 - HKLM\..\RunOnce: [crya32.exe] C:\WINDOWS\system32\crya32.exe
O4 - HKLM\..\RunOnce: [d3yi.exe] C:\WINDOWS\d3yi.exe
O4 - HKLM\..\RunOnce: [crgi.exe] C:\WINDOWS\system32\crgi.exe
O4 - HKLM\..\RunOnce: [winwf32.exe] C:\WINDOWS\winwf32.exe
O4 - HKLM\..\RunOnce: [mfcmn32.exe] C:\WINDOWS\mfcmn32.exe
O4 - HKLM\..\RunOnce: [apphq.exe] C:\WINDOWS\system32\apphq.exe
O4 - HKLM\..\RunOnce: [d3og32.exe] C:\WINDOWS\system32\d3og32.exe
O4 - HKLM\..\RunOnce: [sdkee.exe] C:\WINDOWS\sdkee.exe
O4 - HKLM\..\RunOnce: [ntne.exe] C:\WINDOWS\ntne.exe
O4 - HKLM\..\RunOnce: [ntiv32.exe] C:\WINDOWS\ntiv32.exe
O4 - HKLM\..\RunOnce: [atlmr32.exe] C:\WINDOWS\atlmr32.exe
O4 - HKLM\..\RunOnce: [sdkpd32.exe] C:\WINDOWS\sdkpd32.exe
O4 - HKLM\..\RunOnce: [d3uh.exe] C:\WINDOWS\system32\d3uh.exe
O4 - HKLM\..\RunOnce: [javavi32.exe] C:\WINDOWS\javavi32.exe
O4 - HKLM\..\RunOnce: [javajf32.exe] C:\WINDOWS\system32\javajf32.exe
O4 - HKLM\..\RunOnce: [mfcoj32.exe] C:\WINDOWS\system32\mfcoj32.exe
O4 - HKLM\..\RunOnce: [crrv32.exe] C:\WINDOWS\system32\crrv32.exe
O4 - HKLM\..\RunOnce: [iewz.exe] C:\WINDOWS\iewz.exe
O4 - HKLM\..\RunOnce: [d3xz32.exe] C:\WINDOWS\system32\d3xz32.exe
O4 - HKLM\..\RunOnce: [d3lw.exe] C:\WINDOWS\d3lw.exe
O4 - HKLM\..\RunOnce: [d3rl.exe] C:\WINDOWS\d3rl.exe
O4 - HKLM\..\RunOnce: [netfp.exe] C:\WINDOWS\system32\netfp.exe
O4 - HKLM\..\RunOnce: [mszb.exe] C:\WINDOWS\mszb.exe
O4 - HKLM\..\RunOnce: [javaoi.exe] C:\WINDOWS\javaoi.exe
O4 - HKLM\..\RunOnce: [netzb32.exe] C:\WINDOWS\system32\netzb32.exe
O4 - HKLM\..\RunOnce: [ipku.exe] C:\WINDOWS\ipku.exe
O4 - HKLM\..\RunOnce: [croy.exe] C:\WINDOWS\croy.exe
O4 - HKLM\..\RunOnce: [syshr32.exe] C:\WINDOWS\syshr32.exe
O4 - HKLM\..\RunOnce: [msca32.exe] C:\WINDOWS\msca32.exe
O4 - HKLM\..\RunOnce: [iewl.exe] C:\WINDOWS\system32\iewl.exe
O4 - HKLM\..\RunOnce: [atlrp.exe] C:\WINDOWS\system32\atlrp.exe
O4 - HKLM\..\RunOnce: [netkq32.exe] C:\WINDOWS\system32\netkq32.exe
O4 - HKLM\..\RunOnce: [javaay.exe] C:\WINDOWS\system32\javaay.exe
O4 - HKLM\..\RunOnce: [ieec32.exe] C:\WINDOWS\system32\ieec32.exe
O4 - HKLM\..\RunOnce: [croc.exe] C:\WINDOWS\system32\croc.exe
O4 - HKLM\..\RunOnce: [d3tz32.exe] C:\WINDOWS\system32\d3tz32.exe
O4 - HKLM\..\RunOnce: [criw32.exe] C:\WINDOWS\system32\criw32.exe
O4 - HKLM\..\RunOnce: [netns32.exe] C:\WINDOWS\system32\netns32.exe
O4 - HKLM\..\RunOnce: [d3ie32.exe] C:\WINDOWS\d3ie32.exe
O4 - HKLM\..\RunOnce: [sysmi.exe] C:\WINDOWS\sysmi.exe
O4 - HKLM\..\RunOnce: [ievi32.exe] C:\WINDOWS\ievi32.exe
O4 - HKLM\..\RunOnce: [mskf32.exe] C:\WINDOWS\mskf32.exe
O4 - HKLM\..\RunOnce: [ntpb32.exe] C:\WINDOWS\ntpb32.exe
O4 - HKLM\..\RunOnce: [addor.exe] C:\WINDOWS\system32\addor.exe
O4 - HKLM\..\RunOnce: [winxa32.exe] C:\WINDOWS\winxa32.exe
O4 - HKLM\..\RunOnce: [sysep32.exe] C:\WINDOWS\system32\sysep32.exe
O4 - HKLM\..\RunOnce: [sdkit.exe] C:\WINDOWS\system32\sdkit.exe
O4 - HKLM\..\RunOnce: [netmx.exe] C:\WINDOWS\netmx.exe
O4 - HKLM\..\RunOnce: [d3cu32.exe] C:\WINDOWS\system32\d3cu32.exe
O4 - HKLM\..\RunOnce: [sysac32.exe] C:\WINDOWS\sysac32.exe
O4 - HKLM\..\RunOnce: [msvf.exe] C:\WINDOWS\msvf.exe
O4 - HKLM\..\RunOnce: [ntuv32.exe] C:\WINDOWS\ntuv32.exe
O4 - HKLM\..\RunOnce: [netpz.exe] C:\WINDOWS\netpz.exe
O4 - HKLM\..\RunOnce: [winoo32.exe] C:\WINDOWS\winoo32.exe
O4 - HKLM\..\RunOnce: [d3me.exe] C:\WINDOWS\system32\d3me.exe
O4 - HKLM\..\RunOnce: [iplu32.exe] C:\WINDOWS\system32\iplu32.exe
O4 - HKLM\..\RunOnce: [atlbj32.exe] C:\WINDOWS\atlbj32.exe
O4 - HKLM\..\RunOnce: [atljr.exe] C:\WINDOWS\atljr.exe
O4 - HKLM\..\RunOnce: [appkr.exe] C:\WINDOWS\system32\appkr.exe
O4 - HKLM\..\RunOnce: [ntzg32.exe] C:\WINDOWS\ntzg32.exe
O4 - HKLM\..\RunOnce: [cryw32.exe] C:\WINDOWS\cryw32.exe
O4 - HKLM\..\RunOnce: [sdkta.exe] C:\WINDOWS\system32\sdkta.exe
O4 - HKLM\..\RunOnce: [mfcsp32.exe] C:\WINDOWS\mfcsp32.exe
O4 - HKLM\..\RunOnce: [javavz32.exe] C:\WINDOWS\javavz32.exe
O4 - HKLM\..\RunOnce: [appqk.exe] C:\WINDOWS\appqk.exe
O4 - HKLM\..\RunOnce: [netal32.exe] C:\WINDOWS\netal32.exe
O4 - HKLM\..\RunOnce: [sdkqt.exe] C:\WINDOWS\sdkqt.exe
O4 - HKLM\..\RunOnce: [msux32.exe] C:\WINDOWS\system32\msux32.exe
O4 - HKLM\..\RunOnce: [crex.exe] C:\WINDOWS\crex.exe
O4 - HKLM\..\RunOnce: [crju32.exe] C:\WINDOWS\system32\crju32.exe
O4 - HKLM\..\RunOnce: [cryr32.exe] C:\WINDOWS\cryr32.exe
O4 - HKLM\..\RunOnce: [apidn32.exe] C:\WINDOWS\apidn32.exe
O4 - HKLM\..\RunOnce: [d3yz32.exe] C:\WINDOWS\d3yz32.exe
O4 - HKLM\..\RunOnce: [ield.exe] C:\WINDOWS\system32\ield.exe
O4 - HKLM\..\RunOnce: [msld32.exe] C:\WINDOWS\msld32.exe
O4 - HKLM\..\RunOnce: [msaa32.exe] C:\WINDOWS\system32\msaa32.exe
O4 - HKLM\..\RunOnce: [ipfw32.exe] C:\WINDOWS\system32\ipfw32.exe
O4 - HKLM\..\RunOnce: [msai32.exe] C:\WINDOWS\system32\msai32.exe
O4 - HKLM\..\RunOnce: [winem.exe] C:\WINDOWS\winem.exe
O4 - HKLM\..\RunOnce: [sysnn32.exe] C:\WINDOWS\system32\sysnn32.exe
O4 - HKLM\..\RunOnce: [ieck32.exe] C:\WINDOWS\ieck32.exe
O4 - HKLM\..\RunOnce: [sdkgg.exe] C:\WINDOWS\sdkgg.exe
O4 - HKLM\..\RunOnce: [apiks.exe] C:\WINDOWS\apiks.exe
O4 - HKLM\..\RunOnce: [crah32.exe] C:\WINDOWS\system32\crah32.exe
O4 - HKLM\..\RunOnce: [sysqo32.exe] C:\WINDOWS\system32\sysqo32.exe
O4 - HKLM\..\RunOnce: [msla.exe] C:\WINDOWS\system32\msla.exe
O4 - HKLM\..\RunOnce: [ipkq32.exe] C:\WINDOWS\system32\ipkq32.exe
O4 - HKLM\..\RunOnce: [atlix32.exe] C:\WINDOWS\atlix32.exe
O4 - HKLM\..\RunOnce: [mfcin.exe] C:\WINDOWS\mfcin.exe
O4 - HKLM\..\RunOnce: [atlro.exe] C:\WINDOWS\system32\atlro.exe
O4 - HKLM\..\RunOnce: [ntgd.exe] C:\WINDOWS\ntgd.exe
O4 - HKLM\..\RunOnce: [apiws32.exe] C:\WINDOWS\apiws32.exe
O4 - HKLM\..\RunOnce: [iphd.exe] C:\WINDOWS\system32\iphd.exe
O4 - HKLM\..\RunOnce: [crlh32.exe] C:\WINDOWS\system32\crlh32.exe
O4 - HKLM\..\RunOnce: [ntvi.exe] C:\WINDOWS\system32\ntvi.exe
O4 - HKLM\..\RunOnce: [sdkae32.exe] C:\WINDOWS\system32\sdkae32.exe
O4 - HKLM\..\RunOnce: [sdkpb32.exe] C:\WINDOWS\sdkpb32.exe
O4 - HKLM\..\RunOnce: [ieza.exe] C:\WINDOWS\system32\ieza.exe
O4 - HKLM\..\RunOnce: [addra.exe] C:\WINDOWS\system32\addra.exe
O4 - HKLM\..\RunOnce: [cria32.exe] C:\WINDOWS\system32\cria32.exe
O4 - HKLM\..\RunOnce: [appxp.exe] C:\WINDOWS\system32\appxp.exe
O4 - HKLM\..\RunOnce: [mfcwx32.exe] C:\WINDOWS\mfcwx32.exe
O4 - HKLM\..\RunOnce: [iepy32.exe] C:\WINDOWS\system32\iepy32.exe
O4 - HKLM\..\RunOnce: [syspg.exe] C:\WINDOWS\system32\syspg.exe
O4 - HKLM\..\RunOnce: [msyg.exe] C:\WINDOWS\msyg.exe
O4 - HKLM\..\RunOnce: [atlnv32.exe] C:\WINDOWS\system32\atlnv32.exe
O4 - HKLM\..\RunOnce: [ipel32.exe] C:\WINDOWS\system32\ipel32.exe
O4 - HKLM\..\RunOnce: [sysye32.exe] C:\WINDOWS\sysye32.exe
O4 - HKLM\..\RunOnce: [crwu32.exe] C:\WINDOWS\system32\crwu32.exe
O4 - HKLM\..\RunOnce: [d3wc.exe] C:\WINDOWS\d3wc.exe
O4 - HKLM\..\RunOnce: [crec.exe] C:\WINDOWS\system32\crec.exe
O4 - HKLM\..\RunOnce: [winur32.exe] C:\WINDOWS\winur32.exe
O4 - HKLM\..\RunOnce: [mfckg32.exe] C:\WINDOWS\mfckg32.exe
O4 - HKLM\..\RunOnce: [appnk.exe] C:\WINDOWS\system32\appnk.exe
O4 - HKLM\..\RunOnce: [d3ma32.exe] C:\WINDOWS\system32\d3ma32.exe
O4 - HKLM\..\RunOnce: [ntcp32.exe] C:\WINDOWS\ntcp32.exe
O4 - HKLM\..\RunOnce: [crhu32.exe] C:\WINDOWS\system32\crhu32.exe
O4 - HKLM\..\RunOnce: [atlhu.exe] C:\WINDOWS\atlhu.exe
O4 - HKLM\..\RunOnce: [winlg32.exe] C:\WINDOWS\system32\winlg32.exe
O4 - HKLM\..\RunOnce: [d3jn.exe] C:\WINDOWS\d3jn.exe
O4 - HKLM\..\RunOnce: [ipid32.exe] C:\WINDOWS\ipid32.exe
O4 - HKLM\..\RunOnce: [appys32.exe] C:\WINDOWS\system32\appys32.exe
O4 - HKLM\..\RunOnce: [atlgi.exe] C:\WINDOWS\system32\atlgi.exe
O4 - HKLM\..\RunOnce: [apphj.exe] C:\WINDOWS\apphj.exe
O4 - HKLM\..\RunOnce: [sdkqp32.exe] C:\WINDOWS\sdkqp32.exe
O4 - HKLM\..\RunOnce: [apiow.exe] C:\WINDOWS\system32\apiow.exe
O4 - HKLM\..\RunOnce: [sdkgu.exe] C:\WINDOWS\sdkgu.exe
O4 - HKLM\..\RunOnce: [mssw.exe] C:\WINDOWS\system32\mssw.exe
O4 - HKLM\..\RunOnce: [ieyl32.exe] C:\WINDOWS\system32\ieyl32.exe
O4 - HKLM\..\RunOnce: [ieuy32.exe] C:\WINDOWS\ieuy32.exe
O4 - HKLM\..\RunOnce: [sysoz32.exe] C:\WINDOWS\system32\sysoz32.exe
O4 - HKLM\..\RunOnce: [netxz.exe] C:\WINDOWS\system32\netxz.exe
O4 - HKLM\..\RunOnce: [msyi.exe] C:\WINDOWS\system32\msyi.exe
O4 - HKLM\..\RunOnce: [ntfx32.exe] C:\WINDOWS\ntfx32.exe
O4 - HKLM\..\RunOnce: [mfcvn32.exe] C:\WINDOWS\mfcvn32.exe
O4 - HKLM\..\RunOnce: [apivv.exe] C:\WINDOWS\system32\apivv.exe
O4 - HKLM\..\RunOnce: [atlev.exe] C:\WINDOWS\atlev.exe
O4 - HKLM\..\RunOnce: [sdkts.exe] C:\WINDOWS\system32\sdkts.exe
O4 - HKLM\..\RunOnce: [netiz32.exe] C:\WINDOWS\system32\netiz32.exe
O4 - HKLM\..\RunOnce: [ntct.exe] C:\WINDOWS\ntct.exe
O4 - HKLM\..\RunOnce: [netdr.exe] C:\WINDOWS\system32\netdr.exe
O4 - HKLM\..\RunOnce: [addkg32.exe] C:\WINDOWS\system32\addkg32.exe
O4 - HKLM\..\RunOnce: [appmv32.exe] C:\WINDOWS\appmv32.exe
O4 - HKLM\..\RunOnce: [winph.exe] C:\WINDOWS\system32\winph.exe
O4 - HKLM\..\RunOnce: [iekp32.exe] C:\WINDOWS\system32\iekp32.exe
O4 - HKLM\..\RunOnce: [javaif32.exe] C:\WINDOWS\javaif32.exe
O4 - HKLM\..\RunOnce: [netpq.exe] C:\WINDOWS\system32\netpq.exe
O4 - HKLM\..\RunOnce: [crnx32.exe] C:\WINDOWS\crnx32.exe
O4 - HKLM\..\RunOnce: [apifz32.exe] C:\WINDOWS\apifz32.exe
O4 - HKLM\..\RunOnce: [msoq32.exe] C:\WINDOWS\system32\msoq32.exe
O4 - HKLM\..\RunOnce: [atljb32.exe] C:\WINDOWS\system32\atljb32.exe
O4 - HKLM\..\RunOnce: [netng.exe] C:\WINDOWS\netng.exe
O4 - HKLM\..\RunOnce: [ipky.exe] C:\WINDOWS\system32\ipky.exe
O4 - HKLM\..\RunOnce: [winyv.exe] C:\WINDOWS\winyv.exe
O4 - HKCU\..\Run: [Fpdxeb] C:\WINDOWS\system32\t?skmgr.exe
O4 - HKCU\..\Run: [ewo9ROHFR] pstskres.exe
O4 - HKCU\..\Run: [Aeat] C:\Documents and Settings\Administrator\Application Data\coad.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [AIM] D:\Program Files\aim.exe -cnetwait.odl
O4 - Startup: Desktop Navigator.lnk = C:\Program Files\Netscape\Desktop Navigator\dtnav.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Adobe Acrobat

6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM

Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search -

http://bar.mywebsearch.com/menusearch.html?p=ZNxdm973YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program

Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted IP range: 209.8.20.130
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\k4440ehqeh4e0.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner -

C:\WINDOWS\crmq32.exe (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - D:\Program Files\Adobe\Adobe Version

Cue\service\VersionCue.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common

Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Reset 5 - Unknown owner - C:\WINDOWS\system32\srvany.exe

Shadow2018 · May 2005

Start by getting aboutbuster from www.majorgeeks.com. Read the instructions on how to use it before you run it. Run it. Also get CWShredder from majorgeeks but do not run it yet.

