Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log - Please help


  • Please log in to reply
1 reply to this topic

#1 schonda2005

schonda2005

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 11 July 2005 - 04:17 PM

Here is my log:


Logfile of HijackThis v1.99.1
Scan saved at 4:55:38 PM, on 07/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Insight\Tools\aiclient.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\MS\SMS\CORE\BIN\CLISVCL.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\notes\ntmulti.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\RAdmin\r_server.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\WINDOWS\MS\SMS\clicomp\apa\Bin\smsapm32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\dpmw32.exe
C:\Program Files\RightFax\faxctrl.exe
C:\PROGRA~1\eCopy\Desktop\PCLprint\mrmlnc32.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\Program Files\Common Files\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\iemz32.exe
C:\WINDOWS\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
C:\Program Files\Novell\ZENworks\NALDESK.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Novell\ZENworks\NALWIN32.EXE
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zpvlu.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zpvlu.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\zpvlu.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zpvlu.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zpvlu.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zpvlu.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SENAD
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Class - {EBB58D88-B4D1-648E-CB8F-D10EF01B83E5} - C:\WINDOWS\system32\addku.dll
O2 - BHO: Class - {FEE35FFA-5707-EF25-2036-A92AB9B624CD} - C:\WINDOWS\crox.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\System32\zentray.exe
O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\faxctrl.exe
O4 - HKLM\..\Run: [eCopy Desktop Printer Service] C:\PROGRA~1\eCopy\Desktop\PCLprint\mrmlnc32.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [VerifyStartMenu] RunDLL32 C:\NETMANAG.32\NMGOINN.DLL,VerifyStartMenu
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [PtLiveUpdate] C:\Program Files\Common Files\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe
O4 - HKLM\..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [iemz32.exe] C:\WINDOWS\iemz32.exe
O4 - HKLM\..\RunOnce: [mfclq.exe] C:\WINDOWS\system32\mfclq.exe
O4 - HKLM\..\RunOnce: [addsp32.exe] C:\WINDOWS\addsp32.exe
O4 - HKLM\..\RunOnce: [winqq.exe] C:\WINDOWS\winqq.exe
O4 - HKLM\..\RunOnce: [sdkqi32.exe] C:\WINDOWS\system32\sdkqi32.exe
O4 - HKLM\..\RunOnce: [appis.exe] C:\WINDOWS\system32\appis.exe
O4 - HKLM\..\RunOnce: [crvh.exe] C:\WINDOWS\system32\crvh.exe
O4 - HKLM\..\RunOnce: [ieip.exe] C:\WINDOWS\ieip.exe
O4 - HKLM\..\RunOnce: [msga32.exe] C:\WINDOWS\msga32.exe
O4 - HKLM\..\RunOnce: [mfcye32.exe] C:\WINDOWS\mfcye32.exe
O4 - HKLM\..\RunOnce: [sysdy.exe] C:\WINDOWS\sysdy.exe
O4 - HKLM\..\RunOnce: [netvi.exe] C:\WINDOWS\netvi.exe
O4 - HKLM\..\RunOnce: [mfcbt32.exe] C:\WINDOWS\system32\mfcbt32.exe
O4 - HKLM\..\RunOnce: [atlud.exe] C:\WINDOWS\system32\atlud.exe
O4 - HKLM\..\RunOnce: [atlgh.exe] C:\WINDOWS\system32\atlgh.exe
O4 - HKLM\..\RunOnce: [winvo.exe] C:\WINDOWS\winvo.exe
O4 - HKLM\..\RunOnce: [atlbq32.exe] C:\WINDOWS\atlbq32.exe
O4 - HKLM\..\RunOnce: [d3li.exe] C:\WINDOWS\d3li.exe
O4 - HKLM\..\RunOnce: [d3en.exe] C:\WINDOWS\d3en.exe
O4 - HKLM\..\RunOnce: [atlmy.exe] C:\WINDOWS\atlmy.exe
O4 - HKLM\..\RunOnce: [appcy32.exe] C:\WINDOWS\appcy32.exe
O4 - HKLM\..\RunOnce: [mshs.exe] C:\WINDOWS\system32\mshs.exe
O4 - HKLM\..\RunOnce: [ntho.exe] C:\WINDOWS\ntho.exe
O4 - HKLM\..\RunOnce: [mfcal.exe] C:\WINDOWS\system32\mfcal.exe
O4 - HKLM\..\RunOnce: [crlk32.exe] C:\WINDOWS\crlk32.exe
O4 - HKLM\..\RunOnce: [apial.exe] C:\WINDOWS\apial.exe
O4 - HKLM\..\RunOnce: [sdkau32.exe] C:\WINDOWS\system32\sdkau32.exe
O4 - HKLM\..\RunOnce: [mspd32.exe] C:\WINDOWS\mspd32.exe
O4 - HKLM\..\RunOnce: [apinc.exe] C:\WINDOWS\apinc.exe
O4 - HKLM\..\RunOnce: [netfj.exe] C:\WINDOWS\netfj.exe
O4 - HKLM\..\RunOnce: [ntus.exe] C:\WINDOWS\ntus.exe
O4 - HKLM\..\RunOnce: [appud.exe] C:\WINDOWS\system32\appud.exe
O4 - HKLM\..\RunOnce: [appyq32.exe] C:\WINDOWS\appyq32.exe
O4 - HKLM\..\RunOnce: [appji.exe] C:\WINDOWS\appji.exe
O4 - HKLM\..\RunOnce: [ntje32.exe] C:\WINDOWS\system32\ntje32.exe
O4 - HKLM\..\RunOnce: [d3ng32.exe] C:\WINDOWS\d3ng32.exe
O4 - HKLM\..\RunOnce: [apiyu32.exe] C:\WINDOWS\apiyu32.exe
O4 - HKLM\..\RunOnce: [apimj.exe] C:\WINDOWS\apimj.exe
O4 - HKLM\..\RunOnce: [syszd.exe] C:\WINDOWS\syszd.exe
O4 - HKLM\..\RunOnce: [crqq32.exe] C:\WINDOWS\system32\crqq32.exe
O4 - HKLM\..\RunOnce: [winus32.exe] C:\WINDOWS\winus32.exe
O4 - HKLM\..\RunOnce: [atlke.exe] C:\WINDOWS\atlke.exe
O4 - HKLM\..\RunOnce: [mspy32.exe] C:\WINDOWS\mspy32.exe
O4 - HKLM\..\RunOnce: [msjd32.exe] C:\WINDOWS\msjd32.exe
O4 - HKLM\..\RunOnce: [ipof.exe] C:\WINDOWS\system32\ipof.exe
O4 - HKLM\..\RunOnce: [netxe.exe] C:\WINDOWS\system32\netxe.exe
O4 - HKLM\..\RunOnce: [crco.exe] C:\WINDOWS\crco.exe
O4 - HKLM\..\RunOnce: [d3is32.exe] C:\WINDOWS\system32\d3is32.exe
O4 - HKLM\..\RunOnce: [msuj32.exe] C:\WINDOWS\system32\msuj32.exe
O4 - HKLM\..\RunOnce: [appmf.exe] C:\WINDOWS\appmf.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [appbc.exe] C:\WINDOWS\system32\appbc.exe
O4 - HKLM\..\RunOnce: [apiiy.exe] C:\WINDOWS\system32\apiiy.exe
O4 - HKLM\..\RunOnce: [sysna32.exe] C:\WINDOWS\sysna32.exe
O4 - HKLM\..\RunOnce: [netaf32.exe] C:\WINDOWS\system32\netaf32.exe
O4 - HKLM\..\RunOnce: [apiln32.exe] C:\WINDOWS\system32\apiln32.exe
O4 - HKLM\..\RunOnce: [winqp32.exe] C:\WINDOWS\system32\winqp32.exe
O4 - HKLM\..\RunOnce: [javaot32.exe] C:\WINDOWS\javaot32.exe
O4 - HKLM\..\RunOnce: [apitv.exe] C:\WINDOWS\system32\apitv.exe
O4 - HKLM\..\RunOnce: [d3ce.exe] C:\WINDOWS\d3ce.exe
O4 - HKLM\..\RunOnce: [nethy32.exe] C:\WINDOWS\system32\nethy32.exe
O4 - HKLM\..\RunOnce: [netwt.exe] C:\WINDOWS\netwt.exe
O4 - HKLM\..\RunOnce: [crpp32.exe] C:\WINDOWS\system32\crpp32.exe
O4 - HKLM\..\RunOnce: [atlhp.exe] C:\WINDOWS\system32\atlhp.exe
O4 - HKLM\..\RunOnce: [appfn32.exe] C:\WINDOWS\appfn32.exe
O4 - HKLM\..\RunOnce: [mfcxv32.exe] C:\WINDOWS\mfcxv32.exe
O4 - HKLM\..\RunOnce: [sdkir.exe] C:\WINDOWS\system32\sdkir.exe
O4 - HKLM\..\RunOnce: [javasg.exe] C:\WINDOWS\system32\javasg.exe
O4 - HKLM\..\RunOnce: [apixb32.exe] C:\WINDOWS\apixb32.exe
O4 - HKLM\..\RunOnce: [ipcf.exe] C:\WINDOWS\system32\ipcf.exe
O4 - HKLM\..\RunOnce: [appph32.exe] C:\WINDOWS\system32\appph32.exe
O4 - HKLM\..\RunOnce: [iegp.exe] C:\WINDOWS\iegp.exe
O4 - HKLM\..\RunOnce: [ntlr32.exe] C:\WINDOWS\system32\ntlr32.exe
O4 - HKLM\..\RunOnce: [msnj32.exe] C:\WINDOWS\msnj32.exe
O4 - HKLM\..\RunOnce: [d3jy.exe] C:\WINDOWS\system32\d3jy.exe
O4 - HKLM\..\RunOnce: [ipos.exe] C:\WINDOWS\system32\ipos.exe
O4 - HKLM\..\RunOnce: [crve.exe] C:\WINDOWS\crve.exe
O4 - HKLM\..\RunOnce: [ipsi32.exe] C:\WINDOWS\system32\ipsi32.exe
O4 - HKLM\..\RunOnce: [appcc32.exe] C:\WINDOWS\system32\appcc32.exe
O4 - HKLM\..\RunOnce: [mshf.exe] C:\WINDOWS\mshf.exe