Then make sure your ad-aware and spybot programs are updated with the latest definition files. Boot up in safe mode with networking. Run ad-aware, CWS and spybot while in safe mode. Then run these online scans in safe mode if the system wil let you have internet access from safe mode.

Housecall @trendmicro.com
Activescan@pandasoftware.com

Post a new log when finished.

AgentFitz · May 2005

hey hey - thanks so much for your help so far shadow. I was able to install and run cwshredder and about:buster and I checked for updates and re-ran spybot and adaware in safe mode like you directed. I had problems running the online virus scans though, housecall said I was missing necessary components for the scan (?) and the panda software scan said "connection was refused when attempting to contact.....etc." - so not sure what's up with that. anyhow, here is the new log-file:

Logfile of HijackThis v1.99.1
Scan saved at 10:21:50 PM, on 5/12/2005
Platform: Windows 2003 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
D:\Agent Fitz\Downloads\Hijack This\CWShredder\CWShredder.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
D:\Agent Fitz\Downloads\Hijack This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\9l6vmx2l.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\9l6vmx2l.slt\prefs.js)
O2 - BHO: Class - {3486A396-7595-B288-69FC-2B5649058C5B} - C:\WINDOWS\system32\javara.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdobeVersionCue] D:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [ecnzhc] C:\WINDOWS\system32\ecnzhc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AD Killer] D:\Program Files\AD Killer\adkiller.exe
O4 - HKLM\..\Run: [Ad Muncher] D:\Program Files\AdMunch.exe /bt
O4 - HKLM\..\Run: [iebd32.exe] C:\WINDOWS\system32\iebd32.exe
O4 - HKLM\..\RunOnce: [atlay32.exe] C:\WINDOWS\atlay32.exe
O4 - HKLM\..\RunOnce: [sdknh32.exe] C:\WINDOWS\sdknh32.exe
O4 - HKLM\..\RunOnce: [addwn.exe] C:\WINDOWS\system32\addwn.exe
O4 - HKLM\..\RunOnce: [sysfo32.exe] C:\WINDOWS\system32\sysfo32.exe
O4 - HKLM\..\RunOnce: [ieuj.exe] C:\WINDOWS\ieuj.exe
O4 - HKLM\..\RunOnce: [iepa.exe] C:\WINDOWS\system32\iepa.exe
O4 - HKLM\..\RunOnce: [sysxi32.exe] C:\WINDOWS\system32\sysxi32.exe
O4 - HKLM\..\RunOnce: [netas32.exe] C:\WINDOWS\netas32.exe
O4 - HKLM\..\RunOnce: [javaea32.exe] C:\WINDOWS\javaea32.exe
O4 - HKLM\..\RunOnce: [netuq32.exe] C:\WINDOWS\system32\netuq32.exe
O4 - HKLM\..\RunOnce: [ipcy32.exe] C:\WINDOWS\system32\ipcy32.exe
O4 - HKLM\..\RunOnce: [d3ey32.exe] C:\WINDOWS\d3ey32.exe
O4 - HKLM\..\RunOnce: [mfcmg.exe] C:\WINDOWS\system32\mfcmg.exe
O4 - HKLM\..\RunOnce: [addhl.exe] C:\WINDOWS\addhl.exe
O4 - HKLM\..\RunOnce: [netfa32.exe] C:\WINDOWS\system32\netfa32.exe
O4 - HKLM\..\RunOnce: [javavh32.exe] C:\WINDOWS\system32\javavh32.exe
O4 - HKLM\..\RunOnce: [ntqt.exe] C:\WINDOWS\ntqt.exe
O4 - HKLM\..\RunOnce: [apppj32.exe] C:\WINDOWS\apppj32.exe
O4 - HKLM\..\RunOnce: [ieny32.exe] C:\WINDOWS\system32\ieny32.exe
O4 - HKLM\..\RunOnce: [sysng.exe] C:\WINDOWS\sysng.exe
O4 - HKLM\..\RunOnce: [iewg.exe] C:\WINDOWS\system32\iewg.exe
O4 - HKLM\..\RunOnce: [mfclv.exe] C:\WINDOWS\mfclv.exe
O4 - HKLM\..\RunOnce: [addbl32.exe] C:\WINDOWS\system32\addbl32.exe
O4 - HKLM\..\RunOnce: [appmw.exe] C:\WINDOWS\system32\appmw.exe
O4 - HKLM\..\RunOnce: [netqa32.exe] C:\WINDOWS\netqa32.exe
O4 - HKLM\..\RunOnce: [mfcai.exe] C:\WINDOWS\system32\mfcai.exe
O4 - HKLM\..\RunOnce: [apifx32.exe] C:\WINDOWS\apifx32.exe
O4 - HKLM\..\RunOnce: [mfcuu32.exe] C:\WINDOWS\system32\mfcuu32.exe
O4 - HKLM\..\RunOnce: [iezq32.exe] C:\WINDOWS\system32\iezq32.exe
O4 - HKLM\..\RunOnce: [apiuk32.exe] C:\WINDOWS\system32\apiuk32.exe
O4 - HKLM\..\RunOnce: [ntgg.exe] C:\WINDOWS\ntgg.exe
O4 - HKLM\..\RunOnce: [netho32.exe] C:\WINDOWS\system32\netho32.exe
O4 - HKLM\..\RunOnce: [netwd32.exe] C:\WINDOWS\netwd32.exe
O4 - HKLM\..\RunOnce: [ipwt32.exe] C:\WINDOWS\ipwt32.exe
O4 - HKLM\..\RunOnce: [crfm32.exe] C:\WINDOWS\crfm32.exe
O4 - HKLM\..\RunOnce: [mfcfu.exe] C:\WINDOWS\system32\mfcfu.exe
O4 - HKLM\..\RunOnce: [addjg.exe] C:\WINDOWS\system32\addjg.exe
O4 - HKLM\..\RunOnce: [netyv32.exe] C:\WINDOWS\netyv32.exe
O4 - HKLM\..\RunOnce: [javaxc.exe] C:\WINDOWS\javaxc.exe
O4 - HKLM\..\RunOnce: [ietg32.exe] C:\WINDOWS\ietg32.exe
O4 - HKLM\..\RunOnce: [crch.exe] C:\WINDOWS\crch.exe
O4 - HKLM\..\RunOnce: [d3qd32.exe] C:\WINDOWS\d3qd32.exe
O4 - HKLM\..\RunOnce: [crwa32.exe] C:\WINDOWS\system32\crwa32.exe
O4 - HKLM\..\RunOnce: [netbx32.exe] C:\WINDOWS\netbx32.exe
O4 - HKLM\..\RunOnce: [d3ei32.exe] C:\WINDOWS\system32\d3ei32.exe
O4 - HKLM\..\RunOnce: [sysjn.exe] C:\WINDOWS\sysjn.exe
O4 - HKLM\..\RunOnce: [iekn32.exe] C:\WINDOWS\system32\iekn32.exe
O4 - HKLM\..\RunOnce: [msyk32.exe] C:\WINDOWS\msyk32.exe
O4 - HKLM\..\RunOnce: [appii.exe] C:\WINDOWS\system32\appii.exe
O4 - HKLM\..\RunOnce: [netbb.exe] C:\WINDOWS\system32\netbb.exe
O4 - HKLM\..\RunOnce: [syssj32.exe] C:\WINDOWS\system32\syssj32.exe
O4 - HKLM\..\RunOnce: [netgy.exe] C:\WINDOWS\system32\netgy.exe
O4 - HKLM\..\RunOnce: [sdkff32.exe] C:\WINDOWS\sdkff32.exe
O4 - HKLM\..\RunOnce: [appzh32.exe] C:\WINDOWS\appzh32.exe
O4 - HKLM\..\RunOnce: [atlzp.exe] C:\WINDOWS\system32\atlzp.exe
O4 - HKLM\..\RunOnce: [apphp.exe] C:\WINDOWS\apphp.exe
O4 - HKLM\..\RunOnce: [ntxe32.exe] C:\WINDOWS\system32\ntxe32.exe
O4 - HKLM\..\RunOnce: [crnt32.exe] C:\WINDOWS\system32\crnt32.exe
O4 - HKLM\..\RunOnce: [sdkix.exe] C:\WINDOWS\sdkix.exe
O4 - HKLM\..\RunOnce: [mfchn32.exe] C:\WINDOWS\mfchn32.exe
O4 - HKLM\..\RunOnce: [winfc32.exe] C:\WINDOWS\system32\winfc32.exe
O4 - HKLM\..\RunOnce: [winfk.exe] C:\WINDOWS\system32\winfk.exe
O4 - HKLM\..\RunOnce: [sysol.exe] C:\WINDOWS\sysol.exe
O4 - HKLM\..\RunOnce: [apida32.exe] C:\WINDOWS\system32\apida32.exe
O4 - HKLM\..\RunOnce: [ntuh32.exe] C:\WINDOWS\system32\ntuh32.exe
O4 - HKLM\..\RunOnce: [netxt.exe] C:\WINDOWS\system32\netxt.exe
O4 - HKLM\..\RunOnce: [addwj32.exe] C:\WINDOWS\system32\addwj32.exe
O4 - HKLM\..\RunOnce: [msmy32.exe] C:\WINDOWS\msmy32.exe
O4 - HKLM\..\RunOnce: [iemg.exe] C:\WINDOWS\iemg.exe
O4 - HKLM\..\RunOnce: [d3ug.exe] C:\WINDOWS\system32\d3ug.exe
O4 - HKLM\..\RunOnce: [appkw32.exe] C:\WINDOWS\appkw32.exe
O4 - HKLM\..\RunOnce: [apiad32.exe] C:\WINDOWS\apiad32.exe
O4 - HKLM\..\RunOnce: [atldp.exe] C:\WINDOWS\atldp.exe
O4 - HKLM\..\RunOnce: [iece32.exe] C:\WINDOWS\iece32.exe
O4 - HKLM\..\RunOnce: [javasm.exe] C:\WINDOWS\system32\javasm.exe
O4 - HKLM\..\RunOnce: [mfcrc32.exe] C:\WINDOWS\system32\mfcrc32.exe
O4 - HKLM\..\RunOnce: [winpr32.exe] C:\WINDOWS\winpr32.exe
O4 - HKLM\..\RunOnce: [addph32.exe] C:\WINDOWS\addph32.exe
O4 - HKLM\..\RunOnce: [netza32.exe] C:\WINDOWS\system32\netza32.exe
O4 - HKLM\..\RunOnce: [iezi.exe] C:\WINDOWS\iezi.exe
O4 - HKLM\..\RunOnce: [crdm.exe] C:\WINDOWS\system32\crdm.exe
O4 - HKLM\..\RunOnce: [addsj32.exe] C:\WINDOWS\addsj32.exe
O4 - HKLM\..\RunOnce: [mfciq32.exe] C:\WINDOWS\mfciq32.exe
O4 - HKLM\..\RunOnce: [appmu.exe] C:\WINDOWS\system32\appmu.exe
O4 - HKLM\..\RunOnce: [mskk32.exe] C:\WINDOWS\system32\mskk32.exe
O4 - HKLM\..\RunOnce: [sdkbz32.exe] C:\WINDOWS\sdkbz32.exe
O4 - HKLM\..\RunOnce: [sdkjh.exe] C:\WINDOWS\system32\sdkjh.exe
O4 - HKLM\..\RunOnce: [ntjh.exe] C:\WINDOWS\ntjh.exe
O4 - HKLM\..\RunOnce: [iezf32.exe] C:\WINDOWS\system32\iezf32.exe
O4 - HKLM\..\RunOnce: [d3cg.exe] C:\WINDOWS\d3cg.exe
O4 - HKLM\..\RunOnce: [ipnz32.exe] C:\WINDOWS\system32\ipnz32.exe
O4 - HKLM\..\RunOnce: [ntgs.exe] C:\WINDOWS\system32\ntgs.exe
O4 - HKLM\..\RunOnce: [msco.exe] C:\WINDOWS\msco.exe
O4 - HKLM\..\RunOnce: [winvp32.exe] C:\WINDOWS\system32\winvp32.exe
O4 - HKLM\..\RunOnce: [mfclw.exe] C:\WINDOWS\system32\mfclw.exe
O4 - HKLM\..\RunOnce: [ntpa32.exe] C:\WINDOWS\ntpa32.exe
O4 - HKLM\..\RunOnce: [apiyb.exe] C:\WINDOWS\system32\apiyb.exe
O4 - HKLM\..\RunOnce: [netey32.exe] C:\WINDOWS\netey32.exe
O4 - HKLM\..\RunOnce: [apisu32.exe] C:\WINDOWS\system32\apisu32.exe
O4 - HKLM\..\RunOnce: [netsc32.exe] C:\WINDOWS\system32\netsc32.exe
O4 - HKLM\..\RunOnce: [crcd32.exe] C:\WINDOWS\system32\crcd32.exe
O4 - HKLM\..\RunOnce: [mfccl.exe] C:\WINDOWS\mfccl.exe
O4 - HKLM\..\RunOnce: [wingp.exe] C:\WINDOWS\wingp.exe
O4 - HKLM\..\RunOnce: [netve32.exe] C:\WINDOWS\system32\netve32.exe
O4 - HKLM\..\RunOnce: [sdklu.exe] C:\WINDOWS\system32\sdklu.exe
O4 - HKLM\..\RunOnce: [iepq32.exe] C:\WINDOWS\system32\iepq32.exe
O4 - HKLM\..\RunOnce: [crzy.exe] C:\WINDOWS\system32\crzy.exe
O4 - HKLM\..\RunOnce: [d3fn32.exe] C:\WINDOWS\system32\d3fn32.exe
O4 - HKLM\..\RunOnce: [crtk32.exe] C:\WINDOWS\crtk32.exe
O4 - HKLM\..\RunOnce: [netyg32.exe] C:\WINDOWS\system32\netyg32.exe
O4 - HKLM\..\RunOnce: [d3ba.exe] C:\WINDOWS\d3ba.exe
O4 - HKLM\..\RunOnce: [sdkxe32.exe] C:\WINDOWS\sdkxe32.exe
O4 - HKLM\..\RunOnce: [mfcvt.exe] C:\WINDOWS\system32\mfcvt.exe
O4 - HKLM\..\RunOnce: [sysuj32.exe] C:\WINDOWS\sysuj32.exe
O4 - HKLM\..\RunOnce: [crky32.exe] C:\WINDOWS\crky32.exe
O4 - HKLM\..\RunOnce: [d3sg.exe] C:\WINDOWS\system32\d3sg.exe
O4 - HKLM\..\RunOnce: [javath.exe] C:\WINDOWS\javath.exe
O4 - HKLM\..\RunOnce: [winqw32.exe] C:\WINDOWS\system32\winqw32.exe
O4 - HKLM\..\RunOnce: [mfcgd32.exe] C:\WINDOWS\system32\mfcgd32.exe
O4 - HKLM\..\RunOnce: [appcp.exe] C:\WINDOWS\appcp.exe
O4 - HKLM\..\RunOnce: [d3bf32.exe] C:\WINDOWS\d3bf32.exe
O4 - HKLM\..\RunOnce: [ntzm32.exe] C:\WINDOWS\system32\ntzm32.exe
O4 - HKLM\..\RunOnce: [sdkzc.exe] C:\WINDOWS\system32\sdkzc.exe
O4 - HKLM\..\RunOnce: [nthc.exe] C:\WINDOWS\system32\nthc.exe
O4 - HKLM\..\RunOnce: [msxr32.exe] C:\WINDOWS\msxr32.exe
O4 - HKLM\..\RunOnce: [addnz32.exe] C:\WINDOWS\system32\addnz32.exe
O4 - HKLM\..\RunOnce: [sysil.exe] C:\WINDOWS\system32\sysil.exe
O4 - HKLM\..\RunOnce: [sdkha32.exe] C:\WINDOWS\system32\sdkha32.exe
O4 - HKLM\..\RunOnce: [apifi.exe] C:\WINDOWS\apifi.exe
O4 - HKLM\..\RunOnce: [winex32.exe] C:\WINDOWS\winex32.exe
O4 - HKLM\..\RunOnce: [d3un32.exe] C:\WINDOWS\system32\d3un32.exe
O4 - HKLM\..\RunOnce: [d3cv32.exe] C:\WINDOWS\system32\d3cv32.exe
O4 - HKLM\..\RunOnce: [addmv32.exe] C:\WINDOWS\addmv32.exe
O4 - HKLM\..\RunOnce: [javamd.exe] C:\WINDOWS\javamd.exe
O4 - HKLM\..\RunOnce: [netqh.exe] C:\WINDOWS\netqh.exe
O4 - HKLM\..\RunOnce: [d3ff32.exe] C:\WINDOWS\system32\d3ff32.exe
O4 - HKLM\..\RunOnce: [winvm32.exe] C:\WINDOWS\system32\winvm32.exe
O4 - HKLM\..\RunOnce: [ieqq.exe] C:\WINDOWS\system32\ieqq.exe
O4 - HKLM\..\RunOnce: [ntpg32.exe] C:\WINDOWS\system32\ntpg32.exe
O4 - HKLM\..\RunOnce: [mfcov32.exe] C:\WINDOWS\mfcov32.exe
O4 - HKLM\..\RunOnce: [apind.exe] C:\WINDOWS\apind.exe
O4 - HKLM\..\RunOnce: [mfcwd.exe] C:\WINDOWS\system32\mfcwd.exe
O4 - HKLM\..\RunOnce: [sdkma32.exe] C:\WINDOWS\sdkma32.exe
O4 - HKLM\..\RunOnce: [msci32.exe] C:\WINDOWS\msci32.exe
O4 - HKLM\..\RunOnce: [crfm.exe] C:\WINDOWS\system32\crfm.exe
O4 - HKLM\..\RunOnce: [apieb32.exe] C:\WINDOWS\apieb32.exe
O4 - HKLM\..\RunOnce: [addur.exe] C:\WINDOWS\system32\addur.exe
O4 - HKLM\..\RunOnce: [d3tg32.exe] C:\WINDOWS\system32\d3tg32.exe
O4 - HKLM\..\RunOnce: [ntro32.exe] C:\WINDOWS\ntro32.exe
O4 - HKLM\..\RunOnce: [msbw32.exe] C:\WINDOWS\system32\msbw32.exe
O4 - HKLM\..\RunOnce: [netbe.exe] C:\WINDOWS\netbe.exe
O4 - HKLM\..\RunOnce: [appfi.exe] C:\WINDOWS\system32\appfi.exe
O4 - HKLM\..\RunOnce: [atlza32.exe] C:\WINDOWS\system32\atlza32.exe
O4 - HKLM\..\RunOnce: [msee32.exe] C:\WINDOWS\system32\msee32.exe
O4 - HKLM\..\RunOnce: [atlhq32.exe] C:\WINDOWS\atlhq32.exe
O4 - HKLM\..\RunOnce: [netmu.exe] C:\WINDOWS\netmu.exe
O4 - HKLM\..\RunOnce: [apinu32.exe] C:\WINDOWS\apinu32.exe
O4 - HKLM\..\RunOnce: [netgg32.exe] C:\WINDOWS\system32\netgg32.exe
O4 - HKLM\..\RunOnce: [addlc32.exe] C:\WINDOWS\addlc32.exe
O4 - HKLM\..\RunOnce: [ipgw.exe] C:\WINDOWS\system32\ipgw.exe
O4 - HKLM\..\RunOnce: [mfcka32.exe] C:\WINDOWS\mfcka32.exe
O4 - HKLM\..\RunOnce: [winip.exe] C:\WINDOWS\system32\winip.exe
O4 - HKLM\..\RunOnce: [javahf32.exe] C:\WINDOWS\system32\javahf32.exe
O4 - HKLM\..\RunOnce: [netxm32.exe] C:\WINDOWS\netxm32.exe
O4 - HKLM\..\RunOnce: [ipxc.exe] C:\WINDOWS\ipxc.exe
O4 - HKLM\..\RunOnce: [netgc.exe] C:\WINDOWS\system32\netgc.exe
O4 - HKLM\..\RunOnce: [crvs32.exe] C:\WINDOWS\crvs32.exe
O4 - HKLM\..\RunOnce: [syslz32.exe] C:\WINDOWS\syslz32.exe
O4 - HKLM\..\RunOnce: [msol.exe] C:\WINDOWS\msol.exe
O4 - HKLM\..\RunOnce: [ntna32.exe] C:\WINDOWS\ntna32.exe
O4 - HKLM\..\RunOnce: [atlei32.exe] C:\WINDOWS\system32\atlei32.exe
O4 - HKLM\..\RunOnce: [mfcmy.exe] C:\WINDOWS\system32\mfcmy.exe
O4 - HKLM\..\RunOnce: [atlmy.exe] C:\WINDOWS\atlmy.exe
O4 - HKLM\..\RunOnce: [sdkcn32.exe] C:\WINDOWS\system32\sdkcn32.exe
O4 - HKLM\..\RunOnce: [d3av32.exe] C:\WINDOWS\system32\d3av32.exe
O4 - HKLM\..\RunOnce: [javavg.exe] C:\WINDOWS\javavg.exe
O4 - HKLM\..\RunOnce: [apiuw32.exe] C:\WINDOWS\apiuw32.exe
O4 - HKLM\..\RunOnce: [addke.exe] C:\WINDOWS\system32\addke.exe
O4 - HKLM\..\RunOnce: [crjt32.exe] C:\WINDOWS\crjt32.exe
O4 - HKLM\..\RunOnce: [iphj32.exe] C:\WINDOWS\system32\iphj32.exe
O4 - HKLM\..\RunOnce: [nthr32.exe] C:\WINDOWS\system32\nthr32.exe
O4 - HKLM\..\RunOnce: [msrr32.exe] C:\WINDOWS\msrr32.exe
O4 - HKLM\..\RunOnce: [apirz.exe] C:\WINDOWS\system32\apirz.exe
O4 - HKLM\..\RunOnce: [appvd.exe] C:\WINDOWS\appvd.exe
O4 - HKLM\..\RunOnce: [ipkt32.exe] C:\WINDOWS\system32\ipkt32.exe
O4 - HKLM\..\RunOnce: [crii32.exe] C:\WINDOWS\system32\crii32.exe
O4 - HKLM\..\RunOnce: [sdkdm.exe] C:\WINDOWS\sdkdm.exe
O4 - HKLM\..\RunOnce: [atlcb32.exe] C:\WINDOWS\atlcb32.exe
O4 - HKLM\..\RunOnce: [systr32.exe] C:\WINDOWS\system32\systr32.exe
O4 - HKLM\..\RunOnce: [winaz.exe] C:\WINDOWS\system32\winaz.exe
O4 - HKLM\..\RunOnce: [sysbz.exe] C:\WINDOWS\system32\sysbz.exe
O4 - HKLM\..\RunOnce: [apizo.exe] C:\WINDOWS\apizo.exe
O4 - HKLM\..\RunOnce: [appod32.exe] C:\WINDOWS\system32\appod32.exe
O4 - HKLM\..\RunOnce: [atlzx.exe] C:\WINDOWS\system32\atlzx.exe
O4 - HKLM\..\RunOnce: [ipdt32.exe] C:\WINDOWS\ipdt32.exe
O4 - HKLM\..\RunOnce: [apinb.exe] C:\WINDOWS\system32\apinb.exe
O4 - HKLM\..\RunOnce: [nettq32.exe] C:\WINDOWS\nettq32.exe
O4 - HKLM\..\RunOnce: [apihn32.exe] C:\WINDOWS\system32\apihn32.exe
O4 - HKLM\..\RunOnce: [sysmr32.exe] C:\WINDOWS\system32\sysmr32.exe
O4 - HKLM\..\RunOnce: [nethd32.exe] C:\WINDOWS\system32\nethd32.exe
O4 - HKLM\..\RunOnce: [sdkmh.exe] C:\WINDOWS\sdkmh.exe
O4 - HKLM\..\RunOnce: [ipuh32.exe] C:\WINDOWS\system32\ipuh32.exe
O4 - HKLM\..\RunOnce: [ipje32.exe] C:\WINDOWS\ipje32.exe
O4 - HKLM\..\RunOnce: [addoa32.exe] C:\WINDOWS\addoa32.exe
O4 - HKLM\..\RunOnce: [ntjm32.exe] C:\WINDOWS\ntjm32.exe
O4 - HKLM\..\RunOnce: [javanq.exe] C:\WINDOWS\system32\javanq.exe
O4 - HKLM\..\RunOnce: [ieur32.exe] C:\WINDOWS\system32\ieur32.exe
O4 - HKLM\..\RunOnce: [crya32.exe] C:\WINDOWS\system32\crya32.exe
O4 - HKLM\..\RunOnce: [d3yi.exe] C:\WINDOWS\d3yi.exe
O4 - HKLM\..\RunOnce: [crgi.exe] C:\WINDOWS\system32\crgi.exe
O4 - HKLM\..\RunOnce: [winwf32.exe] C:\WINDOWS\winwf32.exe
O4 - HKLM\..\RunOnce: [mfcmn32.exe] C:\WINDOWS\mfcmn32.exe
O4 - HKLM\..\RunOnce: [apphq.exe] C:\WINDOWS\system32\apphq.exe
O4 - HKLM\..\RunOnce: [d3og32.exe] C:\WINDOWS\system32\d3og32.exe
O4 - HKLM\..\RunOnce: [sdkee.exe] C:\WINDOWS\sdkee.exe
O4 - HKLM\..\RunOnce: [ntne.exe] C:\WINDOWS\ntne.exe
O4 - HKLM\..\RunOnce: [ntiv32.exe] C:\WINDOWS\ntiv32.exe
O4 - HKLM\..\RunOnce: [atlmr32.exe] C:\WINDOWS\atlmr32.exe
O4 - HKLM\..\RunOnce: [sdkpd32.exe] C:\WINDOWS\sdkpd32.exe
O4 - HKLM\..\RunOnce: [d3uh.exe] C:\WINDOWS\system32\d3uh.exe
O4 - HKLM\..\RunOnce: [javavi32.exe] C:\WINDOWS\javavi32.exe
O4 - HKLM\..\RunOnce: [javajf32.exe] C:\WINDOWS\system32\javajf32.exe
O4 - HKLM\..\RunOnce: [mfcoj32.exe] C:\WINDOWS\system32\mfcoj32.exe
O4 - HKLM\..\RunOnce: [crrv32.exe] C:\WINDOWS\system32\crrv32.exe
O4 - HKLM\..\RunOnce: [iewz.exe] C:\WINDOWS\iewz.exe
O4 - HKLM\..\RunOnce: [d3xz32.exe] C:\WINDOWS\system32\d3xz32.exe
O4 - HKLM\..\RunOnce: [d3lw.exe] C:\WINDOWS\d3lw.exe
O4 - HKLM\..\RunOnce: [d3rl.exe] C:\WINDOWS\d3rl.exe
O4 - HKLM\..\RunOnce: [netfp.exe] C:\WINDOWS\system32\netfp.exe
O4 - HKLM\..\RunOnce: [mszb.exe] C:\WINDOWS\mszb.exe
O4 - HKLM\..\RunOnce: [javaoi.exe] C:\WINDOWS\javaoi.exe
O4 - HKLM\..\RunOnce: [netzb32.exe] C:\WINDOWS\system32\netzb32.exe
O4 - HKLM\..\RunOnce: [ipku.exe] C:\WINDOWS\ipku.exe
O4 - HKLM\..\RunOnce: [croy.exe] C:\WINDOWS\croy.exe
O4 - HKLM\..\RunOnce: [syshr32.exe] C:\WINDOWS\syshr32.exe
O4 - HKLM\..\RunOnce: [msca32.exe] C:\WINDOWS\msca32.exe
O4 - HKLM\..\RunOnce: [iewl.exe] C:\WINDOWS\system32\iewl.exe
O4 - HKLM\..\RunOnce: [atlrp.exe] C:\WINDOWS\system32\atlrp.exe
O4 - HKLM\..\RunOnce: [netkq32.exe] C:\WINDOWS\system32\netkq32.exe
O4 - HKLM\..\RunOnce: [javaay.exe] C:\WINDOWS\system32\javaay.exe
O4 - HKLM\..\RunOnce: [ieec32.exe] C:\WINDOWS\system32\ieec32.exe
O4 - HKLM\..\RunOnce: [croc.exe] C:\WINDOWS\system32\croc.exe
O4 - HKLM\..\RunOnce: [d3tz32.exe] C:\WINDOWS\system32\d3tz32.exe
O4 - HKLM\..\RunOnce: [criw32.exe] C:\WINDOWS\system32\criw32.exe
O4 - HKLM\..\RunOnce: [netns32.exe] C:\WINDOWS\system32\netns32.exe
O4 - HKLM\..\RunOnce: [d3ie32.exe] C:\WINDOWS\d3ie32.exe
O4 - HKLM\..\RunOnce: [sysmi.exe] C:\WINDOWS\sysmi.exe
O4 - HKLM\..\RunOnce: [ievi32.exe] C:\WINDOWS\ievi32.exe
O4 - HKLM\..\RunOnce: [mskf32.exe] C:\WINDOWS\mskf32.exe
O4 - HKLM\..\RunOnce: [ntpb32.exe] C:\WINDOWS\ntpb32.exe
O4 - HKLM\..\RunOnce: [addor.exe] C:\WINDOWS\system32\addor.exe
O4 - HKLM\..\RunOnce: [winxa32.exe] C:\WINDOWS\winxa32.exe
O4 - HKLM\..\RunOnce: [sysep32.exe] C:\WINDOWS\system32\sysep32.exe
O4 - HKLM\..\RunOnce: [sdkit.exe] C:\WINDOWS\system32\sdkit.exe
O4 - HKLM\..\RunOnce: [netmx.exe] C:\WINDOWS\netmx.exe
O4 - HKLM\..\RunOnce: [d3cu32.exe] C:\WINDOWS\system32\d3cu32.exe
O4 - HKLM\..\RunOnce: [sysac32.exe] C:\WINDOWS\sysac32.exe
O4 - HKLM\..\RunOnce: [msvf.exe] C:\WINDOWS\msvf.exe
O4 - HKLM\..\RunOnce: [ntuv32.exe] C:\WINDOWS\ntuv32.exe
O4 - HKLM\..\RunOnce: [netpz.exe] C:\WINDOWS\netpz.exe
O4 - HKLM\..\RunOnce: [winoo32.exe] C:\WINDOWS\winoo32.exe
O4 - HKLM\..\RunOnce: [d3me.exe] C:\WINDOWS\system32\d3me.exe
O4 - HKLM\..\RunOnce: [iplu32.exe] C:\WINDOWS\system32\iplu32.exe
O4 - HKLM\..\RunOnce: [atlbj32.exe] C:\WINDOWS\atlbj32.exe
O4 - HKLM\..\RunOnce: [atljr.exe] C:\WINDOWS\atljr.exe
O4 - HKLM\..\RunOnce: [appkr.exe] C:\WINDOWS\system32\appkr.exe
O4 - HKLM\..\RunOnce: [ntzg32.exe] C:\WINDOWS\ntzg32.exe
O4 - HKLM\..\RunOnce: [cryw32.exe] C:\WINDOWS\cryw32.exe
O4 - HKLM\..\RunOnce: [sdkta.exe] C:\WINDOWS\system32\sdkta.exe
O4 - HKLM\..\RunOnce: [mfcsp32.exe] C:\WINDOWS\mfcsp32.exe
O4 - HKLM\..\RunOnce: [javavz32.exe] C:\WINDOWS\javavz32.exe
O4 - HKLM\..\RunOnce: [appqk.exe] C:\WINDOWS\appqk.exe
O4 - HKLM\..\RunOnce: [netal32.exe] C:\WINDOWS\netal32.exe
O4 - HKLM\..\RunOnce: [sdkqt.exe] C:\WINDOWS\sdkqt.exe
O4 - HKLM\..\RunOnce: [msux32.exe] C:\WINDOWS\system32\msux32.exe
O4 - HKLM\..\RunOnce: [crex.exe] C:\WINDOWS\crex.exe
O4 - HKLM\..\RunOnce: [crju32.exe] C:\WINDOWS\system32\crju32.exe
O4 - HKLM\..\RunOnce: [cryr32.exe] C:\WINDOWS\cryr32.exe
O4 - HKLM\..\RunOnce: [apidn32.exe] C:\WINDOWS\apidn32.exe
O4 - HKLM\..\RunOnce: [d3yz32.exe] C:\WINDOWS\d3yz32.exe
O4 - HKLM\..\RunOnce: [ield.exe] C:\WINDOWS\system32\ield.exe
O4 - HKLM\..\RunOnce: [msld32.exe] C:\WINDOWS\msld32.exe
O4 - HKLM\..\RunOnce: [msaa32.exe] C:\WINDOWS\system32\msaa32.exe
O4 - HKLM\..\RunOnce: [ipfw32.exe] C:\WINDOWS\system32\ipfw32.exe
O4 - HKLM\..\RunOnce: [msai32.exe] C:\WINDOWS\system32\msai32.exe
O4 - HKLM\..\RunOnce: [winem.exe] C:\WINDOWS\winem.exe
O4 - HKLM\..\RunOnce: [sysnn32.exe] C:\WINDOWS\system32\sysnn32.exe
O4 - HKLM\..\RunOnce: [ieck32.exe] C:\WINDOWS\ieck32.exe
O4 - HKLM\..\RunOnce: [sdkgg.exe] C:\WINDOWS\sdkgg.exe
O4 - HKLM\..\RunOnce: [apiks.exe] C:\WINDOWS\apiks.exe
O4 - HKLM\..\RunOnce: [crah32.exe] C:\WINDOWS\system32\crah32.exe
O4 - HKLM\..\RunOnce: [sysqo32.exe] C:\WINDOWS\system32\sysqo32.exe
O4 - HKLM\..\RunOnce: [msla.exe] C:\WINDOWS\system32\msla.exe
O4 - HKLM\..\RunOnce: [ipkq32.exe] C:\WINDOWS\system32\ipkq32.exe
O4 - HKLM\..\RunOnce: [atlix32.exe] C:\WINDOWS\atlix32.exe
O4 - HKLM\..\RunOnce: [mfcin.exe] C:\WINDOWS\mfcin.exe
O4 - HKLM\..\RunOnce: [atlro.exe] C:\WINDOWS\system32\atlro.exe
O4 - HKLM\..\RunOnce: [ntgd.exe] C:\WINDOWS\ntgd.exe
O4 - HKLM\..\RunOnce: [apiws32.exe] C:\WINDOWS\apiws32.exe
O4 - HKLM\..\RunOnce: [iphd.exe] C:\WINDOWS\system32\iphd.exe
O4 - HKLM\..\RunOnce: [crlh32.exe] C:\WINDOWS\system32\crlh32.exe