O4 - HKLM\..\RunOnce: [addlh.exe] C:\WINDOWS\addlh.exe
O4 - HKLM\..\RunOnce: [crrb.exe] C:\WINDOWS\system32\crrb.exe
O4 - HKLM\..\RunOnce: [winvf.exe] C:\WINDOWS\system32\winvf.exe
O4 - HKLM\..\RunOnce: [javauu32.exe] C:\WINDOWS\system32\javauu32.exe
O4 - HKLM\..\RunOnce: [apizp.exe] C:\WINDOWS\system32\apizp.exe
O4 - HKLM\..\RunOnce: [ieft32.exe] C:\WINDOWS\system32\ieft32.exe
O4 - HKLM\..\RunOnce: [atlxq32.exe] C:\WINDOWS\system32\atlxq32.exe
O4 - HKLM\..\RunOnce: [sysnx.exe] C:\WINDOWS\sysnx.exe
O4 - HKLM\..\RunOnce: [javabz32.exe] C:\WINDOWS\system32\javabz32.exe
O4 - HKLM\..\RunOnce: [mfcvo.exe] C:\WINDOWS\mfcvo.exe
O4 - HKLM\..\RunOnce: [ieaq32.exe] C:\WINDOWS\system32\ieaq32.exe
O4 - HKLM\..\RunOnce: [ipiy.exe] C:\WINDOWS\ipiy.exe
O4 - HKLM\..\RunOnce: [addos32.exe] C:\WINDOWS\addos32.exe
O4 - HKLM\..\RunOnce: [crhm32.exe] C:\WINDOWS\crhm32.exe
O4 - HKLM\..\RunOnce: [netmo.exe] C:\WINDOWS\netmo.exe
O4 - HKLM\..\RunOnce: [d3hc32.exe] C:\WINDOWS\system32\d3hc32.exe
O4 - HKLM\..\RunOnce: [addqu32.exe] C:\WINDOWS\addqu32.exe
O4 - HKLM\..\RunOnce: [sdkqc.exe] C:\WINDOWS\system32\sdkqc.exe
O4 - HKLM\..\RunOnce: [netug.exe] C:\WINDOWS\netug.exe
O4 - HKLM\..\RunOnce: [d3jd32.exe] C:\WINDOWS\d3jd32.exe
O4 - HKLM\..\RunOnce: [sysal32.exe] C:\WINDOWS\sysal32.exe
O4 - HKLM\..\RunOnce: [ntir32.exe] C:\WINDOWS\system32\ntir32.exe
O4 - HKLM\..\RunOnce: [cryy32.exe] C:\WINDOWS\system32\cryy32.exe
O4 - HKLM\..\RunOnce: [sdkuc.exe] C:\WINDOWS\system32\sdkuc.exe
O4 - HKLM\..\RunOnce: [mfcts32.exe] C:\WINDOWS\system32\mfcts32.exe
O4 - HKLM\..\RunOnce: [sysrh32.exe] C:\WINDOWS\sysrh32.exe
O4 - HKLM\..\RunOnce: [winrp.exe] C:\WINDOWS\winrp.exe
O4 - HKLM\..\RunOnce: [syszp.exe] C:\WINDOWS\system32\syszp.exe
O4 - HKLM\..\RunOnce: [apipm32.exe] C:\WINDOWS\apipm32.exe
O4 - HKLM\..\RunOnce: [ntfu32.exe] C:\WINDOWS\ntfu32.exe
O4 - HKLM\..\RunOnce: [netiy.exe] C:\WINDOWS\netiy.exe
O4 - HKLM\..\RunOnce: [addhn32.exe] C:\WINDOWS\addhn32.exe
O4 - HKLM\..\RunOnce: [msxd32.exe] C:\WINDOWS\system32\msxd32.exe
O4 - HKLM\..\RunOnce: [msfl.exe] C:\WINDOWS\system32\msfl.exe
O4 - HKLM\..\RunOnce: [d3gl.exe] C:\WINDOWS\d3gl.exe
O4 - HKLM\..\RunOnce: [appva32.exe] C:\WINDOWS\system32\appva32.exe
O4 - HKLM\..\RunOnce: [apitq32.exe] C:\WINDOWS\system32\apitq32.exe
O4 - HKLM\..\RunOnce: [crjd32.exe] C:\WINDOWS\crjd32.exe
O4 - HKLM\..\RunOnce: [d3dw.exe] C:\WINDOWS\system32\d3dw.exe
O4 - HKLM\..\RunOnce: [addzs.exe] C:\WINDOWS\system32\addzs.exe
O4 - HKLM\..\RunOnce: [mfcrt32.exe] C:\WINDOWS\system32\mfcrt32.exe
O4 - HKLM\..\RunOnce: [iecm32.exe] C:\WINDOWS\iecm32.exe
O4 - HKLM\..\RunOnce: [syskc32.exe] C:\WINDOWS\syskc32.exe
O4 - HKLM\..\RunOnce: [mfcuu32.exe] C:\WINDOWS\system32\mfcuu32.exe
O4 - HKLM\..\RunOnce: [d3uc.exe] C:\WINDOWS\d3uc.exe
O4 - HKLM\..\RunOnce: [sdkyg.exe] C:\WINDOWS\system32\sdkyg.exe
O4 - HKLM\..\RunOnce: [sysne32.exe] C:\WINDOWS\sysne32.exe
O4 - HKLM\..\RunOnce: [appdl.exe] C:\WINDOWS\appdl.exe
O4 - HKLM\..\RunOnce: [nethp32.exe] C:\WINDOWS\system32\nethp32.exe
O4 - HKLM\..\RunOnce: [mfcrq.exe] C:\WINDOWS\system32\mfcrq.exe
O4 - HKLM\..\RunOnce: [mfcxm32.exe] C:\WINDOWS\system32\mfcxm32.exe
O4 - HKLM\..\RunOnce: [mfclb32.exe] C:\WINDOWS\mfclb32.exe
O4 - HKLM\..\RunOnce: [sdkvz.exe] C:\WINDOWS\system32\sdkvz.exe
O4 - HKLM\..\RunOnce: [d3ga.exe] C:\WINDOWS\d3ga.exe
O4 - HKLM\..\RunOnce: [netfa32.exe] C:\WINDOWS\system32\netfa32.exe
O4 - HKLM\..\RunOnce: [mstx.exe] C:\WINDOWS\system32\mstx.exe
O4 - HKLM\..\RunOnce: [syssf.exe] C:\WINDOWS\syssf.exe
O4 - HKLM\..\RunOnce: [atldf.exe] C:\WINDOWS\system32\atldf.exe
O4 - HKLM\..\RunOnce: [mscf32.exe] C:\WINDOWS\system32\mscf32.exe
O4 - HKLM\..\RunOnce: [mfciu32.exe] C:\WINDOWS\mfciu32.exe
O4 - HKLM\..\RunOnce: [d3ic.exe] C:\WINDOWS\system32\d3ic.exe
O4 - HKLM\..\RunOnce: [sdkmo.exe] C:\WINDOWS\sdkmo.exe
O4 - HKLM\..\RunOnce: [iecd32.exe] C:\WINDOWS\system32\iecd32.exe
O4 - HKLM\..\RunOnce: [appal32.exe] C:\WINDOWS\system32\appal32.exe
O4 - HKLM\..\RunOnce: [javaue32.exe] C:\WINDOWS\system32\javaue32.exe
O4 - HKLM\..\RunOnce: [netkt32.exe] C:\WINDOWS\netkt32.exe
O4 - HKLM\..\RunOnce: [ipsb.exe] C:\WINDOWS\ipsb.exe
O4 - HKLM\..\RunOnce: [ievt.exe] C:\WINDOWS\ievt.exe
O4 - HKLM\..\RunOnce: [ntuj32.exe] C:\WINDOWS\ntuj32.exe
O4 - HKLM\..\RunOnce: [mfclq32.exe] C:\WINDOWS\system32\mfclq32.exe
O4 - HKLM\..\RunOnce: [apitg32.exe] C:\WINDOWS\apitg32.exe
O4 - HKLM\..\RunOnce: [javauz32.exe] C:\WINDOWS\system32\javauz32.exe
O4 - HKLM\..\RunOnce: [appch.exe] C:\WINDOWS\appch.exe
O4 - HKLM\..\RunOnce: [sysyl.exe] C:\WINDOWS\system32\sysyl.exe
O4 - HKLM\..\RunOnce: [mfcvi32.exe] C:\WINDOWS\mfcvi32.exe
O4 - HKLM\..\RunOnce: [ntmp32.exe] C:\WINDOWS\system32\ntmp32.exe
O4 - HKLM\..\RunOnce: [netht.exe] C:\WINDOWS\system32\netht.exe
O4 - HKLM\..\RunOnce: [wingj32.exe] C:\WINDOWS\system32\wingj32.exe
O4 - HKLM\..\RunOnce: [d3ey32.exe] C:\WINDOWS\system32\d3ey32.exe
O4 - HKLM\..\RunOnce: [mseg.exe] C:\WINDOWS\mseg.exe
O4 - HKLM\..\RunOnce: [d3mh.exe] C:\WINDOWS\system32\d3mh.exe
O4 - HKLM\..\RunOnce: [d3hy32.exe] C:\WINDOWS\d3hy32.exe
O4 - HKLM\..\RunOnce: [ipmu32.exe] C:\WINDOWS\ipmu32.exe
O4 - HKLM\..\RunOnce: [mshg32.exe] C:\WINDOWS\mshg32.exe
O4 - HKLM\..\RunOnce: [winuk.exe] C:\WINDOWS\system32\winuk.exe
O4 - HKLM\..\RunOnce: [sysvt32.exe] C:\WINDOWS\sysvt32.exe
O4 - HKLM\..\RunOnce: [iejh32.exe] C:\WINDOWS\system32\iejh32.exe
O4 - HKLM\..\RunOnce: [ntom32.exe] C:\WINDOWS\system32\ntom32.exe
O4 - HKLM\..\RunOnce: [sysjx32.exe] C:\WINDOWS\system32\sysjx32.exe
O4 - HKLM\..\RunOnce: [appoc.exe] C:\WINDOWS\appoc.exe
O4 - HKLM\..\RunOnce: [winwc32.exe] C:\WINDOWS\system32\winwc32.exe
O4 - HKLM\..\RunOnce: [winlz.exe] C:\WINDOWS\winlz.exe
O4 - HKLM\..\RunOnce: [appke.exe] C:\WINDOWS\system32\appke.exe
O4 - HKLM\..\RunOnce: [sysau.exe] C:\WINDOWS\system32\sysau.exe
O4 - HKLM\..\RunOnce: [javakm32.exe] C:\WINDOWS\javakm32.exe
O4 - HKLM\..\RunOnce: [netjc32.exe] C:\WINDOWS\system32\netjc32.exe
O4 - HKLM\..\RunOnce: [mseo.exe] C:\WINDOWS\mseo.exe
O4 - HKLM\..\RunOnce: [sdkhs32.exe] C:\WINDOWS\sdkhs32.exe
O4 - HKLM\..\RunOnce: [apiyh.exe] C:\WINDOWS\system32\apiyh.exe
O4 - HKLM\..\RunOnce: [winxx32.exe] C:\WINDOWS\system32\winxx32.exe
O4 - HKLM\..\RunOnce: [d3vm32.exe] C:\WINDOWS\d3vm32.exe
O4 - HKLM\..\RunOnce: [msvu.exe] C:\WINDOWS\system32\msvu.exe
O4 - HKLM\..\RunOnce: [msir32.exe] C:\WINDOWS\msir32.exe
O4 - HKLM\..\RunOnce: [mspo32.exe] C:\WINDOWS\system32\mspo32.exe
O4 - HKLM\..\RunOnce: [ipuk32.exe] C:\WINDOWS\system32\ipuk32.exe
O4 - HKLM\..\RunOnce: [msxw32.exe] C:\WINDOWS\system32\msxw32.exe
O4 - HKLM\..\RunOnce: [crhu.exe] C:\WINDOWS\crhu.exe
O4 - HKLM\..\RunOnce: [addwr32.exe] C:\WINDOWS\addwr32.exe
O4 - HKLM\..\RunOnce: [mfcuz.exe] C:\WINDOWS\mfcuz.exe
O4 - HKLM\..\RunOnce: [ntqd32.exe] C:\WINDOWS\ntqd32.exe
O4 - HKLM\..\RunOnce: [netad.exe] C:\WINDOWS\netad.exe
O4 - HKLM\..\RunOnce: [netoa32.exe] C:\WINDOWS\netoa32.exe
O4 - HKLM\..\RunOnce: [netup32.exe] C:\WINDOWS\system32\netup32.exe
O4 - HKLM\..\RunOnce: [winzt32.exe] C:\WINDOWS\winzt32.exe
O4 - HKLM\..\RunOnce: [ipcf32.exe] C:\WINDOWS\system32\ipcf32.exe
O4 - HKLM\..\RunOnce: [sdkhj.exe] C:\WINDOWS\sdkhj.exe