O4 - HKLM\..\RunOnce: [ntvi.exe] C:\WINDOWS\system32\ntvi.exe
O4 - HKLM\..\RunOnce: [sdkae32.exe] C:\WINDOWS\system32\sdkae32.exe
O4 - HKLM\..\RunOnce: [sdkpb32.exe] C:\WINDOWS\sdkpb32.exe
O4 - HKLM\..\RunOnce: [ieza.exe] C:\WINDOWS\system32\ieza.exe
O4 - HKLM\..\RunOnce: [addra.exe] C:\WINDOWS\system32\addra.exe
O4 - HKLM\..\RunOnce: [cria32.exe] C:\WINDOWS\system32\cria32.exe
O4 - HKLM\..\RunOnce: [appxp.exe] C:\WINDOWS\system32\appxp.exe
O4 - HKLM\..\RunOnce: [mfcwx32.exe] C:\WINDOWS\mfcwx32.exe
O4 - HKLM\..\RunOnce: [iepy32.exe] C:\WINDOWS\system32\iepy32.exe
O4 - HKLM\..\RunOnce: [syspg.exe] C:\WINDOWS\system32\syspg.exe
O4 - HKLM\..\RunOnce: [msyg.exe] C:\WINDOWS\msyg.exe
O4 - HKLM\..\RunOnce: [atlnv32.exe] C:\WINDOWS\system32\atlnv32.exe
O4 - HKLM\..\RunOnce: [ipel32.exe] C:\WINDOWS\system32\ipel32.exe
O4 - HKLM\..\RunOnce: [sysye32.exe] C:\WINDOWS\sysye32.exe
O4 - HKLM\..\RunOnce: [crwu32.exe] C:\WINDOWS\system32\crwu32.exe
O4 - HKLM\..\RunOnce: [d3wc.exe] C:\WINDOWS\d3wc.exe
O4 - HKLM\..\RunOnce: [crec.exe] C:\WINDOWS\system32\crec.exe
O4 - HKLM\..\RunOnce: [winur32.exe] C:\WINDOWS\winur32.exe
O4 - HKLM\..\RunOnce: [mfckg32.exe] C:\WINDOWS\mfckg32.exe
O4 - HKLM\..\RunOnce: [appnk.exe] C:\WINDOWS\system32\appnk.exe
O4 - HKLM\..\RunOnce: [d3ma32.exe] C:\WINDOWS\system32\d3ma32.exe
O4 - HKLM\..\RunOnce: [ntcp32.exe] C:\WINDOWS\ntcp32.exe
O4 - HKLM\..\RunOnce: [crhu32.exe] C:\WINDOWS\system32\crhu32.exe
O4 - HKLM\..\RunOnce: [atlhu.exe] C:\WINDOWS\atlhu.exe
O4 - HKLM\..\RunOnce: [winlg32.exe] C:\WINDOWS\system32\winlg32.exe
O4 - HKLM\..\RunOnce: [d3jn.exe] C:\WINDOWS\d3jn.exe
O4 - HKLM\..\RunOnce: [ipid32.exe] C:\WINDOWS\ipid32.exe
O4 - HKLM\..\RunOnce: [appys32.exe] C:\WINDOWS\system32\appys32.exe
O4 - HKLM\..\RunOnce: [atlgi.exe] C:\WINDOWS\system32\atlgi.exe
O4 - HKLM\..\RunOnce: [apphj.exe] C:\WINDOWS\apphj.exe
O4 - HKLM\..\RunOnce: [sdkqp32.exe] C:\WINDOWS\sdkqp32.exe
O4 - HKLM\..\RunOnce: [apiow.exe] C:\WINDOWS\system32\apiow.exe
O4 - HKLM\..\RunOnce: [sdkgu.exe] C:\WINDOWS\sdkgu.exe
O4 - HKLM\..\RunOnce: [mssw.exe] C:\WINDOWS\system32\mssw.exe
O4 - HKLM\..\RunOnce: [ieyl32.exe] C:\WINDOWS\system32\ieyl32.exe
O4 - HKLM\..\RunOnce: [ieuy32.exe] C:\WINDOWS\ieuy32.exe
O4 - HKLM\..\RunOnce: [sysoz32.exe] C:\WINDOWS\system32\sysoz32.exe
O4 - HKLM\..\RunOnce: [netxz.exe] C:\WINDOWS\system32\netxz.exe
O4 - HKLM\..\RunOnce: [msyi.exe] C:\WINDOWS\system32\msyi.exe
O4 - HKLM\..\RunOnce: [ntfx32.exe] C:\WINDOWS\ntfx32.exe
O4 - HKLM\..\RunOnce: [mfcvn32.exe] C:\WINDOWS\mfcvn32.exe
O4 - HKLM\..\RunOnce: [apivv.exe] C:\WINDOWS\system32\apivv.exe
O4 - HKLM\..\RunOnce: [atlev.exe] C:\WINDOWS\atlev.exe
O4 - HKLM\..\RunOnce: [sdkts.exe] C:\WINDOWS\system32\sdkts.exe
O4 - HKLM\..\RunOnce: [netiz32.exe] C:\WINDOWS\system32\netiz32.exe
O4 - HKLM\..\RunOnce: [ntct.exe] C:\WINDOWS\ntct.exe
O4 - HKLM\..\RunOnce: [netdr.exe] C:\WINDOWS\system32\netdr.exe
O4 - HKLM\..\RunOnce: [addkg32.exe] C:\WINDOWS\system32\addkg32.exe
O4 - HKLM\..\RunOnce: [appmv32.exe] C:\WINDOWS\appmv32.exe
O4 - HKLM\..\RunOnce: [winph.exe] C:\WINDOWS\system32\winph.exe
O4 - HKLM\..\RunOnce: [iekp32.exe] C:\WINDOWS\system32\iekp32.exe
O4 - HKLM\..\RunOnce: [javaif32.exe] C:\WINDOWS\javaif32.exe
O4 - HKLM\..\RunOnce: [netpq.exe] C:\WINDOWS\system32\netpq.exe
O4 - HKLM\..\RunOnce: [crnx32.exe] C:\WINDOWS\crnx32.exe
O4 - HKLM\..\RunOnce: [apifz32.exe] C:\WINDOWS\apifz32.exe
O4 - HKLM\..\RunOnce: [msoq32.exe] C:\WINDOWS\system32\msoq32.exe
O4 - HKLM\..\RunOnce: [atljb32.exe] C:\WINDOWS\system32\atljb32.exe
O4 - HKLM\..\RunOnce: [netng.exe] C:\WINDOWS\netng.exe
O4 - HKLM\..\RunOnce: [ipky.exe] C:\WINDOWS\system32\ipky.exe
O4 - HKLM\..\RunOnce: [winyv.exe] C:\WINDOWS\winyv.exe
O4 - HKLM\..\RunOnce: [netys32.exe] C:\WINDOWS\netys32.exe
O4 - HKLM\..\RunOnce: [atlce32.exe] C:\WINDOWS\system32\atlce32.exe
O4 - HKLM\..\RunOnce: [netdv.exe] C:\WINDOWS\system32\netdv.exe
O4 - HKLM\..\RunOnce: [apiew32.exe] C:\WINDOWS\apiew32.exe
O4 - HKLM\..\RunOnce: [ntih.exe] C:\WINDOWS\ntih.exe
O4 - HKLM\..\RunOnce: [apixw.exe] C:\WINDOWS\apixw.exe
O4 - HKLM\..\RunOnce: [winip32.exe] C:\WINDOWS\system32\winip32.exe
O4 - HKLM\..\RunOnce: [appta.exe] C:\WINDOWS\appta.exe
O4 - HKLM\..\RunOnce: [netxe.exe] C:\WINDOWS\netxe.exe
O4 - HKLM\..\RunOnce: [sdkhf32.exe] C:\WINDOWS\sdkhf32.exe
O4 - HKLM\..\RunOnce: [msgm.exe] C:\WINDOWS\msgm.exe
O4 - HKLM\..\RunOnce: [addcq32.exe] C:\WINDOWS\addcq32.exe
O4 - HKLM\..\RunOnce: [ielr.exe] C:\WINDOWS\ielr.exe
O4 - HKLM\..\RunOnce: [syszn32.exe] C:\WINDOWS\syszn32.exe
O4 - HKLM\..\RunOnce: [sysfk32.exe] C:\WINDOWS\system32\sysfk32.exe
O4 - HKLM\..\RunOnce: [sdkkg32.exe] C:\WINDOWS\sdkkg32.exe
O4 - HKLM\..\RunOnce: [sysns32.exe] C:\WINDOWS\system32\sysns32.exe
O4 - HKLM\..\RunOnce: [appsw.exe] C:\WINDOWS\appsw.exe
O4 - HKLM\..\RunOnce: [addtx32.exe] C:\WINDOWS\system32\addtx32.exe
O4 - HKLM\..\RunOnce: [winht32.exe] C:\WINDOWS\winht32.exe
O4 - HKLM\..\RunOnce: [crmq32.exe] C:\WINDOWS\system32\crmq32.exe
O4 - HKLM\..\RunOnce: [addpb32.exe] C:\WINDOWS\addpb32.exe
O4 - HKLM\..\RunOnce: [mfcug.exe] C:\WINDOWS\system32\mfcug.exe
O4 - HKLM\..\RunOnce: [crxp.exe] C:\WINDOWS\system32\crxp.exe
O4 - HKLM\..\RunOnce: [apiwf32.exe] C:\WINDOWS\system32\apiwf32.exe
O4 - HKLM\..\RunOnce: [addvl.exe] C:\WINDOWS\addvl.exe
O4 - HKLM\..\RunOnce: [netka32.exe] C:\WINDOWS\system32\netka32.exe
O4 - HKLM\..\RunOnce: [javabh32.exe] C:\WINDOWS\javabh32.exe
O4 - HKLM\..\RunOnce: [ntel.exe] C:\WINDOWS\ntel.exe
O4 - HKLM\..\RunOnce: [appdb32.exe] C:\WINDOWS\appdb32.exe
O4 - HKLM\..\RunOnce: [ietq32.exe] C:\WINDOWS\system32\ietq32.exe
O4 - HKLM\..\RunOnce: [sysby.exe] C:\WINDOWS\system32\sysby.exe
O4 - HKLM\..\RunOnce: [iech.exe] C:\WINDOWS\iech.exe
O4 - HKLM\..\RunOnce: [atlrw.exe] C:\WINDOWS\system32\atlrw.exe
O4 - HKLM\..\RunOnce: [addgl32.exe] C:\WINDOWS\system32\addgl32.exe
O4 - HKLM\..\RunOnce: [appaw.exe] C:\WINDOWS\system32\appaw.exe
O4 - HKLM\..\RunOnce: [netwa32.exe] C:\WINDOWS\netwa32.exe
O4 - HKLM\..\RunOnce: [mfcnb.exe] C:\WINDOWS\mfcnb.exe
O4 - HKLM\..\RunOnce: [mfctx32.exe] C:\WINDOWS\mfctx32.exe
O4 - HKLM\..\RunOnce: [mfchu32.exe] C:\WINDOWS\system32\mfchu32.exe
O4 - HKLM\..\RunOnce: [iemq32.exe] C:\WINDOWS\system32\iemq32.exe
O4 - HKLM\..\RunOnce: [apihc32.exe] C:\WINDOWS\system32\apihc32.exe
O4 - HKLM\..\RunOnce: [ipmg.exe] C:\WINDOWS\ipmg.exe
O4 - HKLM\..\RunOnce: [netvh32.exe] C:\WINDOWS\system32\netvh32.exe
O4 - HKLM\..\RunOnce: [apibd32.exe] C:\WINDOWS\apibd32.exe
O4 - HKLM\..\RunOnce: [winga.exe] C:\WINDOWS\system32\winga.exe
O4 - HKLM\..\RunOnce: [mskm.exe] C:\WINDOWS\mskm.exe
O4 - HKLM\..\RunOnce: [appzb32.exe] C:\WINDOWS\system32\appzb32.exe
O4 - HKLM\..\RunOnce: [netyi32.exe] C:\WINDOWS\system32\netyi32.exe
O4 - HKLM\..\RunOnce: [mfctu.exe] C:\WINDOWS\mfctu.exe
O4 - HKLM\..\RunOnce: [iesk32.exe] C:\WINDOWS\system32\iesk32.exe
O4 - HKLM\..\RunOnce: [javair32.exe] C:\WINDOWS\javair32.exe
O4 - HKLM\..\RunOnce: [crqh.exe] C:\WINDOWS\crqh.exe
O4 - HKLM\..\RunOnce: [javaqi.exe] C:\WINDOWS\system32\javaqi.exe
O4 - HKLM\..\RunOnce: [addlt.exe] C:\WINDOWS\addlt.exe
O4 - HKLM\..\RunOnce: [sysaa.exe] C:\WINDOWS\sysaa.exe
O4 - HKLM\..\RunOnce: [javalt32.exe] C:\WINDOWS\system32\javalt32.exe
O4 - HKLM\..\RunOnce: [crem.exe] C:\WINDOWS\system32\crem.exe
O4 - HKLM\..\RunOnce: [sysiq32.exe] C:\WINDOWS\sysiq32.exe
O4 - HKLM\..\RunOnce: [mssr.exe] C:\WINDOWS\system32\mssr.exe
O4 - HKLM\..\RunOnce: [msxn32.exe] C:\WINDOWS\msxn32.exe
O4 - HKLM\..\RunOnce: [msmk32.exe] C:\WINDOWS\system32\msmk32.exe
O4 - HKLM\..\RunOnce: [iprg32.exe] C:\WINDOWS\system32\iprg32.exe
O4 - HKLM\..\RunOnce: [iems32.exe] C:\WINDOWS\system32\iems32.exe
O4 - HKLM\..\RunOnce: [addqw.exe] C:\WINDOWS\addqw.exe
O4 - HKLM\..\RunOnce: [syszx32.exe] C:\WINDOWS\system32\syszx32.exe
O4 - HKLM\..\RunOnce: [sysou32.exe] C:\WINDOWS\sysou32.exe
O4 - HKLM\..\RunOnce: [sdksq.exe] C:\WINDOWS\sdksq.exe
O4 - HKLM\..\RunOnce: [netoc.exe] C:\WINDOWS\netoc.exe
O4 - HKLM\..\RunOnce: [crmr32.exe] C:\WINDOWS\system32\crmr32.exe
O4 - HKLM\..\RunOnce: [syscy32.exe] C:\WINDOWS\system32\syscy32.exe
O4 - HKLM\..\RunOnce: [msxc.exe] C:\WINDOWS\system32\msxc.exe
O4 - HKLM\..\RunOnce: [ipws32.exe] C:\WINDOWS\system32\ipws32.exe
O4 - HKLM\..\RunOnce: [atluh32.exe] C:\WINDOWS\atluh32.exe
O4 - HKLM\..\RunOnce: [mfcux.exe] C:\WINDOWS\mfcux.exe
O4 - HKLM\..\RunOnce: [atldy.exe] C:\WINDOWS\system32\atldy.exe
O4 - HKLM\..\RunOnce: [ntsn.exe] C:\WINDOWS\ntsn.exe
O4 - HKLM\..\RunOnce: [netic32.exe] C:\WINDOWS\netic32.exe
O4 - HKLM\..\RunOnce: [iptn.exe] C:\WINDOWS\system32\iptn.exe
O4 - HKLM\..\RunOnce: [netcl.exe] C:\WINDOWS\netcl.exe
O4 - HKLM\..\RunOnce: [addbb32.exe] C:\WINDOWS\system32\addbb32.exe
O4 - HKLM\..\RunOnce: [d3zq32.exe] C:\WINDOWS\d3zq32.exe
O4 - HKLM\..\RunOnce: [mszy.exe] C:\WINDOWS\mszy.exe
O4 - HKLM\..\RunOnce: [d3ih.exe] C:\WINDOWS\system32\d3ih.exe
O4 - HKLM\..\RunOnce: [appxw32.exe] C:\WINDOWS\appxw32.exe
O4 - HKLM\..\RunOnce: [apiod32.exe] C:\WINDOWS\apiod32.exe
O4 - HKLM\..\RunOnce: [atljh.exe] C:\WINDOWS\system32\atljh.exe
O4 - HKLM\..\RunOnce: [ieix32.exe] C:\WINDOWS\system32\ieix32.exe
O4 - HKLM\..\RunOnce: [javagm.exe] C:\WINDOWS\javagm.exe
O4 - HKLM\..\RunOnce: [mfcfc32.exe] C:\WINDOWS\system32\mfcfc32.exe
O4 - HKLM\..\RunOnce: [wingb32.exe] C:\WINDOWS\wingb32.exe
O4 - HKLM\..\RunOnce: [ntxi.exe] C:\WINDOWS\ntxi.exe
O4 - HKCU\..\Run: [Fpdxeb] C:\WINDOWS\system32\t?skmgr.exe
O4 - HKCU\..\Run: [ewo9ROHFR] pstskres.exe
O4 - HKCU\..\Run: [Aeat] C:\Documents and Settings\Administrator\Application Data\coad.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [AIM] D:\Program Files\aim.exe -cnetwait.odl
O4 - Startup: Desktop Navigator.lnk = C:\Program Files\Netscape\Desktop Navigator\dtnav.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted IP range: 209.8.20.130
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\crmq32.exe (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - D:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: CWShredder Service - InterMute, Inc. - D:\Agent Fitz\Downloads\Hijack This\CWShredder\CWShredder.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Reset 5 - Unknown owner - C:\WINDOWS\system32\srvany.exe

Buckeye_Sam · May 2005

Let me step in an offer some instruction.

Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:

O4 - HKLM\..\Run: [iebd32.exe] C:\WINDOWS\system32\iebd32.exe
O4 - HKLM\..\RunOnce: [atlay32.exe] C:\WINDOWS\atlay32.exe
O4 - HKLM\..\RunOnce: [sdknh32.exe] C:\WINDOWS\sdknh32.exe
O4 - HKLM\..\RunOnce: [addwn.exe] C:\WINDOWS\system32\addwn.exe
O4 - HKLM\..\RunOnce: [sysfo32.exe] C:\WINDOWS\system32\sysfo32.exe
O4 - HKLM\..\RunOnce: [ieuj.exe] C:\WINDOWS\ieuj.exe
O4 - HKLM\..\RunOnce: [iepa.exe] C:\WINDOWS\system32\iepa.exe
O4 - HKLM\..\RunOnce: [sysxi32.exe] C:\WINDOWS\system32\sysxi32.exe
O4 - HKLM\..\RunOnce: [netas32.exe] C:\WINDOWS\netas32.exe
O4 - HKLM\..\RunOnce: [javaea32.exe] C:\WINDOWS\javaea32.exe
O4 - HKLM\..\RunOnce: [netuq32.exe] C:\WINDOWS\system32\netuq32.exe
O4 - HKLM\..\RunOnce: [ipcy32.exe] C:\WINDOWS\system32\ipcy32.exe
O4 - HKLM\..\RunOnce: [d3ey32.exe] C:\WINDOWS\d3ey32.exe
O4 - HKLM\..\RunOnce: [mfcmg.exe] C:\WINDOWS\system32\mfcmg.exe
O4 - HKLM\..\RunOnce: [addhl.exe] C:\WINDOWS\addhl.exe
O4 - HKLM\..\RunOnce: [netfa32.exe] C:\WINDOWS\system32\netfa32.exe
O4 - HKLM\..\RunOnce: [javavh32.exe] C:\WINDOWS\system32\javavh32.exe
O4 - HKLM\..\RunOnce: [ntqt.exe] C:\WINDOWS\ntqt.exe
O4 - HKLM\..\RunOnce: [apppj32.exe] C:\WINDOWS\apppj32.exe
O4 - HKLM\..\RunOnce: [ieny32.exe] C:\WINDOWS\system32\ieny32.exe
O4 - HKLM\..\RunOnce: [sysng.exe] C:\WINDOWS\sysng.exe
O4 - HKLM\..\RunOnce: [iewg.exe] C:\WINDOWS\system32\iewg.exe
O4 - HKLM\..\RunOnce: [mfclv.exe] C:\WINDOWS\mfclv.exe
O4 - HKLM\..\RunOnce: [addbl32.exe] C:\WINDOWS\system32\addbl32.exe
O4 - HKLM\..\RunOnce: [appmw.exe] C:\WINDOWS\system32\appmw.exe
O4 - HKLM\..\RunOnce: [netqa32.exe] C:\WINDOWS\netqa32.exe
O4 - HKLM\..\RunOnce: [mfcai.exe] C:\WINDOWS\system32\mfcai.exe
O4 - HKLM\..\RunOnce: [apifx32.exe] C:\WINDOWS\apifx32.exe
O4 - HKLM\..\RunOnce: [mfcuu32.exe] C:\WINDOWS\system32\mfcuu32.exe
O4 - HKLM\..\RunOnce: [iezq32.exe] C:\WINDOWS\system32\iezq32.exe
O4 - HKLM\..\RunOnce: [apiuk32.exe] C:\WINDOWS\system32\apiuk32.exe
O4 - HKLM\..\RunOnce: [ntgg.exe] C:\WINDOWS\ntgg.exe
O4 - HKLM\..\RunOnce: [netho32.exe] C:\WINDOWS\system32\netho32.exe
O4 - HKLM\..\RunOnce: [netwd32.exe] C:\WINDOWS\netwd32.exe
O4 - HKLM\..\RunOnce: [ipwt32.exe] C:\WINDOWS\ipwt32.exe
O4 - HKLM\..\RunOnce: [crfm32.exe] C:\WINDOWS\crfm32.exe
O4 - HKLM\..\RunOnce: [mfcfu.exe] C:\WINDOWS\system32\mfcfu.exe
O4 - HKLM\..\RunOnce: [addjg.exe] C:\WINDOWS\system32\addjg.exe
O4 - HKLM\..\RunOnce: [netyv32.exe] C:\WINDOWS\netyv32.exe
O4 - HKLM\..\RunOnce: [javaxc.exe] C:\WINDOWS\javaxc.exe
O4 - HKLM\..\RunOnce: [ietg32.exe] C:\WINDOWS\ietg32.exe
O4 - HKLM\..\RunOnce: [crch.exe] C:\WINDOWS\crch.exe
O4 - HKLM\..\RunOnce: [d3qd32.exe] C:\WINDOWS\d3qd32.exe
O4 - HKLM\..\RunOnce: [crwa32.exe] C:\WINDOWS\system32\crwa32.exe
O4 - HKLM\..\RunOnce: [netbx32.exe] C:\WINDOWS\netbx32.exe
O4 - HKLM\..\RunOnce: [d3ei32.exe] C:\WINDOWS\system32\d3ei32.exe
O4 - HKLM\..\RunOnce: [sysjn.exe] C:\WINDOWS\sysjn.exe
O4 - HKLM\..\RunOnce: [iekn32.exe] C:\WINDOWS\system32\iekn32.exe
O4 - HKLM\..\RunOnce: [msyk32.exe] C:\WINDOWS\msyk32.exe
O4 - HKLM\..\RunOnce: [appii.exe] C:\WINDOWS\system32\appii.exe
O4 - HKLM\..\RunOnce: [netbb.exe] C:\WINDOWS\system32\netbb.exe
O4 - HKLM\..\RunOnce: [syssj32.exe] C:\WINDOWS\system32\syssj32.exe
O4 - HKLM\..\RunOnce: [netgy.exe] C:\WINDOWS\system32\netgy.exe
O4 - HKLM\..\RunOnce: [sdkff32.exe] C:\WINDOWS\sdkff32.exe
O4 - HKLM\..\RunOnce: [appzh32.exe] C:\WINDOWS\appzh32.exe
O4 - HKLM\..\RunOnce: [atlzp.exe] C:\WINDOWS\system32\atlzp.exe
O4 - HKLM\..\RunOnce: [apphp.exe] C:\WINDOWS\apphp.exe
O4 - HKLM\..\RunOnce: [ntxe32.exe] C:\WINDOWS\system32\ntxe32.exe
O4 - HKLM\..\RunOnce: [crnt32.exe] C:\WINDOWS\system32\crnt32.exe
O4 - HKLM\..\RunOnce: [sdkix.exe] C:\WINDOWS\sdkix.exe
O4 - HKLM\..\RunOnce: [mfchn32.exe] C:\WINDOWS\mfchn32.exe
O4 - HKLM\..\RunOnce: [winfc32.exe] C:\WINDOWS\system32\winfc32.exe
O4 - HKLM\..\RunOnce: [winfk.exe] C:\WINDOWS\system32\winfk.exe
O4 - HKLM\..\RunOnce: [sysol.exe] C:\WINDOWS\sysol.exe
O4 - HKLM\..\RunOnce: [apida32.exe] C:\WINDOWS\system32\apida32.exe
O4 - HKLM\..\RunOnce: [ntuh32.exe] C:\WINDOWS\system32\ntuh32.exe
O4 - HKLM\..\RunOnce: [netxt.exe] C:\WINDOWS\system32\netxt.exe
O4 - HKLM\..\RunOnce: [addwj32.exe] C:\WINDOWS\system32\addwj32.exe
O4 - HKLM\..\RunOnce: [msmy32.exe] C:\WINDOWS\msmy32.exe
O4 - HKLM\..\RunOnce: [iemg.exe] C:\WINDOWS\iemg.exe
O4 - HKLM\..\RunOnce: [d3ug.exe] C:\WINDOWS\system32\d3ug.exe
O4 - HKLM\..\RunOnce: [appkw32.exe] C:\WINDOWS\appkw32.exe
O4 - HKLM\..\RunOnce: [apiad32.exe] C:\WINDOWS\apiad32.exe
O4 - HKLM\..\RunOnce: [atldp.exe] C:\WINDOWS\atldp.exe
O4 - HKLM\..\RunOnce: [iece32.exe] C:\WINDOWS\iece32.exe
O4 - HKLM\..\RunOnce: [javasm.exe] C:\WINDOWS\system32\javasm.exe
O4 - HKLM\..\RunOnce: [mfcrc32.exe] C:\WINDOWS\system32\mfcrc32.exe
O4 - HKLM\..\RunOnce: [winpr32.exe] C:\WINDOWS\winpr32.exe
O4 - HKLM\..\RunOnce: [addph32.exe] C:\WINDOWS\addph32.exe
O4 - HKLM\..\RunOnce: [netza32.exe] C:\WINDOWS\system32\netza32.exe
O4 - HKLM\..\RunOnce: [iezi.exe] C:\WINDOWS\iezi.exe
O4 - HKLM\..\RunOnce: [crdm.exe] C:\WINDOWS\system32\crdm.exe
O4 - HKLM\..\RunOnce: [addsj32.exe] C:\WINDOWS\addsj32.exe
O4 - HKLM\..\RunOnce: [mfciq32.exe] C:\WINDOWS\mfciq32.exe
O4 - HKLM\..\RunOnce: [appmu.exe] C:\WINDOWS\system32\appmu.exe
O4 - HKLM\..\RunOnce: [mskk32.exe] C:\WINDOWS\system32\mskk32.exe
O4 - HKLM\..\RunOnce: [sdkbz32.exe] C:\WINDOWS\sdkbz32.exe
O4 - HKLM\..\RunOnce: [sdkjh.exe] C:\WINDOWS\system32\sdkjh.exe
O4 - HKLM\..\RunOnce: [ntjh.exe] C:\WINDOWS\ntjh.exe
O4 - HKLM\..\RunOnce: [iezf32.exe] C:\WINDOWS\system32\iezf32.exe
O4 - HKLM\..\RunOnce: [d3cg.exe] C:\WINDOWS\d3cg.exe
O4 - HKLM\..\RunOnce: [ipnz32.exe] C:\WINDOWS\system32\ipnz32.exe
O4 - HKLM\..\RunOnce: [ntgs.exe] C:\WINDOWS\system32\ntgs.exe
O4 - HKLM\..\RunOnce: [msco.exe] C:\WINDOWS\msco.exe
O4 - HKLM\..\RunOnce: [winvp32.exe] C:\WINDOWS\system32\winvp32.exe
O4 - HKLM\..\RunOnce: [mfclw.exe] C:\WINDOWS\system32\mfclw.exe
O4 - HKLM\..\RunOnce: [ntpa32.exe] C:\WINDOWS\ntpa32.exe
O4 - HKLM\..\RunOnce: [apiyb.exe] C:\WINDOWS\system32\apiyb.exe
O4 - HKLM\..\RunOnce: [netey32.exe] C:\WINDOWS\netey32.exe
O4 - HKLM\..\RunOnce: [apisu32.exe] C:\WINDOWS\system32\apisu32.exe
O4 - HKLM\..\RunOnce: [netsc32.exe] C:\WINDOWS\system32\netsc32.exe
O4 - HKLM\..\RunOnce: [crcd32.exe] C:\WINDOWS\system32\crcd32.exe
O4 - HKLM\..\RunOnce: [mfccl.exe] C:\WINDOWS\mfccl.exe
O4 - HKLM\..\RunOnce: [wingp.exe] C:\WINDOWS\wingp.exe
O4 - HKLM\..\RunOnce: [netve32.exe] C:\WINDOWS\system32\netve32.exe
O4 - HKLM\..\RunOnce: [sdklu.exe] C:\WINDOWS\system32\sdklu.exe
O4 - HKLM\..\RunOnce: [iepq32.exe] C:\WINDOWS\system32\iepq32.exe
O4 - HKLM\..\RunOnce: [crzy.exe] C:\WINDOWS\system32\crzy.exe
O4 - HKLM\..\RunOnce: [d3fn32.exe] C:\WINDOWS\system32\d3fn32.exe
O4 - HKLM\..\RunOnce: [crtk32.exe] C:\WINDOWS\crtk32.exe
O4 - HKLM\..\RunOnce: [netyg32.exe] C:\WINDOWS\system32\netyg32.exe
O4 - HKLM\..\RunOnce: [d3ba.exe] C:\WINDOWS\d3ba.exe
O4 - HKLM\..\RunOnce: [sdkxe32.exe] C:\WINDOWS\sdkxe32.exe
O4 - HKLM\..\RunOnce: [mfcvt.exe] C:\WINDOWS\system32\mfcvt.exe
O4 - HKLM\..\RunOnce: [sysuj32.exe] C:\WINDOWS\sysuj32.exe
O4 - HKLM\..\RunOnce: [crky32.exe] C:\WINDOWS\crky32.exe
O4 - HKLM\..\RunOnce: [d3sg.exe] C:\WINDOWS\system32\d3sg.exe
O4 - HKLM\..\RunOnce: [javath.exe] C:\WINDOWS\javath.exe
O4 - HKLM\..\RunOnce: [winqw32.exe] C:\WINDOWS\system32\winqw32.exe
O4 - HKLM\..\RunOnce: [mfcgd32.exe] C:\WINDOWS\system32\mfcgd32.exe
O4 - HKLM\..\RunOnce: [appcp.exe] C:\WINDOWS\appcp.exe
O4 - HKLM\..\RunOnce: [d3bf32.exe] C:\WINDOWS\d3bf32.exe
O4 - HKLM\..\RunOnce: [ntzm32.exe] C:\WINDOWS\system32\ntzm32.exe
O4 - HKLM\..\RunOnce: [sdkzc.exe] C:\WINDOWS\system32\sdkzc.exe
O4 - HKLM\..\RunOnce: [nthc.exe] C:\WINDOWS\system32\nthc.exe
O4 - HKLM\..\RunOnce: [msxr32.exe] C:\WINDOWS\msxr32.exe
O4 - HKLM\..\RunOnce: [addnz32.exe] C:\WINDOWS\system32\addnz32.exe
O4 - HKLM\..\RunOnce: [sysil.exe] C:\WINDOWS\system32\sysil.exe
O4 - HKLM\..\RunOnce: [sdkha32.exe] C:\WINDOWS\system32\sdkha32.exe
O4 - HKLM\..\RunOnce: [apifi.exe] C:\WINDOWS\apifi.exe
O4 - HKLM\..\RunOnce: [winex32.exe] C:\WINDOWS\winex32.exe
O4 - HKLM\..\RunOnce: [d3un32.exe] C:\WINDOWS\system32\d3un32.exe
O4 - HKLM\..\RunOnce: [d3cv32.exe] C:\WINDOWS\system32\d3cv32.exe
O4 - HKLM\..\RunOnce: [addmv32.exe] C:\WINDOWS\addmv32.exe
O4 - HKLM\..\RunOnce: [javamd.exe] C:\WINDOWS\javamd.exe
O4 - HKLM\..\RunOnce: [netqh.exe] C:\WINDOWS\netqh.exe
O4 - HKLM\..\RunOnce: [d3ff32.exe] C:\WINDOWS\system32\d3ff32.exe
O4 - HKLM\..\RunOnce: [winvm32.exe] C:\WINDOWS\system32\winvm32.exe
O4 - HKLM\..\RunOnce: [ieqq.exe] C:\WINDOWS\system32\ieqq.exe
O4 - HKLM\..\RunOnce: [ntpg32.exe] C:\WINDOWS\system32\ntpg32.exe
O4 - HKLM\..\RunOnce: [mfcov32.exe] C:\WINDOWS\mfcov32.exe
O4 - HKLM\..\RunOnce: [apind.exe] C:\WINDOWS\apind.exe
O4 - HKLM\..\RunOnce: [mfcwd.exe] C:\WINDOWS\system32\mfcwd.exe
O4 - HKLM\..\RunOnce: [sdkma32.exe] C:\WINDOWS\sdkma32.exe
O4 - HKLM\..\RunOnce: [msci32.exe] C:\WINDOWS\msci32.exe
O4 - HKLM\..\RunOnce: [crfm.exe] C:\WINDOWS\system32\crfm.exe
O4 - HKLM\..\RunOnce: [apieb32.exe] C:\WINDOWS\apieb32.exe
O4 - HKLM\..\RunOnce: [addur.exe] C:\WINDOWS\system32\addur.exe
O4 - HKLM\..\RunOnce: [d3tg32.exe] C:\WINDOWS\system32\d3tg32.exe