O4 - HKLM\..\RunOnce: [nthj32.exe] C:\WINDOWS\system32\nthj32.exe
O4 - HKLM\..\RunOnce: [ntwg32.exe] C:\WINDOWS\ntwg32.exe
O4 - HKLM\..\RunOnce: [appbc32.exe] C:\WINDOWS\system32\appbc32.exe
O4 - HKLM\..\RunOnce: [nteo32.exe] C:\WINDOWS\nteo32.exe
O4 - HKLM\..\RunOnce: [cris.exe] C:\WINDOWS\system32\cris.exe
O4 - HKLM\..\RunOnce: [apixv.exe] C:\WINDOWS\system32\apixv.exe
O4 - HKLM\..\RunOnce: [addsz.exe] C:\WINDOWS\addsz.exe
O4 - HKLM\..\RunOnce: [ipiw32.exe] C:\WINDOWS\system32\ipiw32.exe
O4 - HKLM\..\RunOnce: [javage.exe] C:\WINDOWS\system32\javage.exe
O4 - HKLM\..\RunOnce: [ieca32.exe] C:\WINDOWS\ieca32.exe
O4 - HKLM\..\RunOnce: [d3mi.exe] C:\WINDOWS\system32\d3mi.exe
O4 - HKLM\..\RunOnce: [mszx32.exe] C:\WINDOWS\mszx32.exe
O4 - HKLM\..\RunOnce: [d3ou32.exe] C:\WINDOWS\system32\d3ou32.exe
O4 - HKLM\..\RunOnce: [netly32.exe] C:\WINDOWS\system32\netly32.exe
O4 - HKLM\..\RunOnce: [msok32.exe] C:\WINDOWS\msok32.exe
O4 - HKLM\..\RunOnce: [winso.exe] C:\WINDOWS\winso.exe
O4 - HKLM\..\RunOnce: [sdkgi.exe] C:\WINDOWS\system32\sdkgi.exe
O4 - HKLM\..\RunOnce: [netku.exe] C:\WINDOWS\netku.exe
O4 - HKLM\..\RunOnce: [craj32.exe] C:\WINDOWS\system32\craj32.exe
O4 - HKLM\..\RunOnce: [sysqr.exe] C:\WINDOWS\sysqr.exe
O4 - HKLM\..\RunOnce: [atluv32.exe] C:\WINDOWS\atluv32.exe
O4 - HKLM\..\RunOnce: [windv.exe] C:\WINDOWS\windv.exe
O4 - HKLM\..\RunOnce: [addjs32.exe] C:\WINDOWS\addjs32.exe
O4 - HKLM\..\RunOnce: [winyp32.exe] C:\WINDOWS\system32\winyp32.exe
O4 - HKLM\..\RunOnce: [crcl32.exe] C:\WINDOWS\crcl32.exe
O4 - HKLM\..\RunOnce: [addxx32.exe] C:\WINDOWS\system32\addxx32.exe
O4 - HKLM\..\RunOnce: [mfccb32.exe] C:\WINDOWS\mfccb32.exe
O4 - HKLM\..\RunOnce: [mskj.exe] C:\WINDOWS\system32\mskj.exe
O4 - HKLM\..\RunOnce: [sdkgn32.exe] C:\WINDOWS\sdkgn32.exe
O4 - HKLM\..\RunOnce: [apied.exe] C:\WINDOWS\system32\apied.exe
O4 - HKLM\..\RunOnce: [winds32.exe] C:\WINDOWS\system32\winds32.exe
O4 - HKLM\..\RunOnce: [atlwr32.exe] C:\WINDOWS\system32\atlwr32.exe
O4 - HKLM\..\RunOnce: [apihc32.exe] C:\WINDOWS\apihc32.exe
O4 - HKLM\..\RunOnce: [sysmh32.exe] C:\WINDOWS\sysmh32.exe
O4 - HKLM\..\RunOnce: [netps.exe] C:\WINDOWS\system32\netps.exe
O4 - HKLM\..\RunOnce: [applw32.exe] C:\WINDOWS\system32\applw32.exe
O4 - HKLM\..\RunOnce: [iejm.exe] C:\WINDOWS\iejm.exe
O4 - HKLM\..\RunOnce: [sdkib32.exe] C:\WINDOWS\sdkib32.exe
O4 - HKLM\..\RunOnce: [apizr32.exe] C:\WINDOWS\system32\apizr32.exe
O4 - HKLM\..\RunOnce: [apigz.exe] C:\WINDOWS\apigz.exe
O4 - HKLM\..\RunOnce: [mfchz.exe] C:\WINDOWS\system32\mfchz.exe
O4 - HKLM\..\RunOnce: [javaxw32.exe] C:\WINDOWS\javaxw32.exe
O4 - HKLM\..\RunOnce: [msve32.exe] C:\WINDOWS\msve32.exe
O4 - HKLM\..\RunOnce: [crqh.exe] C:\WINDOWS\system32\crqh.exe
O4 - HKLM\..\RunOnce: [netpx32.exe] C:\WINDOWS\system32\netpx32.exe
O4 - HKLM\..\RunOnce: [appnn.exe] C:\WINDOWS\appnn.exe
O4 - HKLM\..\RunOnce: [winjo.exe] C:\WINDOWS\winjo.exe
O4 - HKLM\..\RunOnce: [mfcns32.exe] C:\WINDOWS\system32\mfcns32.exe
O4 - HKLM\..\RunOnce: [addwt.exe] C:\WINDOWS\addwt.exe
O4 - HKLM\..\RunOnce: [appcp32.exe] C:\WINDOWS\system32\appcp32.exe
O4 - HKLM\..\RunOnce: [addqm32.exe] C:\WINDOWS\addqm32.exe
O4 - HKLM\..\RunOnce: [d3vj32.exe] C:\WINDOWS\d3vj32.exe
O4 - HKLM\..\RunOnce: [appqu32.exe] C:\WINDOWS\appqu32.exe
O4 - HKLM\..\RunOnce: [ipav32.exe] C:\WINDOWS\ipav32.exe
O4 - HKLM\..\RunOnce: [ipdm32.exe] C:\WINDOWS\ipdm32.exe
O4 - HKLM\..\RunOnce: [crtu32.exe] C:\WINDOWS\crtu32.exe
O4 - HKLM\..\RunOnce: [sdkox.exe] C:\WINDOWS\system32\sdkox.exe
O4 - HKLM\..\RunOnce: [atlnn32.exe] C:\WINDOWS\atlnn32.exe
O4 - HKLM\..\RunOnce: [syslc.exe] C:\WINDOWS\system32\syslc.exe
O4 - HKLM\..\RunOnce: [javaks32.exe] C:\WINDOWS\system32\javaks32.exe
O4 - HKLM\..\RunOnce: [netaa32.exe] C:\WINDOWS\netaa32.exe
O4 - HKLM\..\RunOnce: [ipiq32.exe] C:\WINDOWS\ipiq32.exe
O4 - HKLM\..\RunOnce: [netxk32.exe] C:\WINDOWS\system32\netxk32.exe
O4 - HKLM\..\RunOnce: [netmh.exe] C:\WINDOWS\netmh.exe
O4 - HKLM\..\RunOnce: [netrw.exe] C:\WINDOWS\system32\netrw.exe
O4 - HKLM\..\RunOnce: [sysxa.exe] C:\WINDOWS\sysxa.exe
O4 - HKLM\..\RunOnce: [iprm.exe] C:\WINDOWS\system32\iprm.exe
O4 - HKLM\..\RunOnce: [mfcht.exe] C:\WINDOWS\system32\mfcht.exe
O4 - HKLM\..\RunOnce: [winrm32.exe] C:\WINDOWS\system32\winrm32.exe
O4 - HKLM\..\RunOnce: [addkf.exe] C:\WINDOWS\addkf.exe
O4 - HKLM\..\RunOnce: [apioj.exe] C:\WINDOWS\system32\apioj.exe
O4 - HKLM\..\RunOnce: [sdkzk32.exe] C:\WINDOWS\sdkzk32.exe
O4 - HKLM\..\RunOnce: [mfcsb32.exe] C:\WINDOWS\system32\mfcsb32.exe
O4 - HKLM\..\RunOnce: [mfcyx32.exe] C:\WINDOWS\mfcyx32.exe
O4 - HKLM\..\RunOnce: [iedu32.exe] C:\WINDOWS\iedu32.exe
O4 - HKLM\..\RunOnce: [mfcgf32.exe] C:\WINDOWS\mfcgf32.exe
O4 - HKLM\..\RunOnce: [iplk32.exe] C:\WINDOWS\system32\iplk32.exe
O4 - HKLM\..\RunOnce: [winls.exe] C:\WINDOWS\winls.exe
O4 - HKLM\..\RunOnce: [d3pw.exe] C:\WINDOWS\system32\d3pw.exe
O4 - HKLM\..\RunOnce: [appel32.exe] C:\WINDOWS\appel32.exe
O4 - HKLM\..\RunOnce: [apius.exe] C:\WINDOWS\system32\apius.exe
O4 - HKLM\..\RunOnce: [javayw32.exe] C:\WINDOWS\system32\javayw32.exe
O4 - HKLM\..\RunOnce: [sysdo32.exe] C:\WINDOWS\system32\sysdo32.exe
O4 - HKLM\..\RunOnce: [crbw32.exe] C:\WINDOWS\crbw32.exe
O4 - HKLM\..\RunOnce: [d3bm.exe] C:\WINDOWS\d3bm.exe
O4 - HKLM\..\RunOnce: [javajm.exe] C:\WINDOWS\system32\javajm.exe
O4 - HKLM\..\RunOnce: [winzb32.exe] C:\WINDOWS\winzb32.exe
O4 - HKLM\..\RunOnce: [atlpj32.exe] C:\WINDOWS\atlpj32.exe
O4 - HKLM\..\RunOnce: [addku.exe] C:\WINDOWS\system32\addku.exe
O4 - HKLM\..\RunOnce: [d3jk32.exe] C:\WINDOWS\d3jk32.exe
O4 - HKLM\..\RunOnce: [wincj32.exe] C:\WINDOWS\wincj32.exe
O4 - HKLM\..\RunOnce: [addvu32.exe] C:\WINDOWS\system32\addvu32.exe
O4 - HKLM\..\RunOnce: [d3aq32.exe] C:\WINDOWS\system32\d3aq32.exe
O4 - HKLM\..\RunOnce: [appvc.exe] C:\WINDOWS\system32\appvc.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Application Explorer.lnk = C:\Program Files\Novell\ZENworks\NALDESK.EXE
O4 - Global Startup: CHKDSK WEEKLY.lnk = C:\WINDOWS\system32\chkdsk.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O14 - IERESET.INF: START_PAGE_URL=http://intranet.us.schneider-electric.com
O16 - DPF: {33BA45CE-8147-4EE4-A0B9-37DC741123EE} (PDFBatch.ucPDFBatch) - http://intranet.us.schneider-electric.com/...le/PDFBatch.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.schneider-electric.com
O17 - HKLM\Software\..\Telephony: DomainName = us.schneider-electric.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.schneider-electric.com
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: aiclient - Unknown owner - C:\Program Files\Insight\Tools\aiclient.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: Symantec Ghost Client Agent (NGClient) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: Novell ZfD Wake on LAN Status Agent (Prometheus Wake-On-LAN Status Agent) - Novell Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Novell ZfD Remote Management (Remote Management Agent) - Novell Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\Program Files\RAdmin\r_server.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, INC. - C:\Program Files\Novell\ZENworks\wm.exe


Everytime I open Internet exploer my hompage is changed to about:blank with some type of search function on the screen. I now get pop-up ads trying to sell me Adaware Delete. It looks like this line may be the culprit:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

thanks for any help!

chris

BC AdBot (Login to Remove)

 


m

#2 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:09:49 PM

Posted 11 July 2005 - 07:12 PM

Hi Schonda and welcome to Bleeping. :thumbsup:

You have a rather nasty one there don't you!!

Step 1

Download Killbox from here to your desktop.

Download and install About Buster 5.0 following the instructions here.
Update the program with the latest definitions and install the extra protection:
-- Firefox for surfing so that Internet Explorer can be kept closed until you're clean.
-- Spywareblaster to prevent future stealth installations of malware.
Do NOT scan with About Buster yet.

Download, install and setup Ewido Security Suite by following the instructions here.
Once updated, close the program without scanning.

Download Cleanup! from here.

Download CWSServicemove.zip from here and unzip it to your desktop. Don't do anything with it yet.

Ensure you're familiar with rebooting into Safe Mode.

Copy the below steps to notepad and save them to your desktop. Close Internet Explorer and disconnect from the internet.



Step 2

Run HJT again and checkmark the boxes next to the following:-

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zpvlu.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zpvlu.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\zpvlu.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zpvlu.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zpvlu.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zpvlu.dll/sp.html#93256
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {EBB58D88-B4D1-648E-CB8F-D10EF01B83E5} - C:\WINDOWS\system32\addku.dll
O2 - BHO: Class - {FEE35FFA-5707-EF25-2036-A92AB9B624CD} - C:\WINDOWS\crox.dll