O4 - HKLM\..\RunOnce: [ntro32.exe] C:\WINDOWS\ntro32.exe
O4 - HKLM\..\RunOnce: [msbw32.exe] C:\WINDOWS\system32\msbw32.exe
O4 - HKLM\..\RunOnce: [netbe.exe] C:\WINDOWS\netbe.exe
O4 - HKLM\..\RunOnce: [appfi.exe] C:\WINDOWS\system32\appfi.exe
O4 - HKLM\..\RunOnce: [atlza32.exe] C:\WINDOWS\system32\atlza32.exe
O4 - HKLM\..\RunOnce: [msee32.exe] C:\WINDOWS\system32\msee32.exe
O4 - HKLM\..\RunOnce: [atlhq32.exe] C:\WINDOWS\atlhq32.exe
O4 - HKLM\..\RunOnce: [netmu.exe] C:\WINDOWS\netmu.exe
O4 - HKLM\..\RunOnce: [apinu32.exe] C:\WINDOWS\apinu32.exe
O4 - HKLM\..\RunOnce: [netgg32.exe] C:\WINDOWS\system32\netgg32.exe
O4 - HKLM\..\RunOnce: [addlc32.exe] C:\WINDOWS\addlc32.exe
O4 - HKLM\..\RunOnce: [ipgw.exe] C:\WINDOWS\system32\ipgw.exe
O4 - HKLM\..\RunOnce: [mfcka32.exe] C:\WINDOWS\mfcka32.exe
O4 - HKLM\..\RunOnce: [winip.exe] C:\WINDOWS\system32\winip.exe
O4 - HKLM\..\RunOnce: [javahf32.exe] C:\WINDOWS\system32\javahf32.exe
O4 - HKLM\..\RunOnce: [netxm32.exe] C:\WINDOWS\netxm32.exe
O4 - HKLM\..\RunOnce: [ipxc.exe] C:\WINDOWS\ipxc.exe
O4 - HKLM\..\RunOnce: [netgc.exe] C:\WINDOWS\system32\netgc.exe
O4 - HKLM\..\RunOnce: [crvs32.exe] C:\WINDOWS\crvs32.exe
O4 - HKLM\..\RunOnce: [syslz32.exe] C:\WINDOWS\syslz32.exe
O4 - HKLM\..\RunOnce: [msol.exe] C:\WINDOWS\msol.exe
O4 - HKLM\..\RunOnce: [ntna32.exe] C:\WINDOWS\ntna32.exe
O4 - HKLM\..\RunOnce: [atlei32.exe] C:\WINDOWS\system32\atlei32.exe
O4 - HKLM\..\RunOnce: [mfcmy.exe] C:\WINDOWS\system32\mfcmy.exe
O4 - HKLM\..\RunOnce: [atlmy.exe] C:\WINDOWS\atlmy.exe
O4 - HKLM\..\RunOnce: [sdkcn32.exe] C:\WINDOWS\system32\sdkcn32.exe
O4 - HKLM\..\RunOnce: [d3av32.exe] C:\WINDOWS\system32\d3av32.exe
O4 - HKLM\..\RunOnce: [javavg.exe] C:\WINDOWS\javavg.exe
O4 - HKLM\..\RunOnce: [apiuw32.exe] C:\WINDOWS\apiuw32.exe
O4 - HKLM\..\RunOnce: [addke.exe] C:\WINDOWS\system32\addke.exe
O4 - HKLM\..\RunOnce: [crjt32.exe] C:\WINDOWS\crjt32.exe
O4 - HKLM\..\RunOnce: [iphj32.exe] C:\WINDOWS\system32\iphj32.exe
O4 - HKLM\..\RunOnce: [nthr32.exe] C:\WINDOWS\system32\nthr32.exe
O4 - HKLM\..\RunOnce: [msrr32.exe] C:\WINDOWS\msrr32.exe
O4 - HKLM\..\RunOnce: [apirz.exe] C:\WINDOWS\system32\apirz.exe
O4 - HKLM\..\RunOnce: [appvd.exe] C:\WINDOWS\appvd.exe
O4 - HKLM\..\RunOnce: [ipkt32.exe] C:\WINDOWS\system32\ipkt32.exe
O4 - HKLM\..\RunOnce: [crii32.exe] C:\WINDOWS\system32\crii32.exe
O4 - HKLM\..\RunOnce: [sdkdm.exe] C:\WINDOWS\sdkdm.exe
O4 - HKLM\..\RunOnce: [atlcb32.exe] C:\WINDOWS\atlcb32.exe
O4 - HKLM\..\RunOnce: [systr32.exe] C:\WINDOWS\system32\systr32.exe
O4 - HKLM\..\RunOnce: [winaz.exe] C:\WINDOWS\system32\winaz.exe
O4 - HKLM\..\RunOnce: [sysbz.exe] C:\WINDOWS\system32\sysbz.exe
O4 - HKLM\..\RunOnce: [apizo.exe] C:\WINDOWS\apizo.exe
O4 - HKLM\..\RunOnce: [appod32.exe] C:\WINDOWS\system32\appod32.exe
O4 - HKLM\..\RunOnce: [atlzx.exe] C:\WINDOWS\system32\atlzx.exe
O4 - HKLM\..\RunOnce: [ipdt32.exe] C:\WINDOWS\ipdt32.exe
O4 - HKLM\..\RunOnce: [apinb.exe] C:\WINDOWS\system32\apinb.exe
O4 - HKLM\..\RunOnce: [nettq32.exe] C:\WINDOWS\nettq32.exe
O4 - HKLM\..\RunOnce: [apihn32.exe] C:\WINDOWS\system32\apihn32.exe
O4 - HKLM\..\RunOnce: [sysmr32.exe] C:\WINDOWS\system32\sysmr32.exe
O4 - HKLM\..\RunOnce: [nethd32.exe] C:\WINDOWS\system32\nethd32.exe
O4 - HKLM\..\RunOnce: [sdkmh.exe] C:\WINDOWS\sdkmh.exe
O4 - HKLM\..\RunOnce: [ipuh32.exe] C:\WINDOWS\system32\ipuh32.exe
O4 - HKLM\..\RunOnce: [ipje32.exe] C:\WINDOWS\ipje32.exe
O4 - HKLM\..\RunOnce: [addoa32.exe] C:\WINDOWS\addoa32.exe
O4 - HKLM\..\RunOnce: [ntjm32.exe] C:\WINDOWS\ntjm32.exe
O4 - HKLM\..\RunOnce: [javanq.exe] C:\WINDOWS\system32\javanq.exe
O4 - HKLM\..\RunOnce: [ieur32.exe] C:\WINDOWS\system32\ieur32.exe
O4 - HKLM\..\RunOnce: [crya32.exe] C:\WINDOWS\system32\crya32.exe
O4 - HKLM\..\RunOnce: [d3yi.exe] C:\WINDOWS\d3yi.exe
O4 - HKLM\..\RunOnce: [crgi.exe] C:\WINDOWS\system32\crgi.exe
O4 - HKLM\..\RunOnce: [winwf32.exe] C:\WINDOWS\winwf32.exe
O4 - HKLM\..\RunOnce: [mfcmn32.exe] C:\WINDOWS\mfcmn32.exe
O4 - HKLM\..\RunOnce: [apphq.exe] C:\WINDOWS\system32\apphq.exe
O4 - HKLM\..\RunOnce: [d3og32.exe] C:\WINDOWS\system32\d3og32.exe
O4 - HKLM\..\RunOnce: [sdkee.exe] C:\WINDOWS\sdkee.exe
O4 - HKLM\..\RunOnce: [ntne.exe] C:\WINDOWS\ntne.exe
O4 - HKLM\..\RunOnce: [ntiv32.exe] C:\WINDOWS\ntiv32.exe
O4 - HKLM\..\RunOnce: [atlmr32.exe] C:\WINDOWS\atlmr32.exe
O4 - HKLM\..\RunOnce: [sdkpd32.exe] C:\WINDOWS\sdkpd32.exe
O4 - HKLM\..\RunOnce: [d3uh.exe] C:\WINDOWS\system32\d3uh.exe
O4 - HKLM\..\RunOnce: [javavi32.exe] C:\WINDOWS\javavi32.exe
O4 - HKLM\..\RunOnce: [javajf32.exe] C:\WINDOWS\system32\javajf32.exe
O4 - HKLM\..\RunOnce: [mfcoj32.exe] C:\WINDOWS\system32\mfcoj32.exe
O4 - HKLM\..\RunOnce: [crrv32.exe] C:\WINDOWS\system32\crrv32.exe
O4 - HKLM\..\RunOnce: [iewz.exe] C:\WINDOWS\iewz.exe
O4 - HKLM\..\RunOnce: [d3xz32.exe] C:\WINDOWS\system32\d3xz32.exe
O4 - HKLM\..\RunOnce: [d3lw.exe] C:\WINDOWS\d3lw.exe
O4 - HKLM\..\RunOnce: [d3rl.exe] C:\WINDOWS\d3rl.exe
O4 - HKLM\..\RunOnce: [netfp.exe] C:\WINDOWS\system32\netfp.exe
O4 - HKLM\..\RunOnce: [mszb.exe] C:\WINDOWS\mszb.exe
O4 - HKLM\..\RunOnce: [javaoi.exe] C:\WINDOWS\javaoi.exe
O4 - HKLM\..\RunOnce: [netzb32.exe] C:\WINDOWS\system32\netzb32.exe
O4 - HKLM\..\RunOnce: [ipku.exe] C:\WINDOWS\ipku.exe
O4 - HKLM\..\RunOnce: [croy.exe] C:\WINDOWS\croy.exe
O4 - HKLM\..\RunOnce: [syshr32.exe] C:\WINDOWS\syshr32.exe
O4 - HKLM\..\RunOnce: [msca32.exe] C:\WINDOWS\msca32.exe
O4 - HKLM\..\RunOnce: [iewl.exe] C:\WINDOWS\system32\iewl.exe
O4 - HKLM\..\RunOnce: [atlrp.exe] C:\WINDOWS\system32\atlrp.exe
O4 - HKLM\..\RunOnce: [netkq32.exe] C:\WINDOWS\system32\netkq32.exe
O4 - HKLM\..\RunOnce: [javaay.exe] C:\WINDOWS\system32\javaay.exe
O4 - HKLM\..\RunOnce: [ieec32.exe] C:\WINDOWS\system32\ieec32.exe
O4 - HKLM\..\RunOnce: [croc.exe] C:\WINDOWS\system32\croc.exe
O4 - HKLM\..\RunOnce: [d3tz32.exe] C:\WINDOWS\system32\d3tz32.exe
O4 - HKLM\..\RunOnce: [criw32.exe] C:\WINDOWS\system32\criw32.exe
O4 - HKLM\..\RunOnce: [netns32.exe] C:\WINDOWS\system32\netns32.exe
O4 - HKLM\..\RunOnce: [d3ie32.exe] C:\WINDOWS\d3ie32.exe
O4 - HKLM\..\RunOnce: [sysmi.exe] C:\WINDOWS\sysmi.exe
O4 - HKLM\..\RunOnce: [ievi32.exe] C:\WINDOWS\ievi32.exe
O4 - HKLM\..\RunOnce: [mskf32.exe] C:\WINDOWS\mskf32.exe
O4 - HKLM\..\RunOnce: [ntpb32.exe] C:\WINDOWS\ntpb32.exe
O4 - HKLM\..\RunOnce: [addor.exe] C:\WINDOWS\system32\addor.exe
O4 - HKLM\..\RunOnce: [winxa32.exe] C:\WINDOWS\winxa32.exe
O4 - HKLM\..\RunOnce: [sysep32.exe] C:\WINDOWS\system32\sysep32.exe
O4 - HKLM\..\RunOnce: [sdkit.exe] C:\WINDOWS\system32\sdkit.exe
O4 - HKLM\..\RunOnce: [netmx.exe] C:\WINDOWS\netmx.exe
O4 - HKLM\..\RunOnce: [d3cu32.exe] C:\WINDOWS\system32\d3cu32.exe
O4 - HKLM\..\RunOnce: [sysac32.exe] C:\WINDOWS\sysac32.exe
O4 - HKLM\..\RunOnce: [msvf.exe] C:\WINDOWS\msvf.exe
O4 - HKLM\..\RunOnce: [ntuv32.exe] C:\WINDOWS\ntuv32.exe
O4 - HKLM\..\RunOnce: [netpz.exe] C:\WINDOWS\netpz.exe
O4 - HKLM\..\RunOnce: [winoo32.exe] C:\WINDOWS\winoo32.exe
O4 - HKLM\..\RunOnce: [d3me.exe] C:\WINDOWS\system32\d3me.exe
O4 - HKLM\..\RunOnce: [iplu32.exe] C:\WINDOWS\system32\iplu32.exe
O4 - HKLM\..\RunOnce: [atlbj32.exe] C:\WINDOWS\atlbj32.exe
O4 - HKLM\..\RunOnce: [atljr.exe] C:\WINDOWS\atljr.exe
O4 - HKLM\..\RunOnce: [appkr.exe] C:\WINDOWS\system32\appkr.exe
O4 - HKLM\..\RunOnce: [ntzg32.exe] C:\WINDOWS\ntzg32.exe
O4 - HKLM\..\RunOnce: [cryw32.exe] C:\WINDOWS\cryw32.exe
O4 - HKLM\..\RunOnce: [sdkta.exe] C:\WINDOWS\system32\sdkta.exe
O4 - HKLM\..\RunOnce: [mfcsp32.exe] C:\WINDOWS\mfcsp32.exe
O4 - HKLM\..\RunOnce: [javavz32.exe] C:\WINDOWS\javavz32.exe
O4 - HKLM\..\RunOnce: [appqk.exe] C:\WINDOWS\appqk.exe
O4 - HKLM\..\RunOnce: [netal32.exe] C:\WINDOWS\netal32.exe
O4 - HKLM\..\RunOnce: [sdkqt.exe] C:\WINDOWS\sdkqt.exe
O4 - HKLM\..\RunOnce: [msux32.exe] C:\WINDOWS\system32\msux32.exe
O4 - HKLM\..\RunOnce: [crex.exe] C:\WINDOWS\crex.exe
O4 - HKLM\..\RunOnce: [crju32.exe] C:\WINDOWS\system32\crju32.exe
O4 - HKLM\..\RunOnce: [cryr32.exe] C:\WINDOWS\cryr32.exe
O4 - HKLM\..\RunOnce: [apidn32.exe] C:\WINDOWS\apidn32.exe
O4 - HKLM\..\RunOnce: [d3yz32.exe] C:\WINDOWS\d3yz32.exe
O4 - HKLM\..\RunOnce: [ield.exe] C:\WINDOWS\system32\ield.exe
O4 - HKLM\..\RunOnce: [msld32.exe] C:\WINDOWS\msld32.exe
O4 - HKLM\..\RunOnce: [msaa32.exe] C:\WINDOWS\system32\msaa32.exe
O4 - HKLM\..\RunOnce: [ipfw32.exe] C:\WINDOWS\system32\ipfw32.exe
O4 - HKLM\..\RunOnce: [msai32.exe] C:\WINDOWS\system32\msai32.exe
O4 - HKLM\..\RunOnce: [winem.exe] C:\WINDOWS\winem.exe
O4 - HKLM\..\RunOnce: [sysnn32.exe] C:\WINDOWS\system32\sysnn32.exe
O4 - HKLM\..\RunOnce: [ieck32.exe] C:\WINDOWS\ieck32.exe
O4 - HKLM\..\RunOnce: [sdkgg.exe] C:\WINDOWS\sdkgg.exe
O4 - HKLM\..\RunOnce: [apiks.exe] C:\WINDOWS\apiks.exe
O4 - HKLM\..\RunOnce: [crah32.exe] C:\WINDOWS\system32\crah32.exe
O4 - HKLM\..\RunOnce: [sysqo32.exe] C:\WINDOWS\system32\sysqo32.exe
O4 - HKLM\..\RunOnce: [msla.exe] C:\WINDOWS\system32\msla.exe
O4 - HKLM\..\RunOnce: [ipkq32.exe] C:\WINDOWS\system32\ipkq32.exe
O4 - HKLM\..\RunOnce: [atlix32.exe] C:\WINDOWS\atlix32.exe
O4 - HKLM\..\RunOnce: [mfcin.exe] C:\WINDOWS\mfcin.exe
O4 - HKLM\..\RunOnce: [atlro.exe] C:\WINDOWS\system32\atlro.exe
O4 - HKLM\..\RunOnce: [ntgd.exe] C:\WINDOWS\ntgd.exe
O4 - HKLM\..\RunOnce: [apiws32.exe] C:\WINDOWS\apiws32.exe
O4 - HKLM\..\RunOnce: [iphd.exe] C:\WINDOWS\system32\iphd.exe
O4 - HKLM\..\RunOnce: [crlh32.exe] C:\WINDOWS\system32\crlh32.exe