O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [iemz32.exe] C:\WINDOWS\iemz32.exe
O4 - HKLM\..\RunOnce: [mfclq.exe] C:\WINDOWS\system32\mfclq.exe
O4 - HKLM\..\RunOnce: [addsp32.exe] C:\WINDOWS\addsp32.exe
O4 - HKLM\..\RunOnce: [winqq.exe] C:\WINDOWS\winqq.exe
O4 - HKLM\..\RunOnce: [sdkqi32.exe] C:\WINDOWS\system32\sdkqi32.exe
O4 - HKLM\..\RunOnce: [appis.exe] C:\WINDOWS\system32\appis.exe
O4 - HKLM\..\RunOnce: [crvh.exe] C:\WINDOWS\system32\crvh.exe
O4 - HKLM\..\RunOnce: [ieip.exe] C:\WINDOWS\ieip.exe
O4 - HKLM\..\RunOnce: [msga32.exe] C:\WINDOWS\msga32.exe
O4 - HKLM\..\RunOnce: [mfcye32.exe] C:\WINDOWS\mfcye32.exe
O4 - HKLM\..\RunOnce: [sysdy.exe] C:\WINDOWS\sysdy.exe
O4 - HKLM\..\RunOnce: [netvi.exe] C:\WINDOWS\netvi.exe
O4 - HKLM\..\RunOnce: [mfcbt32.exe] C:\WINDOWS\system32\mfcbt32.exe
O4 - HKLM\..\RunOnce: [atlud.exe] C:\WINDOWS\system32\atlud.exe
O4 - HKLM\..\RunOnce: [atlgh.exe] C:\WINDOWS\system32\atlgh.exe
O4 - HKLM\..\RunOnce: [winvo.exe] C:\WINDOWS\winvo.exe
O4 - HKLM\..\RunOnce: [atlbq32.exe] C:\WINDOWS\atlbq32.exe
O4 - HKLM\..\RunOnce: [d3li.exe] C:\WINDOWS\d3li.exe
O4 - HKLM\..\RunOnce: [d3en.exe] C:\WINDOWS\d3en.exe
O4 - HKLM\..\RunOnce: [atlmy.exe] C:\WINDOWS\atlmy.exe
O4 - HKLM\..\RunOnce: [appcy32.exe] C:\WINDOWS\appcy32.exe
O4 - HKLM\..\RunOnce: [mshs.exe] C:\WINDOWS\system32\mshs.exe
O4 - HKLM\..\RunOnce: [ntho.exe] C:\WINDOWS\ntho.exe
O4 - HKLM\..\RunOnce: [mfcal.exe] C:\WINDOWS\system32\mfcal.exe
O4 - HKLM\..\RunOnce: [crlk32.exe] C:\WINDOWS\crlk32.exe
O4 - HKLM\..\RunOnce: [apial.exe] C:\WINDOWS\apial.exe
O4 - HKLM\..\RunOnce: [sdkau32.exe] C:\WINDOWS\system32\sdkau32.exe
O4 - HKLM\..\RunOnce: [mspd32.exe] C:\WINDOWS\mspd32.exe
O4 - HKLM\..\RunOnce: [apinc.exe] C:\WINDOWS\apinc.exe
O4 - HKLM\..\RunOnce: [netfj.exe] C:\WINDOWS\netfj.exe
O4 - HKLM\..\RunOnce: [ntus.exe] C:\WINDOWS\ntus.exe
O4 - HKLM\..\RunOnce: [appud.exe] C:\WINDOWS\system32\appud.exe
O4 - HKLM\..\RunOnce: [appyq32.exe] C:\WINDOWS\appyq32.exe
O4 - HKLM\..\RunOnce: [appji.exe] C:\WINDOWS\appji.exe
O4 - HKLM\..\RunOnce: [ntje32.exe] C:\WINDOWS\system32\ntje32.exe
O4 - HKLM\..\RunOnce: [d3ng32.exe] C:\WINDOWS\d3ng32.exe
O4 - HKLM\..\RunOnce: [apiyu32.exe] C:\WINDOWS\apiyu32.exe
O4 - HKLM\..\RunOnce: [apimj.exe] C:\WINDOWS\apimj.exe
O4 - HKLM\..\RunOnce: [syszd.exe] C:\WINDOWS\syszd.exe
O4 - HKLM\..\RunOnce: [crqq32.exe] C:\WINDOWS\system32\crqq32.exe
O4 - HKLM\..\RunOnce: [winus32.exe] C:\WINDOWS\winus32.exe
O4 - HKLM\..\RunOnce: [atlke.exe] C:\WINDOWS\atlke.exe
O4 - HKLM\..\RunOnce: [mspy32.exe] C:\WINDOWS\mspy32.exe
O4 - HKLM\..\RunOnce: [msjd32.exe] C:\WINDOWS\msjd32.exe
O4 - HKLM\..\RunOnce: [ipof.exe] C:\WINDOWS\system32\ipof.exe
O4 - HKLM\..\RunOnce: [netxe.exe] C:\WINDOWS\system32\netxe.exe
O4 - HKLM\..\RunOnce: [crco.exe] C:\WINDOWS\crco.exe
O4 - HKLM\..\RunOnce: [d3is32.exe] C:\WINDOWS\system32\d3is32.exe
O4 - HKLM\..\RunOnce: [msuj32.exe] C:\WINDOWS\system32\msuj32.exe
O4 - HKLM\..\RunOnce: [appmf.exe] C:\WINDOWS\appmf.exe
O4 - HKLM\..\RunOnce: [appbc.exe] C:\WINDOWS\system32\appbc.exe
O4 - HKLM\..\RunOnce: [apiiy.exe] C:\WINDOWS\system32\apiiy.exe
O4 - HKLM\..\RunOnce: [sysna32.exe] C:\WINDOWS\sysna32.exe
O4 - HKLM\..\RunOnce: [netaf32.exe] C:\WINDOWS\system32\netaf32.exe
O4 - HKLM\..\RunOnce: [apiln32.exe] C:\WINDOWS\system32\apiln32.exe
O4 - HKLM\..\RunOnce: [winqp32.exe] C:\WINDOWS\system32\winqp32.exe
O4 - HKLM\..\RunOnce: [javaot32.exe] C:\WINDOWS\javaot32.exe
O4 - HKLM\..\RunOnce: [apitv.exe] C:\WINDOWS\system32\apitv.exe
O4 - HKLM\..\RunOnce: [d3ce.exe] C:\WINDOWS\d3ce.exe
O4 - HKLM\..\RunOnce: [nethy32.exe] C:\WINDOWS\system32\nethy32.exe
O4 - HKLM\..\RunOnce: [netwt.exe] C:\WINDOWS\netwt.exe
O4 - HKLM\..\RunOnce: [crpp32.exe] C:\WINDOWS\system32\crpp32.exe
O4 - HKLM\..\RunOnce: [atlhp.exe] C:\WINDOWS\system32\atlhp.exe
O4 - HKLM\..\RunOnce: [appfn32.exe] C:\WINDOWS\appfn32.exe
O4 - HKLM\..\RunOnce: [mfcxv32.exe] C:\WINDOWS\mfcxv32.exe
O4 - HKLM\..\RunOnce: [sdkir.exe] C:\WINDOWS\system32\sdkir.exe
O4 - HKLM\..\RunOnce: [javasg.exe] C:\WINDOWS\system32\javasg.exe
O4 - HKLM\..\RunOnce: [apixb32.exe] C:\WINDOWS\apixb32.exe
O4 - HKLM\..\RunOnce: [ipcf.exe] C:\WINDOWS\system32\ipcf.exe
O4 - HKLM\..\RunOnce: [appph32.exe] C:\WINDOWS\system32\appph32.exe
O4 - HKLM\..\RunOnce: [iegp.exe] C:\WINDOWS\iegp.exe
O4 - HKLM\..\RunOnce: [ntlr32.exe] C:\WINDOWS\system32\ntlr32.exe
O4 - HKLM\..\RunOnce: [msnj32.exe] C:\WINDOWS\msnj32.exe
O4 - HKLM\..\RunOnce: [d3jy.exe] C:\WINDOWS\system32\d3jy.exe
O4 - HKLM\..\RunOnce: [ipos.exe] C:\WINDOWS\system32\ipos.exe
O4 - HKLM\..\RunOnce: [crve.exe] C:\WINDOWS\crve.exe
O4 - HKLM\..\RunOnce: [ipsi32.exe] C:\WINDOWS\system32\ipsi32.exe
O4 - HKLM\..\RunOnce: [appcc32.exe] C:\WINDOWS\system32\appcc32.exe
O4 - HKLM\..\RunOnce: [mshf.exe] C:\WINDOWS\mshf.exe
O4 - HKLM\..\RunOnce: [addlh.exe] C:\WINDOWS\addlh.exe
O4 - HKLM\..\RunOnce: [crrb.exe] C:\WINDOWS\system32\crrb.exe
O4 - HKLM\..\RunOnce: [winvf.exe] C:\WINDOWS\system32\winvf.exe
O4 - HKLM\..\RunOnce: [javauu32.exe] C:\WINDOWS\system32\javauu32.exe
O4 - HKLM\..\RunOnce: [apizp.exe] C:\WINDOWS\system32\apizp.exe
O4 - HKLM\..\RunOnce: [ieft32.exe] C:\WINDOWS\system32\ieft32.exe
O4 - HKLM\..\RunOnce: [atlxq32.exe] C:\WINDOWS\system32\atlxq32.exe
O4 - HKLM\..\RunOnce: [sysnx.exe] C:\WINDOWS\sysnx.exe
O4 - HKLM\..\RunOnce: [javabz32.exe] C:\WINDOWS\system32\javabz32.exe
O4 - HKLM\..\RunOnce: [mfcvo.exe] C:\WINDOWS\mfcvo.exe
O4 - HKLM\..\RunOnce: [ieaq32.exe] C:\WINDOWS\system32\ieaq32.exe
O4 - HKLM\..\RunOnce: [ipiy.exe] C:\WINDOWS\ipiy.exe
O4 - HKLM\..\RunOnce: [addos32.exe] C:\WINDOWS\addos32.exe
O4 - HKLM\..\RunOnce: [crhm32.exe] C:\WINDOWS\crhm32.exe
O4 - HKLM\..\RunOnce: [netmo.exe] C:\WINDOWS\netmo.exe
O4 - HKLM\..\RunOnce: [d3hc32.exe] C:\WINDOWS\system32\d3hc32.exe
O4 - HKLM\..\RunOnce: [addqu32.exe] C:\WINDOWS\addqu32.exe
O4 - HKLM\..\RunOnce: [sdkqc.exe] C:\WINDOWS\system32\sdkqc.exe
O4 - HKLM\..\RunOnce: [netug.exe] C:\WINDOWS\netug.exe
O4 - HKLM\..\RunOnce: [d3jd32.exe] C:\WINDOWS\d3jd32.exe
O4 - HKLM\..\RunOnce: [sysal32.exe] C:\WINDOWS\sysal32.exe
O4 - HKLM\..\RunOnce: [ntir32.exe] C:\WINDOWS\system32\ntir32.exe
O4 - HKLM\..\RunOnce: [cryy32.exe] C:\WINDOWS\system32\cryy32.exe
O4 - HKLM\..\RunOnce: [sdkuc.exe] C:\WINDOWS\system32\sdkuc.exe
O4 - HKLM\..\RunOnce: [mfcts32.exe] C:\WINDOWS\system32\mfcts32.exe
O4 - HKLM\..\RunOnce: [sysrh32.exe] C:\WINDOWS\sysrh32.exe
O4 - HKLM\..\RunOnce: [winrp.exe] C:\WINDOWS\winrp.exe
O4 - HKLM\..\RunOnce: [syszp.exe] C:\WINDOWS\system32\syszp.exe
O4 - HKLM\..\RunOnce: [apipm32.exe] C:\WINDOWS\apipm32.exe
O4 - HKLM\..\RunOnce: [ntfu32.exe] C:\WINDOWS\ntfu32.exe
O4 - HKLM\..\RunOnce: [netiy.exe] C:\WINDOWS\netiy.exe
O4 - HKLM\..\RunOnce: [addhn32.exe] C:\WINDOWS\addhn32.exe
O4 - HKLM\..\RunOnce: [msxd32.exe] C:\WINDOWS\system32\msxd32.exe
O4 - HKLM\..\RunOnce: [msfl.exe] C:\WINDOWS\system32\msfl.exe
O4 - HKLM\..\RunOnce: [d3gl.exe] C:\WINDOWS\d3gl.exe
O4 - HKLM\..\RunOnce: [appva32.exe] C:\WINDOWS\system32\appva32.exe
O4 - HKLM\..\RunOnce: [apitq32.exe] C:\WINDOWS\system32\apitq32.exe
O4 - HKLM\..\RunOnce: [crjd32.exe] C:\WINDOWS\crjd32.exe
O4 - HKLM\..\RunOnce: [d3dw.exe] C:\WINDOWS\system32\d3dw.exe
O4 - HKLM\..\RunOnce: [addzs.exe] C:\WINDOWS\system32\addzs.exe
O4 - HKLM\..\RunOnce: [mfcrt32.exe] C:\WINDOWS\system32\mfcrt32.exe
O4 - HKLM\..\RunOnce: [iecm32.exe] C:\WINDOWS\iecm32.exe
O4 - HKLM\..\RunOnce: [syskc32.exe] C:\WINDOWS\syskc32.exe
O4 - HKLM\..\RunOnce: [mfcuu32.exe] C:\WINDOWS\system32\mfcuu32.exe
O4 - HKLM\..\RunOnce: [d3uc.exe] C:\WINDOWS\d3uc.exe
O4 - HKLM\..\RunOnce: [sdkyg.exe] C:\WINDOWS\system32\sdkyg.exe
O4 - HKLM\..\RunOnce: [sysne32.exe] C:\WINDOWS\sysne32.exe
O4 - HKLM\..\RunOnce: [appdl.exe] C:\WINDOWS\appdl.exe
O4 - HKLM\..\RunOnce: [nethp32.exe] C:\WINDOWS\system32\nethp32.exe
O4 - HKLM\..\RunOnce: [mfcrq.exe] C:\WINDOWS\system32\mfcrq.exe
O4 - HKLM\..\RunOnce: [mfcxm32.exe] C:\WINDOWS\system32\mfcxm32.exe
O4 - HKLM\..\RunOnce: [mfclb32.exe] C:\WINDOWS\mfclb32.exe
O4 - HKLM\..\RunOnce: [sdkvz.exe] C:\WINDOWS\system32\sdkvz.exe
O4 - HKLM\..\RunOnce: [d3ga.exe] C:\WINDOWS\d3ga.exe
O4 - HKLM\..\RunOnce: [netfa32.exe] C:\WINDOWS\system32\netfa32.exe
O4 - HKLM\..\RunOnce: [mstx.exe] C:\WINDOWS\system32\mstx.exe
O4 - HKLM\..\RunOnce: [syssf.exe] C:\WINDOWS\syssf.exe
O4 - HKLM\..\RunOnce: [atldf.exe] C:\WINDOWS\system32\atldf.exe
O4 - HKLM\..\RunOnce: [mscf32.exe] C:\WINDOWS\system32\mscf32.exe
O4 - HKLM\..\RunOnce: [mfciu32.exe] C:\WINDOWS\mfciu32.exe
O4 - HKLM\..\RunOnce: [d3ic.exe] C:\WINDOWS\system32\d3ic.exe
O4 - HKLM\..\RunOnce: [sdkmo.exe] C:\WINDOWS\sdkmo.exe
O4 - HKLM\..\RunOnce: [iecd32.exe] C:\WINDOWS\system32\iecd32.exe
O4 - HKLM\..\RunOnce: [appal32.exe] C:\WINDOWS\system32\appal32.exe
O4 - HKLM\..\RunOnce: [javaue32.exe] C:\WINDOWS\system32\javaue32.exe
O4 - HKLM\..\RunOnce: [netkt32.exe] C:\WINDOWS\netkt32.exe
O4 - HKLM\..\RunOnce: [ipsb.exe] C:\WINDOWS\ipsb.exe
O4 - HKLM\..\RunOnce: [ievt.exe] C:\WINDOWS\ievt.exe
O4 - HKLM\..\RunOnce: [ntuj32.exe] C:\WINDOWS\ntuj32.exe
O4 - HKLM\..\RunOnce: [mfclq32.exe] C:\WINDOWS\system32\mfclq32.exe
O4 - HKLM\..\RunOnce: [apitg32.exe] C:\WINDOWS\apitg32.exe
O4 - HKLM\..\RunOnce: [javauz32.exe] C:\WINDOWS\system32\javauz32.exe
O4 - HKLM\..\RunOnce: [appch.exe] C:\WINDOWS\appch.exe
O4 - HKLM\..\RunOnce: [sysyl.exe] C:\WINDOWS\system32\sysyl.exe
O4 - HKLM\..\RunOnce: [mfcvi32.exe] C:\WINDOWS\mfcvi32.exe
O4 - HKLM\..\RunOnce: [ntmp32.exe] C:\WINDOWS\system32\ntmp32.exe
O4 - HKLM\..\RunOnce: [netht.exe] C:\WINDOWS\system32\netht.exe
O4 - HKLM\..\RunOnce: [wingj32.exe] C:\WINDOWS\system32\wingj32.exe
O4 - HKLM\..\RunOnce: [d3ey32.exe] C:\WINDOWS\system32\d3ey32.exe
O4 - HKLM\..\RunOnce: [mseg.exe] C:\WINDOWS\mseg.exe
O4 - HKLM\..\RunOnce: [d3mh.exe] C:\WINDOWS\system32\d3mh.exe
O4 - HKLM\..\RunOnce: [d3hy32.exe] C:\WINDOWS\d3hy32.exe
O4 - HKLM\..\RunOnce: [ipmu32.exe] C:\WINDOWS\ipmu32.exe
O4 - HKLM\..\RunOnce: [mshg32.exe] C:\WINDOWS\mshg32.exe
O4 - HKLM\..\RunOnce: [winuk.exe] C:\WINDOWS\system32\winuk.exe
O4 - HKLM\..\RunOnce: [sysvt32.exe] C:\WINDOWS\sysvt32.exe
O4 - HKLM\..\RunOnce: [iejh32.exe] C:\WINDOWS\system32\iejh32.exe
O4 - HKLM\..\RunOnce: [ntom32.exe] C:\WINDOWS\system32\ntom32.exe
O4 - HKLM\..\RunOnce: [sysjx32.exe] C:\WINDOWS\system32\sysjx32.exe
O4 - HKLM\..\RunOnce: [appoc.exe] C:\WINDOWS\appoc.exe
O4 - HKLM\..\RunOnce: [winwc32.exe] C:\WINDOWS\system32\winwc32.exe
O4 - HKLM\..\RunOnce: [winlz.exe] C:\WINDOWS\winlz.exe
O4 - HKLM\..\RunOnce: [appke.exe] C:\WINDOWS\system32\appke.exe
O4 - HKLM\..\RunOnce: [sysau.exe] C:\WINDOWS\system32\sysau.exe
O4 - HKLM\..\RunOnce: [javakm32.exe] C:\WINDOWS\javakm32.exe
O4 - HKLM\..\RunOnce: [netjc32.exe] C:\WINDOWS\system32\netjc32.exe
O4 - HKLM\..\RunOnce: [mseo.exe] C:\WINDOWS\mseo.exe
O4 - HKLM\..\RunOnce: [sdkhs32.exe] C:\WINDOWS\sdkhs32.exe
O4 - HKLM\..\RunOnce: [apiyh.exe] C:\WINDOWS\system32\apiyh.exe
O4 - HKLM\..\RunOnce: [winxx32.exe] C:\WINDOWS\system32\winxx32.exe
O4 - HKLM\..\RunOnce: [d3vm32.exe] C:\WINDOWS\d3vm32.exe
O4 - HKLM\..\RunOnce: [msvu.exe] C:\WINDOWS\system32\msvu.exe
O4 - HKLM\..\RunOnce: [msir32.exe] C:\WINDOWS\msir32.exe
O4 - HKLM\..\RunOnce: [mspo32.exe] C:\WINDOWS\system32\mspo32.exe
O4 - HKLM\..\RunOnce: [ipuk32.exe] C:\WINDOWS\system32\ipuk32.exe
O4 - HKLM\..\RunOnce: [msxw32.exe] C:\WINDOWS\system32\msxw32.exe
O4 - HKLM\..\RunOnce: [crhu.exe] C:\WINDOWS\crhu.exe
O4 - HKLM\..\RunOnce: [addwr32.exe] C:\WINDOWS\addwr32.exe
O4 - HKLM\..\RunOnce: [mfcuz.exe] C:\WINDOWS\mfcuz.exe
O4 - HKLM\..\RunOnce: [ntqd32.exe] C:\WINDOWS\ntqd32.exe
O4 - HKLM\..\RunOnce: [netad.exe] C:\WINDOWS\netad.exe
O4 - HKLM\..\RunOnce: [netoa32.exe] C:\WINDOWS\netoa32.exe
O4 - HKLM\..\RunOnce: [netup32.exe] C:\WINDOWS\system32\netup32.exe
O4 - HKLM\..\RunOnce: [winzt32.exe] C:\WINDOWS\winzt32.exe