O4 - HKLM\..\RunOnce: [ntvi.exe] C:\WINDOWS\system32\ntvi.exe
O4 - HKLM\..\RunOnce: [sdkae32.exe] C:\WINDOWS\system32\sdkae32.exe
O4 - HKLM\..\RunOnce: [sdkpb32.exe] C:\WINDOWS\sdkpb32.exe
O4 - HKLM\..\RunOnce: [ieza.exe] C:\WINDOWS\system32\ieza.exe
O4 - HKLM\..\RunOnce: [addra.exe] C:\WINDOWS\system32\addra.exe
O4 - HKLM\..\RunOnce: [cria32.exe] C:\WINDOWS\system32\cria32.exe
O4 - HKLM\..\RunOnce: [appxp.exe] C:\WINDOWS\system32\appxp.exe
O4 - HKLM\..\RunOnce: [mfcwx32.exe] C:\WINDOWS\mfcwx32.exe
O4 - HKLM\..\RunOnce: [iepy32.exe] C:\WINDOWS\system32\iepy32.exe
O4 - HKLM\..\RunOnce: [syspg.exe] C:\WINDOWS\system32\syspg.exe
O4 - HKLM\..\RunOnce: [msyg.exe] C:\WINDOWS\msyg.exe
O4 - HKLM\..\RunOnce: [atlnv32.exe] C:\WINDOWS\system32\atlnv32.exe
O4 - HKLM\..\RunOnce: [ipel32.exe] C:\WINDOWS\system32\ipel32.exe
O4 - HKLM\..\RunOnce: [sysye32.exe] C:\WINDOWS\sysye32.exe
O4 - HKLM\..\RunOnce: [crwu32.exe] C:\WINDOWS\system32\crwu32.exe
O4 - HKLM\..\RunOnce: [d3wc.exe] C:\WINDOWS\d3wc.exe
O4 - HKLM\..\RunOnce: [crec.exe] C:\WINDOWS\system32\crec.exe
O4 - HKLM\..\RunOnce: [winur32.exe] C:\WINDOWS\winur32.exe
O4 - HKLM\..\RunOnce: [mfckg32.exe] C:\WINDOWS\mfckg32.exe
O4 - HKLM\..\RunOnce: [appnk.exe] C:\WINDOWS\system32\appnk.exe
O4 - HKLM\..\RunOnce: [d3ma32.exe] C:\WINDOWS\system32\d3ma32.exe
O4 - HKLM\..\RunOnce: [ntcp32.exe] C:\WINDOWS\ntcp32.exe
O4 - HKLM\..\RunOnce: [crhu32.exe] C:\WINDOWS\system32\crhu32.exe
O4 - HKLM\..\RunOnce: [atlhu.exe] C:\WINDOWS\atlhu.exe
O4 - HKLM\..\RunOnce: [winlg32.exe] C:\WINDOWS\system32\winlg32.exe
O4 - HKLM\..\RunOnce: [d3jn.exe] C:\WINDOWS\d3jn.exe
O4 - HKLM\..\RunOnce: [ipid32.exe] C:\WINDOWS\ipid32.exe
O4 - HKLM\..\RunOnce: [appys32.exe] C:\WINDOWS\system32\appys32.exe
O4 - HKLM\..\RunOnce: [atlgi.exe] C:\WINDOWS\system32\atlgi.exe
O4 - HKLM\..\RunOnce: [apphj.exe] C:\WINDOWS\apphj.exe
O4 - HKLM\..\RunOnce: [sdkqp32.exe] C:\WINDOWS\sdkqp32.exe
O4 - HKLM\..\RunOnce: [apiow.exe] C:\WINDOWS\system32\apiow.exe
O4 - HKLM\..\RunOnce: [sdkgu.exe] C:\WINDOWS\sdkgu.exe
O4 - HKLM\..\RunOnce: [mssw.exe] C:\WINDOWS\system32\mssw.exe
O4 - HKLM\..\RunOnce: [ieyl32.exe] C:\WINDOWS\system32\ieyl32.exe
O4 - HKLM\..\RunOnce: [ieuy32.exe] C:\WINDOWS\ieuy32.exe
O4 - HKLM\..\RunOnce: [sysoz32.exe] C:\WINDOWS\system32\sysoz32.exe
O4 - HKLM\..\RunOnce: [netxz.exe] C:\WINDOWS\system32\netxz.exe
O4 - HKLM\..\RunOnce: [msyi.exe] C:\WINDOWS\system32\msyi.exe
O4 - HKLM\..\RunOnce: [ntfx32.exe] C:\WINDOWS\ntfx32.exe
O4 - HKLM\..\RunOnce: [mfcvn32.exe] C:\WINDOWS\mfcvn32.exe
O4 - HKLM\..\RunOnce: [apivv.exe] C:\WINDOWS\system32\apivv.exe
O4 - HKLM\..\RunOnce: [atlev.exe] C:\WINDOWS\atlev.exe
O4 - HKLM\..\RunOnce: [sdkts.exe] C:\WINDOWS\system32\sdkts.exe
O4 - HKLM\..\RunOnce: [netiz32.exe] C:\WINDOWS\system32\netiz32.exe
O4 - HKLM\..\RunOnce: [ntct.exe] C:\WINDOWS\ntct.exe
O4 - HKLM\..\RunOnce: [netdr.exe] C:\WINDOWS\system32\netdr.exe
O4 - HKLM\..\RunOnce: [addkg32.exe] C:\WINDOWS\system32\addkg32.exe
O4 - HKLM\..\RunOnce: [appmv32.exe] C:\WINDOWS\appmv32.exe
O4 - HKLM\..\RunOnce: [winph.exe] C:\WINDOWS\system32\winph.exe
O4 - HKLM\..\RunOnce: [iekp32.exe] C:\WINDOWS\system32\iekp32.exe
O4 - HKLM\..\RunOnce: [javaif32.exe] C:\WINDOWS\javaif32.exe
O4 - HKLM\..\RunOnce: [netpq.exe] C:\WINDOWS\system32\netpq.exe
O4 - HKLM\..\RunOnce: [crnx32.exe] C:\WINDOWS\crnx32.exe
O4 - HKLM\..\RunOnce: [apifz32.exe] C:\WINDOWS\apifz32.exe
O4 - HKLM\..\RunOnce: [msoq32.exe] C:\WINDOWS\system32\msoq32.exe
O4 - HKLM\..\RunOnce: [atljb32.exe] C:\WINDOWS\system32\atljb32.exe
O4 - HKLM\..\RunOnce: [netng.exe] C:\WINDOWS\netng.exe
O4 - HKLM\..\RunOnce: [ipky.exe] C:\WINDOWS\system32\ipky.exe
O4 - HKLM\..\RunOnce: [winyv.exe] C:\WINDOWS\winyv.exe
O4 - HKLM\..\RunOnce: [netys32.exe] C:\WINDOWS\netys32.exe
O4 - HKLM\..\RunOnce: [atlce32.exe] C:\WINDOWS\system32\atlce32.exe
O4 - HKLM\..\RunOnce: [netdv.exe] C:\WINDOWS\system32\netdv.exe
O4 - HKLM\..\RunOnce: [apiew32.exe] C:\WINDOWS\apiew32.exe
O4 - HKLM\..\RunOnce: [ntih.exe] C:\WINDOWS\ntih.exe
O4 - HKLM\..\RunOnce: [apixw.exe] C:\WINDOWS\apixw.exe
O4 - HKLM\..\RunOnce: [winip32.exe] C:\WINDOWS\system32\winip32.exe
O4 - HKLM\..\RunOnce: [appta.exe] C:\WINDOWS\appta.exe
O4 - HKLM\..\RunOnce: [netxe.exe] C:\WINDOWS\netxe.exe
O4 - HKLM\..\RunOnce: [sdkhf32.exe] C:\WINDOWS\sdkhf32.exe
O4 - HKLM\..\RunOnce: [msgm.exe] C:\WINDOWS\msgm.exe
O4 - HKLM\..\RunOnce: [addcq32.exe] C:\WINDOWS\addcq32.exe
O4 - HKLM\..\RunOnce: [ielr.exe] C:\WINDOWS\ielr.exe
O4 - HKLM\..\RunOnce: [syszn32.exe] C:\WINDOWS\syszn32.exe
O4 - HKLM\..\RunOnce: [sysfk32.exe] C:\WINDOWS\system32\sysfk32.exe
O4 - HKLM\..\RunOnce: [sdkkg32.exe] C:\WINDOWS\sdkkg32.exe
O4 - HKLM\..\RunOnce: [sysns32.exe] C:\WINDOWS\system32\sysns32.exe
O4 - HKLM\..\RunOnce: [appsw.exe] C:\WINDOWS\appsw.exe
O4 - HKLM\..\RunOnce: [addtx32.exe] C:\WINDOWS\system32\addtx32.exe
O4 - HKLM\..\RunOnce: [winht32.exe] C:\WINDOWS\winht32.exe
O4 - HKLM\..\RunOnce: [crmq32.exe] C:\WINDOWS\system32\crmq32.exe
O4 - HKLM\..\RunOnce: [addpb32.exe] C:\WINDOWS\addpb32.exe
O4 - HKLM\..\RunOnce: [mfcug.exe] C:\WINDOWS\system32\mfcug.exe
O4 - HKLM\..\RunOnce: [crxp.exe] C:\WINDOWS\system32\crxp.exe
O4 - HKLM\..\RunOnce: [apiwf32.exe] C:\WINDOWS\system32\apiwf32.exe
O4 - HKLM\..\RunOnce: [addvl.exe] C:\WINDOWS\addvl.exe
O4 - HKLM\..\RunOnce: [netka32.exe] C:\WINDOWS\system32\netka32.exe
O4 - HKLM\..\RunOnce: [javabh32.exe] C:\WINDOWS\javabh32.exe
O4 - HKLM\..\RunOnce: [ntel.exe] C:\WINDOWS\ntel.exe
O4 - HKLM\..\RunOnce: [appdb32.exe] C:\WINDOWS\appdb32.exe
O4 - HKLM\..\RunOnce: [ietq32.exe] C:\WINDOWS\system32\ietq32.exe
O4 - HKLM\..\RunOnce: [sysby.exe] C:\WINDOWS\system32\sysby.exe
O4 - HKLM\..\RunOnce: [iech.exe] C:\WINDOWS\iech.exe
O4 - HKLM\..\RunOnce: [atlrw.exe] C:\WINDOWS\system32\atlrw.exe
O4 - HKLM\..\RunOnce: [addgl32.exe] C:\WINDOWS\system32\addgl32.exe
O4 - HKLM\..\RunOnce: [appaw.exe] C:\WINDOWS\system32\appaw.exe
O4 - HKLM\..\RunOnce: [netwa32.exe] C:\WINDOWS\netwa32.exe
O4 - HKLM\..\RunOnce: [mfcnb.exe] C:\WINDOWS\mfcnb.exe
O4 - HKLM\..\RunOnce: [mfctx32.exe] C:\WINDOWS\mfctx32.exe
O4 - HKLM\..\RunOnce: [mfchu32.exe] C:\WINDOWS\system32\mfchu32.exe
O4 - HKLM\..\RunOnce: [iemq32.exe] C:\WINDOWS\system32\iemq32.exe
O4 - HKLM\..\RunOnce: [apihc32.exe] C:\WINDOWS\system32\apihc32.exe
O4 - HKLM\..\RunOnce: [ipmg.exe] C:\WINDOWS\ipmg.exe
O4 - HKLM\..\RunOnce: [netvh32.exe] C:\WINDOWS\system32\netvh32.exe
O4 - HKLM\..\RunOnce: [apibd32.exe] C:\WINDOWS\apibd32.exe
O4 - HKLM\..\RunOnce: [winga.exe] C:\WINDOWS\system32\winga.exe
O4 - HKLM\..\RunOnce: [mskm.exe] C:\WINDOWS\mskm.exe
O4 - HKLM\..\RunOnce: [appzb32.exe] C:\WINDOWS\system32\appzb32.exe
O4 - HKLM\..\RunOnce: [netyi32.exe] C:\WINDOWS\system32\netyi32.exe
O4 - HKLM\..\RunOnce: [mfctu.exe] C:\WINDOWS\mfctu.exe
O4 - HKLM\..\RunOnce: [iesk32.exe] C:\WINDOWS\system32\iesk32.exe
O4 - HKLM\..\RunOnce: [javair32.exe] C:\WINDOWS\javair32.exe
O4 - HKLM\..\RunOnce: [crqh.exe] C:\WINDOWS\crqh.exe
O4 - HKLM\..\RunOnce: [javaqi.exe] C:\WINDOWS\system32\javaqi.exe
O4 - HKLM\..\RunOnce: [addlt.exe] C:\WINDOWS\addlt.exe
O4 - HKLM\..\RunOnce: [sysaa.exe] C:\WINDOWS\sysaa.exe
O4 - HKLM\..\RunOnce: [javalt32.exe] C:\WINDOWS\system32\javalt32.exe
O4 - HKLM\..\RunOnce: [crem.exe] C:\WINDOWS\system32\crem.exe
O4 - HKLM\..\RunOnce: [sysiq32.exe] C:\WINDOWS\sysiq32.exe
O4 - HKLM\..\RunOnce: [mssr.exe] C:\WINDOWS\system32\mssr.exe
O4 - HKLM\..\RunOnce: [msxn32.exe] C:\WINDOWS\msxn32.exe
O4 - HKLM\..\RunOnce: [msmk32.exe] C:\WINDOWS\system32\msmk32.exe
O4 - HKLM\..\RunOnce: [iprg32.exe] C:\WINDOWS\system32\iprg32.exe
O4 - HKLM\..\RunOnce: [iems32.exe] C:\WINDOWS\system32\iems32.exe
O4 - HKLM\..\RunOnce: [addqw.exe] C:\WINDOWS\addqw.exe
O4 - HKLM\..\RunOnce: [syszx32.exe] C:\WINDOWS\system32\syszx32.exe
O4 - HKLM\..\RunOnce: [sysou32.exe] C:\WINDOWS\sysou32.exe
O4 - HKLM\..\RunOnce: [sdksq.exe] C:\WINDOWS\sdksq.exe
O4 - HKLM\..\RunOnce: [netoc.exe] C:\WINDOWS\netoc.exe
O4 - HKLM\..\RunOnce: [crmr32.exe] C:\WINDOWS\system32\crmr32.exe
O4 - HKLM\..\RunOnce: [syscy32.exe] C:\WINDOWS\system32\syscy32.exe
O4 - HKLM\..\RunOnce: [msxc.exe] C:\WINDOWS\system32\msxc.exe
O4 - HKLM\..\RunOnce: [ipws32.exe] C:\WINDOWS\system32\ipws32.exe
O4 - HKLM\..\RunOnce: [atluh32.exe] C:\WINDOWS\atluh32.exe
O4 - HKLM\..\RunOnce: [mfcux.exe] C:\WINDOWS\mfcux.exe
O4 - HKLM\..\RunOnce: [atldy.exe] C:\WINDOWS\system32\atldy.exe
O4 - HKLM\..\RunOnce: [ntsn.exe] C:\WINDOWS\ntsn.exe
O4 - HKLM\..\RunOnce: [netic32.exe] C:\WINDOWS\netic32.exe
O4 - HKLM\..\RunOnce: [iptn.exe] C:\WINDOWS\system32\iptn.exe
O4 - HKLM\..\RunOnce: [netcl.exe] C:\WINDOWS\netcl.exe
O4 - HKLM\..\RunOnce: [addbb32.exe] C:\WINDOWS\system32\addbb32.exe
O4 - HKLM\..\RunOnce: [d3zq32.exe] C:\WINDOWS\d3zq32.exe
O4 - HKLM\..\RunOnce: [mszy.exe] C:\WINDOWS\mszy.exe
O4 - HKLM\..\RunOnce: [d3ih.exe] C:\WINDOWS\system32\d3ih.exe
O4 - HKLM\..\RunOnce: [appxw32.exe] C:\WINDOWS\appxw32.exe
O4 - HKLM\..\RunOnce: [apiod32.exe] C:\WINDOWS\apiod32.exe
O4 - HKLM\..\RunOnce: [atljh.exe] C:\WINDOWS\system32\atljh.exe
O4 - HKLM\..\RunOnce: [ieix32.exe] C:\WINDOWS\system32\ieix32.exe
O4 - HKLM\..\RunOnce: [javagm.exe] C:\WINDOWS\javagm.exe
O4 - HKLM\..\RunOnce: [mfcfc32.exe] C:\WINDOWS\system32\mfcfc32.exe
O4 - HKLM\..\RunOnce: [wingb32.exe] C:\WINDOWS\wingb32.exe
O4 - HKLM\..\RunOnce: [ntxi.exe] C:\WINDOWS\ntxi.exe

Now you need to delete each of these files.

Reboot and post a new hijackthis log.

AgentFitz · May 2005

ok, thanks so much Buckeye - here is the new log:

Logfile of HijackThis v1.99.1
Scan saved at 3:56:32 PM, on 5/13/2005
Platform: Windows 2003 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\resetservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
D:\Program Files\AD Killer\adkiller.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\t?skmgr.exe
D:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
D:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\iebd32.exe
D:\Agent Fitz\Downloads\Hijack This\HijackThis.exe
C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe
C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

res://C:\WINDOWS\rcusv.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

res://C:\WINDOWS\rcusv.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

res://C:\WINDOWS\rcusv.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

res://C:\WINDOWS\rcusv.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

res://C:\WINDOWS\rcusv.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

res://C:\WINDOWS\rcusv.dll/sp.html#10001
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com");

(C:\Documents and Settings\Administrator\Application

Data\Mozilla\Profiles\default\9l6vmx2l.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",

"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWe

b_01.src"); (C:\Documents and Settings\Administrator\Application

Data\Mozilla\Profiles\default\9l6vmx2l.slt\prefs.js)
O2 - BHO: Class - {3486A396-7595-B288-69FC-2B5649058C5B} -

C:\WINDOWS\system32\javara.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program

Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -

{8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdobeVersionCue] D:\Program Files\Adobe\Adobe Version

Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [ecnzhc] C:\WINDOWS\system32\ecnzhc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft

AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AD Killer] D:\Program Files\AD Killer\adkiller.exe
O4 - HKLM\..\Run: [iebd32.exe] C:\WINDOWS\system32\iebd32.exe
O4 - HKLM\..\RunOnce: [javaqq.exe] C:\WINDOWS\javaqq.exe
O4 - HKLM\..\RunOnce: [apilx.exe] C:\WINDOWS\system32\apilx.exe
O4 - HKCU\..\Run: [Fpdxeb] C:\WINDOWS\system32\t?skmgr.exe
O4 - HKCU\..\Run: [ewo9ROHFR] pstskres.exe
O4 - HKCU\..\Run: [Aeat] C:\Documents and Settings\Administrator\Application

Data\coad.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [AIM] D:\Program Files\aim.exe -cnetwait.odl
O4 - Startup: Desktop Navigator.lnk = C:\Program Files\Netscape\Desktop

Navigator\dtnav.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Adobe

Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program

Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM

Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program

Files\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -

C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted IP range: 209.8.20.130
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be

Internet Zone
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housec

all/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown

owner - C:\WINDOWS\crmq32.exe (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common

Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - D:\Program Files\Adobe\Adobe

Version Cue\service\VersionCue.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program

Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Reset 5 - Unknown owner - C:\WINDOWS\system32\srvany.exe

AgentFitz · May 2005

do I need to actually go into the system directory, ie c://windows/system32 or whatever and delete the files, or did hijackthis delete them automatically when I selected all and chose "fix selected"

thanks,

Fitz

Buckeye_Sam · May 2005

You will need to go in and delete each one I'm afraid. Sorry, I wish it was easier.

AgentFitz · May 2005

k, I went in and deleted the mentioned files - it looks like I may have deleted a few I wasn't supposed to as well because when windows starts up it says "windows cannot find the following files, etc, etc: appvg.exe, addto32.exe, javaqq.exe, syslj32.exe, javabk32.exe, nthq.exe, mfcxf32.exe, winrk32.exe, apioz32.exe, ntof32.exe, atlko.exe, cruu32.exe, sdkvu.exe, apimp32.exe, systi32.exe" ---- however, my system still seems to be running about the same...should I be concerned about these missing files?

anyway, here is my new hijack log, much shorter this time around.

Logfile of HijackThis v1.99.1
Scan saved at 2:04:56 PM, on 5/15/2005
Platform: Windows 2003 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\resetservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\sdklg.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
D:\Program Files\AD Killer\adkiller.exe
C:\WINDOWS\system32\t?skmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
D:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe
D:\Agent Fitz\Downloads\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rcusv.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rcusv.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\rcusv.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rcusv.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rcusv.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rcusv.dll/sp.html#10001
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\9l6vmx2l.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\9l6vmx2l.slt\prefs.js)
O2 - BHO: Class - {3486A396-7595-B288-69FC-2B5649058C5B} - C:\WINDOWS\system32\javara.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdobeVersionCue] D:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [ecnzhc] C:\WINDOWS\system32\ecnzhc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AD Killer] D:\Program Files\AD Killer\adkiller.exe
O4 - HKLM\..\Run: [ipei.exe] C:\WINDOWS\ipei.exe
O4 - HKLM\..\Run: [javapc.exe] C:\WINDOWS\system32\javapc.exe
O4 - HKLM\..\Run: [sdklg.exe] C:\WINDOWS\sdklg.exe
O4 - HKLM\..\RunOnce: [ntln.exe] C:\WINDOWS\ntln.exe
O4 - HKLM\..\RunOnce: [atlra32.exe] C:\WINDOWS\atlra32.exe
O4 - HKLM\..\RunOnce: [addnd.exe] C:\WINDOWS\addnd.exe
O4 - HKLM\..\RunOnce: [atlkm32.exe] C:\WINDOWS\atlkm32.exe
O4 - HKLM\..\RunOnce: [netjz.exe] C:\WINDOWS\system32\netjz.exe
O4 - HKLM\..\RunOnce: [apipq.exe] C:\WINDOWS\system32\apipq.exe
O4 - HKLM\..\RunOnce: [crob32.exe] C:\WINDOWS\crob32.exe
O4 - HKCU\..\Run: [Fpdxeb] C:\WINDOWS\system32\t?skmgr.exe
O4 - HKCU\..\Run: [ewo9ROHFR] pstskres.exe
O4 - HKCU\..\Run: [Aeat] C:\Documents and Settings\Administrator\Application Data\coad.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [AIM] D:\Program Files\aim.exe -cnetwait.odl
O4 - Startup: Desktop Navigator.lnk = C:\Program Files\Netscape\Desktop Navigator\dtnav.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted IP range: 209.8.20.130
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\crmq32.exe (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - D:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Reset 5 - Unknown owner - C:\WINDOWS\system32\srvany.exe

Buckeye_Sam · May 2005

should I be concerned about these missing files?

No, that's just your computer complaining because it still thinks those files are supposed to be there. We'll fix that in this step.

You have an HSA infection. The filenames on this type of infection can change each time you reboot your computer or use Internet Explorer. With that in mind, some of these filenames may be different. But the pattern is the same and you may be able to determine the correct files to remove. The sooner you perform this fix, the higher it's chances for success.

Much of this fix has to be performed in Safe Mode where you won't be able to access the Internet. Please print out these instructions.

Step 1
Download CWShredder but don't run it yet.

Step 2
Download AboutBuster
Unzip it to your desktop but don't run it yet.

Step 3
Download Ad-aware SE 1.05
Install the program and launch it. First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files. Exit Adaware for now.

Step 5
Make sure that you can VIEW ALL HIDDEN FILES.

Step 6
Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rcusv.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rcusv.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\rcusv.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rcusv.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rcusv.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rcusv.dll/sp.html#10001
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {3486A396-7595-B288-69FC-2B5649058C5B} - C:\WINDOWS\system32\javara.dll
O4 - HKLM\..\Run: [ipei.exe] C:\WINDOWS\ipei.exe
O4 - HKLM\..\Run: [javapc.exe] C:\WINDOWS\system32\javapc.exe
O4 - HKLM\..\Run: [sdklg.exe] C:\WINDOWS\sdklg.exe
O4 - HKLM\..\RunOnce: [ntln.exe] C:\WINDOWS\ntln.exe
O4 - HKLM\..\RunOnce: [atlra32.exe] C:\WINDOWS\atlra32.exe
O4 - HKLM\..\RunOnce: [addnd.exe] C:\WINDOWS\addnd.exe
O4 - HKLM\..\RunOnce: [atlkm32.exe] C:\WINDOWS\atlkm32.exe
O4 - HKLM\..\RunOnce: [netjz.exe] C:\WINDOWS\system32\netjz.exe
O4 - HKLM\..\RunOnce: [apipq.exe] C:\WINDOWS\system32\apipq.exe
O4 - HKLM\..\RunOnce: [crob32.exe] C:\WINDOWS\crob32.exe
O4 - HKCU\..\Run: [Fpdxeb] C:\WINDOWS\system32\t?skmgr.exe
O4 - HKCU\..\Run: [ewo9ROHFR] pstskres.exe
O4 - HKCU\..\Run: [Aeat] C:\Documents and Settings\Administrator\Application Data\coad.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted IP range: 209.8.20.130
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\crmq32.exe (file missing)

Step 7
Reboot your computer into SAFE MODE

Step 8
Now run CWShredder, making sure to click "Fix".

Step 9
Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINDOWS\crmq32.exe
C:\WINDOWS\ipei.exe
C:\WINDOWS\rcusv.dll
C:\WINDOWS\crob32.exe
C:\WINDOWS\sdklg.exe
C:\WINDOWS\ntln.exe
C:\WINDOWS\atlra32.exe
C:\WINDOWS\addnd.exe
C:\WINDOWS\atlkm32.exe
C:\WINDOWS\system32\netjz.exe
C:\WINDOWS\system32\apipq.exe
C:\WINDOWS\system32\javara.dll
C:\WINDOWS\system32\javapc.exe
C:\WINDOWS\system32\t?skmgr.exe <-- this files should be over 400kb and be dated recently.
C:\Documents and Settings\Administrator\Application Data\coad.exe
pstskres.exe <-- search for this file

Step 10
Double click AboutBuster.exe that you downloaded earlier. Click OK, click Start, then click OK. This will scan your computer for the bad files and delete them. Save the report(copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

Step 11
Run a full scan with Adaware.

Reboot your computer to go back to normal mode and post a new hijackthis log and the log from About Buster.

AgentFitz · May 2005

thanks again for your help --- I followed your instructions and here are the new logs

Logfile of HijackThis v1.99.1
Scan saved at 11:21:27 PM, on 5/15/2005
Platform: Windows 2003 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\resetservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\addcd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
D:\Program Files\AD Killer\adkiller.exe
D:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Agent Fitz\Downloads\Hijack This\HijackThis.exe
C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mzjja.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mzjja.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\mzjja.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mzjja.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mzjja.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mzjja.dll/sp.html#10001
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\9l6vmx2l.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\9l6vmx2l.slt\prefs.js)
O2 - BHO: Class - {CFD33941-255A-B1FE-2883-34EEBB5A49E3} - C:\WINDOWS\system32\addcd.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdobeVersionCue] D:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [ecnzhc] C:\WINDOWS\system32\ecnzhc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AD Killer] D:\Program Files\AD Killer\adkiller.exe
O4 - HKLM\..\Run: [addcd.exe] C:\WINDOWS\system32\addcd.exe
O4 - HKLM\..\RunOnce: [syszt.exe] C:\WINDOWS\syszt.exe
O4 - HKLM\..\RunOnce: [ipmz32.exe] C:\WINDOWS\ipmz32.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: Desktop Navigator.lnk = C:\Program Files\Netscape\Desktop Navigator\dtnav.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\aim.exe
O15 - Trusted IP range: 209.8.20.130
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\crmq32.exe (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - D:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Reset 5 - Unknown owner - C:\WINDOWS\system32\srvany.exe

about:buster log

Scanned at: 10:56:39 PM on: 5/15/2005

-- Scan 1

About:Buster Version 4.0
Reference List : 26

No ADS found on system
Removed 4 Random Key Entries
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2

About:Buster Version 4.0
Reference List : 26

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

thanks again and I look forward to hearing the next step

Buckeye_Sam · May 2005

Must have missed one somewhere, because it's still there. Let's do it again.

Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mzjja.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mzjja.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\mzjja.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mzjja.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mzjja.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mzjja.dll/sp.html#10001
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {CFD33941-255A-B1FE-2883-34EEBB5A49E3} - C:\WINDOWS\system32\addcd.dll
O4 - HKLM\..\Run: [ecnzhc] C:\WINDOWS\system32\ecnzhc.exe
O4 - HKLM\..\Run: [addcd.exe] C:\WINDOWS\system32\addcd.exe
O4 - HKLM\..\RunOnce: [syszt.exe] C:\WINDOWS\syszt.exe
O4 - HKLM\..\RunOnce: [ipmz32.exe] C:\WINDOWS\ipmz32.exe
O15 - Trusted IP range: 209.8.20.130
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\crmq32.exe (file missing)

Reboot your computer into SAFE MODE

Run CWShredder, making sure to click Fix.

Then delete these files or directories (Do not be concerned if they do not exist):

C:\WINDOWS\crmq32.exe
C:\WINDOWS\system32\addcd.dll
C:\WINDOWS\system32\ecnzhc.exe
C:\WINDOWS\system32\addcd.exe
C:\WINDOWS\syszt.exe
C:\WINDOWS\ipmz32.exe
C:\WINDOWS\system32\mzjja.dll

Delete temp files

Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Navigate to the C:\Windows\Prefetch folder. Open the Prefetch folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Prefetch folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Empty the Recycle Bin.

Reboot back to normal mode.

Please run at least two of these online scans.
Make sure they are set to clean automatically:

Panda Virus Scan

Bit Defender

TrendMicro Housecall

There will be files that these scans will not remove. Please include that information in your next post.

Reboot and post a new hijackthis log and the info from your virus scans.

Home Search Assistant Help - I have run Adaware and Spybot

Comments