O4 - HKLM\..\RunOnce: [ipcf32.exe] C:\WINDOWS\system32\ipcf32.exe
O4 - HKLM\..\RunOnce: [sdkhj.exe] C:\WINDOWS\sdkhj.exe
O4 - HKLM\..\RunOnce: [nthj32.exe] C:\WINDOWS\system32\nthj32.exe
O4 - HKLM\..\RunOnce: [ntwg32.exe] C:\WINDOWS\ntwg32.exe
O4 - HKLM\..\RunOnce: [appbc32.exe] C:\WINDOWS\system32\appbc32.exe
O4 - HKLM\..\RunOnce: [nteo32.exe] C:\WINDOWS\nteo32.exe
O4 - HKLM\..\RunOnce: [cris.exe] C:\WINDOWS\system32\cris.exe
O4 - HKLM\..\RunOnce: [apixv.exe] C:\WINDOWS\system32\apixv.exe
O4 - HKLM\..\RunOnce: [addsz.exe] C:\WINDOWS\addsz.exe
O4 - HKLM\..\RunOnce: [ipiw32.exe] C:\WINDOWS\system32\ipiw32.exe
O4 - HKLM\..\RunOnce: [javage.exe] C:\WINDOWS\system32\javage.exe
O4 - HKLM\..\RunOnce: [ieca32.exe] C:\WINDOWS\ieca32.exe
O4 - HKLM\..\RunOnce: [d3mi.exe] C:\WINDOWS\system32\d3mi.exe
O4 - HKLM\..\RunOnce: [mszx32.exe] C:\WINDOWS\mszx32.exe
O4 - HKLM\..\RunOnce: [d3ou32.exe] C:\WINDOWS\system32\d3ou32.exe
O4 - HKLM\..\RunOnce: [netly32.exe] C:\WINDOWS\system32\netly32.exe
O4 - HKLM\..\RunOnce: [msok32.exe] C:\WINDOWS\msok32.exe
O4 - HKLM\..\RunOnce: [winso.exe] C:\WINDOWS\winso.exe
O4 - HKLM\..\RunOnce: [sdkgi.exe] C:\WINDOWS\system32\sdkgi.exe
O4 - HKLM\..\RunOnce: [netku.exe] C:\WINDOWS\netku.exe
O4 - HKLM\..\RunOnce: [craj32.exe] C:\WINDOWS\system32\craj32.exe
O4 - HKLM\..\RunOnce: [sysqr.exe] C:\WINDOWS\sysqr.exe
O4 - HKLM\..\RunOnce: [atluv32.exe] C:\WINDOWS\atluv32.exe
O4 - HKLM\..\RunOnce: [windv.exe] C:\WINDOWS\windv.exe
O4 - HKLM\..\RunOnce: [addjs32.exe] C:\WINDOWS\addjs32.exe
O4 - HKLM\..\RunOnce: [winyp32.exe] C:\WINDOWS\system32\winyp32.exe
O4 - HKLM\..\RunOnce: [crcl32.exe] C:\WINDOWS\crcl32.exe
O4 - HKLM\..\RunOnce: [addxx32.exe] C:\WINDOWS\system32\addxx32.exe
O4 - HKLM\..\RunOnce: [mfccb32.exe] C:\WINDOWS\mfccb32.exe
O4 - HKLM\..\RunOnce: [mskj.exe] C:\WINDOWS\system32\mskj.exe
O4 - HKLM\..\RunOnce: [sdkgn32.exe] C:\WINDOWS\sdkgn32.exe
O4 - HKLM\..\RunOnce: [apied.exe] C:\WINDOWS\system32\apied.exe
O4 - HKLM\..\RunOnce: [winds32.exe] C:\WINDOWS\system32\winds32.exe
O4 - HKLM\..\RunOnce: [atlwr32.exe] C:\WINDOWS\system32\atlwr32.exe
O4 - HKLM\..\RunOnce: [apihc32.exe] C:\WINDOWS\apihc32.exe
O4 - HKLM\..\RunOnce: [sysmh32.exe] C:\WINDOWS\sysmh32.exe
O4 - HKLM\..\RunOnce: [netps.exe] C:\WINDOWS\system32\netps.exe
O4 - HKLM\..\RunOnce: [applw32.exe] C:\WINDOWS\system32\applw32.exe
O4 - HKLM\..\RunOnce: [iejm.exe] C:\WINDOWS\iejm.exe
O4 - HKLM\..\RunOnce: [sdkib32.exe] C:\WINDOWS\sdkib32.exe
O4 - HKLM\..\RunOnce: [apizr32.exe] C:\WINDOWS\system32\apizr32.exe
O4 - HKLM\..\RunOnce: [apigz.exe] C:\WINDOWS\apigz.exe
O4 - HKLM\..\RunOnce: [mfchz.exe] C:\WINDOWS\system32\mfchz.exe
O4 - HKLM\..\RunOnce: [javaxw32.exe] C:\WINDOWS\javaxw32.exe
O4 - HKLM\..\RunOnce: [msve32.exe] C:\WINDOWS\msve32.exe
O4 - HKLM\..\RunOnce: [crqh.exe] C:\WINDOWS\system32\crqh.exe
O4 - HKLM\..\RunOnce: [netpx32.exe] C:\WINDOWS\system32\netpx32.exe
O4 - HKLM\..\RunOnce: [appnn.exe] C:\WINDOWS\appnn.exe
O4 - HKLM\..\RunOnce: [winjo.exe] C:\WINDOWS\winjo.exe
O4 - HKLM\..\RunOnce: [mfcns32.exe] C:\WINDOWS\system32\mfcns32.exe
O4 - HKLM\..\RunOnce: [addwt.exe] C:\WINDOWS\addwt.exe
O4 - HKLM\..\RunOnce: [appcp32.exe] C:\WINDOWS\system32\appcp32.exe
O4 - HKLM\..\RunOnce: [addqm32.exe] C:\WINDOWS\addqm32.exe
O4 - HKLM\..\RunOnce: [d3vj32.exe] C:\WINDOWS\d3vj32.exe
O4 - HKLM\..\RunOnce: [appqu32.exe] C:\WINDOWS\appqu32.exe
O4 - HKLM\..\RunOnce: [ipav32.exe] C:\WINDOWS\ipav32.exe
O4 - HKLM\..\RunOnce: [ipdm32.exe] C:\WINDOWS\ipdm32.exe
O4 - HKLM\..\RunOnce: [crtu32.exe] C:\WINDOWS\crtu32.exe
O4 - HKLM\..\RunOnce: [sdkox.exe] C:\WINDOWS\system32\sdkox.exe
O4 - HKLM\..\RunOnce: [atlnn32.exe] C:\WINDOWS\atlnn32.exe
O4 - HKLM\..\RunOnce: [syslc.exe] C:\WINDOWS\system32\syslc.exe
O4 - HKLM\..\RunOnce: [javaks32.exe] C:\WINDOWS\system32\javaks32.exe
O4 - HKLM\..\RunOnce: [netaa32.exe] C:\WINDOWS\netaa32.exe
O4 - HKLM\..\RunOnce: [ipiq32.exe] C:\WINDOWS\ipiq32.exe
O4 - HKLM\..\RunOnce: [netxk32.exe] C:\WINDOWS\system32\netxk32.exe
O4 - HKLM\..\RunOnce: [netmh.exe] C:\WINDOWS\netmh.exe
O4 - HKLM\..\RunOnce: [netrw.exe] C:\WINDOWS\system32\netrw.exe
O4 - HKLM\..\RunOnce: [sysxa.exe] C:\WINDOWS\sysxa.exe
O4 - HKLM\..\RunOnce: [iprm.exe] C:\WINDOWS\system32\iprm.exe
O4 - HKLM\..\RunOnce: [mfcht.exe] C:\WINDOWS\system32\mfcht.exe
O4 - HKLM\..\RunOnce: [winrm32.exe] C:\WINDOWS\system32\winrm32.exe
O4 - HKLM\..\RunOnce: [addkf.exe] C:\WINDOWS\addkf.exe
O4 - HKLM\..\RunOnce: [apioj.exe] C:\WINDOWS\system32\apioj.exe
O4 - HKLM\..\RunOnce: [sdkzk32.exe] C:\WINDOWS\sdkzk32.exe
O4 - HKLM\..\RunOnce: [mfcsb32.exe] C:\WINDOWS\system32\mfcsb32.exe
O4 - HKLM\..\RunOnce: [mfcyx32.exe] C:\WINDOWS\mfcyx32.exe
O4 - HKLM\..\RunOnce: [iedu32.exe] C:\WINDOWS\iedu32.exe
O4 - HKLM\..\RunOnce: [mfcgf32.exe] C:\WINDOWS\mfcgf32.exe
O4 - HKLM\..\RunOnce: [iplk32.exe] C:\WINDOWS\system32\iplk32.exe
O4 - HKLM\..\RunOnce: [winls.exe] C:\WINDOWS\winls.exe
O4 - HKLM\..\RunOnce: [d3pw.exe] C:\WINDOWS\system32\d3pw.exe
O4 - HKLM\..\RunOnce: [appel32.exe] C:\WINDOWS\appel32.exe
O4 - HKLM\..\RunOnce: [apius.exe] C:\WINDOWS\system32\apius.exe
O4 - HKLM\..\RunOnce: [javayw32.exe] C:\WINDOWS\system32\javayw32.exe
O4 - HKLM\..\RunOnce: [sysdo32.exe] C:\WINDOWS\system32\sysdo32.exe
O4 - HKLM\..\RunOnce: [crbw32.exe] C:\WINDOWS\crbw32.exe
O4 - HKLM\..\RunOnce: [d3bm.exe] C:\WINDOWS\d3bm.exe
O4 - HKLM\..\RunOnce: [javajm.exe] C:\WINDOWS\system32\javajm.exe
O4 - HKLM\..\RunOnce: [winzb32.exe] C:\WINDOWS\winzb32.exe
O4 - HKLM\..\RunOnce: [atlpj32.exe] C:\WINDOWS\atlpj32.exe
O4 - HKLM\..\RunOnce: [addku.exe] C:\WINDOWS\system32\addku.exe
O4 - HKLM\..\RunOnce: [d3jk32.exe] C:\WINDOWS\d3jk32.exe
O4 - HKLM\..\RunOnce: [wincj32.exe] C:\WINDOWS\wincj32.exe
O4 - HKLM\..\RunOnce: [addvu32.exe] C:\WINDOWS\system32\addvu32.exe
O4 - HKLM\..\RunOnce: [d3aq32.exe] C:\WINDOWS\system32\d3aq32.exe
O4 - HKLM\..\RunOnce: [appvc.exe] C:\WINDOWS\system32\appvc.exe

Close ALL OPEN WINDOWS/BROWSERS and click Fix Checked



Step 3

Reboot into Safe Mode.

Start About Buster
With ALL windows closed - VERY important!
Click on 'Begin Removal' to start the scan.
When the scan has finished let it scan again.
A log of the scan will appear in the folder.
Exit About Buster.

Then run CleanUp!.
Click the Cleanup Tab and let it remove all the Temporary files it finds.
Click Close when finished but decline to reboot when prompted.


Step 4

Double-click killbox.exe
Select the option "Delete on reboot".
Now highlight and 'copy' (Ctrl + C) the entire list of filepaths below:

C:\WINDOWS\zpvlu.dll
C:\WINDOWS\system32\addku.dll
C:\WINDOWS\crox.dll
C:\WINDOWS\iemz32.exe
C:\WINDOWS\system32\mfclq.exe
C:\WINDOWS\addsp32.exe
C:\WINDOWS\winqq.exe
C:\WINDOWS\system32\sdkqi32.exe
C:\WINDOWS\system32\appis.exe
C:\WINDOWS\system32\crvh.exe
C:\WINDOWS\ieip.exe
C:\WINDOWS\msga32.exe
C:\WINDOWS\mfcye32.exe
C:\WINDOWS\sysdy.exe
C:\WINDOWS\netvi.exe
C:\WINDOWS\system32\mfcbt32.exe
C:\WINDOWS\system32\atlud.exe
C:\WINDOWS\system32\atlgh.exe
C:\WINDOWS\winvo.exe
C:\WINDOWS\atlbq32.exe
C:\WINDOWS\d3li.exe
C:\WINDOWS\d3en.exe
C:\WINDOWS\atlmy.exe
C:\WINDOWS\appcy32.exe
C:\WINDOWS\system32\mshs.exe
C:\WINDOWS\ntho.exe
C:\WINDOWS\system32\mfcal.exe
C:\WINDOWS\crlk32.exe
C:\WINDOWS\apial.exe
C:\WINDOWS\system32\sdkau32.exe
C:\WINDOWS\mspd32.exe
C:\WINDOWS\apinc.exe
C:\WINDOWS\netfj.exe
C:\WINDOWS\ntus.exe
C:\WINDOWS\system32\appud.exe
C:\WINDOWS\appyq32.exe
C:\WINDOWS\appji.exe
C:\WINDOWS\system32\ntje32.exe
C:\WINDOWS\d3ng32.exe
C:\WINDOWS\apiyu32.exe
C:\WINDOWS\apimj.exe
C:\WINDOWS\syszd.exe
C:\WINDOWS\system32\crqq32.exe
C:\WINDOWS\winus32.exe
C:\WINDOWS\atlke.exe
C:\WINDOWS\mspy32.exe
C:\WINDOWS\msjd32.exe
C:\WINDOWS\system32\ipof.exe
C:\WINDOWS\system32\appvc.exe
C:\WINDOWS\system32\d3aq32.exe
C:\WINDOWS\system32\addvu32.exe
C:\WINDOWS\wincj32.exe
C:\WINDOWS\d3jk32.exe
C:\WINDOWS\system32\addku.exe
C:\WINDOWS\atlpj32.exe
C:\WINDOWS\winzb32.exe
C:\WINDOWS\system32\javajm.exe
C:\WINDOWS\d3bm.exe
C:\WINDOWS\crbw32.exe
C:\WINDOWS\system32\sysdo32.exe
C:\WINDOWS\system32\javayw32.exe
C:\WINDOWS\system32\apius.exe
C:\WINDOWS\appel32.exe
C:\WINDOWS\system32\d3pw.exe
C:\WINDOWS\winls.exe
C:\WINDOWS\system32\iplk32.exe
C:\WINDOWS\mfcgf32.exe
C:\WINDOWS\iedu32.exe
C:\WINDOWS\mfcyx32.exe
C:\WINDOWS\system32\mfcsb32.exe
C:\WINDOWS\sdkzk32.exe
C:\WINDOWS\system32\apioj.exe
C:\WINDOWS\addkf.exe
C:\WINDOWS\system32\winrm32.exe
C:\WINDOWS\system32\mfcht.exe
C:\WINDOWS\system32\iprm.exe
C:\WINDOWS\sysxa.exe
C:\WINDOWS\system32\netrw.exe
C:\WINDOWS\netmh.exe
C:\WINDOWS\system32\netxk32.exe
C:\WINDOWS\ipiq32.exe
C:\WINDOWS\netaa32.exe
C:\WINDOWS\system32\javaks32.exe
C:\WINDOWS\system32\syslc.exe
C:\WINDOWS\atlnn32.exe
C:\WINDOWS\system32\sdkox.exe
C:\WINDOWS\crtu32.exe
C:\WINDOWS\ipdm32.exe
C:\WINDOWS\ipav32.exe
C:\WINDOWS\appqu32.exe
C:\WINDOWS\d3vj32.exe
C:\WINDOWS\addqm32.exe
C:\WINDOWS\system32\appcp32.exe
C:\WINDOWS\addwt.exe
C:\WINDOWS\system32\mfcns32.exe
C:\WINDOWS\winjo.exe
C:\WINDOWS\appnn.exe
C:\WINDOWS\system32\netpx32.exe
C:\WINDOWS\system32\crqh.exe
C:\WINDOWS\msve32.exe
C:\WINDOWS\javaxw32.exe
C:\WINDOWS\system32\mfchz.exe
C:\WINDOWS\apigz.exe
C:\WINDOWS\system32\apizr32.exe
C:\WINDOWS\sdkib32.exe
C:\WINDOWS\iejm.exe
C:\WINDOWS\system32\applw32.exe
C:\WINDOWS\system32\netps.exe
C:\WINDOWS\sysmh32.exe
C:\WINDOWS\apihc32.exe
C:\WINDOWS\system32\atlwr32.exe
C:\WINDOWS\system32\winds32.exe
C:\WINDOWS\system32\apied.exe
C:\WINDOWS\sdkgn32.exe
C:\WINDOWS\system32\mskj.exe
C:\WINDOWS\mfccb32.exe
C:\WINDOWS\system32\addxx32.exe
C:\WINDOWS\crcl32.exe
C:\WINDOWS\system32\winyp32.exe
C:\WINDOWS\addjs32.exe
C:\WINDOWS\windv.exe
C:\WINDOWS\atluv32.exe
C:\WINDOWS\sysqr.exe
C:\WINDOWS\system32\craj32.exe
C:\WINDOWS\netku.exe
C:\WINDOWS\system32\sdkgi.exe
C:\WINDOWS\winso.exe
C:\WINDOWS\msok32.exe
C:\WINDOWS\system32\netly32.exe
C:\WINDOWS\system32\d3ou32.exe
C:\WINDOWS\mszx32.exe
C:\WINDOWS\system32\d3mi.exe
C:\WINDOWS\ieca32.exe
C:\WINDOWS\system32\javage.exe
C:\WINDOWS\system32\ipiw32.exe
C:\WINDOWS\addsz.exe
C:\WINDOWS\system32\apixv.exe
C:\WINDOWS\system32\cris.exe
C:\WINDOWS\nteo32.exe
C:\WINDOWS\system32\appbc32.exe
C:\WINDOWS\ntwg32.exe
C:\WINDOWS\system32\nthj32.exe
C:\WINDOWS\sdkhj.exe
C:\WINDOWS\system32\ipcf32.exe
C:\WINDOWS\winzt32.exe
C:\WINDOWS\system32\netup32.exe
C:\WINDOWS\netoa32.exe
C:\WINDOWS\netad.exe
C:\WINDOWS\ntqd32.exe
C:\WINDOWS\mfcuz.exe
C:\WINDOWS\addwr32.exe
C:\WINDOWS\crhu.exe
C:\WINDOWS\system32\msxw32.exe
C:\WINDOWS\system32\ipuk32.exe
C:\WINDOWS\system32\mspo32.exe
C:\WINDOWS\msir32.exe
C:\WINDOWS\system32\msvu.exe
C:\WINDOWS\d3vm32.exe
C:\WINDOWS\system32\winxx32.exe
C:\WINDOWS\system32\apiyh.exe
C:\WINDOWS\sdkhs32.exe
C:\WINDOWS\mseo.exe
C:\WINDOWS\system32\netjc32.exe
C:\WINDOWS\javakm32.exe
C:\WINDOWS\system32\sysau.exe
C:\WINDOWS\system32\appke.exe
C:\WINDOWS\winlz.exe
C:\WINDOWS\system32\winwc32.exe
C:\WINDOWS\appoc.exe
C:\WINDOWS\system32\sysjx32.exe
C:\WINDOWS\system32\ntom32.exe
C:\WINDOWS\system32\iejh32.exe
C:\WINDOWS\sysvt32.exe
C:\WINDOWS\system32\winuk.exe
C:\WINDOWS\mshg32.exe
C:\WINDOWS\ipmu32.exe
C:\WINDOWS\d3hy32.exe
C:\WINDOWS\system32\d3mh.exe
C:\WINDOWS\mseg.exe
C:\WINDOWS\system32\d3ey32.exe
C:\WINDOWS\system32\wingj32.exe
C:\WINDOWS\system32\netht.exe
C:\WINDOWS\system32\ntmp32.exe
C:\WINDOWS\mfcvi32.exe
C:\WINDOWS\system32\sysyl.exe
C:\WINDOWS\appch.exe
C:\WINDOWS\system32\javauz32.exe
C:\WINDOWS\apitg32.exe
C:\WINDOWS\system32\mfclq32.exe
C:\WINDOWS\ntuj32.exe
C:\WINDOWS\ievt.exe
C:\WINDOWS\ipsb.exe
C:\WINDOWS\netkt32.exe
C:\WINDOWS\system32\javaue32.exe
C:\WINDOWS\system32\appal32.exe
C:\WINDOWS\system32\iecd32.exe
C:\WINDOWS\sdkmo.exe
C:\WINDOWS\system32\d3ic.exe
C:\WINDOWS\mfciu32.exe
C:\WINDOWS\system32\mscf32.exe
C:\WINDOWS\system32\atldf.exe
C:\WINDOWS\syssf.exe
C:\WINDOWS\system32\mstx.exe
C:\WINDOWS\system32\netfa32.exe
C:\WINDOWS\d3ga.exe
C:\WINDOWS\system32\sdkvz.exe
C:\WINDOWS\mfclb32.exe
C:\WINDOWS\system32\mfcxm32.exe
C:\WINDOWS\system32\mfcrq.exe
C:\WINDOWS\system32\nethp32.exe
C:\WINDOWS\appdl.exe
C:\WINDOWS\sysne32.exe
C:\WINDOWS\system32\sdkyg.exe
C:\WINDOWS\d3uc.exe
C:\WINDOWS\system32\mfcuu32.exe
C:\WINDOWS\syskc32.exe
C:\WINDOWS\iecm32.exe
C:\WINDOWS\system32\mfcrt32.exe
C:\WINDOWS\system32\addzs.exe
C:\WINDOWS\system32\d3dw.exe
C:\WINDOWS\crjd32.exe
C:\WINDOWS\system32\apitq32.exe
C:\WINDOWS\system32\appva32.exe
C:\WINDOWS\d3gl.exe
C:\WINDOWS\system32\msfl.exe
C:\WINDOWS\system32\msxd32.exe
C:\WINDOWS\addhn32.exe
C:\WINDOWS\netiy.exe
C:\WINDOWS\ntfu32.exe
C:\WINDOWS\apipm32.exe
C:\WINDOWS\system32\syszp.exe
C:\WINDOWS\winrp.exe
C:\WINDOWS\sysrh32.exe
C:\WINDOWS\system32\mfcts32.exe
C:\WINDOWS\system32\sdkuc.exe
C:\WINDOWS\system32\cryy32.exe
C:\WINDOWS\system32\ntir32.exe
C:\WINDOWS\sysal32.exe
C:\WINDOWS\d3jd32.exe
C:\WINDOWS\netug.exe
C:\WINDOWS\system32\sdkqc.exe
C:\WINDOWS\addqu32.exe
C:\WINDOWS\system32\d3hc32.exe
C:\WINDOWS\netmo.exe
C:\WINDOWS\crhm32.exe
C:\WINDOWS\addos32.exe
C:\WINDOWS\ipiy.exe
C:\WINDOWS\system32\ieaq32.exe
C:\WINDOWS\mfcvo.exe
C:\WINDOWS\system32\javabz32.exe
C:\WINDOWS\sysnx.exe
C:\WINDOWS\system32\atlxq32.exe
C:\WINDOWS\system32\ieft32.exe
C:\WINDOWS\system32\apizp.exe
C:\WINDOWS\system32\javauu32.exe
C:\WINDOWS\system32\winvf.exe
C:\WINDOWS\system32\crrb.exe
C:\WINDOWS\addlh.exe
C:\WINDOWS\mshf.exe
C:\WINDOWS\system32\appcc32.exe
C:\WINDOWS\system32\ipsi32.exe
C:\WINDOWS\crve.exe
C:\WINDOWS\system32\ipos.exe
C:\WINDOWS\system32\d3jy.exe
C:\WINDOWS\msnj32.exe
C:\WINDOWS\system32\ntlr32.exe
C:\WINDOWS\iegp.exe
C:\WINDOWS\system32\appph32.exe
C:\WINDOWS\system32\ipcf.exe
C:\WINDOWS\apixb32.exe
C:\WINDOWS\system32\javasg.exe
C:\WINDOWS\system32\sdkir.exe
C:\WINDOWS\mfcxv32.exe
C:\WINDOWS\appfn32.exe
C:\WINDOWS\system32\atlhp.exe
C:\WINDOWS\system32\crpp32.exe
C:\WINDOWS\netwt.exe
C:\WINDOWS\system32\nethy32.exe
C:\WINDOWS\d3ce.exe
C:\WINDOWS\system32\apitv.exe
C:\WINDOWS\javaot32.exe
C:\WINDOWS\system32\winqp32.exe
C:\WINDOWS\system32\apiln32.exe
C:\WINDOWS\system32\netaf32.exe
C:\WINDOWS\sysna32.exe
C:\WINDOWS\system32\apiiy.exe
C:\WINDOWS\system32\appbc.exe
C:\WINDOWS\appmf.exe
C:\WINDOWS\system32\msuj32.exe
C:\WINDOWS\system32\d3is32.exe
C:\WINDOWS\crco.exe
C:\WINDOWS\system32\netxe.exe


Click 'File' on the killbox menu at the top and choose 'Paste from clipboard'
Then press the red button with a white X in it.
Killbox will tell you that all listed files will be deleted on next reboot, click YES.
When it asks if you would like to Reboot now, click YES.
If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.


As your machine starts to reboot, please start tapping F8 and go straight into Safe Mode - Very Important!!


Step 5

While in Safe Mode open Ewido Security Suite:

Click on Scanner
Click on Complete System Scan and the scan will begin.
While the scan is in progress you will be prompted to clean files, click OK
When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
Click Save report.
Save the report .txt file to your desktop.

Now close Ewido Security Suite.


Step 6

Now double-click on the CWSServicemove.reg

Confirm you wish to add the contents to the registry when prompted and then reboot back to normal mode.


Step 7

Run an online virus scan at Trend Micro (Europe).

Reboot again when finished and post the following in THIS thread by clicking 'ADD Reply'.

1. New HijackThis log
2. About Buster scan log
3. Ewido scan log
4. Feedback on Trend Micro scan.
Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users